6 Enum['present','absent'] $ensure = 'present',
11 $fname_real_rsync = "/etc/rsyncd-${name}.conf"
12 $fname_real_stunnel = "/etc/rsyncd-${name}-stunnel.conf"
14 $ensure_service = $ensure ? {
19 $ensure_enable = $ensure ? {
24 file { $fname_real_rsync:
33 $service_file = "/etc/systemd/system/rsyncd-${name}@.service"
34 $socket_file = "/etc/systemd/system/rsyncd-${name}.socket"
35 $systemd_service = "rsyncd-${name}.socket"
39 content => template('rsync/systemd-rsyncd.service.erb'),
43 require => File[$fname_real_rsync],
44 notify => Exec['systemctl daemon-reload'],
49 content => template('rsync/systemd-rsyncd.socket.erb'),
53 notify => Exec['systemctl daemon-reload'],
56 service { $systemd_service:
57 ensure => $ensure_service,
58 enable => $ensure_enable,
59 notify => Exec['systemctl daemon-reload'],
68 file { $fname_real_stunnel:
70 content => template('rsync/systemd-rsyncd-stunnel.conf.erb'),
74 require => File["/etc/ssl/debian/certs/${sslname}.crt-chained"],
77 file { "/etc/systemd/system/rsyncd-${name}-stunnel@.service":
79 content => template('rsync/systemd-rsyncd-stunnel.service.erb'),
83 require => File[$fname_real_stunnel],
84 notify => Exec['systemctl daemon-reload'],
87 file { "/etc/systemd/system/rsyncd-${name}-stunnel.socket":
89 content => template('rsync/systemd-rsyncd-stunnel.socket.erb'),
94 Exec['systemctl daemon-reload'],
95 Service["rsyncd-${name}-stunnel.socket"]
99 service { "rsyncd-${name}-stunnel.socket":
100 ensure => $ensure_service,
101 enable => $ensure_enable,
103 Exec['systemctl daemon-reload'],
104 File["/etc/systemd/system/rsyncd-${name}-stunnel@.service"],
105 File["/etc/systemd/system/rsyncd-${name}-stunnel.socket"],
106 Service["rsyncd-${name}.socket"],
111 ferm::rule { "rsync-${name}-ssl":
112 domain => '(ip ip6)',
113 description => 'Allow rsync access',
114 rule => '&SERVICE(tcp, 1873)',
117 $certdir = hiera('paths.letsencrypt_dir')
118 dnsextras::tlsa_record{ "tlsa-${sslname}-1873":
119 zone => 'debian.org',
120 certfile => [ "${certdir}/${sslname}.crt" ],
122 hostname => $sslname,