default => 'unknown'
}
- rsync::site { 'syncproxy':
- content => template('roles/syncproxy/rsyncd.conf.erb'),
- bind => $bind,
- bind6 => $bind6,
- }
-
file { '/etc/rsyncd':
ensure => 'directory'
}
content => template('roles/syncproxy/syncproxy.debian.org-index.html.erb')
}
- file { '/etc/rsyncd-syncproxy-stunnel.conf':
- content => template('roles/syncproxy/rsyncd-syncproxy-stunnel.conf.erb')
- }
- xinetd::service { "rsync-syncproxy-ssl":
- bind => $bind,
- id => "syncproxy-rsync-ssl",
- server => '/usr/bin/stunnel4',
- service => 'rsync-ssl',
- type => 'UNLISTED',
- port => '1873',
- server_args => "/etc/rsyncd-syncproxy-stunnel.conf",
- ferm => false,
- instances => 50,
- require => File["/etc/rsyncd-syncproxy-stunnel.conf"],
- }
-
- if $bind6 != '' {
- xinetd::service { "rsync-syncproxy-ssl6":
- bind => $bind6,
- id => "syncproxy-rsync-ssl",
- server => '/usr/bin/stunnel4',
- service => 'rsync-ssl',
- type => 'UNLISTED',
- port => '1873',
- server_args => "/etc/rsyncd-syncproxy-stunnel.conf",
- ferm => false,
- instances => 50,
- require => File["/etc/rsyncd-syncproxy-stunnel.conf"],
- }
+ rsync::site { 'syncproxy':
+ content => template('roles/syncproxy/rsyncd.conf.erb'),
+ bind => $bind,
+ bind6 => $bind6,
+ sslname => "$syncproxy_name",
}
-
- @ferm::rule { "dsa-rsync-ssl":
- domain => '(ip ip6)',
- description => "Allow traffic to rsync ssl",
- rule => "&SERVICE(tcp, 1873)"
+ } else {
+ rsync::site { 'syncproxy':
+ content => template('roles/syncproxy/rsyncd.conf.erb'),
+ bind => $bind,
+ bind6 => $bind6,
}
}
}
+++ /dev/null
-cert = /etc/ssl/debian/certs/<%= syncproxy_name %>.crt-chained
-key = /etc/ssl/private/<%= syncproxy_name %>.key
-
-debug = notice
-
-client = no
-socket = a:SO_LINGER=1:60
-socket = a:SO_KEEPALIVE=1
-
-exec = /usr/bin/rsync
-execargs = rsync --daemon --config=/etc/rsyncd-syncproxy.conf
$content='',
$fname='',
$max_clients=200,
- $ensure=present
+ $ensure=present,
+ $sslname='',
+ $sslport=1873
){
include rsync
}
}
+ if $sslname != '' {
+ file { "/etc/rsyncd-${name}-stunnel.conf":
+ content => template('rsync/rsyncd-stunnel.conf.erb')
+ }
+ @ferm::rule { "rsync-${name}-ssl":
+ domain => '(ip ip6)',
+ description => 'Allow rsync access',
+ rule => "&SERVICE(tcp, $sslport)",
+ }
+ xinetd::service { "rsync-${name}-ssl":
+ bind => $bind,
+ id => "rsync-${name}-ssl",
+ server => '/usr/bin/stunnel4',
+ server_args => "/etc/rsyncd-${name}-stunnel.conf",
+ service => "rsync-ssl",
+ type => 'UNLISTED',
+ port => "$sslport",
+ ferm => true,
+ instances => $max_clients,
+ require => File["/etc/rsyncd-${name}-stunnel.conf"],
+ }
+ if $bind6 != '' {
+ xinetd::service { "rsync-${name}-ssl6":
+ bind => $bind6,
+ id => "rsync-${name}-ssl6",
+ server => '/usr/bin/stunnel4',
+ server_args => "/etc/rsyncd-${name}-stunnel.conf",
+ service => "rsync-ssl",
+ type => 'UNLISTED',
+ port => "$sslport",
+ ferm => true,
+ instances => $max_clients,
+ require => File["/etc/rsyncd-${name}-stunnel.conf"],
+ }
+ }
+ }
+
Service['rsync']->Service['xinetd']
}
--- /dev/null
+cert = /etc/ssl/debian/certs/<%= sslname %>.crt-chained
+key = /etc/ssl/private/<%= sslname %>.key
+
+debug = notice
+
+client = no
+socket = a:SO_LINGER=1:60
+socket = a:SO_KEEPALIVE=1
+
+exec = /usr/bin/rsync
+execargs = rsync --daemon --config=/etc/rsyncd-<%= name %>.conf
projects / mirror / dsa-puppet.git / commitdiff