This repository has been archived by the owner on Jan 21, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 14
/
init.pp
99 lines (95 loc) · 2.89 KB
/
init.pp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
# == Class: strongswan
#
# Installs and manages Strongswan on Ubuntu.
#
# === Optional Parameters
#
# [*charon_options*]
# A hash of custom options for the /etc/strongswan.d/charon.conf file
# (default: {})
#
# [*conn_conf_path*]
# Directory to store individual IPSec Connection configuration files in.
# (default: /etc/ipsec.d/connfs)
#
# [*ipsec_options*]
# A hash of settings for the 'config settings' section of the /etc/ipsec.conf
# file.
# (default: {})
#
# [*secrets_conf_path*]
# Directory to store individual IPSec Connection secret files in.
# (default: /etc/ipsec.d/secrets)
#
# [*service_name*]
# Name of the StrongSwan service daemon.
# (default: strongswan)
#
# [*service_provider*]
# The service backend to use.
# (default: upstart)
#
# [*service_ensure*]
# Whether to ensure the service is running or not.
# (default: running)
#
# [*service_enable*]
# Whether to enable the strongswan service on system startup.
# (default: true)
#
# [*strongswan_package*]
# Name of the Strongswan package to install.
# (default: strongswan)
#
# [*strongswan_version*]
# Version of the Strongswan packages to install.
# (default: installed)
#
# [*strongswan_plugins*]
# (default: [ strongswan-plugin-unity, strongswan-plugin-xauth-pam ])
#
# === Authors
#
# Matt Wise <[email protected]>
#
class strongswan (
$charon_options = {},
$conn_conf_path = $strongswan::env::conn_conf_path,
$ipsec_options = {},
$secrets_conf_path = $strongswan::env::secrets_conf_path,
$service_name = $strongswan::env::service_name,
$service_provider = $strongswan::env::service_provider,
$service_ensure = $strongswan::env::service_ensure,
$service_enable = $strongswan::env::service_enable,
$strongswan_package = $strongswan::env::strongswan_package,
$strongswan_version = $strongswan::env::strongswan_version,
$strongswan_plugins = $strongswan::env::strongswan_plugins,
$conns = {}
) inherits strongswan::env {
class { 'strongswan::install':
package => $strongswan_package,
version => $strongswan_version,
plugins => $strongswan_plugins,
}
contain strongswan::install
# Now, begin configuring the strongswan service.
class { 'strongswan::config':
ipsec_options => $ipsec_options,
charon_options => $charon_options,
conn_conf_path => $conn_conf_path,
secrets_conf_path => $secrets_conf_path,
require => Class['strongswan::install'];
}
contain strongswan::config
# Manage the service. If its not running, this will take care of starting it.
class { 'strongswan::service':
ensure => $service_ensure,
service => $service_name,
provider => $service_provider,
enable => $service_enable,
subscribe => Class['strongswan::config'],
require => Class['strongswan::config'];
}
# Optionally manage connections through Hiera
create_resources(strongswan::conn, $conns)
}