69 lines
1.2 KiB
Puppet
69 lines
1.2 KiB
Puppet
##
|
|
|
|
class ipsec::strongswan (
|
|
$version = 'latest',
|
|
$enable = $::ipsec::strongswan_params::service_enable
|
|
) inherits ipsec::strongswan_params {
|
|
|
|
package { 'strongswan':
|
|
name => $pkg_name,
|
|
provider => $pkg_provider,
|
|
ensure => $version
|
|
}
|
|
|
|
service { 'strongswan':
|
|
ensure => running,
|
|
require => Package['strongswan'],
|
|
subscribe => Concat[ "$ipsec_conf" ],
|
|
enable => $enable
|
|
}
|
|
|
|
concat { "$secrets_file":
|
|
owner => "$secrets_usr",
|
|
group => "$secrets_grp",
|
|
mode => '0600'
|
|
}
|
|
concat::fragment { "pskfile_header":
|
|
target => "$secrets_file",
|
|
order => '00',
|
|
content => "#strongswan psks\n",
|
|
}
|
|
|
|
concat { "$ipsec_conf":
|
|
}
|
|
|
|
concat::fragment { "ipsec_conf_header":
|
|
target => "$ipsec_conf",
|
|
order => '00',
|
|
content => template('ipsec/strongswan/ipsec.conf.header.erb'),
|
|
}
|
|
}
|
|
|
|
|
|
define ipsec::strongswan::tunnel (
|
|
|
|
$local_ip,
|
|
$remote_ip,
|
|
$encryption,
|
|
$hash,
|
|
$dh_group,
|
|
$lifetime,
|
|
$nets,
|
|
$proto,
|
|
$psk
|
|
|
|
){
|
|
|
|
concat::fragment { "$title":
|
|
target => "$::ipsec::strongswan_params::ipsec_conf",
|
|
content => template('ipsec/strongswan/ipsec.conf.tunnel.erb')
|
|
}
|
|
|
|
concat::fragment { "$title psk":
|
|
target => "$::ipsec::strongswan_params::secrets_file",
|
|
content => template('ipsec/strongswan/ipsec.secrets.erb')
|
|
}
|
|
|
|
}
|
|
|