diff options
author | Micah Anderson <micah@riseup.net> | 2016-11-04 10:54:28 -0400 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2016-11-04 10:54:28 -0400 |
commit | 34a381efa8f6295080c843f86bfa07d4e41056af (patch) | |
tree | 9282cf5d4c876688602705a7fa0002bc4a810bde /puppet/modules/stunnel/templates | |
parent | 0a72bc6fd292bf9367b314fcb0347c4d35042f16 (diff) | |
parent | 5821964ff7e16ca7aa9141bd09a77d355db492a9 (diff) |
Merge branch 'develop'
Diffstat (limited to 'puppet/modules/stunnel/templates')
m--------- | puppet/modules/stunnel | 0 | ||||
-rw-r--r-- | puppet/modules/stunnel/templates/Debian/default | 13 | ||||
-rw-r--r-- | puppet/modules/stunnel/templates/refresh_stunnel.sh.erb | 22 | ||||
-rw-r--r-- | puppet/modules/stunnel/templates/service.conf.erb | 47 |
4 files changed, 82 insertions, 0 deletions
diff --git a/puppet/modules/stunnel b/puppet/modules/stunnel deleted file mode 160000 -Subproject 523612fb6daff51837423619f5014e62dc83555 diff --git a/puppet/modules/stunnel/templates/Debian/default b/puppet/modules/stunnel/templates/Debian/default new file mode 100644 index 00000000..9e2f4d37 --- /dev/null +++ b/puppet/modules/stunnel/templates/Debian/default @@ -0,0 +1,13 @@ +# /etc/default/stunnel +# Julien LEMOINE <speedblue@debian.org> +# September 2003 + +# Change to one to enable stunnel automatic startup +ENABLED=<%= scope.lookupvar('stunnel::startboot') %> +FILES="/etc/stunnel/*.conf" +OPTIONS="" + +# Change to one to enable ppp restart scripts +PPP_RESTART=0 + +<%= scope.lookupvar('stunnel::default_extra') %> diff --git a/puppet/modules/stunnel/templates/refresh_stunnel.sh.erb b/puppet/modules/stunnel/templates/refresh_stunnel.sh.erb new file mode 100644 index 00000000..1af0cff7 --- /dev/null +++ b/puppet/modules/stunnel/templates/refresh_stunnel.sh.erb @@ -0,0 +1,22 @@ +#!/bin/sh -x + +for difference in `diff -q /etc/stunnel <%= @stunnel_staging %>/configs | grep differ | awk '{print $2}'` +do + old_config=`basename $difference` + /etc/init.d/stunnel4 stop $(basename $old_config .conf) + rm $difference +done + +for only in `diff -q /etc/stunnel <%= @stunnel_staging %>/configs | grep 'Only in /etc/stunnel:' | awk '{print $4}'` +do + old_config=`basename $only` + /etc/init.d/stunnel4 stop $(basename $only .conf) + rm /etc/stunnel/${only} +done + +cp <%= @stunnel_staging %>/configs/*.conf /etc/stunnel + +/etc/init.d/stunnel4 start + + + diff --git a/puppet/modules/stunnel/templates/service.conf.erb b/puppet/modules/stunnel/templates/service.conf.erb new file mode 100644 index 00000000..47f1c9d2 --- /dev/null +++ b/puppet/modules/stunnel/templates/service.conf.erb @@ -0,0 +1,47 @@ +; templated stunnel configuration file to be used by puppet stunnel module +; NOTE: any changes you make to this file will be overwritten the next time +; puppet runs, please make configuration changes to this service in puppet + +; Global configuration options +<%= 'debug = ' + @debuglevel %> +<%= 'pid = ' + @real_pid %> +<%- %w{chroot setuid setgid service compression}.each do |v| + if has_variable?(v) and instance_variable_get("@#{v}").to_s != "false" -%> +<%= v + " = " + instance_variable_get("@#{v}").to_s %> +<%- + end +end -%> + +; Some performance tunings +<% if @socket.is_a? String -%> +<%= 'socket = ' + @socket %> +<% elsif @socket.is_a? Array -%> +<%= @socket.map { |i| "socket = #{i}" }. join("\n") %> +<% end -%> + +<%- %w{output syslog}.each do |v| + if has_variable?(v) and instance_variable_get("@#{v}").to_s != "false" -%> +<%= v + " = " + instance_variable_get("@#{v}").to_s %> +<%- + end +end -%> + +<%- %w{egd engine enginectrl rndbytes rndfile rndoverwrite}.each do |v| + if has_variable?(v) and instance_variable_get("@#{v}").to_s != "false" -%> +<%= v + " = " + instance_variable_get("@#{v}").to_s %> +<%- + end +end -%> + +; Service-level configuration +<%= '[' + @name + ']' %> +<%- %w{accept connect capath cafile cert ciphers crlpath crlfile delay enginenum exec + execargs failover ident key local oscp ocspflag options protocol protocolauthentication + protocolhost protocolpassword protocolusername pty retry session sslversion stack + timeoutbusy timeoutclose timeoutconnect timeoutidle transparent verify}.each do |v| + if has_variable?(v) and instance_variable_get("@#{v}").to_s != "false" -%> +<%= v + ' = ' + instance_variable_get("@#{v}").to_s %> +<%- + end +end -%> +client = <%= @client ? 'yes' : 'no' %> |