Also collect entries that only knew the port

[mirror/dsa-puppet.git] / modules / vsftpd / manifests / site.pp

diff --git a/modules/vsftpd/manifests/site.pp b/modules/vsftpd/manifests/site.pp
index f8a71a0..352ca68 100644 (file)
--- a/modules/vsftpd/manifests/site.pp
+++ b/modules/vsftpd/manifests/site.pp
@@ -1,52 +1,89 @@
 define vsftpd::site (
        $root,
-       $bind='',
+       $binds=['[::]'],
        $chown_user='',
        $writable=false,
+       $writable_other=false,
+       $readable=true,
+       $listable=true,
        $banner="${name} FTP Server",
        $max_clients=100,
        $logfile="/var/log/ftp/vsftpd-${name}.debian.org.log",
-       $ensure=present
-){
-
+       $ensure=present,
+) {
        include vsftpd
+       include ferm::ftp_conntrack
 
        case $ensure {
                present,absent: {}
                default: { fail ( "Invald ensure `$ensure' for $name" ) }
        }
 
+       $ensure_service = $ensure ? {
+               present => running,
+               absent  => stopped,
+       }
+
+       $ensure_enable = $ensure ? {
+               present => true,
+               absent  => false,
+       }
+
        $ftpsite = $name
 
        $fname = "/etc/vsftpd-${name}.conf"
 
        file { $fname:
                ensure  => $ensure,
-               content => template('vsftpd/vsftpd.conf.erb')
+               content => template('vsftpd/vsftpd.conf.erb'),
+               owner   => 'root',
+               group   => 'root',
+               mode    => '0444',
        }
 
        file { "/etc/logrotate.d/vsftpd-${name}":
                ensure => absent
        }
 
+       file { "/etc/systemd/system/vsftpd-${name}@.service":
+               ensure  => $ensure,
+               content => template('vsftpd/systemd-vsftpd.service.erb'),
+               owner   => 'root',
+               group   => 'root',
+               mode    => '0444',
+               require => File[$fname],
+               notify  => Exec['systemctl daemon-reload'],
+       }
+
+       file { "/etc/systemd/system/vsftpd-${name}.socket":
+               ensure  => $ensure,
+               content => template('vsftpd/systemd-vsftpd.socket.erb'),
+               owner   => 'root',
+               group   => 'root',
+               mode    => '0444',
+               notify  => [
+                       Exec['systemctl daemon-reload'],
+                       Service["vsftpd-${name}.socket"],
+               ],
+       }
+
+       service { "vsftpd-${name}.socket":
+               ensure   => $ensure_service,
+               enable   => $ensure_enable,
+               require  => [
+                       Exec['systemctl daemon-reload'],
+                       File["/etc/systemd/system/vsftpd-${name}@.service"],
+                       File["/etc/systemd/system/vsftpd-${name}.socket"],
+               ],
+               provider => systemd,
+       }
+
        munin::check { "vsftpd-${name}":
+               ensure => $ensure,
                script => 'vsftpd'
        }
        munin::conf { "vsftpd-${name}":
+               ensure  => $ensure,
                content => template('vsftpd/munin.erb')
        }
-
-       # We don't need a firewall rule because it's added in vsftp.pp
-       xinetd::service { "vsftpd-${name}":
-               bind        => $bind,
-               id          => "${name}-ftp",
-               server      => '/usr/sbin/vsftpd',
-               port        => 'ftp',
-               server_args => $fname,
-               ferm        => false,
-               instances   => $max_clients,
-               require     => File[$fname]
-       }
-
-       Service['vsftpd']->Service['xinetd']
 }