Compare commits

..

2 Commits

Author SHA1 Message Date
Tobias Herre af59d8cbb1 Initial commit 2023-10-27 00:17:57 +02:00
Tobias Herre 43594d0f49 Initial commit 2023-10-27 00:17:31 +02:00
3 changed files with 78 additions and 0 deletions

53
strongswan.cf Normal file
View File

@ -0,0 +1,53 @@
#
#
#
bundle agent strongswan
{
vars:
"ipsec_conf" string => "/etc/ipsec.conf";
"ipsec_secrets" string => "/etc/ipsec.secrets";
"service_name" string => "ipsec";
"pkgs" slist => {
"strongswan"
};
}
bundle agent install_strongswan(cfg)
{
vars:
"js" string => storejson(@(cfg));
methods:
"any" usebundle => wmde_install_packages(@(strongswan.pkgs),"strongswan");
"any" usebundle => wmde_service("$(strongswan.service_name)","strongswan_kept","strongswan_repaired"),
depends_on => {
"strongswan_ipsec_conf_ready",
"strongswan_ipsec_secrets_ready"
};
files:
"$(strongswan.ipsec_conf)"
create => "true",
template_method => "mustache",
template_data => bundlestate("$(this.bundle)"),
depends_on => {"strongswan_pkgs_installed"},
handle => "strongswan_ipsec_conf_ready",
classes => if_repaired("strongswan_repaired"),
edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/strongswan-ipsec.conf.mustache";
"$(strongswan.ipsec_secrets)"
create => "true",
template_method => "mustache",
template_data => bundlestate("$(this.bundle)"),
depends_on => {"strongswan_pkgs_installed"},
handle => "strongswan_ipsec_secrets_ready",
classes => if_repaired("strongswan_repaired"),
edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/strongswan-ipsec.secrets.mustache";
reports:
}

View File

@ -0,0 +1,19 @@
#
# Mqnaged by CFEngine
#
{{#cfg.tunnel}}
{{#.nets}}
conn "{{.name}} {{.local}} {{.remote}}"
ikelifetime={{.p1_lifetime}}
lifetime={{.p2_lifetime}}
leftsubnet={{.local}}
rightsubnet={{.remote}}
left={{.local_ip}}
right={{.remote_ip}}
esp={{#.p2_encryption}}{{.}}-{{/.p2_encryption}}{{#.p2_hash}}{{.}}-{{/.p2_hash}}modp2048
ike={{.p1_encryption}}-{{.p1_hash}}-modp2048
auto=route
authby=secret
keyexchange=ikev1
{{/.nets}}
{{/cfg.tunnel}}

View File

@ -0,0 +1,6 @@
#
# Managed by CFEngine
#
{{#.cfg.tunnel}}
{{remote_ip}} : PSK "{{psk}}"
{{/.cfg.tunnel}}