X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Frsync%2Fmanifests%2Fsite.pp;h=7d0882c81eed45494f9b96d66d5aacaf5df7ad7c;hb=7709c4b48f7dced425db4b14613c07cf0642e0b1;hp=c1e15c27b2ba86e921ad6c50ede25caf21be22a7;hpb=9c6009e74b04f540b46b17f6a4f1558baf426c99;p=mirror%2Fdsa-puppet.git

diff --git a/modules/rsync/manifests/site.pp b/modules/rsync/manifests/site.pp
index c1e15c27b..7d0882c81 100644
--- a/modules/rsync/manifests/site.pp
+++ b/modules/rsync/manifests/site.pp
@@ -1,123 +1,56 @@
+# an rsync site, systemd socket activated
 define rsync::site (
-	$binds=['[::]'],
-	$source=undef,
-	$content=undef,
-	$max_clients=200,
-	Enum['present','absent'] $ensure = 'present',
-	$sslname=undef,
+  Array[String] $binds = ['[::]'],
+  Optional[String] $source = undef,
+  Optional[String] $content = undef,
+  Integer $max_clients = 200,
+  Enum['present','absent'] $ensure = 'present',
+  Optional[String] $sslname = undef,
 ) {
-	include rsync
-
-	$fname_real_rsync = "/etc/rsyncd-${name}.conf"
-	$fname_real_stunnel = "/etc/rsyncd-${name}-stunnel.conf"
-
-	$ensure_service = $ensure ? {
-		present => running,
-		absent  => stopped,
-	}
-
-	$ensure_enable = $ensure ? {
-		present => true,
-		absent  => false,
-	}
-
-	file { $fname_real_rsync:
-		ensure  => $ensure,
-		content => $content,
-		source  => $source,
-	}
-
-	$service_file = "/etc/systemd/system/rsyncd-${name}@.service"
-	$socket_file = "/etc/systemd/system/rsyncd-${name}.socket"
-	$systemd_service = "rsyncd-${name}.socket"
-
-	# if we enable the service, we want the files before the service.
-	# if we remove the service, we want the service disabled before the files
-	# go away.
-	$service_subscribe = $ensure ? {
-		present => [
-			File[$service_file],
-			File[$socket_file],
-		],
-		default => [],
-	}
-	$service_before = $ensure ? {
-		present => [],
-		default => [
-			File[$service_file],
-			File[$socket_file],
-		],
-	}
-
-	file { $service_file:
-		ensure  => $ensure,
-		content => template('rsync/systemd-rsyncd.service.erb'),
-		require => File[$fname_real_rsync],
-		notify  => Exec['systemctl daemon-reload'],
-	}
-
-	file { $socket_file:
-		ensure  => $ensure,
-		content => template('rsync/systemd-rsyncd.socket.erb'),
-		notify  => Exec['systemctl daemon-reload'],
-	}
-
-	service { $systemd_service:
-		ensure   => $ensure_service,
-		enable   => $ensure_enable,
-		notify   => Exec['systemctl daemon-reload'],
-		provider => systemd,
-		before    => $service_before,
-		subscribe => $service_subscribe,
-	}
-
-	if $sslname {
-		file { $fname_real_stunnel:
-			ensure  => $ensure,
-			content => template('rsync/systemd-rsyncd-stunnel.conf.erb'),
-			require => File["/etc/ssl/debian/certs/${sslname}.crt-chained"],
-		}
-
-		file { "/etc/systemd/system/rsyncd-${name}-stunnel@.service":
-			ensure  => $ensure,
-			content => template('rsync/systemd-rsyncd-stunnel.service.erb'),
-			require => File[$fname_real_stunnel],
-			notify  => Exec['systemctl daemon-reload'],
-		}
-
-		file { "/etc/systemd/system/rsyncd-${name}-stunnel.socket":
-			ensure  => $ensure,
-			content => template('rsync/systemd-rsyncd-stunnel.socket.erb'),
-			notify  => [
-				Exec['systemctl daemon-reload'],
-				Service["rsyncd-${name}-stunnel.socket"]
-			],
-		}
-
-		service { "rsyncd-${name}-stunnel.socket":
-			ensure   => $ensure_service,
-			enable   => $ensure_enable,
-			require  => [
-				Exec['systemctl daemon-reload'],
-				File["/etc/systemd/system/rsyncd-${name}-stunnel@.service"],
-				File["/etc/systemd/system/rsyncd-${name}-stunnel.socket"],
-				Service["rsyncd-${name}.socket"],
-			],
-			provider => systemd,
-		}
-
-		ferm::rule { "rsync-${name}-ssl":
-			domain      => '(ip ip6)',
-			description => 'Allow rsync access',
-			rule        => '&SERVICE(tcp, 1873)',
-		}
-
-		$certdir = hiera('paths.letsencrypt_dir')
-		dnsextras::tlsa_record{ "tlsa-${sslname}-1873":
-			zone     => 'debian.org',
-			certfile => [ "${certdir}/${sslname}.crt" ],
-			port     => 1873,
-			hostname => $sslname,
-		}
-	}
+  include rsync
+
+  $fname_real_rsync = "/etc/rsyncd-${name}.conf"
+  $fname_real_stunnel = "/etc/rsyncd-${name}-stunnel.conf"
+
+  file { $fname_real_rsync:
+    ensure  => $ensure,
+    content => $content,
+    source  => $source,
+  }
+
+  dsa_systemd::socket_service { "rsyncd-${name}":
+    ensure          => $ensure,
+    service_content => template('rsync/systemd-rsyncd.service.erb'),
+    socket_content  => template('rsync/systemd-rsyncd.socket.erb'),
+    require         => File[$fname_real_rsync],
+  }
+
+  if $sslname {
+    file { $fname_real_stunnel:
+      ensure  => $ensure,
+      content => template('rsync/systemd-rsyncd-stunnel.conf.erb'),
+      require => File["/etc/ssl/debian/certs/${sslname}.crt-chained"],
+    }
+
+    dsa_systemd::socket_service { "rsyncd-${name}-stunnel":
+      ensure          => $ensure,
+      service_content => template('rsync/systemd-rsyncd-stunnel.service.erb'),
+      socket_content  => template('rsync/systemd-rsyncd-stunnel.socket.erb'),
+      require         => File[$fname_real_stunnel],
+    }
+
+    ferm::rule { "rsync-${name}-ssl":
+      domain      => '(ip ip6)',
+      description => 'Allow rsync access',
+      rule        => '&SERVICE(tcp, 1873)',
+    }
+
+    $certdir = hiera('paths.letsencrypt_dir')
+    dnsextras::tlsa_record{ "tlsa-${sslname}-1873":
+      zone     => 'debian.org',
+      certfile => [ "${certdir}/${sslname}.crt" ],
+      port     => 1873,
+      hostname => $sslname,
+    }
+  }
 }