summaryrefslogtreecommitdiff
path: root/manifests/definitions/client.pp
blob: 620d374342ff187ec432c31dfadfe5fe4364f822 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130

# client.pp

define openvpn::client($server, $remote_host = $fqdn) {
    exec {
        "generate certificate for ${name} in context of ${server}":
            command  => ". ./vars && ./pkitool ${name}",
            cwd      => "/etc/openvpn/${server}/easy-rsa",
            creates  => "/etc/openvpn/${server}/easy-rsa/keys/${name}.crt",
            provider => "shell",
            require  => Exec["generate server cert ${server}"];
    }

    file {
        "/etc/openvpn/${server}/download-configs/${name}":
            ensure  => directory,
            require => File["/etc/openvpn/${server}/download-configs"];
        
        "/etc/openvpn/${server}/download-configs/${name}/keys":
            ensure  => directory,
            require => File["/etc/openvpn/${server}/download-configs/${name}"];
        
        "/etc/openvpn/${server}/download-configs/${name}/keys/${name}.crt":
            ensure => link,
            target => "/etc/openvpn/${server}/easy-rsa/keys/${name}.crt",
            require => [ Exec["generate certificate for ${name} in context of ${server}"],
                         File["/etc/openvpn/${server}/download-configs/${name}/keys"] ];
        
        "/etc/openvpn/${server}/download-configs/${name}/keys/${name}.key":
            ensure => link,
            target => "/etc/openvpn/${server}/easy-rsa/keys/${name}.key",
            require => [ Exec["generate certificate for ${name} in context of ${server}"],
                         File["/etc/openvpn/${server}/download-configs/${name}/keys"] ];
        
        "/etc/openvpn/${server}/download-configs/${name}/keys/ca.crt":
            ensure => link,
            target => "/etc/openvpn/${server}/easy-rsa/keys/ca.crt",
            require => [ Exec["generate certificate for ${name} in context of ${server}"],
                         File["/etc/openvpn/${server}/download-configs/${name}/keys"] ];
    }


    openvpn::option {
        "ca ${server} with ${name}":
            key    => "ca",
            value  => "keys/ca.crt",
            client => $name,
            server => $server;
        "cert ${server} with ${name}":
            key    => "cert",
            value  => "keys/${name}.crt",
            client => $name,
            server => $server;
        "key ${server} with ${name}":
            key    => "key",
            value  => "keys/${name}.key",
            client => $name,
            server => $server;
        "client ${server} with ${name}":
            key    => "client",
            client => $name,
            server => $server;
        "dev ${server} with ${name}":
            key    => "dev",
            value  => "tun",
            client => $name,
            server => $server;
        "proto ${server} with ${name}":
            key    => "proto",
            value  => "tcp",
            client => $name,
            server => $server;
        "remote ${server} with ${name}":
            key    => "remote",
            value  => "${remote_host} 1194",
            client => $name,
            server => $server;
        "resolv-retry ${server} with ${name}":
            key    => "resolv-retry",
            value  => "infinite",
            client => $name,
            server => $server;
        "nobind ${server} with ${name}":
            key    => "nobind",
            client => $name,
            server => $server;
        "persist-key ${server} with ${name}":
            key    => "persist-key",
            client => $name,
            server => $server;
        "persist-tun ${server} with ${name}":
            key    => "persist-tun",
            client => $name,
            server => $server;
        "mute-replay-warnings ${server} with ${name}":
            key    => "mute-replay-warnings",
            client => $name,
            server => $server;
        "ns-cert-type ${server} with ${name}":
            key    => "ns-cert-type",
            value  => "server",
            client => $name,
            server => $server;
        "comp-lzo ${server} with ${name}":
            key    => "comp-lzo",
            client => $name,
            server => $server;
        "verb ${server} with ${name}":
            key    => "verb",
            value  => "3",
            client => $name,
            server => $server;
        "mute ${server} with ${name}":
            key    => "mute",
            value  => "20",
            client => $name,
            server => $server;
    }

    exec {
        "tar the thing ${server} with ${name}":
            cwd         => "/etc/openvpn/${server}/download-configs/",
            command     => "rm ${name}.tar.gz; tar --exclude=\\*.conf.d -chzvf ${name}.tar.gz ${name}",
            refreshonly => true,
            subscribe   => Exec["/etc/openvpn/${server}/download-configs/${name}/${name}.conf concatenation"],
            require     => [ File["/etc/openvpn/${server}/download-configs/${name}/${name}.conf"],
                            File["/etc/openvpn/${server}/download-configs/${name}/keys/ca.crt"],
                            File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.key"],
                            File["/etc/openvpn/${server}/download-configs/${name}/keys/${name}.crt"] ];
    }
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-18 04:10:34 +0000