summaryrefslogtreecommitdiff
path: root/manifests/definitions/client.pp
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/definitions/client.pp')
-rw-r--r--manifests/definitions/client.pp130
1 files changed, 130 insertions, 0 deletions
diff --git a/manifests/definitions/client.pp b/manifests/definitions/client.pp
new file mode 100644
index 0000000..620d374
--- /dev/null
+++ b/manifests/definitions/client.pp
@@ -0,0 +1,130 @@
+# client.pp
+
+define openvpn::client($server, $remote_host = $fqdn) {
+ exec {
+ "generate certificate for ${name} in context of ${server}":
+ command => ". ./vars && ./pkitool ${name}",
+ cwd => "/etc/openvpn/${server}/easy-rsa",
+ creates => "/etc/openvpn/${server}/easy-rsa/keys/${name}.crt",
+ provider => "shell",
+ require => Exec["generate server cert ${server}"];
+ }
+
+ file {
+ "/etc/openvpn/${server}/download-configs/${name}":
+ ensure => directory,
+ require => File["/etc/openvpn/${server}/download-configs"];
+
+ "/etc/openvpn/${server}/download-configs/${name}/keys":
+ ensure => directory,
+ require => File["/etc/openvpn/${server}/download-configs/${name}"];
+
+ "/etc/openvpn/${server}/download-configs/${name}/keys/${name}.crt":
+ ensure => link,
+ target => "/etc/openvpn/${server}/easy-rsa/keys/${name}.crt",
+ require => [ Exec["generate certificate for ${name} in context of ${server}"],
+ File["/etc/openvpn/${server}/download-configs/${name}/keys"] ];
+
+ "/etc/openvpn/${server}/download-configs/${name}/keys/${name}.key":
+ ensure => link,
+ target => "/etc/openvpn/${server}/easy-rsa/keys/${name}.key",
+ require => [ Exec["generate certificate for ${name} in context of ${server}"],
+ File["/etc/openvpn/${server}/download-configs/${name}/keys"] ];
+
+ "/etc/openvpn/${server}/download-configs/${name}/keys/ca.crt":
+ ensure => link,
+ target => "/etc/openvpn/${server}/easy-rsa/keys/ca.crt",
+ require => [ Exec["generate certificate for ${name} in context of ${server}"],
+ File["/etc/openvpn/${server}/download-configs/${name}/keys"] ];
+ }
+
+
+ openvpn::option {
+ "ca ${server} with ${name}":
+ key => "ca",
+ value => "keys/ca.crt",
+ client => $name,
+ server => $server;
+ "cert ${server} with ${name}":
+ key => "cert",
+ value => "keys/${name}.crt",
+ client => $name,
+ server => $server;
+ "key ${server} with ${name}":
+ key => "key",
+ value => "keys/${name}.key",
+ client => $name,
+ server => $server;
+ "client ${server} with ${name}":
+ key => "client",
+ client => $name,
+ server => $server;
+ "dev ${server} with ${name}":
+ key => "dev",
+ value => "tun",
+ client => $name,
+ server => $server;
+ "proto ${server} with ${name}":
+ key => "proto",
+ value => "tcp",
+ client => $name,
+ server => $server;
+ "remote ${server} with ${name}":
+ key => "remote",
+ value => "${remote_host} 1194",
+ client => $name,
+ server => $server;
+ "resolv-retry ${server} with ${name}":
+ key => "resolv-retry",
+ value => "infinite",
+ client => $name,
+ server => $server;
+ "nobind ${server} with ${name}":
+ key => "nobind",
+ client => $name,
+ server => $server;
+ "persist-key ${server} with ${name}":
+ key => "persist-key",
+ client => $name,
+ server => $server;
+ "persist-tun ${server} with ${name}":
+ key => "persist-tun",
+ client => $name,
+ server => $server;
+ "mute-replay-warnings ${server} with ${name}":
+ key => "mute-replay-warnings",
+ client => $name,
+ server => $server;
+ "ns-cert-type ${server} with ${name}":
+ key => "ns-cert-type",
+ value => "server",
+ client => $name,
+ server => $server;
+ "comp-lzo ${server} with ${name}":
+ key => "comp-lzo",
+ client => $name,
+ server => $server;
+ "verb ${server} with ${name}":
+ key => "verb",
+ value => "3",
+ client => $name,
+ server => $server;
+ "mute ${server} with ${name}":
+ key => "mute",
+ value => "20",
+ client => $name,
+ server => $server;
+ }
+
+ exec {
+ "tar the thing ${server} with ${name}":
+ cwd => "/etc/openvpn/${server}/download-configs/",
+ command => "rm ${name}.tar.gz; tar --exclude=\\*.conf.d -chzvf ${name}.tar.gz ${name}",
+ refreshonly => true,
+ subscribe => Exec["/etc/openvpn/${server}/download-configs/${name}/${name}.conf concatenation"],
+ require => [ File["/etc/openvpn/${server}/download-configs/${name}/${name}.conf"],
+ File["/etc/openvpn/${server}/download-configs/${name}/keys/ca.crt"],
+ File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.key"],
+ File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.crt"] ];
+ }
+}