+ define stunnel_generic($client, $verify, $cafile, $crlfile=false, $accept, $connect, $local=false) {
+ file {
+ "/etc/stunnel":
+ ensure => directory,
+ owner => root,
+ group => root,
+ mode => 755,
+ ;
+ "/etc/stunnel/puppet-${name}.conf":
+ content => template("stunnel4/stunnel.conf.erb"),
+ notify => Exec["restart_stunnel_${name}"],
+ ;
+ "/etc/init.d/stunnel4":
+ source => "puppet:///modules/stunnel4/etc-init.d-stunnel4",
+ mode => 555,
+ ;
+ }
+
+ case $client {
+ true: {
+ $certfile = "/etc/ssl/debian/certs/thishost.crt"
+ $keyfile = "/etc/ssl/debian/keys/thishost.key"
+ }
+ default: {
+ $certfile = "/etc/exim4/ssl/thishost.crt"
+ $keyfile = "/etc/exim4/ssl/thishost.key"
+ }
+ }
+
+ exec {
+ "restart_stunnel_${name}":
+ command => "true && cd / && env -i /etc/init.d/stunnel4 restart puppet-${name}",
+ require => [ File['/etc/stunnel/stunnel.conf'],
+ File['/etc/init.d/stunnel4'],
+ Exec['enable_stunnel4'],
+ Exec['kill_file_override'],
+ Package['stunnel4']
+ ],
+ subscribe => [ File[$certfile],
+ File[$keyfile]
+ ],
+ refreshonly => true,
+ ;
+ }
+ }
+