diff options
Diffstat (limited to 'manifests/definitions/client.pp')
-rw-r--r-- | manifests/definitions/client.pp | 130 |
1 files changed, 130 insertions, 0 deletions
diff --git a/manifests/definitions/client.pp b/manifests/definitions/client.pp new file mode 100644 index 0000000..620d374 --- /dev/null +++ b/manifests/definitions/client.pp @@ -0,0 +1,130 @@ +# client.pp + +define openvpn::client($server, $remote_host = $fqdn) { + exec { + "generate certificate for ${name} in context of ${server}": + command => ". ./vars && ./pkitool ${name}", + cwd => "/etc/openvpn/${server}/easy-rsa", + creates => "/etc/openvpn/${server}/easy-rsa/keys/${name}.crt", + provider => "shell", + require => Exec["generate server cert ${server}"]; + } + + file { + "/etc/openvpn/${server}/download-configs/${name}": + ensure => directory, + require => File["/etc/openvpn/${server}/download-configs"]; + + "/etc/openvpn/${server}/download-configs/${name}/keys": + ensure => directory, + require => File["/etc/openvpn/${server}/download-configs/${name}"]; + + "/etc/openvpn/${server}/download-configs/${name}/keys/${name}.crt": + ensure => link, + target => "/etc/openvpn/${server}/easy-rsa/keys/${name}.crt", + require => [ Exec["generate certificate for ${name} in context of ${server}"], + File["/etc/openvpn/${server}/download-configs/${name}/keys"] ]; + + "/etc/openvpn/${server}/download-configs/${name}/keys/${name}.key": + ensure => link, + target => "/etc/openvpn/${server}/easy-rsa/keys/${name}.key", + require => [ Exec["generate certificate for ${name} in context of ${server}"], + File["/etc/openvpn/${server}/download-configs/${name}/keys"] ]; + + "/etc/openvpn/${server}/download-configs/${name}/keys/ca.crt": + ensure => link, + target => "/etc/openvpn/${server}/easy-rsa/keys/ca.crt", + require => [ Exec["generate certificate for ${name} in context of ${server}"], + File["/etc/openvpn/${server}/download-configs/${name}/keys"] ]; + } + + + openvpn::option { + "ca ${server} with ${name}": + key => "ca", + value => "keys/ca.crt", + client => $name, + server => $server; + "cert ${server} with ${name}": + key => "cert", + value => "keys/${name}.crt", + client => $name, + server => $server; + "key ${server} with ${name}": + key => "key", + value => "keys/${name}.key", + client => $name, + server => $server; + "client ${server} with ${name}": + key => "client", + client => $name, + server => $server; + "dev ${server} with ${name}": + key => "dev", + value => "tun", + client => $name, + server => $server; + "proto ${server} with ${name}": + key => "proto", + value => "tcp", + client => $name, + server => $server; + "remote ${server} with ${name}": + key => "remote", + value => "${remote_host} 1194", + client => $name, + server => $server; + "resolv-retry ${server} with ${name}": + key => "resolv-retry", + value => "infinite", + client => $name, + server => $server; + "nobind ${server} with ${name}": + key => "nobind", + client => $name, + server => $server; + "persist-key ${server} with ${name}": + key => "persist-key", + client => $name, + server => $server; + "persist-tun ${server} with ${name}": + key => "persist-tun", + client => $name, + server => $server; + "mute-replay-warnings ${server} with ${name}": + key => "mute-replay-warnings", + client => $name, + server => $server; + "ns-cert-type ${server} with ${name}": + key => "ns-cert-type", + value => "server", + client => $name, + server => $server; + "comp-lzo ${server} with ${name}": + key => "comp-lzo", + client => $name, + server => $server; + "verb ${server} with ${name}": + key => "verb", + value => "3", + client => $name, + server => $server; + "mute ${server} with ${name}": + key => "mute", + value => "20", + client => $name, + server => $server; + } + + exec { + "tar the thing ${server} with ${name}": + cwd => "/etc/openvpn/${server}/download-configs/", + command => "rm ${name}.tar.gz; tar --exclude=\\*.conf.d -chzvf ${name}.tar.gz ${name}", + refreshonly => true, + subscribe => Exec["/etc/openvpn/${server}/download-configs/${name}/${name}.conf concatenation"], + require => [ File["/etc/openvpn/${server}/download-configs/${name}/${name}.conf"], + File["/etc/openvpn/${server}/download-configs/${name}/keys/ca.crt"], + File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.key"], + File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.crt"] ]; + } +} |