puppet/manifests/site.pp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

node 'default' {
  notify {'Please specify a host in site.pp!':}

  $openvpn_server=$::fqdn

  openvpn::server {
    "$openvpn_server":
        country      => hiera("country"),
        province     => hiera("province"),
        city         => hiera("city"),
        organization => hiera("organization"),
        email        => hiera("email");
  }

# configure server
  

  openvpn::option {
    "dev $openvpn_server":
        key    => "dev",
        value  => "tun0",
        server => "$openvpn_server";
    "script-security $openvpn_server":
        key    => "script-security",
        value  => "3",
        server => "$openvpn_server";
    "daemon $openvpn_server":
        key    => "daemon",
        server => "$openvpn_server";
    "keepalive $openvpn_server":
        key    => "keepalive",
        value  => "10 60",
        server => "$openvpn_server";
    "ping-timer-rem $openvpn_server":
        key    => "ping-timer-rem",
        server => "$openvpn_server";
    "persist-tun $openvpn_server":
        key    => "persist-tun",
        server => "$openvpn_server";
    "persist-key $openvpn_server":
        key    => "persist-key",
        server => "$openvpn_server";
    "proto $openvpn_server":
        key    => "proto",
        value  => "tcp-server",
        server => "$openvpn_server";
    "cipher $openvpn_server":
        key    => "cipher",
        value  => "BF-CBC",
        server => "$openvpn_server";
    "local $openvpn_server":
        key    => "local",
        value  => $ipaddress,
        server => "$openvpn_server";
    "tls-server $openvpn_server":
        key    => "tls-server",
        server => "$openvpn_server";
    "server $openvpn_server":
        key    => "server",
        value  => "10.10.10.0 255.255.255.0",
        server => "$openvpn_server";
    "lport $openvpn_server":
        key    => "lport",
        value  => "1194",
        server => "$openvpn_server";
    "management $openvpn_server":
        key    => "management",
        value  => "/var/run/openvpn-$openvpn_server.sock unix",
        server => "$openvpn_server";
    "comp-lzo $openvpn_server":
        key    => "comp-lzo",
        server => "$openvpn_server";
    "topology $openvpn_server":
        key    => "topology",
        value  => "subnet",
        server => "$openvpn_server";
    "client-to-client $openvpn_server":
        key    => "client-to-client",
        server => "$openvpn_server";
  }

}