diff options
Diffstat (limited to 'manifests/base.pp')
-rw-r--r-- | manifests/base.pp | 39 |
1 files changed, 12 insertions, 27 deletions
diff --git a/manifests/base.pp b/manifests/base.pp index bf791bf..4f72ae6 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -3,26 +3,17 @@ class strongswan::base { package{'strongswan': ensure => installed, - } - - if $::selinux == 'true' { - package{'strongswan-selinux': - ensure => installed, - } - } - - exec{ + } -> exec{ 'ipsec_privatekey': - command => "certtool --generate-privkey --bits 2048 --outfile /etc/ipsec.d/private/${::fqdn}.pem", - creates => "/etc/ipsec.d/private/${::fqdn}.pem", - require => Package['strongswan']; - 'ipsec_monkeysphere_cert': - command => "monkeysphere-host import-key /etc/ipsec.d/private/${::fqdn}.pem ike://${::fqdn} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${::fqdn} > /etc/ipsec.d/certs/${::fqdn}.asc"; - creates => "/etc/ipsec.d/certs/${::fqdn}.asc", - require => Exec['ipsec_privatekey']; + command => "certtool --generate-privkey --bits 2048 --outfile ${strongswan::config_dir}/private/${::fqdn}.pem", + creates => "${strongswan::config_dir}/private/${::fqdn}.pem"; + } -> exec{'ipsec_monkeysphere_cert': + command => "monkeysphere-host import-key ${strongswan::config_dir}/private/${::fqdn}.pem ike://${::fqdn} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${::fqdn} > ${strongswan::config_dir}/certs/${::fqdn}.asc", + creates => "${strongswan::config_dir}/certs/${::fqdn}.asc", } - file{ '/etc/ipsec.secrets': + file{ + '/etc/ipsec.secrets': content => ": RSA ${::fqdn}.pem\n", require => Package['strongswan'], notify => Service['ipsec'], @@ -44,17 +35,11 @@ class strongswan::base { } if $::strongswan_cert != 'false' and $::strongswan_cert != '' { - @@file{"/etc/ipsec.d/certs/${::fqdn}.asc": - tag => 'strongswan_cert', - content => $::strongswan_cert, - require => Package['strongswan'], - notify => Service['ipsec'], - owner => 'root', - group => 0, - mode => '0400'; + @@strongswan::cert{$::fqdn: + cert => $::strongswan_cert, + tag => 'strongswan_cert' } } - File<<| tag == 'strongswan_cert' |>> - + Strongswan::Cert<<| tag == 'strongswan_cert' |>> } |