X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Frsync%2Fmanifests%2Fsite.pp;h=7d0882c81eed45494f9b96d66d5aacaf5df7ad7c;hb=267a7cce45366203fdb3848782812cf5ba44b709;hp=f5f412be9f01df43190fa0092802053efecb1c53;hpb=cfff8d7ad1e31e2a46e78952410f5cfde00401e5;p=mirror%2Fdsa-puppet.git diff --git a/modules/rsync/manifests/site.pp b/modules/rsync/manifests/site.pp index f5f412be9..7d0882c81 100644 --- a/modules/rsync/manifests/site.pp +++ b/modules/rsync/manifests/site.pp @@ -1,65 +1,56 @@ +# an rsync site, systemd socket activated define rsync::site ( - $binds=['[::]'], - $source=undef, - $content=undef, - $max_clients=200, - Enum['present','absent'] $ensure = 'present', - $sslname=undef, + Array[String] $binds = ['[::]'], + Optional[String] $source = undef, + Optional[String] $content = undef, + Integer $max_clients = 200, + Enum['present','absent'] $ensure = 'present', + Optional[String] $sslname = undef, ) { - include rsync - - $fname_real_rsync = "/etc/rsyncd-${name}.conf" - $fname_real_stunnel = "/etc/rsyncd-${name}-stunnel.conf" - - $ensure_service = $ensure ? { - present => running, - absent => stopped, - } - - $ensure_enable = $ensure ? { - present => true, - absent => false, - } - - file { $fname_real_rsync: - ensure => $ensure, - content => $content, - source => $source, - } - - dsa_systemd::socket_service { "rsyncd-${name}": - ensure => $ensure, - service_content => template('rsync/systemd-rsyncd.service.erb'), - socket_content => template('rsync/systemd-rsyncd.socket.erb'), - require => File[$fname_real_rsync], - } - - if $sslname { - file { $fname_real_stunnel: - ensure => $ensure, - content => template('rsync/systemd-rsyncd-stunnel.conf.erb'), - require => File["/etc/ssl/debian/certs/${sslname}.crt-chained"], - } - - dsa_systemd::socket_service { "rsyncd-${name}-stunnel": - ensure => $ensure, - service_content => template('rsync/systemd-rsyncd-stunnel.service.erb'), - socket_content => template('rsync/systemd-rsyncd-stunnel.socket.erb'), - require => File[$fname_real_stunnel], - } - - ferm::rule { "rsync-${name}-ssl": - domain => '(ip ip6)', - description => 'Allow rsync access', - rule => '&SERVICE(tcp, 1873)', - } - - $certdir = hiera('paths.letsencrypt_dir') - dnsextras::tlsa_record{ "tlsa-${sslname}-1873": - zone => 'debian.org', - certfile => [ "${certdir}/${sslname}.crt" ], - port => 1873, - hostname => $sslname, - } - } + include rsync + + $fname_real_rsync = "/etc/rsyncd-${name}.conf" + $fname_real_stunnel = "/etc/rsyncd-${name}-stunnel.conf" + + file { $fname_real_rsync: + ensure => $ensure, + content => $content, + source => $source, + } + + dsa_systemd::socket_service { "rsyncd-${name}": + ensure => $ensure, + service_content => template('rsync/systemd-rsyncd.service.erb'), + socket_content => template('rsync/systemd-rsyncd.socket.erb'), + require => File[$fname_real_rsync], + } + + if $sslname { + file { $fname_real_stunnel: + ensure => $ensure, + content => template('rsync/systemd-rsyncd-stunnel.conf.erb'), + require => File["/etc/ssl/debian/certs/${sslname}.crt-chained"], + } + + dsa_systemd::socket_service { "rsyncd-${name}-stunnel": + ensure => $ensure, + service_content => template('rsync/systemd-rsyncd-stunnel.service.erb'), + socket_content => template('rsync/systemd-rsyncd-stunnel.socket.erb'), + require => File[$fname_real_stunnel], + } + + ferm::rule { "rsync-${name}-ssl": + domain => '(ip ip6)', + description => 'Allow rsync access', + rule => '&SERVICE(tcp, 1873)', + } + + $certdir = hiera('paths.letsencrypt_dir') + dnsextras::tlsa_record{ "tlsa-${sslname}-1873": + zone => 'debian.org', + certfile => [ "${certdir}/${sslname}.crt" ], + port => 1873, + hostname => $sslname, + } + } }