X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Frsync%2Fmanifests%2Fsite.pp;h=97dbb05d872f40139c6ba6777c58cc9ab30d0fad;hb=0b68381fd31eec6f60601df29d4cf0b137724fad;hp=13d90dc7f9f16ad1298c060d6bbd1292f7c09a61;hpb=b98544412fd3916437b2250481b8a77c5edef40e;p=mirror%2Fdsa-puppet.git

diff --git a/modules/rsync/manifests/site.pp b/modules/rsync/manifests/site.pp
index 13d90dc7f..97dbb05d8 100644
--- a/modules/rsync/manifests/site.pp
+++ b/modules/rsync/manifests/site.pp
@@ -1,14 +1,22 @@
 define rsync::site (
 	$bind='',
+	$bind6='',
 	$source='',
 	$content='',
-	$fname='/etc/rsyncd.conf',
+	$fname='',
 	$max_clients=200,
-	$ensure=present
+	$ensure=present,
+	$sslname='',
+	$sslport=1873
 ){
 
 	include rsync
 
+	if ! $fname {
+		$fname_real = "/etc/rsyncd-${name}.conf"
+	} else {
+		$fname_real = $fname
+	}
 	case $ensure {
 		present,absent: {}
 		default: { fail ( "Invald ensure `${ensure}' for ${name}" ) }
@@ -19,12 +27,12 @@ define rsync::site (
 	}
 
 	if $source {
-		file { $fname:
+		file { $fname_real:
 			ensure => $ensure,
 			source => $source
 		}
 	} elsif $content {
-		file { $fname:
+		file { $fname_real:
 			ensure  => $ensure,
 			content => $content,
 		}
@@ -35,12 +43,65 @@ define rsync::site (
 	xinetd::service { "rsync-${name}":
 		bind        => $bind,
 		id          => "${name}-rsync",
-		server      => '/usr/sbin/rsyncd',
-		port        => 'rsync',
-		server_args => $fname,
+		server      => '/usr/bin/rsync',
+		service     => 'rsync',
+		server_args => "--daemon --config=${fname_real}",
 		ferm        => false,
 		instances   => $max_clients,
-		require     => File[$fname]
+		require     => File[$fname_real]
+	}
+
+	if $bind6 != '' {
+		if $bind == '' {
+			fail("Cannot listen on * and a specific ipv6 address")
+		}
+		xinetd::service { "rsync-${name}6":
+			bind        => $bind6,
+			id          => "${name}-rsync6",
+			server      => '/usr/bin/rsync',
+			service     => 'rsync',
+			server_args => "--daemon --config=${fname_real}",
+			ferm        => false,
+			instances   => $max_clients,
+			require     => File[$fname_real]
+		}
+	}
+
+	if $sslname != '' {
+		file { "/etc/rsyncd-${name}-stunnel.conf":
+			content => template('rsync/rsyncd-stunnel.conf.erb')
+		}
+		@ferm::rule { "rsync-${name}-ssl":
+			domain      => '(ip ip6)',
+			description => 'Allow rsync access',
+			rule        => "&SERVICE(tcp, $sslport)",
+		}
+		xinetd::service { "rsync-${name}-ssl":
+			bind        => $bind,
+			id          => "rsync-${name}-ssl",
+			server      => '/usr/bin/stunnel4',
+			server_args => "/etc/rsyncd-${name}-stunnel.conf",
+			service     => "rsync-ssl",
+			type        => 'UNLISTED',
+			port        => "$sslport",
+			ferm        => true,
+			instances   => $max_clients,
+			require     => File["/etc/rsyncd-${name}-stunnel.conf"],
+		}
+		if $bind6 != '' {
+			xinetd::service { "rsync-${name}-ssl6":
+				bind        => $bind6,
+				id          => "rsync-${name}-ssl6",
+				server      => '/usr/bin/stunnel4',
+				server_args => "/etc/rsyncd-${name}-stunnel.conf",
+				service     => "rsync-ssl",
+				type        => 'UNLISTED',
+				port        => "$sslport",
+				ferm        => true,
+				instances   => $max_clients,
+				require     => File["/etc/rsyncd-${name}-stunnel.conf"],
+			}
+		}
 	}
 
 	Service['rsync']->Service['xinetd']