1 define rsync::site_systemd (
11 $fname_real_rsync = "/etc/rsyncd-${name}.conf"
12 $fname_real_stunnel = "/etc/rsyncd-${name}-stunnel.conf"
16 default: { fail ( "Invald ensure `${ensure}' for ${name}" ) }
19 $ensure_service = $ensure ? {
24 $ensure_enable = $ensure ? {
29 file { $fname_real_rsync:
38 file { "/etc/systemd/system/rsyncd-${name}@.service":
40 content => template('rsync/systemd-rsyncd.service.erb'),
44 require => File[$fname_real_rsync],
45 notify => Exec['systemctl daemon-reload'],
48 file { "/etc/systemd/system/rsyncd-${name}.socket":
50 content => template('rsync/systemd-rsyncd.socket.erb'),
55 Exec['systemctl daemon-reload'],
56 Service["rsyncd-${name}.socket"],
60 service { "rsyncd-${name}.socket":
61 ensure => $ensure_service,
62 enable => $ensure_enable,
64 Exec['systemctl daemon-reload'],
65 File["/etc/systemd/system/rsyncd-${name}@.service"],
66 File["/etc/systemd/system/rsyncd-${name}.socket"],
73 file { $fname_real_stunnel:
75 content => template('rsync/systemd-rsyncd-stunnel.conf.erb'),
79 require => File["/etc/ssl/debian/certs/${sslname}.crt-chained"],
82 file { "/etc/systemd/system/rsyncd-${name}-stunnel@.service":
84 content => template('rsync/systemd-rsyncd-stunnel.service.erb'),
88 require => File[$fname_real_stunnel],
89 notify => Exec['systemctl daemon-reload'],
92 file { "/etc/systemd/system/rsyncd-${name}-stunnel.socket":
94 content => template('rsync/systemd-rsyncd-stunnel.socket.erb'),
99 Exec['systemctl daemon-reload'],
100 Service["rsyncd-${name}-stunnel.socket"]
104 service { "rsyncd-${name}-stunnel.socket":
105 ensure => $ensure_service,
106 enable => $ensure_enable,
108 Exec['systemctl daemon-reload'],
109 File["/etc/systemd/system/rsyncd-${name}-stunnel@.service"],
110 File["/etc/systemd/system/rsyncd-${name}-stunnel.socket"],
111 Service["rsyncd-${name}.socket"],
117 @ferm::rule { "rsync-${name}-ssl":
118 domain => '(ip ip6)',
119 description => 'Allow rsync access',
120 rule => '&SERVICE(tcp, 1873)',
123 dnsextras::tlsa_record{ "tlsa-${sslname}-1873":
124 zone => 'debian.org',
126 "/etc/puppet/modules/ssl/files/servicecerts/${sslname}.crt",
127 "/etc/puppet/modules/ssl/files/from-letsencrypt/${sslname}.crt",
130 hostname => $sslname,
134 xinetd::service { [ "rsync-${name}", "rsync-${name}6", "rsync-${name}-ssl", "rsync-${name}-ssl6" ]:
140 before => Service["rsyncd-${name}.socket"],