From 8158d6e1479aa5046bc7eecdae2e6a8df4056e38 Mon Sep 17 00:00:00 2001
From: o <o@immerda.ch>
Date: Tue, 26 Apr 2011 01:17:48 +0200
Subject: initial version

---
 lib/facter/strongswan_cert.rb |  5 ++++
 manifests/base.pp             | 55 +++++++++++++++++++++++++++++++++++++++++++
 manifests/init.pp             |  9 +++++++
 3 files changed, 69 insertions(+)
 create mode 100644 lib/facter/strongswan_cert.rb
 create mode 100644 manifests/base.pp
 create mode 100644 manifests/init.pp

diff --git a/lib/facter/strongswan_cert.rb b/lib/facter/strongswan_cert.rb
new file mode 100644
index 0000000..31e1b35
--- /dev/null
+++ b/lib/facter/strongswan_cert.rb
@@ -0,0 +1,5 @@
+Facter.add("strongswan_cert") do
+  setcode do
+      File.exists?( "/etc/ipsec.d/certs/#{Facter.value(:fqdn)}.asc" ) ? File.read( "/etc/ipsec.d/certs/#{Facter.value(:fqdn)}.asc" ) : false
+  end
+end
diff --git a/manifests/base.pp b/manifests/base.pp
new file mode 100644
index 0000000..8f9cd7c
--- /dev/null
+++ b/manifests/base.pp
@@ -0,0 +1,55 @@
+# manifests/init.pp - module to manage strongswan/ipsec
+
+class strongswan::base {
+
+  require monkeysphere
+  require certtool
+
+  package{ 'strongswan' :
+    ensure => installed,
+  }
+
+  exec{ 'ipsec_privatekey':
+    command => "certtool --generate-privkey --bits 2048 --outfile /etc/ipsec.d/private/${fqdn}",
+    creates => "/etc/ipsec.d/private/${fqdn}.pem",
+    require => Package['strongswan'],
+  }
+
+  exec{ 'ipsec_monkeysphere_cert' :
+    require => Exec['ipsec_privatekey'],
+    creates => "/etc/ipsec.d/certs/${fqdn}.asc",
+    command => "monkeysphere-host import-key /etc/ipsec.d/private/${fqdn}.pem ike://${fqdn}"
+  }
+
+  file{ '/etc/ipsec.secrets' : 
+    content => ": RSA ${fqdn}.pem\n",
+    require => Package['strongswan'],
+    owner => "root", group => 0, mode => "400",
+    notify => Service['strongswan'],
+  }
+
+  if $strongswan_cert != "false" and $strongswan_cert != "" {
+    @@file{ "/etc/ipsec.d/certs/${fqdn}.asc":
+	owner => "root", group => 0, mode => "400",
+	tag => 'strongswan_cert',
+	content => $strongswan_cert,
+	require => Package['strongswan'],
+	notify => Service['strongswan'],
+    }
+  }  
+
+  File<<| tag == 'strongswan_cert' |>>
+
+  file{ '/etc/ipsec.config' :
+    source => "puppet:///modules/site-strongswan/configs/${fqdn}",
+    owner => "root", group => 0, mode => "400",
+    require => Package['strongswan'],
+    notify => Service['strongswan'],
+  }
+
+  service{ 'strongswan' :
+    ensure => running,
+    enable => true,
+  }
+
+}
diff --git a/manifests/init.pp b/manifests/init.pp
new file mode 100644
index 0000000..48c4d8e
--- /dev/null
+++ b/manifests/init.pp
@@ -0,0 +1,9 @@
+class strongswan {
+  
+  include strongswan::base
+  
+  if $use_shorewall {
+    include shorewall::rules::ipsec  
+    include shorewall::rules::out::ipsec  
+  }
+}
-- 
cgit v1.2.3