summaryrefslogtreecommitdiff
path: root/manifests/definitions
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/definitions')
-rw-r--r--manifests/definitions/client.pp130
-rw-r--r--manifests/definitions/option.pp31
-rw-r--r--manifests/definitions/push.pp18
-rw-r--r--manifests/definitions/route.pp12
-rw-r--r--manifests/definitions/server.pp92
5 files changed, 283 insertions, 0 deletions
diff --git a/manifests/definitions/client.pp b/manifests/definitions/client.pp
new file mode 100644
index 0000000..620d374
--- /dev/null
+++ b/manifests/definitions/client.pp
@@ -0,0 +1,130 @@
+# client.pp
+
+define openvpn::client($server, $remote_host = $fqdn) {
+ exec {
+ "generate certificate for ${name} in context of ${server}":
+ command => ". ./vars && ./pkitool ${name}",
+ cwd => "/etc/openvpn/${server}/easy-rsa",
+ creates => "/etc/openvpn/${server}/easy-rsa/keys/${name}.crt",
+ provider => "shell",
+ require => Exec["generate server cert ${server}"];
+ }
+
+ file {
+ "/etc/openvpn/${server}/download-configs/${name}":
+ ensure => directory,
+ require => File["/etc/openvpn/${server}/download-configs"];
+
+ "/etc/openvpn/${server}/download-configs/${name}/keys":
+ ensure => directory,
+ require => File["/etc/openvpn/${server}/download-configs/${name}"];
+
+ "/etc/openvpn/${server}/download-configs/${name}/keys/${name}.crt":
+ ensure => link,
+ target => "/etc/openvpn/${server}/easy-rsa/keys/${name}.crt",
+ require => [ Exec["generate certificate for ${name} in context of ${server}"],
+ File["/etc/openvpn/${server}/download-configs/${name}/keys"] ];
+
+ "/etc/openvpn/${server}/download-configs/${name}/keys/${name}.key":
+ ensure => link,
+ target => "/etc/openvpn/${server}/easy-rsa/keys/${name}.key",
+ require => [ Exec["generate certificate for ${name} in context of ${server}"],
+ File["/etc/openvpn/${server}/download-configs/${name}/keys"] ];
+
+ "/etc/openvpn/${server}/download-configs/${name}/keys/ca.crt":
+ ensure => link,
+ target => "/etc/openvpn/${server}/easy-rsa/keys/ca.crt",
+ require => [ Exec["generate certificate for ${name} in context of ${server}"],
+ File["/etc/openvpn/${server}/download-configs/${name}/keys"] ];
+ }
+
+
+ openvpn::option {
+ "ca ${server} with ${name}":
+ key => "ca",
+ value => "keys/ca.crt",
+ client => $name,
+ server => $server;
+ "cert ${server} with ${name}":
+ key => "cert",
+ value => "keys/${name}.crt",
+ client => $name,
+ server => $server;
+ "key ${server} with ${name}":
+ key => "key",
+ value => "keys/${name}.key",
+ client => $name,
+ server => $server;
+ "client ${server} with ${name}":
+ key => "client",
+ client => $name,
+ server => $server;
+ "dev ${server} with ${name}":
+ key => "dev",
+ value => "tun",
+ client => $name,
+ server => $server;
+ "proto ${server} with ${name}":
+ key => "proto",
+ value => "tcp",
+ client => $name,
+ server => $server;
+ "remote ${server} with ${name}":
+ key => "remote",
+ value => "${remote_host} 1194",
+ client => $name,
+ server => $server;
+ "resolv-retry ${server} with ${name}":
+ key => "resolv-retry",
+ value => "infinite",
+ client => $name,
+ server => $server;
+ "nobind ${server} with ${name}":
+ key => "nobind",
+ client => $name,
+ server => $server;
+ "persist-key ${server} with ${name}":
+ key => "persist-key",
+ client => $name,
+ server => $server;
+ "persist-tun ${server} with ${name}":
+ key => "persist-tun",
+ client => $name,
+ server => $server;
+ "mute-replay-warnings ${server} with ${name}":
+ key => "mute-replay-warnings",
+ client => $name,
+ server => $server;
+ "ns-cert-type ${server} with ${name}":
+ key => "ns-cert-type",
+ value => "server",
+ client => $name,
+ server => $server;
+ "comp-lzo ${server} with ${name}":
+ key => "comp-lzo",
+ client => $name,
+ server => $server;
+ "verb ${server} with ${name}":
+ key => "verb",
+ value => "3",
+ client => $name,
+ server => $server;
+ "mute ${server} with ${name}":
+ key => "mute",
+ value => "20",
+ client => $name,
+ server => $server;
+ }
+
+ exec {
+ "tar the thing ${server} with ${name}":
+ cwd => "/etc/openvpn/${server}/download-configs/",
+ command => "rm ${name}.tar.gz; tar --exclude=\\*.conf.d -chzvf ${name}.tar.gz ${name}",
+ refreshonly => true,
+ subscribe => Exec["/etc/openvpn/${server}/download-configs/${name}/${name}.conf concatenation"],
+ require => [ File["/etc/openvpn/${server}/download-configs/${name}/${name}.conf"],
+ File["/etc/openvpn/${server}/download-configs/${name}/keys/ca.crt"],
+ File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.key"],
+ File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.crt"] ];
+ }
+}
diff --git a/manifests/definitions/option.pp b/manifests/definitions/option.pp
new file mode 100644
index 0000000..6c694d4
--- /dev/null
+++ b/manifests/definitions/option.pp
@@ -0,0 +1,31 @@
+# option.pp
+
+define openvpn::option($ensure = present, $key, $value = "", $server, $client = "", $csc = false) {
+ $content = $value ? {
+ "" => "${key}",
+ default => "${key} ${value}"
+ }
+
+ if $client == "" {
+ $path = "/etc/openvpn/${server}.conf"
+ $req = File["/etc/openvpn"]
+ $notify = Service["openvpn"]
+ } else {
+ if $scs {
+ $path = "/etc/openvpn/${server}/client-configs/${client}"
+ } else {
+ $path = "/etc/openvpn/${server}/download-configs/${client}/${client}.conf"
+ }
+ $req = [ File["/etc/openvpn"], File["/etc/openvpn/${server}/download-configs/${client}"] ]
+ $notify = undef
+ }
+
+ common::concatfilepart {
+ "${name}":
+ ensure => $ensure,
+ file => $path,
+ content => "${content}\n",
+ notify => $notify,
+ require => $req;
+ }
+}
diff --git a/manifests/definitions/push.pp b/manifests/definitions/push.pp
new file mode 100644
index 0000000..e799b04
--- /dev/null
+++ b/manifests/definitions/push.pp
@@ -0,0 +1,18 @@
+## push.pp
+#
+#define openvpn::push($network, $netmask, $server, $gateway = "undefined") {
+#
+# $gw = $gateway ? {
+# "undefined" => "",
+# default => " ${gateway}"
+# }
+#
+# common::concatfilepart {
+# "push ${name}":
+# ensure => $ensure,
+# file => "/etc/openvpn/${server}.conf",
+# content => "push \"route ${network} ${netmask}${gw}\"\n",
+# notify => Service["openvpn"],
+# require => Package["openvpn"];
+# }
+#}
diff --git a/manifests/definitions/route.pp b/manifests/definitions/route.pp
new file mode 100644
index 0000000..00d955a
--- /dev/null
+++ b/manifests/definitions/route.pp
@@ -0,0 +1,12 @@
+## route.pp
+#
+#define openvpn::route($network, $netmask, $server, $gateway) {
+# common::concatfilepart {
+# "route ${name}":
+# ensure => $ensure,
+# file => "/etc/openvpn/${server}.conf",
+# content => "route ${network} ${netmask} ${gateway}\n",
+# notify => Service["openvpn"],
+# require => Package["openvpn"];
+# }
+#}
diff --git a/manifests/definitions/server.pp b/manifests/definitions/server.pp
new file mode 100644
index 0000000..2bf2f64
--- /dev/null
+++ b/manifests/definitions/server.pp
@@ -0,0 +1,92 @@
+# server.pp
+
+define openvpn::server($country, $province, $city, $organization, $email) {
+ include openvpn
+
+ file {
+ "/etc/openvpn/${name}":
+ ensure => directory,
+ require => Package["openvpn"];
+ }
+ file {
+ "/etc/openvpn/${name}/client-configs":
+ ensure => directory,
+ require => File["/etc/openvpn/${name}"];
+ "/etc/openvpn/${name}/download-configs":
+ ensure => directory,
+ require => File["/etc/openvpn/${name}"];
+ }
+
+ exec {
+ "copy easy-rsa to openvpn config folder ${name}":
+ command => "cp -r /usr/share/doc/openvpn/examples/easy-rsa/2.0 /etc/openvpn/${name}/easy-rsa",
+ creates => "/etc/openvpn/${name}/easy-rsa",
+ require => File["/etc/openvpn/${name}"];
+ }
+ file {
+ "/etc/openvpn/${name}/easy-rsa/vars":
+ ensure => present,
+ content => template("openvpn/vars.erb"),
+ require => Exec["copy easy-rsa to openvpn config folder ${name}"];
+ }
+
+ exec {
+ "generate dh param ${name}":
+ command => ". ./vars && ./clean-all && ./build-dh",
+ cwd => "/etc/openvpn/${name}/easy-rsa",
+ creates => "/etc/openvpn/${name}/easy-rsa/keys/dh1024.pem",
+ provider => "shell",
+ require => File["/etc/openvpn/${name}/easy-rsa/vars"];
+
+ "initca ${name}":
+ command => ". ./vars && ./pkitool --initca",
+ cwd => "/etc/openvpn/${name}/easy-rsa",
+ creates => "/etc/openvpn/${name}/easy-rsa/keys/ca.key",
+ provider => "shell",
+ require => Exec["generate dh param ${name}"];
+
+ "generate server cert ${name}":
+ command => ". ./vars && ./pkitool --server server",
+ cwd => "/etc/openvpn/${name}/easy-rsa",
+ creates => "/etc/openvpn/${name}/easy-rsa/keys/server.key",
+ provider => "shell",
+ require => Exec["initca ${name}"];
+ }
+
+ file {
+ "/etc/openvpn/${name}/keys":
+ ensure => link,
+ target => "/etc/openvpn/${name}/easy-rsa/keys",
+ require => Exec["copy easy-rsa to openvpn config folder ${name}"];
+ }
+
+ openvpn::option {
+ "ca ${name}":
+ key => "ca",
+ value => "/etc/openvpn/${name}/keys/ca.crt",
+ require => Exec["initca ${name}"],
+ server => "${name}";
+ "cert ${name}":
+ key => "cert",
+ value => "/etc/openvpn/${name}/keys/server.crt",
+ require => Exec["generate server cert ${name}"],
+ server => "${name}";
+ "key ${name}":
+ key => "key",
+ value => "/etc/openvpn/${name}/keys/server.key",
+ require => Exec["generate server cert ${name}"],
+ server => "${name}";
+ "dh ${name}":
+ key => "dh",
+ value => "/etc/openvpn/${name}/keys/dh1024.pem",
+ require => Exec["generate dh param ${name}"],
+ server => "${name}";
+ }
+
+ common::concatfilepart {
+ "etc-default-openvpn autostart for ${name}":
+ ensure => present,
+ content => "AUTOSTART=\"\$AUTOSTART ${name}\"\n",
+ file => "/etc/default/openvpn";
+ }
+}