class stunnel4 {
define stunnel_generic($client, $verify, $cafile, $crlfile=false, $accept, $connect, $local=false) {
file {
+ "/etc/stunnel":
+ ensure => directory,
+ owner => root,
+ group => root,
+ mode => 755,
+ ;
"/etc/stunnel/puppet-${name}.conf":
content => template("stunnel4/stunnel.conf.erb"),
notify => Exec['restart_stunnel'],
@ferm::rule {
"stunnel-${name}":
description => "stunnel ${name}",
- rule => "&TCP_UDP_SERVICE(${accept})",
- domain => "(ip ip6)",
+ rule => "&SERVICE_RANGE(tcp, ${accept}, \$HOST_DEBIAN_V4)",
+ ;
+ "stunnel-${name}-v6":
+ domain => 'ip6',
+ description => "stunnel ${name}",
+ rule => "&SERVICE_RANGE(tcp, ${accept}, \$HOST_DEBIAN_V6)",
;
}
}
cafile => "/etc/stunnel/puppet-${name}-peer.pem",
accept => "${accept}",
connect => "${connecthost}:${connectport}",
- require => [ File["/etc/stunnel/puppet-${name}-peer.pem"] ],
;
}
}
file {
"/etc/stunnel/stunnel.conf":
ensure => absent,
+ require => [ Package['stunnel4'] ],
;
}
require => [ Package['stunnel4'] ],
;
"restart_stunnel":
- command => "env -i /etc/init.d/stunnel4 restart",
+ command => "true && cd / && env -i /etc/init.d/stunnel4 restart",
require => [ File['/etc/stunnel/stunnel.conf'], Exec['enable_stunnel4'], Package['stunnel4'] ],
refreshonly => true,
;