summaryrefslogtreecommitdiff
path: root/puppet/modules/stunnel/templates
diff options
context:
space:
mode:
authorMicah Anderson <micah@riseup.net>2016-11-04 10:54:28 -0400
committerMicah Anderson <micah@riseup.net>2016-11-04 10:54:28 -0400
commit34a381efa8f6295080c843f86bfa07d4e41056af (patch)
tree9282cf5d4c876688602705a7fa0002bc4a810bde /puppet/modules/stunnel/templates
parent0a72bc6fd292bf9367b314fcb0347c4d35042f16 (diff)
parent5821964ff7e16ca7aa9141bd09a77d355db492a9 (diff)
Merge branch 'develop'
Diffstat (limited to 'puppet/modules/stunnel/templates')
m---------puppet/modules/stunnel0
-rw-r--r--puppet/modules/stunnel/templates/Debian/default13
-rw-r--r--puppet/modules/stunnel/templates/refresh_stunnel.sh.erb22
-rw-r--r--puppet/modules/stunnel/templates/service.conf.erb47
4 files changed, 82 insertions, 0 deletions
diff --git a/puppet/modules/stunnel b/puppet/modules/stunnel
deleted file mode 160000
-Subproject 523612fb6daff51837423619f5014e62dc83555
diff --git a/puppet/modules/stunnel/templates/Debian/default b/puppet/modules/stunnel/templates/Debian/default
new file mode 100644
index 00000000..9e2f4d37
--- /dev/null
+++ b/puppet/modules/stunnel/templates/Debian/default
@@ -0,0 +1,13 @@
+# /etc/default/stunnel
+# Julien LEMOINE <speedblue@debian.org>
+# September 2003
+
+# Change to one to enable stunnel automatic startup
+ENABLED=<%= scope.lookupvar('stunnel::startboot') %>
+FILES="/etc/stunnel/*.conf"
+OPTIONS=""
+
+# Change to one to enable ppp restart scripts
+PPP_RESTART=0
+
+<%= scope.lookupvar('stunnel::default_extra') %>
diff --git a/puppet/modules/stunnel/templates/refresh_stunnel.sh.erb b/puppet/modules/stunnel/templates/refresh_stunnel.sh.erb
new file mode 100644
index 00000000..1af0cff7
--- /dev/null
+++ b/puppet/modules/stunnel/templates/refresh_stunnel.sh.erb
@@ -0,0 +1,22 @@
+#!/bin/sh -x
+
+for difference in `diff -q /etc/stunnel <%= @stunnel_staging %>/configs | grep differ | awk '{print $2}'`
+do
+ old_config=`basename $difference`
+ /etc/init.d/stunnel4 stop $(basename $old_config .conf)
+ rm $difference
+done
+
+for only in `diff -q /etc/stunnel <%= @stunnel_staging %>/configs | grep 'Only in /etc/stunnel:' | awk '{print $4}'`
+do
+ old_config=`basename $only`
+ /etc/init.d/stunnel4 stop $(basename $only .conf)
+ rm /etc/stunnel/${only}
+done
+
+cp <%= @stunnel_staging %>/configs/*.conf /etc/stunnel
+
+/etc/init.d/stunnel4 start
+
+
+
diff --git a/puppet/modules/stunnel/templates/service.conf.erb b/puppet/modules/stunnel/templates/service.conf.erb
new file mode 100644
index 00000000..47f1c9d2
--- /dev/null
+++ b/puppet/modules/stunnel/templates/service.conf.erb
@@ -0,0 +1,47 @@
+; templated stunnel configuration file to be used by puppet stunnel module
+; NOTE: any changes you make to this file will be overwritten the next time
+; puppet runs, please make configuration changes to this service in puppet
+
+; Global configuration options
+<%= 'debug = ' + @debuglevel %>
+<%= 'pid = ' + @real_pid %>
+<%- %w{chroot setuid setgid service compression}.each do |v|
+ if has_variable?(v) and instance_variable_get("@#{v}").to_s != "false" -%>
+<%= v + " = " + instance_variable_get("@#{v}").to_s %>
+<%-
+ end
+end -%>
+
+; Some performance tunings
+<% if @socket.is_a? String -%>
+<%= 'socket = ' + @socket %>
+<% elsif @socket.is_a? Array -%>
+<%= @socket.map { |i| "socket = #{i}" }. join("\n") %>
+<% end -%>
+
+<%- %w{output syslog}.each do |v|
+ if has_variable?(v) and instance_variable_get("@#{v}").to_s != "false" -%>
+<%= v + " = " + instance_variable_get("@#{v}").to_s %>
+<%-
+ end
+end -%>
+
+<%- %w{egd engine enginectrl rndbytes rndfile rndoverwrite}.each do |v|
+ if has_variable?(v) and instance_variable_get("@#{v}").to_s != "false" -%>
+<%= v + " = " + instance_variable_get("@#{v}").to_s %>
+<%-
+ end
+end -%>
+
+; Service-level configuration
+<%= '[' + @name + ']' %>
+<%- %w{accept connect capath cafile cert ciphers crlpath crlfile delay enginenum exec
+ execargs failover ident key local oscp ocspflag options protocol protocolauthentication
+ protocolhost protocolpassword protocolusername pty retry session sslversion stack
+ timeoutbusy timeoutclose timeoutconnect timeoutidle transparent verify}.each do |v|
+ if has_variable?(v) and instance_variable_get("@#{v}").to_s != "false" -%>
+<%= v + ' = ' + instance_variable_get("@#{v}").to_s %>
+<%-
+ end
+end -%>
+client = <%= @client ? 'yes' : 'no' %>