Compare commits
2 Commits
a49fe71562
...
af59d8cbb1
| Author | SHA1 | Date |
|---|---|---|
 Tobias Herre
|
af59d8cbb1 | |
|
Tobias Herre
|
43594d0f49 |
|
|
@ -0,0 +1,53 @@
|
||||||
|
#
|
||||||
|
#
|
||||||
|
#
|
||||||
|
|
||||||
|
bundle agent strongswan
|
||||||
|
{
|
||||||
|
vars:
|
||||||
|
"ipsec_conf" string => "/etc/ipsec.conf";
|
||||||
|
"ipsec_secrets" string => "/etc/ipsec.secrets";
|
||||||
|
"service_name" string => "ipsec";
|
||||||
|
"pkgs" slist => {
|
||||||
|
"strongswan"
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
bundle agent install_strongswan(cfg)
|
||||||
|
{
|
||||||
|
vars:
|
||||||
|
"js" string => storejson(@(cfg));
|
||||||
|
|
||||||
|
methods:
|
||||||
|
"any" usebundle => wmde_install_packages(@(strongswan.pkgs),"strongswan");
|
||||||
|
"any" usebundle => wmde_service("$(strongswan.service_name)","strongswan_kept","strongswan_repaired"),
|
||||||
|
depends_on => {
|
||||||
|
"strongswan_ipsec_conf_ready",
|
||||||
|
"strongswan_ipsec_secrets_ready"
|
||||||
|
};
|
||||||
|
files:
|
||||||
|
"$(strongswan.ipsec_conf)"
|
||||||
|
create => "true",
|
||||||
|
template_method => "mustache",
|
||||||
|
template_data => bundlestate("$(this.bundle)"),
|
||||||
|
depends_on => {"strongswan_pkgs_installed"},
|
||||||
|
handle => "strongswan_ipsec_conf_ready",
|
||||||
|
classes => if_repaired("strongswan_repaired"),
|
||||||
|
edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/strongswan-ipsec.conf.mustache";
|
||||||
|
|
||||||
|
"$(strongswan.ipsec_secrets)"
|
||||||
|
create => "true",
|
||||||
|
template_method => "mustache",
|
||||||
|
template_data => bundlestate("$(this.bundle)"),
|
||||||
|
depends_on => {"strongswan_pkgs_installed"},
|
||||||
|
handle => "strongswan_ipsec_secrets_ready",
|
||||||
|
classes => if_repaired("strongswan_repaired"),
|
||||||
|
edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/strongswan-ipsec.secrets.mustache";
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
reports:
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,19 @@
|
||||||
|
#
|
||||||
|
# Mqnaged by CFEngine
|
||||||
|
#
|
||||||
|
{{#cfg.tunnel}}
|
||||||
|
{{#.nets}}
|
||||||
|
conn "{{.name}} {{.local}} {{.remote}}"
|
||||||
|
ikelifetime={{.p1_lifetime}}
|
||||||
|
lifetime={{.p2_lifetime}}
|
||||||
|
leftsubnet={{.local}}
|
||||||
|
rightsubnet={{.remote}}
|
||||||
|
left={{.local_ip}}
|
||||||
|
right={{.remote_ip}}
|
||||||
|
esp={{#.p2_encryption}}{{.}}-{{/.p2_encryption}}{{#.p2_hash}}{{.}}-{{/.p2_hash}}modp2048
|
||||||
|
ike={{.p1_encryption}}-{{.p1_hash}}-modp2048
|
||||||
|
auto=route
|
||||||
|
authby=secret
|
||||||
|
keyexchange=ikev1
|
||||||
|
{{/.nets}}
|
||||||
|
{{/cfg.tunnel}}
|
||||||
|
|
@ -0,0 +1,6 @@
|
||||||
|
#
|
||||||
|
# Managed by CFEngine
|
||||||
|
#
|
||||||
|
{{#.cfg.tunnel}}
|
||||||
|
{{remote_ip}} : PSK "{{psk}}"
|
||||||
|
{{/.cfg.tunnel}}
|
||||||
Loading…
Reference in New Issue