diff options
author | o <o@immerda.ch> | 2011-04-26 01:17:48 +0200 |
---|---|---|
committer | o <o@immerda.ch> | 2011-04-26 01:17:48 +0200 |
commit | 8158d6e1479aa5046bc7eecdae2e6a8df4056e38 (patch) | |
tree | 9193087f97e59e770afe410e66289707b7976520 /manifests/base.pp | |
parent | fd0ccbc3303ecff1630feff3445c9fb5545a4456 (diff) |
initial version
Diffstat (limited to 'manifests/base.pp')
-rw-r--r-- | manifests/base.pp | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/manifests/base.pp b/manifests/base.pp new file mode 100644 index 0000000..8f9cd7c --- /dev/null +++ b/manifests/base.pp @@ -0,0 +1,55 @@ +# manifests/init.pp - module to manage strongswan/ipsec + +class strongswan::base { + + require monkeysphere + require certtool + + package{ 'strongswan' : + ensure => installed, + } + + exec{ 'ipsec_privatekey': + command => "certtool --generate-privkey --bits 2048 --outfile /etc/ipsec.d/private/${fqdn}", + creates => "/etc/ipsec.d/private/${fqdn}.pem", + require => Package['strongswan'], + } + + exec{ 'ipsec_monkeysphere_cert' : + require => Exec['ipsec_privatekey'], + creates => "/etc/ipsec.d/certs/${fqdn}.asc", + command => "monkeysphere-host import-key /etc/ipsec.d/private/${fqdn}.pem ike://${fqdn}" + } + + file{ '/etc/ipsec.secrets' : + content => ": RSA ${fqdn}.pem\n", + require => Package['strongswan'], + owner => "root", group => 0, mode => "400", + notify => Service['strongswan'], + } + + if $strongswan_cert != "false" and $strongswan_cert != "" { + @@file{ "/etc/ipsec.d/certs/${fqdn}.asc": + owner => "root", group => 0, mode => "400", + tag => 'strongswan_cert', + content => $strongswan_cert, + require => Package['strongswan'], + notify => Service['strongswan'], + } + } + + File<<| tag == 'strongswan_cert' |>> + + file{ '/etc/ipsec.config' : + source => "puppet:///modules/site-strongswan/configs/${fqdn}", + owner => "root", group => 0, mode => "400", + require => Package['strongswan'], + notify => Service['strongswan'], + } + + service{ 'strongswan' : + ensure => running, + enable => true, + } + +} |