6 Enum['present','absent'] $ensure = 'present',
11 $fname_real_rsync = "/etc/rsyncd-${name}.conf"
12 $fname_real_stunnel = "/etc/rsyncd-${name}-stunnel.conf"
14 $ensure_service = $ensure ? {
19 $ensure_enable = $ensure ? {
24 file { $fname_real_rsync:
30 dsa_systemd::socket_service { "rsyncd-${name}":
32 service_content => template('rsync/systemd-rsyncd.service.erb'),
33 socket_content => template('rsync/systemd-rsyncd.socket.erb'),
34 require => File[$fname_real_rsync],
38 file { $fname_real_stunnel:
40 content => template('rsync/systemd-rsyncd-stunnel.conf.erb'),
41 require => File["/etc/ssl/debian/certs/${sslname}.crt-chained"],
44 file { "/etc/systemd/system/rsyncd-${name}-stunnel@.service":
46 content => template('rsync/systemd-rsyncd-stunnel.service.erb'),
47 require => File[$fname_real_stunnel],
48 notify => Exec['systemctl daemon-reload'],
51 file { "/etc/systemd/system/rsyncd-${name}-stunnel.socket":
53 content => template('rsync/systemd-rsyncd-stunnel.socket.erb'),
55 Exec['systemctl daemon-reload'],
56 Service["rsyncd-${name}-stunnel.socket"]
60 service { "rsyncd-${name}-stunnel.socket":
61 ensure => $ensure_service,
62 enable => $ensure_enable,
64 Exec['systemctl daemon-reload'],
65 File["/etc/systemd/system/rsyncd-${name}-stunnel@.service"],
66 File["/etc/systemd/system/rsyncd-${name}-stunnel.socket"],
67 Service["rsyncd-${name}.socket"],
72 ferm::rule { "rsync-${name}-ssl":
74 description => 'Allow rsync access',
75 rule => '&SERVICE(tcp, 1873)',
78 $certdir = hiera('paths.letsencrypt_dir')
79 dnsextras::tlsa_record{ "tlsa-${sslname}-1873":
81 certfile => [ "${certdir}/${sslname}.crt" ],