From 690f05e2888bb862ce300125045f1cb21a0f5856 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Mon, 31 Dec 2012 17:58:22 +0100
Subject: generate the base config from a template -> include everything else

---
 manifests/base.pp | 26 ++++++++++++++------------
 manifests/init.pp |  9 +++++----
 2 files changed, 19 insertions(+), 16 deletions(-)

(limited to 'manifests')

diff --git a/manifests/base.pp b/manifests/base.pp
index 4f72ae6..17c219c 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -12,21 +12,23 @@ class strongswan::base {
       creates => "${strongswan::config_dir}/certs/${::fqdn}.asc",
   }
 
+  File {
+    require => Package['strongswan'],
+    notify  => Service['ipsec'],
+    owner   => 'root',
+    group   => 0,
+    mode    => '0400',
+  }
+
   file{
     '/etc/ipsec.secrets':
-      content => ": RSA ${::fqdn}.pem\n",
-      require => Package['strongswan'],
-      notify  => Service['ipsec'],
-      owner   => 'root',
-      group   => 0,
-      mode    => '0400';
+      content => ": RSA ${::fqdn}.pem\n";
+    # this is needed because if the glob-include in the config
+    # doesn't find anything it fails.
+    "${strongswan::config_dir}/ipsec.hosts.__dummy__.conf":
+      ensure  => 'present';
     '/etc/ipsec.conf':
-      source  => "puppet:///modules/site_strongswan/configs/${::fqdn}",
-      require => Package['strongswan'],
-      notify  => Service['ipsec'],
-      owner   => 'root',
-      group   => 0,
-      mode    => '0400';
+      content => template('strongswan/ipsec.conf.erb');
   }
 
   service{'ipsec':
diff --git a/manifests/init.pp b/manifests/init.pp
index 0ef3818..e46b9a3 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,14 +1,16 @@
 # manage a strongswan
 class strongswan(
-  $manage_shorewall = false,
+  $manage_shorewall         = false,
   $monkeysphere_publish_key = false,
-  $ipsec_nat = false
+  $ipsec_nat                = false,
+  $default_left_ip_address  = $::ipaddress,
+  $additional_options       = ''
 ) {
 
   class{'monkeysphere':
     publish_key => $monkeysphere_publish_key
   } -> class{'certtool': }
-  
+
   case $::operatingsystem {
     centos: {
       case $::lsbmajdistrelease {
@@ -39,6 +41,5 @@ class strongswan(
     if $ipsec_nat {
       include shorewall::rules::ipsec_nat
     }
-  
   }
 }
-- 
cgit v1.2.3