6 Enum['present','absent'] $ensure = 'present',
11 $fname_real_rsync = "/etc/rsyncd-${name}.conf"
12 $fname_real_stunnel = "/etc/rsyncd-${name}-stunnel.conf"
14 $ensure_service = $ensure ? {
19 $ensure_enable = $ensure ? {
24 file { $fname_real_rsync:
30 $service_file = "/etc/systemd/system/rsyncd-${name}@.service"
31 $socket_file = "/etc/systemd/system/rsyncd-${name}.socket"
32 $systemd_service = "rsyncd-${name}.socket"
34 # if we enable the service, we want the files before the service.
35 # if we remove the service, we want the service disabled before the files
37 $service_subscribe = $ensure ? {
44 $service_before = $ensure ? {
54 content => template('rsync/systemd-rsyncd.service.erb'),
55 require => File[$fname_real_rsync],
56 notify => Exec['systemctl daemon-reload'],
61 content => template('rsync/systemd-rsyncd.socket.erb'),
62 notify => Exec['systemctl daemon-reload'],
65 service { $systemd_service:
66 ensure => $ensure_service,
67 enable => $ensure_enable,
68 notify => Exec['systemctl daemon-reload'],
70 before => $service_before,
71 subscribe => $service_subscribe,
75 file { $fname_real_stunnel:
77 content => template('rsync/systemd-rsyncd-stunnel.conf.erb'),
78 require => File["/etc/ssl/debian/certs/${sslname}.crt-chained"],
81 file { "/etc/systemd/system/rsyncd-${name}-stunnel@.service":
83 content => template('rsync/systemd-rsyncd-stunnel.service.erb'),
84 require => File[$fname_real_stunnel],
85 notify => Exec['systemctl daemon-reload'],
88 file { "/etc/systemd/system/rsyncd-${name}-stunnel.socket":
90 content => template('rsync/systemd-rsyncd-stunnel.socket.erb'),
92 Exec['systemctl daemon-reload'],
93 Service["rsyncd-${name}-stunnel.socket"]
97 service { "rsyncd-${name}-stunnel.socket":
98 ensure => $ensure_service,
99 enable => $ensure_enable,
101 Exec['systemctl daemon-reload'],
102 File["/etc/systemd/system/rsyncd-${name}-stunnel@.service"],
103 File["/etc/systemd/system/rsyncd-${name}-stunnel.socket"],
104 Service["rsyncd-${name}.socket"],
109 ferm::rule { "rsync-${name}-ssl":
110 domain => '(ip ip6)',
111 description => 'Allow rsync access',
112 rule => '&SERVICE(tcp, 1873)',
115 $certdir = hiera('paths.letsencrypt_dir')
116 dnsextras::tlsa_record{ "tlsa-${sslname}-1873":
117 zone => 'debian.org',
118 certfile => [ "${certdir}/${sslname}.crt" ],
120 hostname => $sslname,