fully auto remote host configuration

we do not only export the certificate, but also the config snippet itself
so hosts configure themself fully with an ipsec configuration.

1 files changed, 35 insertions, 0 deletions

diff --git a/manifests/remote_host.pp b/manifests/remote_host.pp
new file mode 100644
index 0000000..6521622
--- /dev/null
+++ b/manifests/remote_host.pp
@@ -0,0 +1,35 @@
+# configure a simple remote host
+define strongswan::remote_host(
+  $right_ip_address,
+  $ensure             = 'present',
+  $right_id           = $name,
+  $right_cert_name    = $name,
+  $right_cert_content = 'absent',
+){
+  file{"${strongswan::config_dir}/hosts/${name}.conf":
+    ensure  => $ensure,
+    require => Package['strongswan'],
+    notify  => Service['ipsec'],
+  }
+
+  if $ensure == 'present' {
+    File["${strongswan::config_dir}/hosts/${name}.conf"]{
+      content => template('strongswan/remote_host.erb'),
+      owner   => 'root',
+      group   => 0,
+      mode    => '0400',
+    }
+  }
+
+  strongswan::cert{$name: }
+  if ($right_cert_content != 'absent') and ($ensure == 'present') {
+    Strongswan::Cert[$name]{
+      ensure  => $ensure,
+      cert    => $right_cert_content,
+    }
+  } else {
+    Strongswan::Cert[$name]{
+      ensure => 'absent',
+    }
+  }
+}