7u83-ipsec/manifests/init.pp

127 lines
2.1 KiB
Puppet
Raw Normal View History

2018-02-21 15:31:53 +00:00
# Class: ipsec
# ===========================
#
# Full description of class ipsec here.
#
# Parameters
# ----------
#
# Document parameters here.
#
# * `sample parameter`
# Explanation of what this parameter affects and what it defaults to.
# e.g. "Specify one or more upstream ntp servers as an array."
#
# Variables
# ----------
#
# Here you should define a list of variables that this module would require.
#
# * `sample variable`
# Explanation of how this variable affects the function of this class and if
# it has a default. e.g. "The parameter enc_ntp_servers must be set by the
# External Node Classifier as a comma separated list of hostnames." (Note,
# global variables should be avoided in favor of class parameters as
# of Puppet 2.6.)
#
# Examples
# --------
#
# @example
# class { 'ipsec':
# }
#
# Authors
# -------
#
# 7u83 <7u83@mail.ru>
#
# Copyright
# ---------
#
# Copyright 2018 7u83@mail.ru
#
class ipsec(
$version = 'latest',
$ikedaemon = undef
){
if $ikedaemon == undef {
case $::osfamily {
'FreeBSD':{
$ike_daemon = 'racoon'
}
'OpenBSD':{
$ike_daemon = 'isakmpd'
}
default: {
2018-02-23 16:02:21 +00:00
$ike_daemon = 'strongswan'
2018-02-21 15:31:53 +00:00
}
}
}
else {
$ike_daemon = $ikedaemon
}
$res = "ipsec::${ike_daemon}"
class { "$res":
version => $version
}
}
define ipsec::tunnel (
$local_ip,
$remote_ip,
$nets,
$proto = "any",
$psk,
$hash = 'sha256',
$encryption = 'aes256',
2018-02-23 16:02:21 +00:00
$lifetime = '86400 sec',
$dh_group = 'modp2048',
2018-02-21 15:31:53 +00:00
)
{
include ::ipsec
$ikedaemon = $::ipsec::ike_daemon
$res = "ipsec::${ikedaemon}::tunnel"
Resource[$res] { "$title":
local_ip => $local_ip,
remote_ip => $remote_ip,
nets => $nets,
proto => $proto,
psk => $psk,
lifetime => $lifetime,
hash => $hash,
encryption => $encryption,
2018-02-23 16:02:21 +00:00
dh_group => $dh_group,
2018-02-21 15:31:53 +00:00
}
}
define ipsec::transport (
$local_ip,
$remote_ip,
$proto = "any",
$psk
)
{
include ::ipsec
$ikedaemon = $::ipsec::ike_daemon
$res = "ipsec::${ikedaemon}::transport"
Resource[$res] { "$title":
local_ip => $local_ip,
remote_ip => $remote_ip,
proto => $proto,
psk => $psk
}
}