manifests/client.pp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

# client.pp

define openvpn::client(
  $server,
  $dev = 'tun',
  $mute = '20',
  $mute_replay_warnings = true,
  $nobind = true,
  $ns_cert_type = 'server',
  $persist_key = true,
  $persist_tun = true,
  $port = '1194',
  $proto = 'tcp',
  $remote_host = $::fqdn,
  $resolve_retry = 'infinite',
  $verb = '3',
) {
    exec {
        "generate certificate for ${name} in context of ${server}":
            command  => ". ./vars && ./pkitool ${name}",
            cwd      => "/etc/openvpn/${server}/easy-rsa",
            creates  => "/etc/openvpn/${server}/easy-rsa/keys/${name}.crt",
            provider => 'shell',
            require  => Exec["generate server cert ${server}"];
    }

    file {
        "/etc/openvpn/${server}/download-configs/${name}":
            ensure  => directory,
            require => File["/etc/openvpn/${server}/download-configs"];

        "/etc/openvpn/${server}/download-configs/${name}/keys":
            ensure  => directory,
            require => File["/etc/openvpn/${server}/download-configs/${name}"];

        "/etc/openvpn/${server}/download-configs/${name}/keys/${name}.crt":
            ensure  => link,
            target  => "/etc/openvpn/${server}/easy-rsa/keys/${name}.crt",
            require => [  Exec["generate certificate for ${name} in context of ${server}"],
                          File["/etc/openvpn/${server}/download-configs/${name}/keys"] ];

        "/etc/openvpn/${server}/download-configs/${name}/keys/${name}.key":
            ensure  => link,
            target  => "/etc/openvpn/${server}/easy-rsa/keys/${name}.key",
            require => [  Exec["generate certificate for ${name} in context of ${server}"],
                          File["/etc/openvpn/${server}/download-configs/${name}/keys"] ];

        "/etc/openvpn/${server}/download-configs/${name}/keys/ca.crt":
            ensure  => link,
            target  => "/etc/openvpn/${server}/easy-rsa/keys/ca.crt",
            require => [  Exec["generate certificate for ${name} in context of ${server}"],
                          File["/etc/openvpn/${server}/download-configs/${name}/keys"] ];
    }

    concat {
        [ "/etc/openvpn/${server}/client-configs/${name}", "/etc/openvpn/${server}/download-configs/${name}/${name}.conf" ]:
            owner   => root,
            group   => root,
            mode    => 644,
            warn    => true,
            force   => true,
            notify  => Exec["tar the thing ${server} with ${name}"],
            require => [ File['/etc/openvpn'], File["/etc/openvpn/${server}/download-configs/${name}"] ];
    }
    
    concat::fragment {
        "openvpn.${server}.client.${name}":
            target  => "/etc/openvpn/${server}/download-configs/${name}/${name}.conf",
            content => "${content}\n";
    }
    
    exec {
        "tar the thing ${server} with ${name}":
            cwd         => "/etc/openvpn/${server}/download-configs/",
            command     => "/bin/rm ${name}.tar.gz; tar --exclude=\\*.conf.d -chzvf ${name}.tar.gz ${name}",
            refreshonly => true,
            require     => [  File["/etc/openvpn/${server}/download-configs/${name}/${name}.conf"],
                              File["/etc/openvpn/${server}/download-configs/${name}/keys/ca.crt"],
                              File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.key"],
                              File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.crt"] ];
    }
}