Also collect entries that only knew the port

[mirror/dsa-puppet.git] / modules / vsftpd / manifests / site.pp

diff --git a/modules/vsftpd/manifests/site.pp b/modules/vsftpd/manifests/site.pp
index bc66c95..352ca68 100644 (file)
--- a/modules/vsftpd/manifests/site.pp
+++ b/modules/vsftpd/manifests/site.pp
@@ -1,34 +1,89 @@
-class vsftpd::site (
-       $source='',
-       $content='',
+define vsftpd::site (
+       $root,
+       $binds=['[::]'],
+       $chown_user='',
+       $writable=false,
+       $writable_other=false,
+       $readable=true,
+       $listable=true,
+       $banner="${name} FTP Server",
+       $max_clients=100,
+       $logfile="/var/log/ftp/vsftpd-${name}.debian.org.log",
        $ensure=present,
-){
-
+) {
        include vsftpd
-
-       if ($source and $content) {
-               fail ( "Can't have both source and content for $name" )
-       }
+       include ferm::ftp_conntrack
 
        case $ensure {
                present,absent: {}
                default: { fail ( "Invald ensure `$ensure' for $name" ) }
        }
 
-       if $source {
-               file { '/etc/vsftpd.conf':
-                       ensure => $ensure,
-                       source => $source,
-                       notify => Service['vsftpd']
-               }
-       } elsif $content {
-               file { '/etc/vsftpd.conf':
-                       ensure  => $ensure,
-                       content => $content,
-                       notify  => Service['vsftpd']
-               }
-       } else {
-               fail ( "Need one of source or content for $name" )
+       $ensure_service = $ensure ? {
+               present => running,
+               absent  => stopped,
+       }
+
+       $ensure_enable = $ensure ? {
+               present => true,
+               absent  => false,
        }
 
+       $ftpsite = $name
+
+       $fname = "/etc/vsftpd-${name}.conf"
+
+       file { $fname:
+               ensure  => $ensure,
+               content => template('vsftpd/vsftpd.conf.erb'),
+               owner   => 'root',
+               group   => 'root',
+               mode    => '0444',
+       }
+
+       file { "/etc/logrotate.d/vsftpd-${name}":
+               ensure => absent
+       }
+
+       file { "/etc/systemd/system/vsftpd-${name}@.service":
+               ensure  => $ensure,
+               content => template('vsftpd/systemd-vsftpd.service.erb'),
+               owner   => 'root',
+               group   => 'root',
+               mode    => '0444',
+               require => File[$fname],
+               notify  => Exec['systemctl daemon-reload'],
+       }
+
+       file { "/etc/systemd/system/vsftpd-${name}.socket":
+               ensure  => $ensure,
+               content => template('vsftpd/systemd-vsftpd.socket.erb'),
+               owner   => 'root',
+               group   => 'root',
+               mode    => '0444',
+               notify  => [
+                       Exec['systemctl daemon-reload'],
+                       Service["vsftpd-${name}.socket"],
+               ],
+       }
+
+       service { "vsftpd-${name}.socket":
+               ensure   => $ensure_service,
+               enable   => $ensure_enable,
+               require  => [
+                       Exec['systemctl daemon-reload'],
+                       File["/etc/systemd/system/vsftpd-${name}@.service"],
+                       File["/etc/systemd/system/vsftpd-${name}.socket"],
+               ],
+               provider => systemd,
+       }
+
+       munin::check { "vsftpd-${name}":
+               ensure => $ensure,
+               script => 'vsftpd'
+       }
+       munin::conf { "vsftpd-${name}":
+               ensure  => $ensure,
+               content => template('vsftpd/munin.erb')
+       }
 }