wmdeit-cf-wmdelib/strongswan.cf

78 lines
2.0 KiB
CFEngine3

#
#
#
bundle agent strongswan
{
vars:
freebsd::
"pkgs" slist => {
"strongswan"
};
"ipsec_conf" string => "/usr/local/etc/ipsec.conf";
"ipsec_secrets" string => "/usr/local/etc/ipsec.secrets";
"service_name" string => "strongswan";
debian::
"pkgs" slist => {
"strongswan"
};
"ipsec_conf" string => "/etc/ipsec.conf";
"ipsec_secrets" string => "/etc/ipsec.secrets";
"service_name" string => "ipsec";
centos::
"pkgs" slist => {
"strongswan"
};
"ipsec_conf" string => "/etc/strongswan/ipsec.conf";
"ipsec_secrets" string => "/etc/strongswan/ipsec.secrets";
"service_name" string => "strongswan-starter";
}
bundle agent install_strongswan(cfg)
{
vars:
"service_deps" slist => { "strongswan_ipsec_conf_ready", "strongswan_ipsec_secrets_ready" };
freebsd::
"service_deps" slist => { "strongswan_ipsec_conf_ready", "strongswan_ipsec_secrets_ready","strongswan_bsdcfg_ready" };
methods:
"any" usebundle => wmde_install_packages(@(strongswan.pkgs),"strongswan");
"any" usebundle => wmde_service("$(strongswan.service_name)","strongswan_kept","strongswan_repaired"),
depends_on => @(service_deps);
files:
"$(strongswan.ipsec_conf)"
create => "true",
template_method => "mustache",
template_data => bundlestate("$(this.bundle)"),
depends_on => {"strongswan_pkgs_installed"},
handle => "strongswan_ipsec_conf_ready",
classes => if_repaired("strongswan_repaired"),
edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/strongswan-ipsec.conf.mustache";
"$(strongswan.ipsec_secrets)"
create => "true",
template_method => "mustache",
template_data => bundlestate("$(this.bundle)"),
depends_on => {"strongswan_pkgs_installed"},
handle => "strongswan_ipsec_secrets_ready",
classes => if_repaired("strongswan_repaired"),
edit_template => "$(sys.workdir)/inputs/$(def.wmde_libdir)/templates/strongswan-ipsec.secrets.mustache";
freebsd::
"/etc/rc.conf.d/strongswan"
create => "true",
content =>"strongswan_interface=stroke
strongswan_enable=\"YES\"
",
handle => "strongswan_bsdcfg_ready";
reports:
}