##
## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
##

<%=

lines = []

config = YAML.load(@ipsec_config)

unless config.keys.include?(@fqdn) then
  fail("Host #{@fqdn} not found in ipsec config.")
end

config.keys.each do |host|
  next if @fqdn == host

  pair = [@fqdn, host]
  pair.sort!
  connname = pair.join('-')

  lines << "conn #{connname}"
  lines << "  # left is us (local): #{@fqdn}"
  lines << "  left       = #{config[@fqdn]['address']}"

  lines << "  # right is our peer (remote): #{host}"
  lines << "  right       = #{config[host]['address']}"

  if config[@fqdn].include?('subnet') or config[host].include?('subnet')
    lines << "  type = tunnel"
    if config[@fqdn].include?('subnet')
      lines << "  leftsubnet = #{config[@fqdn]['subnet'].join(', ')}"
    end
    if config[host].include?('subnet')
      lines << "  rightsubnet = #{config[host]['subnet'].join(', ')}"
    end
  else
    lines << "  type = transport"
  end
  lines << ""
  lines << "  #auto=start"
  lines << "  #closeaction=restart"
  lines << "  auto=route"
  lines << ""
end
lines.join("\n")

%>