6 Enum['present','absent'] $ensure = 'present',
11 $fname_real_rsync = "/etc/rsyncd-${name}.conf"
12 $fname_real_stunnel = "/etc/rsyncd-${name}-stunnel.conf"
14 $ensure_service = $ensure ? {
19 $ensure_enable = $ensure ? {
24 file { $fname_real_rsync:
33 file { "/etc/systemd/system/rsyncd-${name}@.service":
35 content => template('rsync/systemd-rsyncd.service.erb'),
39 require => File[$fname_real_rsync],
40 notify => Exec['systemctl daemon-reload'],
43 file { "/etc/systemd/system/rsyncd-${name}.socket":
45 content => template('rsync/systemd-rsyncd.socket.erb'),
50 Exec['systemctl daemon-reload'],
51 Service["rsyncd-${name}.socket"],
55 service { "rsyncd-${name}.socket":
56 ensure => $ensure_service,
57 enable => $ensure_enable,
59 Exec['systemctl daemon-reload'],
60 File["/etc/systemd/system/rsyncd-${name}@.service"],
61 File["/etc/systemd/system/rsyncd-${name}.socket"],
67 file { $fname_real_stunnel:
69 content => template('rsync/systemd-rsyncd-stunnel.conf.erb'),
73 require => File["/etc/ssl/debian/certs/${sslname}.crt-chained"],
76 file { "/etc/systemd/system/rsyncd-${name}-stunnel@.service":
78 content => template('rsync/systemd-rsyncd-stunnel.service.erb'),
82 require => File[$fname_real_stunnel],
83 notify => Exec['systemctl daemon-reload'],
86 file { "/etc/systemd/system/rsyncd-${name}-stunnel.socket":
88 content => template('rsync/systemd-rsyncd-stunnel.socket.erb'),
93 Exec['systemctl daemon-reload'],
94 Service["rsyncd-${name}-stunnel.socket"]
98 service { "rsyncd-${name}-stunnel.socket":
99 ensure => $ensure_service,
100 enable => $ensure_enable,
102 Exec['systemctl daemon-reload'],
103 File["/etc/systemd/system/rsyncd-${name}-stunnel@.service"],
104 File["/etc/systemd/system/rsyncd-${name}-stunnel.socket"],
105 Service["rsyncd-${name}.socket"],
110 ferm::rule { "rsync-${name}-ssl":
111 domain => '(ip ip6)',
112 description => 'Allow rsync access',
113 rule => '&SERVICE(tcp, 1873)',
116 $certdir = hiera('paths.letsencrypt_dir')
117 dnsextras::tlsa_record{ "tlsa-${sslname}-1873":
118 zone => 'debian.org',
119 certfile => [ "${certdir}/${sslname}.crt" ],
121 hostname => $sslname,