diff options
| author | Raffael Schmid <raffael@yux.ch> | 2013-01-19 15:29:29 +0100 |
|---|---|---|
| committer | Raffael Schmid <raffael@yux.ch> | 2013-01-19 15:29:29 +0100 |
| commit | c769e17c89d1889889c444213ef9a49bda5a041e (patch) | |
| tree | f16e67ad320cb1b499bad31a8ed9d73592b4da05 /manifests | |
| parent | 75d3fd74c83a7c172211c8ea681f527652ef4521 (diff) | |
use nogroup on Debian based machines, nobody on RedHat ones
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/init.pp | 1 | ||||
| -rw-r--r-- | manifests/params.pp | 8 | ||||
| -rw-r--r-- | manifests/server.pp | 19 |
3 files changed, 21 insertions, 7 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index 173b9bd..a757873 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -18,6 +18,7 @@ # class openvpn { + class {'openvpn::params': } -> class {'openvpn::install': } -> class {'openvpn::config': } ~> class {'openvpn::service': } -> diff --git a/manifests/params.pp b/manifests/params.pp new file mode 100644 index 0000000..328f2cf --- /dev/null +++ b/manifests/params.pp @@ -0,0 +1,8 @@ +class openvpn::params { + + $group = $::osfamily ? { + 'RedHat' => 'nobody', + default => 'nogroup' + } + +} diff --git a/manifests/server.pp b/manifests/server.pp index 78b3df3..b5f0e63 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -30,9 +30,13 @@ # Default: tun # Options: tun (routed connections), tap (bridged connections) # +# [*user*] +# String. Group to drop privileges to after startup +# Default: nobody +# # [*group*] # String. User to drop privileges to after startup -# Default: nobody +# Default: depends on your $::osfamily # # [*ipp*] # Boolean. Persist ifconfig information to a file to retain client IP @@ -62,10 +66,6 @@ # String. Logfile for periodic dumps of the vpn service status # Default: "${name}/openvpn-status.log" # -# [*user*] -# String. Group to drop privileges to after startup -# Default: nobody -# # [*server*] # String. Network to assign client addresses out of # Default: None. Required in tun mode, not in tap mode @@ -102,7 +102,8 @@ define openvpn::server( $email, $compression = 'comp-lzo', $dev = 'tun0', - $group = 'nobody', + $user = 'nobody', + $group = false, $ipp = false, $ip_pool = [], $local = $::ipaddress_eth0, @@ -110,7 +111,6 @@ define openvpn::server( $port = '1194', $proto = 'tcp', $status_log = "${name}/openvpn-status.log", - $user = 'nobody', $server = '', $push = [] ) { @@ -135,6 +135,11 @@ define openvpn::server( default => false } + $group_to_set = $group ? { + false => $openvpn::params::group, + default => $group + } + file { ["/etc/openvpn/${name}", "/etc/openvpn/${name}/client-configs", "/etc/openvpn/${name}/download-configs" ]: ensure => directory; |