diff options
| author | Justin Lambert <jlambert@eml.cc> | 2012-12-31 13:20:25 -0700 |
|---|---|---|
| committer | Justin Lambert <jlambert@eml.cc> | 2012-12-31 13:20:25 -0700 |
| commit | bd43cc37ba2c1de8466cbee5c94a68510becbbff (patch) | |
| tree | ec4562e5f94e0b14d0ce44fd26af7ddab738f387 /manifests | |
| parent | f7498ecfb1a0c80cb310f0ab5dcbc81728c713f1 (diff) | |
move default options to parameters
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/client.pp | 122 | ||||
| -rw-r--r-- | manifests/server.pp | 72 |
2 files changed, 47 insertions, 147 deletions
diff --git a/manifests/client.pp b/manifests/client.pp index ed11b3a..b08d3cf 100644 --- a/manifests/client.pp +++ b/manifests/client.pp @@ -1,6 +1,20 @@ # client.pp -define openvpn::client($server, $remote_host = $::fqdn) { +define openvpn::client( + $server, + $dev = 'tun', + $mute = '20', + $mute_replay_warnings = true, + $nobind = true + $ns_cert_type = 'server', + $persist_key = true, + $persist_tun = true, + $port = '1194', + $proto = 'tcp' + $remote_host = $::fqdn, + $resolve_retry = 'infinite', + $verb = '3', +) { exec { "generate certificate for ${name} in context of ${server}": command => ". ./vars && ./pkitool ${name}", @@ -38,84 +52,23 @@ define openvpn::client($server, $remote_host = $::fqdn) { File["/etc/openvpn/${server}/download-configs/${name}/keys"] ]; } - - openvpn::option { - "ca ${server} with ${name}": - key => 'ca', - value => 'keys/ca.crt', - client => $name, - server => $server; - "cert ${server} with ${name}": - key => 'cert', - value => "keys/${name}.crt", - client => $name, - server => $server; - "key ${server} with ${name}": - key => 'key', - value => "keys/${name}.key", - client => $name, - server => $server; - "client ${server} with ${name}": - key => 'client', - client => $name, - server => $server; - "dev ${server} with ${name}": - key => 'dev', - value => 'tun', - client => $name, - server => $server; - "proto ${server} with ${name}": - key => 'proto', - value => 'tcp', - client => $name, - server => $server; - "remote ${server} with ${name}": - key => 'remote', - value => "${remote_host} 1194", - client => $name, - server => $server; - "resolv-retry ${server} with ${name}": - key => 'resolv-retry', - value => 'infinite', - client => $name, - server => $server; - "nobind ${server} with ${name}": - key => 'nobind', - client => $name, - server => $server; - "persist-key ${server} with ${name}": - key => 'persist-key', - client => $name, - server => $server; - "persist-tun ${server} with ${name}": - key => 'persist-tun', - client => $name, - server => $server; - "mute-replay-warnings ${server} with ${name}": - key => 'mute-replay-warnings', - client => $name, - server => $server; - "ns-cert-type ${server} with ${name}": - key => 'ns-cert-type', - value => 'server', - client => $name, - server => $server; - "comp-lzo ${server} with ${name}": - key => 'comp-lzo', - client => $name, - server => $server; - "verb ${server} with ${name}": - key => 'verb', - value => '3', - client => $name, - server => $server; - "mute ${server} with ${name}": - key => 'mute', - value => '20', - client => $name, - server => $server; + concat { + [ "/etc/openvpn/${server}/client-configs/${name}", "/etc/openvpn/${server}/download-configs/${name}/${name}.conf" ]: + owner => root, + group => root, + mode => 644, + warn => true, + force => true, + notify => Exec["tar the thing ${server} with ${name}"], + require => [ File['/etc/openvpn'], File["/etc/openvpn/${server}/download-configs/${name}"] ]; } - + + concat::fragment { + "openvpn.${server}.client.${name}": + target => "/etc/openvpn/${server}/download-configs/${name}/${name}.conf", + content => "${content}\n"; + } + exec { "tar the thing ${server} with ${name}": cwd => "/etc/openvpn/${server}/download-configs/", @@ -126,17 +79,4 @@ define openvpn::client($server, $remote_host = $::fqdn) { File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.key"], File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.crt"] ]; } - - - concat { - [ "/etc/openvpn/${server}/client-configs/${name}", "/etc/openvpn/${server}/download-configs/${name}/${name}.conf" ]: - owner => root, - group => root, - mode => 644, - warn => true, - force => true, - notify => Exec["tar the thing ${server} with ${name}"], - require => [ File['/etc/openvpn'], File["/etc/openvpn/${server}/download-configs/${name}"] ]; - } - } diff --git a/manifests/server.pp b/manifests/server.pp index bfcaad8..e42c715 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -1,6 +1,15 @@ # server.pp -define openvpn::server($country, $province, $city, $organization, $email) { +define openvpn::server( + $country, + $province, + $city, + $organization, + $email, + $compression = 'comp-lzo' + $port = '1194', + $proto = 'tcp', +) { include openvpn $easyrsa_source = $::osfamily ? { @@ -14,30 +23,10 @@ define openvpn::server($country, $province, $city, $organization, $email) { } file { - "/etc/openvpn/${name}": + ["/etc/openvpn/${name}", "/etc/openvpn/${name}/client-configs", "/etc/openvpn/${name}/download-configs" ]: ensure => directory, require => Package['openvpn']; } - file { - "/etc/openvpn/${name}/client-configs": - ensure => directory, - require => File["/etc/openvpn/${name}"]; - "/etc/openvpn/${name}/download-configs": - ensure => directory, - require => File["/etc/openvpn/${name}"]; - } - - openvpn::option { - "client-config-dir ${name}": - key => 'client-config-dir', - value => "/etc/openvpn/${name}/client-configs", - server => $name, - require => File["/etc/openvpn/${name}"]; - "mode ${name}": - key => 'mode', - value => 'server', - server => $name; - } exec { "copy easy-rsa to openvpn config folder ${name}": @@ -99,40 +88,6 @@ define openvpn::server($country, $province, $city, $organization, $email) { require => Exec["copy easy-rsa to openvpn config folder ${name}"]; } - openvpn::option { - "ca ${name}": - key => 'ca', - value => "/etc/openvpn/${name}/keys/ca.crt", - require => Exec["initca ${name}"], - server => $name; - "cert ${name}": - key => 'cert', - value => "/etc/openvpn/${name}/keys/server.crt", - require => Exec["generate server cert ${name}"], - server => $name; - "key ${name}": - key => 'key', - value => "/etc/openvpn/${name}/keys/server.key", - require => Exec["generate server cert ${name}"], - server => $name; - "dh ${name}": - key => 'dh', - value => "/etc/openvpn/${name}/keys/dh1024.pem", - require => Exec["generate dh param ${name}"], - server => $name; - - "proto ${name}": - key => 'proto', - value => 'tcp', - require => Exec["generate dh param ${name}"], - server => $name; - - "comp-lzo ${name}": - key => 'comp-lzo', - require => Exec["generate dh param ${name}"], - server => $name; - } - concat::fragment { "openvpn.default.autostart.${name}": content => "AUTOSTART=\"\$AUTOSTART ${name}\"\n", @@ -150,4 +105,9 @@ define openvpn::server($country, $province, $city, $organization, $email) { notify => Service['openvpn']; } + concat::fragment { + "openvpn.${server}.${name}": + target => "/etc/openvpn/${name}.conf", + content => template('openvpn/server.erb') + } } |