From 320a33ab9e45169aa2bc09f0d0f791133c49edea Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@riseup.net>
Date: Tue, 2 Apr 2013 16:01:40 -0400
Subject: minor formatting/linting cleanup

---
 manifests/base.pp        | 11 ++++++-----
 manifests/cert.pp        |  4 ++--
 manifests/init.pp        | 14 +++++++-------
 manifests/remote_host.pp |  4 ++--
 4 files changed, 17 insertions(+), 16 deletions(-)

(limited to 'manifests')

diff --git a/manifests/base.pp b/manifests/base.pp
index 1a0b4bf..3f1d491 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -1,14 +1,15 @@
 # manage strongswan services
 class strongswan::base {
 
-  package{'strongswan':
-    ensure => installed,
+  package { 'strongswan':
+    ensure  => installed,
     require => Package['monkeysphere','gnutls-utils'];
-  } -> exec{
+  } -> exec {
     'ipsec_privatekey':
       command => "certtool --generate-privkey --bits 2048 --outfile ${strongswan::cert_dir}/private/${::fqdn}.pem",
       creates => "${strongswan::cert_dir}/private/${::fqdn}.pem";
-  } -> exec{'ipsec_monkeysphere_cert':
+  } -> exec {
+    'ipsec_monkeysphere_cert':
       command => "monkeysphere-host import-key ${strongswan::cert_dir}/private/${::fqdn}.pem ike://${::fqdn} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${::fqdn} > ${strongswan::cert_dir}/certs/${::fqdn}.asc",
       creates => "${strongswan::cert_dir}/certs/${::fqdn}.asc",
   } -> anchor{'strongswan::certs::done': }
@@ -46,7 +47,7 @@ class strongswan::base {
       mode    => '0500';
   }
 
-  service{'ipsec':
+  service { 'ipsec':
     ensure => running,
     enable => true,
   }
diff --git a/manifests/cert.pp b/manifests/cert.pp
index ae7e5ef..6b9f685 100644
--- a/manifests/cert.pp
+++ b/manifests/cert.pp
@@ -1,5 +1,5 @@
 # manage a cert snippet that we want to include
-define strongswan::cert(
+define strongswan::cert (
   $ensure = 'present',
   $cert   = 'absent'
 ) {
@@ -7,7 +7,7 @@ define strongswan::cert(
     fail("You need to pass some \$cert content for ${name} if it should be present")
   }
 
-  file{"${strongswan::cert_dir}/certs/${name}.asc":
+  file { "${strongswan::cert_dir}/certs/${name}.asc":
     ensure  => $ensure,
     require => Package['strongswan'],
     notify  => Service['ipsec'],
diff --git a/manifests/init.pp b/manifests/init.pp
index f2b3bd3..9277ef0 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -10,9 +10,9 @@ class strongswan(
   $auto_remote_host         = false
 ) {
 
-  class{'monkeysphere':
+  class { 'monkeysphere':
     publish_key => $monkeysphere_publish_key
-  } -> class{'certtool': }
+  } -> class { 'certtool': }
 
   case $::operatingsystem {
     centos: {
@@ -22,7 +22,7 @@ class strongswan(
           $cert_dir   = '/etc/ipsec.d'
           $binary     = '/usr/sbin/ipsec'
 
-          class{'strongswan::centos::five':
+          class { 'strongswan::centos::five':
             require => Class['monkeysphere'],
           }
         }
@@ -30,7 +30,7 @@ class strongswan(
           $config_dir = '/etc/strongswan'
           $cert_dir   = '/etc/strongswan/ipsec.d'
           $binary     = '/usr/sbin/strongswan'
-          class{'strongswan::centos::six':
+          class { 'strongswan::centos::six':
             require => Class['monkeysphere'],
           }
         }
@@ -40,7 +40,7 @@ class strongswan(
       $config_dir = '/etc/ipsec.d'
       $cert_dir   = '/etc/ipsec.d'
       $binary     = '/usr/sbin/ipsec'
-      class{'strongswan::base':
+      class { 'strongswan::base':
         require => Class['monkeysphere'],
       }
     }
@@ -48,7 +48,7 @@ class strongswan(
 
   if $auto_remote_host and ($::strongswan_cert != 'false') and ($::strongswan_cert != '') {
     # export myself
-    @@strongswan::remote_host{$::fqdn:
+    @@strongswan::remote_host { $::fqdn:
       right_cert_content  => $::strongswan_cert,
       right_ip_address    => $strongswan::default_left_ip_address,
       right_subnet        => $strongswan::default_left_subnet,
@@ -60,7 +60,7 @@ class strongswan(
   }
 
   if $manage_shorewall {
-    class{'shorewall::rules::ipsec':
+    class { 'shorewall::rules::ipsec':
       source => $strongswan::shorewall_source
     }
     if $ipsec_nat {
diff --git a/manifests/remote_host.pp b/manifests/remote_host.pp
index f61b7fd..ca0c71d 100644
--- a/manifests/remote_host.pp
+++ b/manifests/remote_host.pp
@@ -10,7 +10,7 @@ define strongswan::remote_host(
   $right_cert_name    = $name,
   $right_cert_content = 'absent'
 ){
-  file{"${strongswan::config_dir}/hosts/${name}.conf":
+  file { "${strongswan::config_dir}/hosts/${name}.conf":
     ensure  => $ensure,
     require => Package['strongswan'],
     notify  => Service['ipsec'],
@@ -26,7 +26,7 @@ define strongswan::remote_host(
   }
 
   if $right_cert_content != 'unmanaged' {
-    strongswan::cert{$right_cert_name: }
+    strongswan::cert { $right_cert_name: }
     if ($right_cert_content != 'absent') and ($ensure == 'present') {
       Strongswan::Cert[$right_cert_name]{
         ensure  => $ensure,
-- 
cgit v1.2.3


From f3acff6c8a3d103fa208647d6ab61041d3eb3568 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@riseup.net>
Date: Tue, 2 Apr 2013 16:30:34 -0400
Subject: add $use_monkeysphere variable (default set to false) to enable
 non-monkeysphere deployments

---
 manifests/base.pp | 32 ++++++++++++++++++++------------
 manifests/init.pp | 20 ++++++++++++++------
 2 files changed, 34 insertions(+), 18 deletions(-)

(limited to 'manifests')

diff --git a/manifests/base.pp b/manifests/base.pp
index 3f1d491..6f28d12 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -1,18 +1,26 @@
 # manage strongswan services
 class strongswan::base {
 
-  package { 'strongswan':
-    ensure  => installed,
-    require => Package['monkeysphere','gnutls-utils'];
-  } -> exec {
-    'ipsec_privatekey':
-      command => "certtool --generate-privkey --bits 2048 --outfile ${strongswan::cert_dir}/private/${::fqdn}.pem",
-      creates => "${strongswan::cert_dir}/private/${::fqdn}.pem";
-  } -> exec {
-    'ipsec_monkeysphere_cert':
-      command => "monkeysphere-host import-key ${strongswan::cert_dir}/private/${::fqdn}.pem ike://${::fqdn} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${::fqdn} > ${strongswan::cert_dir}/certs/${::fqdn}.asc",
-      creates => "${strongswan::cert_dir}/certs/${::fqdn}.asc",
-  } -> anchor{'strongswan::certs::done': }
+  if $use_monkeysphere {
+    package { 'strongswan':
+      ensure  => installed,
+      require => Package['monkeysphere','gnutls-utils'],
+      } ->
+
+      exec { 'ipsec_privatekey':
+        command => "certtool --generate-privkey --bits 2048 --outfile ${strongswan::cert_dir}/private/${::fqdn}.pem",
+        creates => "${strongswan::cert_dir}/private/${::fqdn}.pem";
+      } ->
+
+      exec { 'ipsec_monkeysphere_cert':
+        command => "monkeysphere-host import-key ${strongswan::cert_dir}/private/${::fqdn}.pem ike://${::fqdn} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${::fqdn} > ${strongswan::cert_dir}/certs/${::fqdn}.asc",
+        creates => "${strongswan::cert_dir}/certs/${::fqdn}.asc",
+        } -> anchor{'strongswan::certs::done': }
+  } else {
+    package { 'strongswan':
+      ensure  => installed,
+    }
+  }
 
   File {
     require => Package['strongswan'],
diff --git a/manifests/init.pp b/manifests/init.pp
index 9277ef0..3b564d4 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -2,6 +2,7 @@
 class strongswan(
   $manage_shorewall         = false,
   $shorewall_source         = 'net',
+  $use_monkeysphere         = false,
   $monkeysphere_publish_key = false,
   $ipsec_nat                = false,
   $default_left_ip_address  = $::ipaddress,
@@ -10,9 +11,16 @@ class strongswan(
   $auto_remote_host         = false
 ) {
 
-  class { 'monkeysphere':
-    publish_key => $monkeysphere_publish_key
-  } -> class { 'certtool': }
+  if $use_monkeysphere != false {
+    class { 'monkeysphere':
+      publish_key => $monkeysphere_publish_key
+    } -> class { 'certtool': }
+
+    $require_monkeysphere = $use_monkeysphere ? {
+      true  => 'Class['monkeysphere']',
+      false => ''
+    }
+  }
 
   case $::operatingsystem {
     centos: {
@@ -23,7 +31,7 @@ class strongswan(
           $binary     = '/usr/sbin/ipsec'
 
           class { 'strongswan::centos::five':
-            require => Class['monkeysphere'],
+            require => $require_monkeysphere
           }
         }
         default: {
@@ -31,7 +39,7 @@ class strongswan(
           $cert_dir   = '/etc/strongswan/ipsec.d'
           $binary     = '/usr/sbin/strongswan'
           class { 'strongswan::centos::six':
-            require => Class['monkeysphere'],
+            require => $require_monkeysphere
           }
         }
       }
@@ -41,7 +49,7 @@ class strongswan(
       $cert_dir   = '/etc/ipsec.d'
       $binary     = '/usr/sbin/ipsec'
       class { 'strongswan::base':
-        require => Class['monkeysphere'],
+        require => $require_monkeysphere
       }
     }
   }
-- 
cgit v1.2.3


From f22c3da35a1ef2230c78474e7f21b9fec9d37c03 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Sat, 10 Aug 2013 15:17:00 +0200
Subject: migrate to the new define usage

---
 manifests/init.pp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'manifests')

diff --git a/manifests/init.pp b/manifests/init.pp
index 3b564d4..cc7987f 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -68,8 +68,8 @@ class strongswan(
   }
 
   if $manage_shorewall {
-    class { 'shorewall::rules::ipsec':
-      source => $strongswan::shorewall_source
+    shorewall::rules::ipsec {
+      $strongswan::shorewall_source:
     }
     if $ipsec_nat {
       include shorewall::rules::ipsec_nat
-- 
cgit v1.2.3


From bcdbdc6cd97700d671c83c7b2a68f710789e6ab5 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@riseup.net>
Date: Sat, 10 Aug 2013 19:05:03 +0200
Subject: fix syntax error

---
 manifests/init.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'manifests')

diff --git a/manifests/init.pp b/manifests/init.pp
index cc7987f..e099166 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -17,7 +17,7 @@ class strongswan(
     } -> class { 'certtool': }
 
     $require_monkeysphere = $use_monkeysphere ? {
-      true  => 'Class['monkeysphere']',
+      true  => Class['monkeysphere'],
       false => ''
     }
   }
-- 
cgit v1.2.3


From ac59107f714fb5b88dc872124a29ffc926d81990 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@riseup.net>
Date: Sat, 10 Aug 2013 19:53:21 +0200
Subject: improve optional monkeysphere support by enabling the cert generation
 without monkeysphere

---
 manifests/base.pp | 28 ++++++++++++++++------------
 1 file changed, 16 insertions(+), 12 deletions(-)

(limited to 'manifests')

diff --git a/manifests/base.pp b/manifests/base.pp
index 6f28d12..165de0f 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -1,25 +1,29 @@
 # manage strongswan services
 class strongswan::base {
 
-  if $use_monkeysphere {
     package { 'strongswan':
       ensure  => installed,
-      require => Package['monkeysphere','gnutls-utils'],
-      } ->
+    } ->
 
-      exec { 'ipsec_privatekey':
-        command => "certtool --generate-privkey --bits 2048 --outfile ${strongswan::cert_dir}/private/${::fqdn}.pem",
-        creates => "${strongswan::cert_dir}/private/${::fqdn}.pem";
-      } ->
+    exec { 'ipsec_privatekey':
+      command => "certtool --generate-privkey --bits 2048 --outfile ${strongswan::cert_dir}/private/${::fqdn}.pem",
+      creates => "${strongswan::cert_dir}/private/${::fqdn}.pem";
+    } ->
+
+    anchor{'strongswan::certs::done': }
+
+    if $use_monkeysphere {
+
+      Package['strongswan'] {
+        require => Package['monkeysphere','gnutls-utils'],
+      }
 
       exec { 'ipsec_monkeysphere_cert':
         command => "monkeysphere-host import-key ${strongswan::cert_dir}/private/${::fqdn}.pem ike://${::fqdn} && gpg --homedir /var/lib/monkeysphere/host -a --export =ike://${::fqdn} > ${strongswan::cert_dir}/certs/${::fqdn}.asc",
         creates => "${strongswan::cert_dir}/certs/${::fqdn}.asc",
-        } -> anchor{'strongswan::certs::done': }
-  } else {
-    package { 'strongswan':
-      ensure  => installed,
-    }
+        require => Exec['ipsec_privatekey'],
+        before  => Anchor['strongswan::certs::done'],
+      }
   }
 
   File {
-- 
cgit v1.2.3