From fd83e644a5ec2630ccc8b83d6029fbba7bfe1fe9 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Fri, 7 Apr 2017 17:05:39 +0200
Subject: first step towards shorewall6, basic service is running

---
 manifests/base.pp             | 78 +++++++++++++++++++++++++++++++++++--------
 manifests/config6_setting.pp  | 18 ++++++++++
 manifests/config6_settings.pp | 10 ++++++
 manifests/init.pp             | 10 ++++++
 4 files changed, 103 insertions(+), 13 deletions(-)
 create mode 100644 manifests/config6_setting.pp
 create mode 100644 manifests/config6_settings.pp

diff --git a/manifests/base.pp b/manifests/base.pp
index 23d72e5..8c42757 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -20,18 +20,36 @@ class shorewall::base {
       group   => 'root',
       mode    => '0644';
   }
+  if $shorewall::with_shorewall6 {
+    package{'shorewall6':
+      ensure => 'installed'
+    }
+    file {
+      '/etc/shorewall6/shorewall6.conf':
+        require => Package['shorewall6'],
+        notify  => Exec['shorewall6_check'],
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0644';
+      '/etc/shorewall6/puppet':
+        ensure  => directory,
+        require => Package['shorewall6'],
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0644';
+    }
+  }
 
+  if str2bool($shorewall::startup) {
+    $startup_str = 'Yes'
+  } else {
+    $startup_str = 'No'
+  }
   if $shorewall::conf_source {
     File['/etc/shorewall/shorewall.conf']{
       source => $shorewall::conf_source,
     }
   } else {
-
-    if str2bool($shorewall::startup) {
-      $startup_str = 'Yes'
-    } else {
-      $startup_str = 'No'
-    }
     shorewall::config_setting{
       'CONFIG_PATH':
         value => "\"\${CONFDIR}/shorewall/puppet:\${CONFDIR}/shorewall:\${SHAREDIR}/shorewall\"";
@@ -44,7 +62,6 @@ class shorewall::base {
         settings => $shorewall::merged_settings;
     }
   }
-
   exec{'shorewall_check':
     command     => 'shorewall check',
     refreshonly => true,
@@ -58,24 +75,59 @@ class shorewall::base {
     require    => Package['shorewall'],
   }
 
+  if $shorewall::with_shorewall6 {
+    shorewall::config6_setting{
+      'CONFIG_PATH':
+        value => "\"\${CONFDIR}/shorewall6/puppet:\${CONFDIR}/shorewall6:/usr/share/shorewall6:\${SHAREDIR}/shorewall\"";
+      'STARTUP_ENABLED':
+        value => $startup_str;
+    }
+    $cfs6 =  keys($shorewall::settings6)
+    shorewall::config6_settings{
+      $cfs6:
+        settings => $shorewall::settings6;
+    }
+
+    exec{'shorewall6_check':
+      command     => 'shorewall6 check',
+      refreshonly => true,
+      notify      => Service['shorewall6'],
+    }
+    service{'shorewall6':
+      ensure     => running,
+      enable     => true,
+      hasstatus  => true,
+      hasrestart => true,
+      require    => Package['shorewall6'],
+    }
+  }
+
   file{'/etc/cron.daily/shorewall_check':}
   if $shorewall::daily_check {
+    if $shorewall::with_shorewall6 {
+      $shorewall6_check_str = ' && shorewall6 check'
+    } else {
+      $shorewall6_check_str = ''
+    }
     File['/etc/cron.daily/shorewall_check']{
-      content => '#!/bin/bash
+      content => "#!/bin/bash
 
-output=$(shorewall check 2>&1)
-if [ $? -gt 0 ]; then
-  echo "Error while checking firewall!"
-  echo $output
+output=\$(shorewall check${shorewall6_check_str} 2>&1)
+if [ \$? -gt 0 ]; then
+  echo 'Error while checking firewall!'
+  echo \$output
   exit 1
 fi
 exit 0
-',
+",
       owner   => root,
       group   => 0,
       mode    => '0700',
       require => Service['shorewall'],
     }
+    if $shorewall::with_shorewall6 {
+      Service['shorewall6'] -> File['/etc/cron.daily/shorewall_check']
+    }
   } else {
     File['/etc/cron.daily/shorewall_check']{
       ensure => absent,
diff --git a/manifests/config6_setting.pp b/manifests/config6_setting.pp
new file mode 100644
index 0000000..2fbb1df
--- /dev/null
+++ b/manifests/config6_setting.pp
@@ -0,0 +1,18 @@
+# set a particular config option for shorewall6
+#
+#  e.g.
+#  shorewall::config6_setting{
+#    'CONFIG_PATH':
+#      value => '"/etc/shorewall6/puppet:/etc/shorewall6:/usr/share/shorewall6"'
+#  }
+define shorewall::config_setting(
+  $value,
+){
+  augeas { "shorewall6_module_${name}":
+    changes => "set /files/etc/shorewall6/shorewall6.conf/${name} ${value}",
+    lens    => 'Shellvars.lns',
+    incl    => '/etc/shorewall/shorewall6.conf',
+    notify  => Exec['shorewall6_check'],
+    require => Package['shorewall6'];
+  }
+}
diff --git a/manifests/config6_settings.pp b/manifests/config6_settings.pp
new file mode 100644
index 0000000..2eb47f0
--- /dev/null
+++ b/manifests/config6_settings.pp
@@ -0,0 +1,10 @@
+# a nice wrapper to make hiera config
+# a bit easier
+define shorewall::config6_settings(
+  $settings,
+){
+  shorewall::config6_setting{
+    $name:
+      value => $settings[$name],
+  }
+}
diff --git a/manifests/init.pp b/manifests/init.pp
index 44c703b..16d7170 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -3,6 +3,8 @@ class shorewall(
   $startup                    = true,
   $conf_source                = false,
   $settings                   = {},
+  $settings6                  = {},
+  $shorewall6                 = 'auto',
   $ensure_version             = 'present',
   $tor_transparent_proxy_host = '127.0.0.1',
   $tor_transparent_proxy_port = '9040',
@@ -60,6 +62,14 @@ class shorewall(
 
   $merged_settings = merge($def_settings,$settings)
 
+  $with_shorewall6 = $shorewall6 ? {
+    'auto' => $ipaddress6 ? {
+      undef   => false,
+      default => true,
+    },
+    default => str2bool($shorewall6),
+  }
+
   case $::operatingsystem {
     'Gentoo': { include ::shorewall::gentoo }
     'Debian','Ubuntu': { include ::shorewall::debian }
-- 
cgit v1.2.3