From c769e17c89d1889889c444213ef9a49bda5a041e Mon Sep 17 00:00:00 2001
From: Raffael Schmid <raffael@yux.ch>
Date: Sat, 19 Jan 2013 15:29:29 +0100
Subject: use nogroup on Debian based machines, nobody on RedHat ones

---
 manifests/init.pp   |  1 +
 manifests/params.pp |  8 ++++++++
 manifests/server.pp | 19 ++++++++++++-------
 3 files changed, 21 insertions(+), 7 deletions(-)
 create mode 100644 manifests/params.pp

(limited to 'manifests')

diff --git a/manifests/init.pp b/manifests/init.pp
index 173b9bd..a757873 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -18,6 +18,7 @@
 #
 class openvpn {
 
+  class {'openvpn::params': } ->
   class {'openvpn::install': } ->
   class {'openvpn::config': } ~>
   class {'openvpn::service': } ->
diff --git a/manifests/params.pp b/manifests/params.pp
new file mode 100644
index 0000000..328f2cf
--- /dev/null
+++ b/manifests/params.pp
@@ -0,0 +1,8 @@
+class openvpn::params {
+
+  $group = $::osfamily ? {
+    'RedHat' => 'nobody',
+    default  => 'nogroup'
+  }
+
+}
diff --git a/manifests/server.pp b/manifests/server.pp
index 78b3df3..b5f0e63 100644
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -30,9 +30,13 @@
 #   Default: tun
 #   Options: tun (routed connections), tap (bridged connections)
 #
+# [*user*]
+#   String.  Group to drop privileges to after startup
+#   Default: nobody
+#
 # [*group*]
 #   String.  User to drop privileges to after startup
-#   Default: nobody
+#   Default: depends on your $::osfamily
 #
 # [*ipp*]
 #   Boolean.  Persist ifconfig information to a file to retain client IP
@@ -62,10 +66,6 @@
 #   String.  Logfile for periodic dumps of the vpn service status
 #   Default: "${name}/openvpn-status.log"
 #
-# [*user*]
-#   String.  Group to drop privileges to after startup
-#   Default: nobody
-#
 # [*server*]
 #   String.  Network to assign client addresses out of
 #   Default: None.  Required in tun mode, not in tap mode
@@ -102,7 +102,8 @@ define openvpn::server(
   $email,
   $compression = 'comp-lzo',
   $dev = 'tun0',
-  $group = 'nobody',
+  $user = 'nobody',
+  $group = false,
   $ipp = false,
   $ip_pool = [],
   $local = $::ipaddress_eth0,
@@ -110,7 +111,6 @@ define openvpn::server(
   $port = '1194',
   $proto = 'tcp',
   $status_log = "${name}/openvpn-status.log",
-  $user = 'nobody',
   $server = '',
   $push = []
 ) {
@@ -135,6 +135,11 @@ define openvpn::server(
       default      => false
     }
 
+    $group_to_set = $group ? {
+      false   => $openvpn::params::group,
+      default => $group
+    }
+
     file {
         ["/etc/openvpn/${name}", "/etc/openvpn/${name}/client-configs", "/etc/openvpn/${name}/download-configs" ]:
             ensure  => directory;
-- 
cgit v1.2.3