-class bacula {
-
- $bacula_operator_email = 'bacula-reports@admin.debian.org'
-
- $bacula_director_name = 'debian-dir'
- $bacula_storage_name = 'debian-sd'
- $bacula_client_name = "${::fqdn}-fd"
- $bacula_monitor_name = 'debian-mon'
- $bacula_filestor_name = 'File'
- $bacula_filestor_device = 'FileStorage'
- $bacula_pool_name = 'debian'
-
- # use IP address for ferm.
- $bacula_director_ip = '5.153.231.19'
- $bacula_director_address = 'dinis.debian.org'
- $bacula_director_port = 9101
- $bacula_storage_address = 'storace.debian.org'
- $bacula_storage_port = 9103
- $bacula_client_port = hiera('bacula_fd_port', 9102)
- $bacula_db_address = 'danzi.debian.org'
- $bacula_db_port = 5433
-
- $bacula_backup_path = '/srv/bacula'
-
- $bacula_director_secret = hkdf('/etc/puppet/secret', "bacula-dir-${::hostname}")
- $bacula_db_secret = hkdf('/etc/puppet/secret', "bacula-db-${::hostname}")
- $bacula_storage_secret = hkdf('/etc/puppet/secret', "bacula-sd-${bacula_storage_name}")
- $bacula_client_secret = hkdf('/etc/puppet/secret', "bacula-fd-${::fqdn}")
- $bacula_monitor_secret = hkdf('/etc/puppet/secret', "bacula-monitor-${bacula_director_name}")
-
- $bacula_ca_path = '/etc/ssl/debian/certs/ca.crt'
- $bacula_ssl_client_cert = '/etc/ssl/debian/certs/thishost.crt'
- $bacula_ssl_client_key = '/etc/ssl/private/thishost.key'
- $bacula_ssl_server_cert = '/etc/ssl/debian/certs/thishost-server.crt'
- $bacula_ssl_server_key = '/etc/ssl/private/thishost-server.key'
-
- file { '/usr/local/sbin/bacula-idle-restart':
- mode => '0555',
- content => template('bacula/bacula-idle-restart.erb'),
- }
-
+# bacula class -- defines all the variables we care about in our bacula deployment
+#
+# @param ssl_ca_path full path and filename specifying a PEM encoded TLS CA certificate(s)
+# @param ssl_client_cert path to TLS client certificate
+# @param ssl_client_key path to TLS client certificate key
+# @param ssl_server_cert path to TLS server certificate
+# @param ssl_server_key path to TLS server certificate key
+# @param operator_email email address for reports
+# @param public_addresses this host's public IP addresses. The ones it connects out from and is reachable from outsite.
+# @param has_ipv4 daemons should listen on ipv4
+# @param has_ipv6 daemons should listen on ipv6
+class bacula (
+ String $ssl_ca_path,
+ String $ssl_client_cert,
+ String $ssl_client_key,
+ String $ssl_server_cert,
+ String $ssl_server_key,
+
+ String $operator_email = 'root@localhost',
+ Array[Stdlib::IP::Address] $public_addresses = $base::public_addresses,
+ Boolean $has_ipv4 = $bacula::public_addresses.any |$addr| { $addr =~ Stdlib::IP::Address::V4 },
+ Boolean $has_ipv6 = $bacula::public_addresses.any |$addr| { $addr =~ Stdlib::IP::Address::V6 },
+) {
+ # This file is used by our helper scripts on the director
+ $bacula_dsa_client_list = '/etc/bacula/dsa-clients'
+ $tag_bacula_dsa_client_list = 'bacula::dsa::clientlist'
+
+ $bacula_tls_ca_certificate_file = "TLS CA Certificate File = \"${ssl_ca_path}\""
+ $bacula_tls_client_certificate = "TLS Certificate = \"${ssl_client_cert}\""
+ $bacula_tls_client_key = "TLS Key = \"${ssl_client_key}\""
+ $bacula_tls_server_certificate = "TLS Certificate = \"${ssl_server_cert}\""
+ $bacula_tls_server_key = "TLS Key = \"${ssl_server_key}\""
+
+ file { '/usr/local/sbin/bacula-idle-restart':
+ mode => '0555',
+ source => 'puppet:///modules/bacula/bacula-idle-restart',
+ }
}