diff options
Diffstat (limited to 'manifests/client.pp')
| -rw-r--r-- | manifests/client.pp | 122 |
1 files changed, 31 insertions, 91 deletions
diff --git a/manifests/client.pp b/manifests/client.pp index ed11b3a..b08d3cf 100644 --- a/manifests/client.pp +++ b/manifests/client.pp @@ -1,6 +1,20 @@ # client.pp -define openvpn::client($server, $remote_host = $::fqdn) { +define openvpn::client( + $server, + $dev = 'tun', + $mute = '20', + $mute_replay_warnings = true, + $nobind = true + $ns_cert_type = 'server', + $persist_key = true, + $persist_tun = true, + $port = '1194', + $proto = 'tcp' + $remote_host = $::fqdn, + $resolve_retry = 'infinite', + $verb = '3', +) { exec { "generate certificate for ${name} in context of ${server}": command => ". ./vars && ./pkitool ${name}", @@ -38,84 +52,23 @@ define openvpn::client($server, $remote_host = $::fqdn) { File["/etc/openvpn/${server}/download-configs/${name}/keys"] ]; } - - openvpn::option { - "ca ${server} with ${name}": - key => 'ca', - value => 'keys/ca.crt', - client => $name, - server => $server; - "cert ${server} with ${name}": - key => 'cert', - value => "keys/${name}.crt", - client => $name, - server => $server; - "key ${server} with ${name}": - key => 'key', - value => "keys/${name}.key", - client => $name, - server => $server; - "client ${server} with ${name}": - key => 'client', - client => $name, - server => $server; - "dev ${server} with ${name}": - key => 'dev', - value => 'tun', - client => $name, - server => $server; - "proto ${server} with ${name}": - key => 'proto', - value => 'tcp', - client => $name, - server => $server; - "remote ${server} with ${name}": - key => 'remote', - value => "${remote_host} 1194", - client => $name, - server => $server; - "resolv-retry ${server} with ${name}": - key => 'resolv-retry', - value => 'infinite', - client => $name, - server => $server; - "nobind ${server} with ${name}": - key => 'nobind', - client => $name, - server => $server; - "persist-key ${server} with ${name}": - key => 'persist-key', - client => $name, - server => $server; - "persist-tun ${server} with ${name}": - key => 'persist-tun', - client => $name, - server => $server; - "mute-replay-warnings ${server} with ${name}": - key => 'mute-replay-warnings', - client => $name, - server => $server; - "ns-cert-type ${server} with ${name}": - key => 'ns-cert-type', - value => 'server', - client => $name, - server => $server; - "comp-lzo ${server} with ${name}": - key => 'comp-lzo', - client => $name, - server => $server; - "verb ${server} with ${name}": - key => 'verb', - value => '3', - client => $name, - server => $server; - "mute ${server} with ${name}": - key => 'mute', - value => '20', - client => $name, - server => $server; + concat { + [ "/etc/openvpn/${server}/client-configs/${name}", "/etc/openvpn/${server}/download-configs/${name}/${name}.conf" ]: + owner => root, + group => root, + mode => 644, + warn => true, + force => true, + notify => Exec["tar the thing ${server} with ${name}"], + require => [ File['/etc/openvpn'], File["/etc/openvpn/${server}/download-configs/${name}"] ]; } - + + concat::fragment { + "openvpn.${server}.client.${name}": + target => "/etc/openvpn/${server}/download-configs/${name}/${name}.conf", + content => "${content}\n"; + } + exec { "tar the thing ${server} with ${name}": cwd => "/etc/openvpn/${server}/download-configs/", @@ -126,17 +79,4 @@ define openvpn::client($server, $remote_host = $::fqdn) { File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.key"], File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.crt"] ]; } - - - concat { - [ "/etc/openvpn/${server}/client-configs/${name}", "/etc/openvpn/${server}/download-configs/${name}/${name}.conf" ]: - owner => root, - group => root, - mode => 644, - warn => true, - force => true, - notify => Exec["tar the thing ${server} with ${name}"], - require => [ File['/etc/openvpn'], File["/etc/openvpn/${server}/download-configs/${name}"] ]; - } - } |