1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
class site_config::eip {
include site_openvpn
include site_openvpn::keys
#$tor=hiera('tor')
#notice("Tor enabled: $tor")
$ip_address = hiera('ip_address')
$interface = hiera('interface')
$gateway_address = hiera('gateway_address')
$openvpn_config = hiera('openvpn')
$openvpn_gateway_address = $openvpn_config['gateway_address']
#include interfaces
#interfaces::iface { $interface:
# family => 'inet',
# method => 'static',
# options => [ "address $ip_address",
# 'netmask 255.255.255.0',
# "gateway $gateway_address",
# "up ip addr add $openvpn_gateway_address/24 dev $interface",
# "down ip addr del $openvpn_gateway_address/24 dev $interface",
# ],
# auto => 1,
# allow_hotplug => 1 }
#site_openvpn::server_config { 'tcp_config':
# port => '1194',
# proto => 'tcp',
# local => $gateway_address,
# server => '10.1.0.0 255.255.248.0',
# push => '"dhcp-option DNS 10.1.0.1"',
# management => '127.0.0.1 1000'
#}
#site_openvpn::server_config { 'udp_config':
# port => '1194',
# proto => 'udp',
# local => $gateway_address,
# server => '10.2.0.0 255.255.248.0',
# push => '"dhcp-option DNS 10.2.0.1"',
# management => '127.0.0.1 1001'
#}
file { '/usr/local/bin/leap_add_second_ip.sh':
content => "#!/bin/sh
ip addr show dev $interface | grep -q ${openvpn_gateway_address}/24 || ip addr add ${openvpn_gateway_address}/24 dev $interface",
mode => '0755',
}
exec { '/usr/local/bin/leap_add_second_ip.sh':
subscribe => File['/usr/local/bin/leap_add_second_ip.sh'],
}
#exec { "ip addr add $openvpn_gateway_address/24 dev $interface":
# path => '/usr/bin:/sbin',
# unless => "ip addr show dev $interface | grep -q '$interface/24'"
#}
include site_shorewall::eip
}
|