puppet-lint cleanup
[puppet_openvpn.git] / manifests / client.pp
1 # client.pp
2
3 define openvpn::client($server, $remote_host = $fqdn) {
4     exec {
5         "generate certificate for ${name} in context of ${server}":
6             command  => ". ./vars && ./pkitool ${name}",
7             cwd      => "/etc/openvpn/${server}/easy-rsa",
8             creates  => "/etc/openvpn/${server}/easy-rsa/keys/${name}.crt",
9             provider => 'shell',
10             require  => Exec["generate server cert ${server}"];
11     }
12
13     file {
14         "/etc/openvpn/${server}/download-configs/${name}":
15             ensure  => directory,
16             require => File["/etc/openvpn/${server}/download-configs"];
17
18         "/etc/openvpn/${server}/download-configs/${name}/keys":
19             ensure  => directory,
20             require => File["/etc/openvpn/${server}/download-configs/${name}"];
21
22         "/etc/openvpn/${server}/download-configs/${name}/keys/${name}.crt":
23             ensure  => link,
24             target  => "/etc/openvpn/${server}/easy-rsa/keys/${name}.crt",
25             require => [ Exec["generate certificate for ${name} in context of ${server}"],
26                           File["/etc/openvpn/${server}/download-configs/${name}/keys"] ];
27
28         "/etc/openvpn/${server}/download-configs/${name}/keys/${name}.key":
29             ensure  => link,
30             target  => "/etc/openvpn/${server}/easy-rsa/keys/${name}.key",
31             require => [ Exec["generate certificate for ${name} in context of ${server}"],
32                           File["/etc/openvpn/${server}/download-configs/${name}/keys"] ];
33
34         "/etc/openvpn/${server}/download-configs/${name}/keys/ca.crt":
35             ensure  => link,
36             target  => "/etc/openvpn/${server}/easy-rsa/keys/ca.crt",
37             require => [ Exec["generate certificate for ${name} in context of ${server}"],
38                           File["/etc/openvpn/${server}/download-configs/${name}/keys"] ];
39     }
40
41
42     openvpn::option {
43         "ca ${server} with ${name}":
44             key    => 'ca',
45             value  => 'keys/ca.crt',
46             client => $name,
47             server => $server;
48         "cert ${server} with ${name}":
49             key    => 'cert',
50             value  => "keys/${name}.crt",
51             client => $name,
52             server => $server;
53         "key ${server} with ${name}":
54             key    => 'key',
55             value  => "keys/${name}.key",
56             client => $name,
57             server => $server;
58         "client ${server} with ${name}":
59             key    => 'client',
60             client => $name,
61             server => $server;
62         "dev ${server} with ${name}":
63             key    => 'dev',
64             value  => 'tun',
65             client => $name,
66             server => $server;
67         "proto ${server} with ${name}":
68             key    => 'proto',
69             value  => 'tcp',
70             client => $name,
71             server => $server;
72         "remote ${server} with ${name}":
73             key    => 'remote',
74             value  => "${remote_host} 1194",
75             client => $name,
76             server => $server;
77         "resolv-retry ${server} with ${name}":
78             key    => 'resolv-retry',
79             value  => 'infinite',
80             client => $name,
81             server => $server;
82         "nobind ${server} with ${name}":
83             key    => 'nobind',
84             client => $name,
85             server => $server;
86         "persist-key ${server} with ${name}":
87             key    => 'persist-key',
88             client => $name,
89             server => $server;
90         "persist-tun ${server} with ${name}":
91             key    => 'persist-tun',
92             client => $name,
93             server => $server;
94         "mute-replay-warnings ${server} with ${name}":
95             key    => 'mute-replay-warnings',
96             client => $name,
97             server => $server;
98         "ns-cert-type ${server} with ${name}":
99             key    => 'ns-cert-type',
100             value  => 'server',
101             client => $name,
102             server => $server;
103         "comp-lzo ${server} with ${name}":
104             key    => 'comp-lzo',
105             client => $name,
106             server => $server;
107         "verb ${server} with ${name}":
108             key    => 'verb',
109             value  => '3',
110             client => $name,
111             server => $server;
112         "mute ${server} with ${name}":
113             key    => 'mute',
114             value  => '20',
115             client => $name,
116             server => $server;
117     }
118
119     exec {
120         "tar the thing ${server} with ${name}":
121             cwd         => "/etc/openvpn/${server}/download-configs/",
122             command     => "/bin/rm ${name}.tar.gz; tar --exclude=\\*.conf.d -chzvf ${name}.tar.gz ${name}",
123             refreshonly => true,
124             require     => [ File["/etc/openvpn/${server}/download-configs/${name}/${name}.conf"],
125                             File["/etc/openvpn/${server}/download-configs/${name}/keys/ca.crt"],
126                             File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.key"],
127                             File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.crt"] ];
128     }
129
130
131     concat {
132         [ "/etc/openvpn/${server}/client-configs/${name}", "/etc/openvpn/${server}/download-configs/${name}/${name}.conf" ]:
133             owner   => root,
134             group   => root,
135             mode    => 644,
136             warn    => true,
137             force   => true,
138             notify  => Exec["tar the thing ${server} with ${name}"],
139             require => [ File['/etc/openvpn'], File["/etc/openvpn/${server}/download-configs/${name}"] ];
140     }
141
142 }