1 files changed, 55 insertions, 0 deletions

diff --git a/manifests/base.pp b/manifests/base.pp
new file mode 100644
index 0000000..8f9cd7c
--- /dev/null
+++ b/manifests/base.pp
@@ -0,0 +1,55 @@
+# manifests/init.pp - module to manage strongswan/ipsec
+
+class strongswan::base {
+
+  require monkeysphere
+  require certtool
+
+  package{ 'strongswan' :
+    ensure => installed,
+  }
+
+  exec{ 'ipsec_privatekey':
+    command => "certtool --generate-privkey --bits 2048 --outfile /etc/ipsec.d/private/${fqdn}",
+    creates => "/etc/ipsec.d/private/${fqdn}.pem",
+    require => Package['strongswan'],
+  }
+
+  exec{ 'ipsec_monkeysphere_cert' :
+    require => Exec['ipsec_privatekey'],
+    creates => "/etc/ipsec.d/certs/${fqdn}.asc",
+    command => "monkeysphere-host import-key /etc/ipsec.d/private/${fqdn}.pem ike://${fqdn}"
+  }
+
+  file{ '/etc/ipsec.secrets' : 
+    content => ": RSA ${fqdn}.pem\n",
+    require => Package['strongswan'],
+    owner => "root", group => 0, mode => "400",
+    notify => Service['strongswan'],
+  }
+
+  if $strongswan_cert != "false" and $strongswan_cert != "" {
+    @@file{ "/etc/ipsec.d/certs/${fqdn}.asc":
+	owner => "root", group => 0, mode => "400",
+	tag => 'strongswan_cert',
+	content => $strongswan_cert,
+	require => Package['strongswan'],
+	notify => Service['strongswan'],
+    }
+  }  
+
+  File<<| tag == 'strongswan_cert' |>>
+
+  file{ '/etc/ipsec.config' :
+    source => "puppet:///modules/site-strongswan/configs/${fqdn}",
+    owner => "root", group => 0, mode => "400",
+    require => Package['strongswan'],
+    notify => Service['strongswan'],
+  }
+
+  service{ 'strongswan' :
+    ensure => running,
+    enable => true,
+  }
+
+}