1 # an rsync site, systemd socket activated
3 Array[String] $binds = ['[::]'],
4 Optional[String] $source = undef,
5 Optional[String] $content = undef,
6 Integer $max_clients = 200,
7 Enum['present','absent'] $ensure = 'present',
8 Optional[String] $sslname = undef,
12 $fname_real_rsync = "/etc/rsyncd-${name}.conf"
13 $fname_real_stunnel = "/etc/rsyncd-${name}-stunnel.conf"
15 file { $fname_real_rsync:
21 dsa_systemd::socket_service { "rsyncd-${name}":
23 service_content => template('rsync/systemd-rsyncd.service.erb'),
24 socket_content => template('rsync/systemd-rsyncd.socket.erb'),
25 require => File[$fname_real_rsync],
29 file { $fname_real_stunnel:
31 content => template('rsync/systemd-rsyncd-stunnel.conf.erb'),
32 require => File["/etc/ssl/debian/certs/${sslname}.crt-chained"],
35 dsa_systemd::socket_service { "rsyncd-${name}-stunnel":
37 service_content => template('rsync/systemd-rsyncd-stunnel.service.erb'),
38 socket_content => template('rsync/systemd-rsyncd-stunnel.socket.erb'),
39 require => File[$fname_real_stunnel],
42 ferm::rule { "rsync-${name}-ssl":
44 description => 'Allow rsync access',
45 rule => '&SERVICE(tcp, 1873)',
48 $certdir = hiera('paths.letsencrypt_dir')
49 dnsextras::tlsa_record{ "tlsa-${sslname}-1873":
51 certfile => [ "${certdir}/${sslname}.crt" ],