summaryrefslogtreecommitdiff
path: root/manifests/base.pp
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/base.pp')
-rw-r--r--manifests/base.pp55
1 files changed, 55 insertions, 0 deletions
diff --git a/manifests/base.pp b/manifests/base.pp
new file mode 100644
index 0000000..8f9cd7c
--- /dev/null
+++ b/manifests/base.pp
@@ -0,0 +1,55 @@
+# manifests/init.pp - module to manage strongswan/ipsec
+
+class strongswan::base {
+
+ require monkeysphere
+ require certtool
+
+ package{ 'strongswan' :
+ ensure => installed,
+ }
+
+ exec{ 'ipsec_privatekey':
+ command => "certtool --generate-privkey --bits 2048 --outfile /etc/ipsec.d/private/${fqdn}",
+ creates => "/etc/ipsec.d/private/${fqdn}.pem",
+ require => Package['strongswan'],
+ }
+
+ exec{ 'ipsec_monkeysphere_cert' :
+ require => Exec['ipsec_privatekey'],
+ creates => "/etc/ipsec.d/certs/${fqdn}.asc",
+ command => "monkeysphere-host import-key /etc/ipsec.d/private/${fqdn}.pem ike://${fqdn}"
+ }
+
+ file{ '/etc/ipsec.secrets' :
+ content => ": RSA ${fqdn}.pem\n",
+ require => Package['strongswan'],
+ owner => "root", group => 0, mode => "400",
+ notify => Service['strongswan'],
+ }
+
+ if $strongswan_cert != "false" and $strongswan_cert != "" {
+ @@file{ "/etc/ipsec.d/certs/${fqdn}.asc":
+ owner => "root", group => 0, mode => "400",
+ tag => 'strongswan_cert',
+ content => $strongswan_cert,
+ require => Package['strongswan'],
+ notify => Service['strongswan'],
+ }
+ }
+
+ File<<| tag == 'strongswan_cert' |>>
+
+ file{ '/etc/ipsec.config' :
+ source => "puppet:///modules/site-strongswan/configs/${fqdn}",
+ owner => "root", group => 0, mode => "400",
+ require => Package['strongswan'],
+ notify => Service['strongswan'],
+ }
+
+ service{ 'strongswan' :
+ ensure => running,
+ enable => true,
+ }
+
+}