Initial commit

2023-10-27 00:17:57 +02:00 · 2023-10-27 00:17:31 +02:00
3 changed files with 78 additions and 0 deletions
--- a/strongswan.cf
+++ b/strongswan.cf
@ -0,0 +1,53 @@
+#
+#
+#
+
+bundle agent strongswan
+{
+vars:
+	"ipsec_conf" string => "/etc/ipsec.conf";
+	"ipsec_secrets" string => "/etc/ipsec.secrets";
+	"service_name" string => "ipsec";
+	"pkgs" slist => {
+		"strongswan"
+	};
+
+}
+
+
+bundle agent install_strongswan(cfg)
+{
+vars:
+	"js" string => storejson(@(cfg));
+
+methods:
+	"any" usebundle => wmde_install_packages(@(strongswan.pkgs),"strongswan");
+	"any" usebundle => wmde_service("$(strongswan.service_name)","strongswan_kept","strongswan_repaired"),
+		depends_on => {
+			"strongswan_ipsec_conf_ready",
+			"strongswan_ipsec_secrets_ready"
+		};
+files:
+	"$(strongswan.ipsec_conf)"
+	create => "true",
+	template_method => "mustache",
+	template_data => bundlestate("$(this.bundle)"),
+	depends_on => {"strongswan_pkgs_installed"},
+	handle => "strongswan_ipsec_conf_ready",
+	classes => if_repaired("strongswan_repaired"),
+	edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/strongswan-ipsec.conf.mustache";
+
+	"$(strongswan.ipsec_secrets)"
+	create => "true",
+	template_method => "mustache",
+	template_data => bundlestate("$(this.bundle)"),
+	depends_on => {"strongswan_pkgs_installed"},
+	handle => "strongswan_ipsec_secrets_ready",
+	classes => if_repaired("strongswan_repaired"),
+	edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/strongswan-ipsec.secrets.mustache";
+
+
+
+	
+reports:
+}
--- a/templates/strongswan-ipsec.conf.mustache
+++ b/templates/strongswan-ipsec.conf.mustache
@ -0,0 +1,19 @@
+#
+# Mqnaged by CFEngine
+#
+{{#cfg.tunnel}}
+{{#.nets}}
+conn "{{.name}} {{.local}} {{.remote}}"
+	ikelifetime={{.p1_lifetime}}
+	lifetime={{.p2_lifetime}}
+	leftsubnet={{.local}}
+	rightsubnet={{.remote}}
+	left={{.local_ip}}
+	right={{.remote_ip}}
+	esp={{#.p2_encryption}}{{.}}-{{/.p2_encryption}}{{#.p2_hash}}{{.}}-{{/.p2_hash}}modp2048
+	ike={{.p1_encryption}}-{{.p1_hash}}-modp2048
+	auto=route
+	authby=secret
+	keyexchange=ikev1
+{{/.nets}}
+{{/cfg.tunnel}}
--- a/templates/strongswan-ipsec.secrets.mustache
+++ b/templates/strongswan-ipsec.secrets.mustache
@ -0,0 +1,6 @@
+#
+# Managed by CFEngine
+#
+{{#.cfg.tunnel}}
+{{remote_ip}} : PSK "{{psk}}"
+{{/.cfg.tunnel}}
Author	SHA1	Message	Date
Tobias Herre	af59d8cbb1	Initial commit	2023-10-27 00:17:57 +02:00
Tobias Herre	43594d0f49	Initial commit	2023-10-27 00:17:31 +02:00