diff options
Diffstat (limited to 'puppet/modules/openvpn/templates')
-rw-r--r-- | puppet/modules/openvpn/templates/client.erb | 26 | ||||
-rw-r--r-- | puppet/modules/openvpn/templates/client_specific_config.erb | 10 | ||||
-rw-r--r-- | puppet/modules/openvpn/templates/etc-default-openvpn.erb | 20 | ||||
-rw-r--r-- | puppet/modules/openvpn/templates/server.erb | 37 | ||||
-rw-r--r-- | puppet/modules/openvpn/templates/vars.erb | 68 |
5 files changed, 0 insertions, 161 deletions
diff --git a/puppet/modules/openvpn/templates/client.erb b/puppet/modules/openvpn/templates/client.erb deleted file mode 100644 index 021ed617..00000000 --- a/puppet/modules/openvpn/templates/client.erb +++ /dev/null @@ -1,26 +0,0 @@ -client -ca keys/ca.crt -cert keys/<%= scope.lookupvar('name') %>.crt -key keys/<%= scope.lookupvar('name') %>.key -dev <%= scope.lookupvar('dev') %> -proto <%= scope.lookupvar('proto') %> -remote <%= scope.lookupvar('remote_host') %> <%= scope.lookupvar('port') %> -<% if scope.lookupvar('compression') != '' -%> -<%= scope.lookupvar('compression') %> -<% end -%> -resolv-retry <%= scope.lookupvar('resolv_retry') %> -<% if scope.lookupvar('nobind') -%> -nobind -<% end -%> -<% if scope.lookupvar('persist_key') -%> -persist-key -<% end -%> -<% if scope.lookupvar('persist_tun') -%> -persist-tun -<% end -%> -<% if scope.lookupvar('mute_replay_warnings') -%> -mute-replay-warnings -<% end -%> -ns-cert-type server -verb <%= scope.lookupvar('verb') %> -mute <%= scope.lookupvar('mute') %> diff --git a/puppet/modules/openvpn/templates/client_specific_config.erb b/puppet/modules/openvpn/templates/client_specific_config.erb deleted file mode 100644 index 62cc0e7a..00000000 --- a/puppet/modules/openvpn/templates/client_specific_config.erb +++ /dev/null @@ -1,10 +0,0 @@ -<% scope.lookupvar('iroute').each do |route| -%> -iroute <%= route %> -<% end -%> -<% if ifconfig = scope.lookupvar('ifconfig') -%> -ifconfig-push <%= ifconfig %> -<% end -%> -<% scope.lookupvar('dhcp_options').each do |option| -%> -push dhcp-option <%= option %> -<% end -%> - diff --git a/puppet/modules/openvpn/templates/etc-default-openvpn.erb b/puppet/modules/openvpn/templates/etc-default-openvpn.erb deleted file mode 100644 index 310e462e..00000000 --- a/puppet/modules/openvpn/templates/etc-default-openvpn.erb +++ /dev/null @@ -1,20 +0,0 @@ -# This is the configuration file for /etc/init.d/openvpn - -# -# Start only these VPNs automatically via init script. -# Allowed values are "all", "none" or space separated list of -# names of the VPNs. If empty, "all" is assumed. -# -#AUTOSTART="all" -#AUTOSTART="none" -#AUTOSTART="home office" -# -# Refresh interval (in seconds) of default status files -# located in /var/run/openvpn.$NAME.status -# Defaults to 10, 0 disables status file generation -# -#STATUSREFRESH=10 -#STATUSREFRESH=0 -# Optional arguments to openvpn's command line -OPTARGS="" -AUTOSTART="" diff --git a/puppet/modules/openvpn/templates/server.erb b/puppet/modules/openvpn/templates/server.erb deleted file mode 100644 index 6ef13263..00000000 --- a/puppet/modules/openvpn/templates/server.erb +++ /dev/null @@ -1,37 +0,0 @@ -mode server -client-config-dir /etc/openvpn/<%= scope.lookupvar('name') %>/client-configs -ca /etc/openvpn/<%= scope.lookupvar('name') %>/keys/ca.crt -cert /etc/openvpn/<%= scope.lookupvar('name') %>/keys/server.crt -key /etc/openvpn/<%= scope.lookupvar('name') %>/keys/server.key -dh /etc/openvpn/<%= scope.lookupvar('name') %>/keys/dh1024.pem -<% if scope.lookupvar('proto') == 'tcp' -%> -proto <%= scope.lookupvar('proto') %>-server -<% else -%> -proto <%= scope.lookupvar('proto') %> -<% end -%> -port <%= scope.lookupvar('port') %> -<% if scope.lookupvar('tls_server') -%> -tls-server -<% end -%> -<% if scope.lookupvar('compression') != '' -%> -<%= scope.lookupvar('compression') %> -<% end -%> -group <%= scope.lookupvar('group_to_set') %> -user <%= scope.lookupvar('user') %> -<% if scope.lookupvar('logfile') -%> -log-append <%= scope.lookupvar('logfile') %> -<% end -%> -status <%= scope.lookupvar('status_log') %> -dev <%= scope.lookupvar('dev') %> -<% if scope.lookupvar('local') != '' -%> -local <%= scope.lookupvar('local') %> -<% end -%> -<% if scope.lookupvar('ipp') -%> -ifconfig-pool-persist <%= scope.lookupvar('name') %>/vpn-ipp.txt -<% end -%> -<% if scope.lookupvar('server') != '' -%> -server <%= scope.lookupvar('server') %> -<% end -%> -<% scope.lookupvar('push').each do |item| -%> -push <%= item %> -<% end -%> diff --git a/puppet/modules/openvpn/templates/vars.erb b/puppet/modules/openvpn/templates/vars.erb deleted file mode 100644 index 20448b8b..00000000 --- a/puppet/modules/openvpn/templates/vars.erb +++ /dev/null @@ -1,68 +0,0 @@ -# easy-rsa parameter settings - -# NOTE: If you installed from an RPM, -# don't edit this file in place in -# /usr/share/openvpn/easy-rsa -- -# instead, you should copy the whole -# easy-rsa directory to another location -# (such as /etc/openvpn) so that your -# edits will not be wiped out by a future -# OpenVPN package upgrade. - -# This variable should point to -# the top level of the easy-rsa -# tree. -export EASY_RSA="/etc/openvpn/<%= @name %>/easy-rsa" - -# -# This variable should point to -# the requested executables -# -export OPENSSL="openssl" -export PKCS11TOOL="pkcs11-tool" -export GREP="grep" - - -# This variable should point to -# the openssl.cnf file included -# with easy-rsa. -export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` - -# Edit this variable to point to -# your soon-to-be-created key -# directory. -# -# WARNING: clean-all will do -# a rm -rf on this directory -# so make sure you define -# it correctly! -export KEY_DIR="$EASY_RSA/keys" - -# Issue rm -rf warning -echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR - -# PKCS11 fixes -export PKCS11_MODULE_PATH="dummy" -export PKCS11_PIN="dummy" - -# Increase this to 2048 if you -# are paranoid. This will slow -# down TLS negotiation performance -# as well as the one-time DH parms -# generation process. -export KEY_SIZE=1024 - -# In how many days should the root CA key expire? -export CA_EXPIRE=3650 - -# In how many days should certificates expire? -export KEY_EXPIRE=3650 - -# These are the default values for fields -# which will be placed in the certificate. -# Don't leave any of these fields blank. -export KEY_COUNTRY="<%= @country %>" -export KEY_PROVINCE="<%= @province %>" -export KEY_CITY="<%= @city %>" -export KEY_ORG="<%= @organization %>" -export KEY_EMAIL="<%= @email %>" |