# client.pp define openvpn::client($server, $remote_host = $fqdn) { exec { "generate certificate for ${name} in context of ${server}": command => ". ./vars && ./pkitool ${name}", cwd => "/etc/openvpn/${server}/easy-rsa", creates => "/etc/openvpn/${server}/easy-rsa/keys/${name}.crt", provider => "shell", require => Exec["generate server cert ${server}"]; } file { "/etc/openvpn/${server}/download-configs/${name}": ensure => directory, require => File["/etc/openvpn/${server}/download-configs"]; "/etc/openvpn/${server}/download-configs/${name}/keys": ensure => directory, require => File["/etc/openvpn/${server}/download-configs/${name}"]; "/etc/openvpn/${server}/download-configs/${name}/keys/${name}.crt": ensure => link, target => "/etc/openvpn/${server}/easy-rsa/keys/${name}.crt", require => [ Exec["generate certificate for ${name} in context of ${server}"], File["/etc/openvpn/${server}/download-configs/${name}/keys"] ]; "/etc/openvpn/${server}/download-configs/${name}/keys/${name}.key": ensure => link, target => "/etc/openvpn/${server}/easy-rsa/keys/${name}.key", require => [ Exec["generate certificate for ${name} in context of ${server}"], File["/etc/openvpn/${server}/download-configs/${name}/keys"] ]; "/etc/openvpn/${server}/download-configs/${name}/keys/ca.crt": ensure => link, target => "/etc/openvpn/${server}/easy-rsa/keys/ca.crt", require => [ Exec["generate certificate for ${name} in context of ${server}"], File["/etc/openvpn/${server}/download-configs/${name}/keys"] ]; } openvpn::option { "ca ${server} with ${name}": key => "ca", value => "keys/ca.crt", client => $name, server => $server; "cert ${server} with ${name}": key => "cert", value => "keys/${name}.crt", client => $name, server => $server; "key ${server} with ${name}": key => "key", value => "keys/${name}.key", client => $name, server => $server; "client ${server} with ${name}": key => "client", client => $name, server => $server; "dev ${server} with ${name}": key => "dev", value => "tun", client => $name, server => $server; "proto ${server} with ${name}": key => "proto", value => "tcp", client => $name, server => $server; "remote ${server} with ${name}": key => "remote", value => "${remote_host} 1194", client => $name, server => $server; "resolv-retry ${server} with ${name}": key => "resolv-retry", value => "infinite", client => $name, server => $server; "nobind ${server} with ${name}": key => "nobind", client => $name, server => $server; "persist-key ${server} with ${name}": key => "persist-key", client => $name, server => $server; "persist-tun ${server} with ${name}": key => "persist-tun", client => $name, server => $server; "mute-replay-warnings ${server} with ${name}": key => "mute-replay-warnings", client => $name, server => $server; "ns-cert-type ${server} with ${name}": key => "ns-cert-type", value => "server", client => $name, server => $server; "comp-lzo ${server} with ${name}": key => "comp-lzo", client => $name, server => $server; "verb ${server} with ${name}": key => "verb", value => "3", client => $name, server => $server; "mute ${server} with ${name}": key => "mute", value => "20", client => $name, server => $server; } exec { "tar the thing ${server} with ${name}": cwd => "/etc/openvpn/${server}/download-configs/", command => "/bin/rm ${name}.tar.gz; tar --exclude=\\*.conf.d -chzvf ${name}.tar.gz ${name}", refreshonly => true, require => [ File["/etc/openvpn/${server}/download-configs/${name}/${name}.conf"], File["/etc/openvpn/${server}/download-configs/${name}/keys/ca.crt"], File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.key"], File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.crt"] ]; } concat { [ "/etc/openvpn/${server}/client-configs/${name}", "/etc/openvpn/${server}/download-configs/${name}/${name}.conf" ]: owner => root, group => root, mode => 644, warn => true, force => true, notify => Exec["tar the thing ${server} with ${name}"], require => [ File["/etc/openvpn"], File["/etc/openvpn/${server}/download-configs/${name}"] ]; } }