From 59635ff7904645075bf3ddd30a70a05a58102bed Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Sep 2012 11:21:23 +0200 Subject: added submodule openvpn --- puppet/modules/openvpn | 1 + 1 file changed, 1 insertion(+) create mode 160000 puppet/modules/openvpn (limited to 'puppet/modules') diff --git a/puppet/modules/openvpn b/puppet/modules/openvpn new file mode 160000 index 00000000..25f1fe8d --- /dev/null +++ b/puppet/modules/openvpn @@ -0,0 +1 @@ +Subproject commit 25f1fe8d813f6128068d890a40f5e24be78fb47c -- cgit v1.2.3 From 670819cbaa3cf78e2fce45aeb030ece78a920a57 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Sep 2012 11:55:35 +0200 Subject: added submodule concat --- puppet/modules/concat | 1 + 1 file changed, 1 insertion(+) create mode 160000 puppet/modules/concat (limited to 'puppet/modules') diff --git a/puppet/modules/concat b/puppet/modules/concat new file mode 160000 index 00000000..abce1280 --- /dev/null +++ b/puppet/modules/concat @@ -0,0 +1 @@ +Subproject commit abce1280e07b544d8455f1572dd870bbd2f14892 -- cgit v1.2.3 From 075d6fb40ddaace0442a8d5ba9396c9f1849bddc Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 20 Sep 2012 11:50:22 +0200 Subject: beginning of site_openvpn --- puppet/modules/site_openvpn/manifests/init.pp | 81 +++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100644 puppet/modules/site_openvpn/manifests/init.pp (limited to 'puppet/modules') diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp new file mode 100644 index 00000000..3d753af9 --- /dev/null +++ b/puppet/modules/site_openvpn/manifests/init.pp @@ -0,0 +1,81 @@ +class site_openvpn { + + $openvpn_server=$::fqdn + + openvpn::server { + $openvpn_server: + country => hiera("country"), + province => hiera("province"), + city => hiera("city"), + organization => hiera("organization"), + email => hiera("email"); + } + +# configure server + + + openvpn::option { + "dev $openvpn_server": + key => "dev", + value => "tun0", + server => "$openvpn_server"; + "script-security $openvpn_server": + key => "script-security", + value => "3", + server => "$openvpn_server"; + "daemon $openvpn_server": + key => "daemon", + server => "$openvpn_server"; + "keepalive $openvpn_server": + key => "keepalive", + value => "10 60", + server => "$openvpn_server"; + "ping-timer-rem $openvpn_server": + key => "ping-timer-rem", + server => "$openvpn_server"; + "persist-tun $openvpn_server": + key => "persist-tun", + server => "$openvpn_server"; + "persist-key $openvpn_server": + key => "persist-key", + server => "$openvpn_server"; + "proto $openvpn_server": + key => "proto", + value => "tcp-server", + server => "$openvpn_server"; + "cipher $openvpn_server": + key => "cipher", + value => "BF-CBC", + server => "$openvpn_server"; + "local $openvpn_server": + key => "local", + value => $ipaddress, + server => "$openvpn_server"; + "tls-server $openvpn_server": + key => "tls-server", + server => "$openvpn_server"; + "server $openvpn_server": + key => "server", + value => "10.10.10.0 255.255.255.0", + server => "$openvpn_server"; + "lport $openvpn_server": + key => "lport", + value => "1194", + server => "$openvpn_server"; + "management $openvpn_server": + key => "management", + value => "/var/run/openvpn-$openvpn_server.sock unix", + server => "$openvpn_server"; + "comp-lzo $openvpn_server": + key => "comp-lzo", + server => "$openvpn_server"; + "topology $openvpn_server": + key => "topology", + value => "subnet", + server => "$openvpn_server"; + "client-to-client $openvpn_server": + key => "client-to-client", + server => "$openvpn_server"; + } + +} -- cgit v1.2.3 From 1c5eb8a64426c93d8118acac52870a6a95f73010 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 21 Sep 2012 15:03:08 +0200 Subject: oved things around --- puppet/modules/site_openvpn/manifests/init.pp | 79 -------------------- .../site_openvpn/manifests/server_config.pp | 84 ++++++++++++++++++++++ 2 files changed, 84 insertions(+), 79 deletions(-) create mode 100644 puppet/modules/site_openvpn/manifests/server_config.pp (limited to 'puppet/modules') diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp index 3d753af9..7d63d569 100644 --- a/puppet/modules/site_openvpn/manifests/init.pp +++ b/puppet/modules/site_openvpn/manifests/init.pp @@ -1,81 +1,2 @@ class site_openvpn { - - $openvpn_server=$::fqdn - - openvpn::server { - $openvpn_server: - country => hiera("country"), - province => hiera("province"), - city => hiera("city"), - organization => hiera("organization"), - email => hiera("email"); - } - -# configure server - - - openvpn::option { - "dev $openvpn_server": - key => "dev", - value => "tun0", - server => "$openvpn_server"; - "script-security $openvpn_server": - key => "script-security", - value => "3", - server => "$openvpn_server"; - "daemon $openvpn_server": - key => "daemon", - server => "$openvpn_server"; - "keepalive $openvpn_server": - key => "keepalive", - value => "10 60", - server => "$openvpn_server"; - "ping-timer-rem $openvpn_server": - key => "ping-timer-rem", - server => "$openvpn_server"; - "persist-tun $openvpn_server": - key => "persist-tun", - server => "$openvpn_server"; - "persist-key $openvpn_server": - key => "persist-key", - server => "$openvpn_server"; - "proto $openvpn_server": - key => "proto", - value => "tcp-server", - server => "$openvpn_server"; - "cipher $openvpn_server": - key => "cipher", - value => "BF-CBC", - server => "$openvpn_server"; - "local $openvpn_server": - key => "local", - value => $ipaddress, - server => "$openvpn_server"; - "tls-server $openvpn_server": - key => "tls-server", - server => "$openvpn_server"; - "server $openvpn_server": - key => "server", - value => "10.10.10.0 255.255.255.0", - server => "$openvpn_server"; - "lport $openvpn_server": - key => "lport", - value => "1194", - server => "$openvpn_server"; - "management $openvpn_server": - key => "management", - value => "/var/run/openvpn-$openvpn_server.sock unix", - server => "$openvpn_server"; - "comp-lzo $openvpn_server": - key => "comp-lzo", - server => "$openvpn_server"; - "topology $openvpn_server": - key => "topology", - value => "subnet", - server => "$openvpn_server"; - "client-to-client $openvpn_server": - key => "client-to-client", - server => "$openvpn_server"; - } - } diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp new file mode 100644 index 00000000..e0e8db4f --- /dev/null +++ b/puppet/modules/site_openvpn/manifests/server_config.pp @@ -0,0 +1,84 @@ +define site_openvpn::server_config($port, $protocol) { + $openvpn_configname=$name + notice("Creating OpenVPN $openvpn_configname: + Port: $port, Protocol: $protocol") + + $openvpn_server=$::fqdn + # we don't need a ca generated + #openvpn::server { + # $openvpn_configname: + # country => hiera("country"), + # province => hiera("province"), + # city => hiera("city"), + # organization => hiera("organization"), + # email => hiera("email"); + #} + + # configure server + # all config options need to be "hieraized" + + openvpn::option { + "dev $openvpn_configname": + key => "dev", + value => "tun", + server => "$openvpn_server"; + "script-security $openvpn_configname": + key => "script-security", + value => "3", + server => "$openvpn_server"; + "daemon $openvpn_configname": + key => "daemon", + server => "$openvpn_server"; + "keepalive $openvpn_configname": + key => "keepalive", + value => "10 60", + server => "$openvpn_server"; + "ping-timer-rem $openvpn_configname": + key => "ping-timer-rem", + server => "$openvpn_server"; + "persist-tun $openvpn_configname": + key => "persist-tun", + server => "$openvpn_server"; + "persist-key $openvpn_configname": + key => "persist-key", + server => "$openvpn_server"; + "proto $openvpn_configname": + key => "proto", + value => "$proto", + server => "$openvpn_server"; + "cipher $openvpn_configname": + key => "cipher", + value => "BF-CBC", + server => "$openvpn_server"; + "local $openvpn_configname": + key => "local", + value => $ipaddress, + server => "$openvpn_server"; + "tls-server $openvpn_configname": + key => "tls-server", + server => "$openvpn_server"; + "server $openvpn_configname": + key => "server", + value => "$server", + server => "$openvpn_server"; + "lport $openvpn_configname": + key => "lport", + value => "$port", + server => "$openvpn_server"; + "management $openvpn_configname": + key => "management", + value => "/var/run/openvpn-$openvpn_configname.sock unix", + server => "$openvpn_server"; + "comp-lzo $openvpn_configname": + key => "comp-lzo", + server => "$openvpn_server"; + "topology $openvpn_configname": + key => "topology", + value => "subnet", + server => "$openvpn_server"; + "client-to-client $openvpn_configname": + key => "client-to-client", + server => "$openvpn_server"; + } + +} -- cgit v1.2.3 From 276de1e249b25e5e00c49229132215681aee6467 Mon Sep 17 00:00:00 2001 From: varac Date: Fri, 21 Sep 2012 20:26:20 +0200 Subject: basic configuration for openvpn server files --- puppet/modules/site_openvpn/manifests/init.pp | 41 +++++++++ .../site_openvpn/manifests/server_config.pp | 100 +++++++++++++-------- 2 files changed, 105 insertions(+), 36 deletions(-) (limited to 'puppet/modules') diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp index 7d63d569..c83b98c7 100644 --- a/puppet/modules/site_openvpn/manifests/init.pp +++ b/puppet/modules/site_openvpn/manifests/init.pp @@ -1,2 +1,43 @@ class site_openvpn { + package { + "openvpn": + ensure => installed; + } + service { + "openvpn": + ensure => running, + hasrestart => true, + hasstatus => true, + require => Exec["concat_/etc/default/openvpn"]; + } + file { + "/etc/openvpn": + ensure => directory, + require => Package["openvpn"]; + } + + include concat::setup + + concat { + "/etc/default/openvpn": + owner => root, + group => root, + mode => 644, + warn => true, + notify => Service["openvpn"]; + } + + concat::fragment { + "openvpn.default.header": + content => template("openvpn/etc-default-openvpn.erb"), + target => "/etc/default/openvpn", + order => 01; + } + + concat::fragment { + "openvpn.default.autostart.${name}": + content => "AUTOSTART=all", + target => "/etc/default/openvpn", + order => 10; + } } diff --git a/puppet/modules/site_openvpn/manifests/server_config.pp b/puppet/modules/site_openvpn/manifests/server_config.pp index e0e8db4f..4a130d13 100644 --- a/puppet/modules/site_openvpn/manifests/server_config.pp +++ b/puppet/modules/site_openvpn/manifests/server_config.pp @@ -1,84 +1,112 @@ -define site_openvpn::server_config($port, $protocol) { +define site_openvpn::server_config($port, $proto) { $openvpn_configname=$name notice("Creating OpenVPN $openvpn_configname: - Port: $port, Protocol: $protocol") + Port: $port, Protocol: $proto") + + file { + "/etc/openvpn/${name}": + ensure => directory, + require => Package["openvpn"]; + } + + concat { + "/etc/openvpn/${openvpn_configname}.conf": + owner => root, + group => root, + mode => 644, + warn => true, + require => File["/etc/openvpn"], + notify => Service["openvpn"]; + } - $openvpn_server=$::fqdn - # we don't need a ca generated - #openvpn::server { - # $openvpn_configname: - # country => hiera("country"), - # province => hiera("province"), - # city => hiera("city"), - # organization => hiera("organization"), - # email => hiera("email"); - #} - # configure server - # all config options need to be "hieraized" openvpn::option { + "ca ${openvpn_configname}": + key => "ca", + value => "/etc/openvpn/ca.crt", + #require => Exec["initca ${openvpn_configname}"], + server => "${openvpn_configname}"; + "cert ${openvpn_configname}": + key => "cert", + value => "/etc/openvpn/${openvpn_configname}/server.crt", + #require => Exec["generate server cert ${openvpn_configname}"], + server => "${openvpn_configname}"; + "key ${openvpn_configname}": + key => "key", + value => "/etc/openvpn/${openvpn_configname}/server.key", + #require => Exec["generate server cert ${openvpn_configname}"], + server => "${openvpn_configname}"; + "dh ${openvpn_configname}": + key => "dh", + value => "/etc/openvpn/dh1024.pem", + #require => Exec["generate dh param ${openvpn_configname}"], + server => "${openvpn_configname}"; "dev $openvpn_configname": key => "dev", value => "tun", - server => "$openvpn_server"; + server => "$openvpn_configname"; + "mode ${openvpn_configname}": + key => 'mode', + value => 'server', + server => $openvpn_configname; "script-security $openvpn_configname": key => "script-security", value => "3", - server => "$openvpn_server"; + server => "$openvpn_configname"; "daemon $openvpn_configname": key => "daemon", - server => "$openvpn_server"; + server => "$openvpn_configname"; "keepalive $openvpn_configname": key => "keepalive", value => "10 60", - server => "$openvpn_server"; + server => "$openvpn_configname"; "ping-timer-rem $openvpn_configname": key => "ping-timer-rem", - server => "$openvpn_server"; + server => "$openvpn_configname"; "persist-tun $openvpn_configname": key => "persist-tun", - server => "$openvpn_server"; + server => "$openvpn_configname"; "persist-key $openvpn_configname": key => "persist-key", - server => "$openvpn_server"; + server => "$openvpn_configname"; "proto $openvpn_configname": key => "proto", value => "$proto", - server => "$openvpn_server"; + server => "$openvpn_configname"; "cipher $openvpn_configname": key => "cipher", value => "BF-CBC", - server => "$openvpn_server"; + server => "$openvpn_configname"; "local $openvpn_configname": key => "local", value => $ipaddress, - server => "$openvpn_server"; + server => "$openvpn_configname"; "tls-server $openvpn_configname": key => "tls-server", - server => "$openvpn_server"; - "server $openvpn_configname": - key => "server", - value => "$server", - server => "$openvpn_server"; + server => "$openvpn_configname"; + #"server $openvpn_configname": + # key => "server", + # value => "$server", + # server => "$openvpn_configname"; "lport $openvpn_configname": key => "lport", value => "$port", - server => "$openvpn_server"; + server => "$openvpn_configname"; "management $openvpn_configname": key => "management", value => "/var/run/openvpn-$openvpn_configname.sock unix", - server => "$openvpn_server"; + server => "$openvpn_configname"; "comp-lzo $openvpn_configname": key => "comp-lzo", - server => "$openvpn_server"; + server => "$openvpn_configname"; "topology $openvpn_configname": key => "topology", value => "subnet", - server => "$openvpn_server"; - "client-to-client $openvpn_configname": - key => "client-to-client", - server => "$openvpn_server"; + server => "$openvpn_configname"; + #"client-to-client $openvpn_configname": + # key => "client-to-client", + # server => "$openvpn_configname"; } } -- cgit v1.2.3 From f6ab238512364ea640dc46e35590d5a5d5de51f3 Mon Sep 17 00:00:00 2001 From: varac Date: Thu, 6 Sep 2012 11:55:35 +0200 Subject: added submodule concat --- puppet/modules/concat | 1 + 1 file changed, 1 insertion(+) create mode 160000 puppet/modules/concat (limited to 'puppet/modules') diff --git a/puppet/modules/concat b/puppet/modules/concat new file mode 160000 index 00000000..abce1280 --- /dev/null +++ b/puppet/modules/concat @@ -0,0 +1 @@ +Subproject commit abce1280e07b544d8455f1572dd870bbd2f14892 -- cgit v1.2.3 From 8fb0fcd72bdb357942d5e9adc2092e78ce6e1ee0 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 23 Sep 2012 16:06:56 +0200 Subject: added submodule sshd --- puppet/modules/sshd | 1 + 1 file changed, 1 insertion(+) create mode 160000 puppet/modules/sshd (limited to 'puppet/modules') diff --git a/puppet/modules/sshd b/puppet/modules/sshd new file mode 160000 index 00000000..bd2e283a --- /dev/null +++ b/puppet/modules/sshd @@ -0,0 +1 @@ +Subproject commit bd2e283ab59430a7b3194804f1c8da7a9b58f8ff -- cgit v1.2.3 From 1dba92e9a2d71b7a1259ecb5f627e57e1a8fc7b8 Mon Sep 17 00:00:00 2001 From: varac Date: Sun, 23 Sep 2012 19:01:54 +0200 Subject: beginning of site_sshd --- puppet/modules/site_sshd/manifests/init.pp | 1 + puppet/modules/site_sshd/manifests/ssh_key.pp | 3 +++ 2 files changed, 4 insertions(+) create mode 100644 puppet/modules/site_sshd/manifests/init.pp create mode 100644 puppet/modules/site_sshd/manifests/ssh_key.pp (limited to 'puppet/modules') diff --git a/puppet/modules/site_sshd/manifests/init.pp b/puppet/modules/site_sshd/manifests/init.pp new file mode 100644 index 00000000..630e9bdf --- /dev/null +++ b/puppet/modules/site_sshd/manifests/init.pp @@ -0,0 +1 @@ +class site_sshd {} diff --git a/puppet/modules/site_sshd/manifests/ssh_key.pp b/puppet/modules/site_sshd/manifests/ssh_key.pp new file mode 100644 index 00000000..b47b2ebd --- /dev/null +++ b/puppet/modules/site_sshd/manifests/ssh_key.pp @@ -0,0 +1,3 @@ +define site_sshd::ssh_key($key) { + # ... todo: deploy ssh_key +} -- cgit v1.2.3 From 967c231e754d769225e26cbd7b2ad3738bce833b Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 24 Sep 2012 17:36:58 +0200 Subject: added submodule apt --- puppet/modules/apt | 1 + 1 file changed, 1 insertion(+) create mode 160000 puppet/modules/apt (limited to 'puppet/modules') diff --git a/puppet/modules/apt b/puppet/modules/apt new file mode 160000 index 00000000..02bd3269 --- /dev/null +++ b/puppet/modules/apt @@ -0,0 +1 @@ +Subproject commit 02bd3269948f1a3c5a586e581a7fec22da69a2cc -- cgit v1.2.3 From 1b52d7de0f6214ceec879382932968fd07212624 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 24 Sep 2012 17:45:08 +0200 Subject: added submodule lsb --- puppet/modules/lsb | 1 + 1 file changed, 1 insertion(+) create mode 160000 puppet/modules/lsb (limited to 'puppet/modules') diff --git a/puppet/modules/lsb b/puppet/modules/lsb new file mode 160000 index 00000000..3742c1a0 --- /dev/null +++ b/puppet/modules/lsb @@ -0,0 +1 @@ +Subproject commit 3742c1a00c5602154a81834443ec5b0ca32c4ca0 -- cgit v1.2.3 From 3fc154d5b495338b7cce2971a0fba2c4faef4ee2 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 24 Sep 2012 17:46:03 +0200 Subject: added submodule ntp --- puppet/modules/ntp | 1 + 1 file changed, 1 insertion(+) create mode 160000 puppet/modules/ntp (limited to 'puppet/modules') diff --git a/puppet/modules/ntp b/puppet/modules/ntp new file mode 160000 index 00000000..27f2bc72 --- /dev/null +++ b/puppet/modules/ntp @@ -0,0 +1 @@ +Subproject commit 27f2bc72110b1001233eb0907aa07e06cdf33194 -- cgit v1.2.3 From 53dea7cd638ebf8d353d052b2d2185940c2056b9 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 24 Sep 2012 17:54:53 +0200 Subject: added submodule git --- puppet/modules/git | 1 + 1 file changed, 1 insertion(+) create mode 160000 puppet/modules/git (limited to 'puppet/modules') diff --git a/puppet/modules/git b/puppet/modules/git new file mode 160000 index 00000000..497a1034 --- /dev/null +++ b/puppet/modules/git @@ -0,0 +1 @@ +Subproject commit 497a1034489e0dc3cab5dab2fb0a857785769734 -- cgit v1.2.3 From bedef1a878698997c5c8490599dc9269fef60c37 Mon Sep 17 00:00:00 2001 From: varac Date: Mon, 24 Sep 2012 18:35:38 +0200 Subject: added submodule common --- puppet/modules/common | 1 + 1 file changed, 1 insertion(+) create mode 160000 puppet/modules/common (limited to 'puppet/modules') diff --git a/puppet/modules/common b/puppet/modules/common new file mode 160000 index 00000000..0961ad45 --- /dev/null +++ b/puppet/modules/common @@ -0,0 +1 @@ +Subproject commit 0961ad453b8befb4ea61bbd19f6ecea32b9619c9 -- cgit v1.2.3