summaryrefslogtreecommitdiff
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/manifests/site.pp18
-rw-r--r--puppet/modules/site_openvpn/manifests/init.pp79
-rw-r--r--puppet/modules/site_openvpn/manifests/server_config.pp84
3 files changed, 89 insertions, 92 deletions
diff --git a/puppet/manifests/site.pp b/puppet/manifests/site.pp
index abb81511..98e683af 100644
--- a/puppet/manifests/site.pp
+++ b/puppet/manifests/site.pp
@@ -2,26 +2,18 @@ define print() {
notice("The value is: '${name}'")
}
-define create_openvpn_config($port, $protocol) {
- $openvpn_configname=$name
- notice("Creating OpenVPN $openvpn_configname:
- Port: $port, Protocol: $protocol")
- # ...
- #include site_openvpn
-
-}
-
node 'default' {
- #$password=hiera('testpw')
- #notify {"Password: $password":}
+ $concat_basedir = '/var/lib/puppet/modules/concat'
+ include concat::setup
$services=hiera_array('services')
notice("Services for $fqdn: $services")
if 'eip' in $services {
- $openvpn=hiera('openvpn')
$tor=hiera('tor')
notice("Tor enabled: $tor")
- create_resources('create_openvpn_config', $openvpn)
+
+ $openvpn_config=hiera('openvpn')
+ create_resources('site_openvpn::server_config', $openvpn_config)
}
}
diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp
index 3d753af9..7d63d569 100644
--- a/puppet/modules/site_openvpn/manifests/init.pp
+++ b/puppet/modules/site_openvpn/manifests/init.pp
@@ -1,81 +1,2 @@
class site_openvpn {
-
- $openvpn_server=$::fqdn
-
- openvpn::server {
- $openvpn_server:
- country => hiera("country"),
- province => hiera("province"),
- city => hiera("city"),
- organization => hiera("organization"),
- email => hiera("email");
- }
-
-# configure server
-
-
- openvpn::option {
- "dev $openvpn_server":
- key => "dev",
- value => "tun0",
- server => "$openvpn_server";
- "script-security $openvpn_server":
- key => "script-security",
- value => "3",
- server => "$openvpn_server";
- "daemon $openvpn_server":
- key => "daemon",
- server => "$openvpn_server";
- "keepalive $openvpn_server":
- key => "keepalive",
- value => "10 60",
- server => "$openvpn_server";
- "ping-timer-rem $openvpn_server":
- key => "ping-timer-rem",
- server => "$openvpn_server";
- "persist-tun $openvpn_server":
- key => "persist-tun",
- server => "$openvpn_server";
- "persist-key $openvpn_server":
- key => "persist-key",
- server => "$openvpn_server";
- "proto $openvpn_server":
- key => "proto",
- value => "tcp-server",
- server => "$openvpn_server";
- "cipher $openvpn_server":
- key => "cipher",
- value => "BF-CBC",
- server => "$openvpn_server";
- "local $openvpn_server":
- key => "local",
- value => $ipaddress,
- server => "$openvpn_server";
- "tls-server $openvpn_server":
- key => "tls-server",
- server => "$openvpn_server";
- "server $openvpn_server":
- key => "server",
- value => "10.10.10.0 255.255.255.0",
- server => "$openvpn_server";
- "lport $openvpn_server":
- key => "lport",
- value => "1194",
- server => "$openvpn_server";
- "management $openvpn_server":
- key => "management",
- value => "/var/run/openvpn-$openvpn_server.sock unix",
- server => "$openvpn_server";
- "comp-lzo $openvpn_server":
- key => "comp-lzo",
- server => "$openvpn_server";
- "topology $openvpn_server":
- key => "topology",
- value => "subnet",
- server => "$openvpn_server";
- "client-to-client $openvpn_server":
- key => "client-to-client",
- server => "$openvpn_server";
- }
-
}
diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp
new file mode 100644
index 00000000..e0e8db4f
--- /dev/null
+++ b/puppet/modules/site_openvpn/manifests/server_config.pp
@@ -0,0 +1,84 @@
+define site_openvpn::server_config($port, $protocol) {
+ $openvpn_configname=$name
+ notice("Creating OpenVPN $openvpn_configname:
+ Port: $port, Protocol: $protocol")
+
+ $openvpn_server=$::fqdn
+ # we don't need a ca generated
+ #openvpn::server {
+ # $openvpn_configname:
+ # country => hiera("country"),
+ # province => hiera("province"),
+ # city => hiera("city"),
+ # organization => hiera("organization"),
+ # email => hiera("email");
+ #}
+
+ # configure server
+ # all config options need to be "hieraized"
+
+ openvpn::option {
+ "dev $openvpn_configname":
+ key => "dev",
+ value => "tun",
+ server => "$openvpn_server";
+ "script-security $openvpn_configname":
+ key => "script-security",
+ value => "3",
+ server => "$openvpn_server";
+ "daemon $openvpn_configname":
+ key => "daemon",
+ server => "$openvpn_server";
+ "keepalive $openvpn_configname":
+ key => "keepalive",
+ value => "10 60",
+ server => "$openvpn_server";
+ "ping-timer-rem $openvpn_configname":
+ key => "ping-timer-rem",
+ server => "$openvpn_server";
+ "persist-tun $openvpn_configname":
+ key => "persist-tun",
+ server => "$openvpn_server";
+ "persist-key $openvpn_configname":
+ key => "persist-key",
+ server => "$openvpn_server";
+ "proto $openvpn_configname":
+ key => "proto",
+ value => "$proto",
+ server => "$openvpn_server";
+ "cipher $openvpn_configname":
+ key => "cipher",
+ value => "BF-CBC",
+ server => "$openvpn_server";
+ "local $openvpn_configname":
+ key => "local",
+ value => $ipaddress,
+ server => "$openvpn_server";
+ "tls-server $openvpn_configname":
+ key => "tls-server",
+ server => "$openvpn_server";
+ "server $openvpn_configname":
+ key => "server",
+ value => "$server",
+ server => "$openvpn_server";
+ "lport $openvpn_configname":
+ key => "lport",
+ value => "$port",
+ server => "$openvpn_server";
+ "management $openvpn_configname":
+ key => "management",
+ value => "/var/run/openvpn-$openvpn_configname.sock unix",
+ server => "$openvpn_server";
+ "comp-lzo $openvpn_configname":
+ key => "comp-lzo",
+ server => "$openvpn_server";
+ "topology $openvpn_configname":
+ key => "topology",
+ value => "subnet",
+ server => "$openvpn_server";
+ "client-to-client $openvpn_configname":
+ key => "client-to-client",
+ server => "$openvpn_server";
+ }
+
+}
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-04 08:28:53 +0000