projects / mirror / dsa-puppet.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Revert "rsync::site dependency cleanup, part 1"
[mirror/dsa-puppet.git] / modules / rsync / manifests / site.pp
1 define rsync::site (
2         $binds=['[::]'],
3         $source=undef,
4         $content=undef,
5         $max_clients=200,
6         Enum['present','absent'] $ensure = 'present',
7         $sslname=undef,
8 ) {
9         include rsync
10
11         $fname_real_rsync = "/etc/rsyncd-${name}.conf"
12         $fname_real_stunnel = "/etc/rsyncd-${name}-stunnel.conf"
13
14         $ensure_service = $ensure ? {
15                 present => running,
16                 absent  => stopped,
17         }
18
19         $ensure_enable = $ensure ? {
20                 present => true,
21                 absent  => false,
22         }
23
24         file { $fname_real_rsync:
25                 ensure  => $ensure,
26                 content => $content,
27                 source  => $source,
28                 owner   => 'root',
29                 group   => 'root',
30                 mode    => '0444',
31         }
32
33         file { "/etc/systemd/system/rsyncd-${name}@.service":
34                 ensure  => $ensure,
35                 content => template('rsync/systemd-rsyncd.service.erb'),
36                 owner   => 'root',
37                 group   => 'root',
38                 mode    => '0444',
39                 require => File[$fname_real_rsync],
40                 notify  => Exec['systemctl daemon-reload'],
41         }
42
43         file { "/etc/systemd/system/rsyncd-${name}.socket":
44                 ensure  => $ensure,
45                 content => template('rsync/systemd-rsyncd.socket.erb'),
46                 owner   => 'root',
47                 group   => 'root',
48                 mode    => '0444',
49                 notify  => [
50                         Exec['systemctl daemon-reload'],
51                         Service["rsyncd-${name}.socket"],
52                 ],
53         }
54
55         service { "rsyncd-${name}.socket":
56                 ensure   => $ensure_service,
57                 enable   => $ensure_enable,
58                 require  => [
59                         Exec['systemctl daemon-reload'],
60                         File["/etc/systemd/system/rsyncd-${name}@.service"],
61                         File["/etc/systemd/system/rsyncd-${name}.socket"],
62                 ],
63                 provider => systemd,
64         }
65
66         if $sslname {
67                 file { $fname_real_stunnel:
68                         ensure  => $ensure,
69                         content => template('rsync/systemd-rsyncd-stunnel.conf.erb'),
70                         owner   => 'root',
71                         group   => 'root',
72                         mode    => '0444',
73                         require => File["/etc/ssl/debian/certs/${sslname}.crt-chained"],
74                 }
75
76                 file { "/etc/systemd/system/rsyncd-${name}-stunnel@.service":
77                         ensure  => $ensure,
78                         content => template('rsync/systemd-rsyncd-stunnel.service.erb'),
79                         owner   => 'root',
80                         group   => 'root',
81                         mode    => '0444',
82                         require => File[$fname_real_stunnel],
83                         notify  => Exec['systemctl daemon-reload'],
84                 }
85
86                 file { "/etc/systemd/system/rsyncd-${name}-stunnel.socket":
87                         ensure  => $ensure,
88                         content => template('rsync/systemd-rsyncd-stunnel.socket.erb'),
89                         owner   => 'root',
90                         group   => 'root',
91                         mode    => '0444',
92                         notify  => [
93                                 Exec['systemctl daemon-reload'],
94                                 Service["rsyncd-${name}-stunnel.socket"]
95                         ],
96                 }
97
98                 service { "rsyncd-${name}-stunnel.socket":
99                         ensure   => $ensure_service,
100                         enable   => $ensure_enable,
101                         require  => [
102                                 Exec['systemctl daemon-reload'],
103                                 File["/etc/systemd/system/rsyncd-${name}-stunnel@.service"],
104                                 File["/etc/systemd/system/rsyncd-${name}-stunnel.socket"],
105                                 Service["rsyncd-${name}.socket"],
106                         ],
107                         provider => systemd,
108                 }
109
110                 ferm::rule { "rsync-${name}-ssl":
111                         domain      => '(ip ip6)',
112                         description => 'Allow rsync access',
113                         rule        => '&SERVICE(tcp, 1873)',
114                 }
115
116                 $certdir = hiera('paths.letsencrypt_dir')
117                 dnsextras::tlsa_record{ "tlsa-${sslname}-1873":
118                         zone     => 'debian.org',
119                         certfile => [ "${certdir}/${sslname}.crt" ],
120                         port     => 1873,
121                         hostname => $sslname,
122                 }
123         }
124 }
Unnamed repository; edit this file 'description' to name the repository.