From 4a0cfbb26e072d12bcb14a31ef8b6f69e190d42e Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Sun, 26 Jun 2016 13:39:04 +0200
Subject: modernize so we don't need to deploy a full config file anymore

---
 manifests/base.pp | 22 ++++++++++++++--------
 1 file changed, 14 insertions(+), 8 deletions(-)

(limited to 'manifests/base.pp')

diff --git a/manifests/base.pp b/manifests/base.pp
index 0cf3dc6..cf8811b 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -27,14 +27,20 @@ class shorewall::base {
     }
   } else {
 
-    Class['augeas'] -> Class['shorewall::base']
-
-    augeas { 'shorewall_module_config_path':
-      changes => 'set /files/etc/shorewall/shorewall.conf/CONFIG_PATH \'"/etc/shorewall/puppet:/etc/shorewall:/usr/share/shorewall"\'',
-      lens    => 'Shellvars.lns',
-      incl    => '/etc/shorewall/shorewall.conf',
-      notify  => Exec['shorewall_check'],
-      require => Package['shorewall'];
+    if str2bool($shorewall::startup) {
+      $startup_str = 'Yes'
+    } else {
+      $startup_str = 'No'
+    }
+    shorewall::config_setting{
+      'CONFIG_PATH':
+        value => "\"\${CONFDIR}/shorewall/puppet:\${CONFDIR}/shorewall:\${SHAREDIR}/shorewall\"";
+      'STARTUP_ENABLED':
+        value => $startup_str;
+    }
+    shorewall::config_settings{
+      keys($shorewall::settings):
+        settings => $shorewall::settings;
     }
   }
 
-- 
cgit v1.2.3


From caadcdbd3be5c32120b0cbe5071cb702330a0243 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Sun, 26 Jun 2016 14:02:55 +0200
Subject: older puppet versions can't yet dealt with that

---
 manifests/base.pp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'manifests/base.pp')

diff --git a/manifests/base.pp b/manifests/base.pp
index cf8811b..22ef555 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -38,8 +38,9 @@ class shorewall::base {
       'STARTUP_ENABLED':
         value => $startup_str;
     }
+    $cfs =  keys($shorewall::settings)
     shorewall::config_settings{
-      keys($shorewall::settings):
+      $cfs:
         settings => $shorewall::settings;
     }
   }
-- 
cgit v1.2.3


From 9205eb4a039680b39c3802fd0f39e79eaf47a123 Mon Sep 17 00:00:00 2001
From: intrigeri <intrigeri@boum.org>
Date: Tue, 14 Feb 2017 09:48:23 +0000
Subject: Use ensure_packages, to avoid duplicate definition in case
 Package['shorewall'] is defined elsewhere already.

---
 manifests/base.pp | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'manifests/base.pp')

diff --git a/manifests/base.pp b/manifests/base.pp
index 6599759..dddfcaa 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -1,9 +1,7 @@
 # base things for shorewall
 class shorewall::base {
 
-  package { 'shorewall':
-    ensure => $shorewall::ensure_version,
-  }
+  ensure_packages({ 'shorewall' => { ensure => $shorewall::ensure_version }})
 
   # This file has to be managed in place, so shorewall can find it
   file {
-- 
cgit v1.2.3


From 89a350feaa3e5f94d104ac7e98af608db659e871 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Fri, 7 Apr 2017 15:50:11 +0200
Subject: calculate whether we want to disable ipv6 (if there is no public ipv6
 address) or not

---
 manifests/base.pp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'manifests/base.pp')

diff --git a/manifests/base.pp b/manifests/base.pp
index 22ef555..23d72e5 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -38,10 +38,10 @@ class shorewall::base {
       'STARTUP_ENABLED':
         value => $startup_str;
     }
-    $cfs =  keys($shorewall::settings)
+    $cfs =  keys($shorewall::merged_settings)
     shorewall::config_settings{
       $cfs:
-        settings => $shorewall::settings;
+        settings => $shorewall::merged_settings;
     }
   }
 
-- 
cgit v1.2.3


From fd83e644a5ec2630ccc8b83d6029fbba7bfe1fe9 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Fri, 7 Apr 2017 17:05:39 +0200
Subject: first step towards shorewall6, basic service is running

---
 manifests/base.pp | 78 +++++++++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 65 insertions(+), 13 deletions(-)

(limited to 'manifests/base.pp')

diff --git a/manifests/base.pp b/manifests/base.pp
index 23d72e5..8c42757 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -20,18 +20,36 @@ class shorewall::base {
       group   => 'root',
       mode    => '0644';
   }
+  if $shorewall::with_shorewall6 {
+    package{'shorewall6':
+      ensure => 'installed'
+    }
+    file {
+      '/etc/shorewall6/shorewall6.conf':
+        require => Package['shorewall6'],
+        notify  => Exec['shorewall6_check'],
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0644';
+      '/etc/shorewall6/puppet':
+        ensure  => directory,
+        require => Package['shorewall6'],
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0644';
+    }
+  }
 
+  if str2bool($shorewall::startup) {
+    $startup_str = 'Yes'
+  } else {
+    $startup_str = 'No'
+  }
   if $shorewall::conf_source {
     File['/etc/shorewall/shorewall.conf']{
       source => $shorewall::conf_source,
     }
   } else {
-
-    if str2bool($shorewall::startup) {
-      $startup_str = 'Yes'
-    } else {
-      $startup_str = 'No'
-    }
     shorewall::config_setting{
       'CONFIG_PATH':
         value => "\"\${CONFDIR}/shorewall/puppet:\${CONFDIR}/shorewall:\${SHAREDIR}/shorewall\"";
@@ -44,7 +62,6 @@ class shorewall::base {
         settings => $shorewall::merged_settings;
     }
   }
-
   exec{'shorewall_check':
     command     => 'shorewall check',
     refreshonly => true,
@@ -58,24 +75,59 @@ class shorewall::base {
     require    => Package['shorewall'],
   }
 
+  if $shorewall::with_shorewall6 {
+    shorewall::config6_setting{
+      'CONFIG_PATH':
+        value => "\"\${CONFDIR}/shorewall6/puppet:\${CONFDIR}/shorewall6:/usr/share/shorewall6:\${SHAREDIR}/shorewall\"";
+      'STARTUP_ENABLED':
+        value => $startup_str;
+    }
+    $cfs6 =  keys($shorewall::settings6)
+    shorewall::config6_settings{
+      $cfs6:
+        settings => $shorewall::settings6;
+    }
+
+    exec{'shorewall6_check':
+      command     => 'shorewall6 check',
+      refreshonly => true,
+      notify      => Service['shorewall6'],
+    }
+    service{'shorewall6':
+      ensure     => running,
+      enable     => true,
+      hasstatus  => true,
+      hasrestart => true,
+      require    => Package['shorewall6'],
+    }
+  }
+
   file{'/etc/cron.daily/shorewall_check':}
   if $shorewall::daily_check {
+    if $shorewall::with_shorewall6 {
+      $shorewall6_check_str = ' && shorewall6 check'
+    } else {
+      $shorewall6_check_str = ''
+    }
     File['/etc/cron.daily/shorewall_check']{
-      content => '#!/bin/bash
+      content => "#!/bin/bash
 
-output=$(shorewall check 2>&1)
-if [ $? -gt 0 ]; then
-  echo "Error while checking firewall!"
-  echo $output
+output=\$(shorewall check${shorewall6_check_str} 2>&1)
+if [ \$? -gt 0 ]; then
+  echo 'Error while checking firewall!'
+  echo \$output
   exit 1
 fi
 exit 0
-',
+",
       owner   => root,
       group   => 0,
       mode    => '0700',
       require => Service['shorewall'],
     }
+    if $shorewall::with_shorewall6 {
+      Service['shorewall6'] -> File['/etc/cron.daily/shorewall_check']
+    }
   } else {
     File['/etc/cron.daily/shorewall_check']{
       ensure => absent,
-- 
cgit v1.2.3


From cac17b52dd7a52e73c8cb0f6578ad710ce8531fb Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Fri, 7 Apr 2017 17:21:50 +0200
Subject: fix path

---
 manifests/base.pp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'manifests/base.pp')

diff --git a/manifests/base.pp b/manifests/base.pp
index 8c42757..4fc5178 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -30,13 +30,13 @@ class shorewall::base {
         notify  => Exec['shorewall6_check'],
         owner   => 'root',
         group   => 'root',
-        mode    => '0644';
+        mode    => '0600';
       '/etc/shorewall6/puppet':
         ensure  => directory,
         require => Package['shorewall6'],
         owner   => 'root',
         group   => 'root',
-        mode    => '0644';
+        mode    => '0600';
     }
   }
 
-- 
cgit v1.2.3


From 4a29f5e293b36e11d870061d4d93d7af306dcbd6 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Fri, 7 Apr 2017 17:34:55 +0200
Subject: make dependencies a bit more clear

---
 manifests/base.pp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'manifests/base.pp')

diff --git a/manifests/base.pp b/manifests/base.pp
index 4fc5178..7715baa 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -66,13 +66,14 @@ class shorewall::base {
     command     => 'shorewall check',
     refreshonly => true,
     notify      => Service['shorewall'],
+    require     => Package['shorewall'],
   }
   service{'shorewall':
     ensure     => running,
     enable     => true,
     hasstatus  => true,
     hasrestart => true,
-    require    => Package['shorewall'],
+    require    => Exec['shorewall_check'],
   }
 
   if $shorewall::with_shorewall6 {
@@ -92,13 +93,14 @@ class shorewall::base {
       command     => 'shorewall6 check',
       refreshonly => true,
       notify      => Service['shorewall6'],
+      require     => Package['shorewall6'],
     }
     service{'shorewall6':
       ensure     => running,
       enable     => true,
       hasstatus  => true,
       hasrestart => true,
-      require    => Package['shorewall6'],
+      require    => Exec['shorewall6_check'],
     }
   }
 
-- 
cgit v1.2.3


From 9da596c12101c02e7cebc1d0d5d9f04952379007 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Sat, 8 Apr 2017 12:41:58 +0200
Subject: group that together

---
 manifests/base.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'manifests/base.pp')

diff --git a/manifests/base.pp b/manifests/base.pp
index 7715baa..d0a065f 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -114,7 +114,7 @@ class shorewall::base {
     File['/etc/cron.daily/shorewall_check']{
       content => "#!/bin/bash
 
-output=\$(shorewall check${shorewall6_check_str} 2>&1)
+output=\$((shorewall check${shorewall6_check_str}) 2>&1)
 if [ \$? -gt 0 ]; then
   echo 'Error while checking firewall!'
   echo \$output
-- 
cgit v1.2.3


From f7fec4c4a6faef8d5d75ebdb73ed8fdd374d0184 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Sun, 9 Apr 2017 12:43:08 +0200
Subject: make output nicer

---
 manifests/base.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'manifests/base.pp')

diff --git a/manifests/base.pp b/manifests/base.pp
index d0a065f..abf477b 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -117,7 +117,7 @@ class shorewall::base {
 output=\$((shorewall check${shorewall6_check_str}) 2>&1)
 if [ \$? -gt 0 ]; then
   echo 'Error while checking firewall!'
-  echo \$output
+  echo \"\${output}\"
   exit 1
 fi
 exit 0
-- 
cgit v1.2.3


From 33b575da9deec3f41896b8e2dfe9e6a89e57e83c Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Mon, 8 May 2017 22:13:01 +0200
Subject: try to be extra cautious when restarting and do it with the try, so
 nothing breaks if something is broken that is not connected at compile time

---
 manifests/base.pp | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

(limited to 'manifests/base.pp')

diff --git a/manifests/base.pp b/manifests/base.pp
index abf477b..c96e48f 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -65,10 +65,11 @@ class shorewall::base {
   exec{'shorewall_check':
     command     => 'shorewall check',
     refreshonly => true,
-    notify      => Service['shorewall'],
     require     => Package['shorewall'],
-  }
-  service{'shorewall':
+  } ~> exec{'shorewall_try':
+    command     => 'shorewall try /etc/shorewall/puppet',
+    refreshonly => true,
+  } -> service{'shorewall':
     ensure     => running,
     enable     => true,
     hasstatus  => true,
@@ -92,15 +93,15 @@ class shorewall::base {
     exec{'shorewall6_check':
       command     => 'shorewall6 check',
       refreshonly => true,
-      notify      => Service['shorewall6'],
       require     => Package['shorewall6'],
-    }
-    service{'shorewall6':
+    } ~> exec{'shorewall6_try':
+      command     => 'shorewall6 try /etc/shorewall6/puppet',
+      refreshonly => true,
+    } -> service{'shorewall6':
       ensure     => running,
       enable     => true,
       hasstatus  => true,
       hasrestart => true,
-      require    => Exec['shorewall6_check'],
     }
   }
 
-- 
cgit v1.2.3


From 49d8591a1d027ee44b839c364dffe4624f264c2b Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Sun, 21 May 2017 13:14:56 +0200
Subject: remove an unnecessary dep

---
 manifests/base.pp | 1 -
 1 file changed, 1 deletion(-)

(limited to 'manifests/base.pp')

diff --git a/manifests/base.pp b/manifests/base.pp
index c96e48f..48451ae 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -74,7 +74,6 @@ class shorewall::base {
     enable     => true,
     hasstatus  => true,
     hasrestart => true,
-    require    => Exec['shorewall_check'],
   }
 
   if $shorewall::with_shorewall6 {
-- 
cgit v1.2.3


From cb6b6b7f85b39374897ccb8fd8b219809f35d9ba Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Sun, 24 Sep 2017 11:59:03 +0200
Subject: make sure shorewall6 is started after shorewall

as inserting fw rules into iptables can't be properly serialized.
This is a backport of a fix that went into shorewall 5.1.6
by commit 0603f8e355b19ca88d2a7ad6f181767092e02e00 in the shorewall
repository.
---
 manifests/base.pp | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'manifests/base.pp')

diff --git a/manifests/base.pp b/manifests/base.pp
index 48451ae..cc8090b 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -24,6 +24,24 @@ class shorewall::base {
     package{'shorewall6':
       ensure => 'installed'
     }
+    # serialize systemd where it's not yet done
+    if (versioncmp($facts['shorewall_version'],'5.1.6') < 0) and (versioncmp($facts['os']['release']['major'],'6') > 0) {
+      include ::systemd
+      file{
+        '/etc/systemd/system/shorewall6.service.d':
+          ensure => directory,
+          owner  => 'root',
+          group  => 'root',
+          mode   => '0644';
+        '/etc/systemd/system/shorewall6.service.d/after-ipv4.conf':
+          content => "[Unit]\nAfter=shorewall.service\n",
+          owner   => 'root',
+          group   => 'root',
+          mode    => '0644',
+          notify  => Exec['systemctl-daemon-reload'],
+      }
+      Exec['systemctl-daemon-reload'] -> Service['shorewall6']
+    }
     file {
       '/etc/shorewall6/shorewall6.conf':
         require => Package['shorewall6'],
-- 
cgit v1.2.3


From 9a8057158e7a08a3da86fee163e8d955193e6900 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Sun, 24 Sep 2017 12:01:09 +0200
Subject: linting

---
 manifests/base.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'manifests/base.pp')

diff --git a/manifests/base.pp b/manifests/base.pp
index cc8090b..51e99bf 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -22,7 +22,7 @@ class shorewall::base {
   }
   if $shorewall::with_shorewall6 {
     package{'shorewall6':
-      ensure => 'installed'
+      ensure => 'installed',
     }
     # serialize systemd where it's not yet done
     if (versioncmp($facts['shorewall_version'],'5.1.6') < 0) and (versioncmp($facts['os']['release']['major'],'6') > 0) {
-- 
cgit v1.2.3