service { 'repro':
ensure => running,
}
+
+ package { 'freeradius':
+ ensure => installed,
+ }
+ service { 'freeradius':
+ ensure => running,
+ }
+ $radius_password = hkdf('/etc/puppet/secret', "rtc-${::hostname}-radius-password")
+ file { '/etc/freeradius/3.0/sites-available/rtc.debian.org':
+ content => template('modules/roles/rtc/freeradius-rtc.erb'),
+ mode => '0440',
+ group => freerad,
+ }
+ file { '/etc/freeradius/3.0/sites-enabled/rtc.debian.org':
+ ensure => link,
+ target => '../sites-available/rtc.debian.org',
+ }
+ file { '/etc/freeradius/3.0/mods-available/passwd_rtc':
+ source => 'puppet:///modules/roles/rtc/freeradius-mod-passwd',
+ mode => '0440',
+ group => freerad,
+ }
+ file { '/etc/freeradius/3.0/mods-enabled/passwd_rtc':
+ ensure => link,
+ target => '../mods-available/passwd_rtc',
+ }
+ file { '/etc/repro/radius-servers':
+ content => @(EOF),
+ localhost/localhost ${radius_password}
+ | EOF
+ mode => '0440',
+ group => repro,
+ notify => Service['repro'],
+ }
}
--- /dev/null
+server rtc.debian.org {
+ listen {
+ ipaddr = 127.0.0.1
+ port = 0
+ type = auth
+ }
+
+ authorize {
+ rtc_users
+ digest
+ }
+
+ authenticate {
+ digest
+ }
+
+ preacct {
+ }
+
+ accounting {
+ }
+
+ session {
+ }
+
+ post-auth {
+ update reply {
+ Reply-Message = "thanks for using rtc.debian.org"
+ }
+ Post-Auth-Type REJECT {
+ attr_filter.access_reject
+ }
+ }
+
+ pre-proxy {
+ }
+
+ post-proxy {
+ }
+
+ client localhost {
+ ipaddr = 127.0.0.1
+ secret = <%= @radius_password %>
+ }
+}