From c02f18b096dd06fa157608342d609f24434631db Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Tue, 10 Sep 2019 10:09:40 +0200 Subject: [PATCH] rsync::site: remove unused variables, define parameter types --- modules/rsync/manifests/site.pp | 115 +++++++++++++++----------------- 1 file changed, 53 insertions(+), 62 deletions(-) diff --git a/modules/rsync/manifests/site.pp b/modules/rsync/manifests/site.pp index f5f412be9..7d0882c81 100644 --- a/modules/rsync/manifests/site.pp +++ b/modules/rsync/manifests/site.pp @@ -1,65 +1,56 @@ +# an rsync site, systemd socket activated define rsync::site ( - $binds=['[::]'], - $source=undef, - $content=undef, - $max_clients=200, - Enum['present','absent'] $ensure = 'present', - $sslname=undef, + Array[String] $binds = ['[::]'], + Optional[String] $source = undef, + Optional[String] $content = undef, + Integer $max_clients = 200, + Enum['present','absent'] $ensure = 'present', + Optional[String] $sslname = undef, ) { - include rsync - - $fname_real_rsync = "/etc/rsyncd-${name}.conf" - $fname_real_stunnel = "/etc/rsyncd-${name}-stunnel.conf" - - $ensure_service = $ensure ? { - present => running, - absent => stopped, - } - - $ensure_enable = $ensure ? { - present => true, - absent => false, - } - - file { $fname_real_rsync: - ensure => $ensure, - content => $content, - source => $source, - } - - dsa_systemd::socket_service { "rsyncd-${name}": - ensure => $ensure, - service_content => template('rsync/systemd-rsyncd.service.erb'), - socket_content => template('rsync/systemd-rsyncd.socket.erb'), - require => File[$fname_real_rsync], - } - - if $sslname { - file { $fname_real_stunnel: - ensure => $ensure, - content => template('rsync/systemd-rsyncd-stunnel.conf.erb'), - require => File["/etc/ssl/debian/certs/${sslname}.crt-chained"], - } - - dsa_systemd::socket_service { "rsyncd-${name}-stunnel": - ensure => $ensure, - service_content => template('rsync/systemd-rsyncd-stunnel.service.erb'), - socket_content => template('rsync/systemd-rsyncd-stunnel.socket.erb'), - require => File[$fname_real_stunnel], - } - - ferm::rule { "rsync-${name}-ssl": - domain => '(ip ip6)', - description => 'Allow rsync access', - rule => '&SERVICE(tcp, 1873)', - } - - $certdir = hiera('paths.letsencrypt_dir') - dnsextras::tlsa_record{ "tlsa-${sslname}-1873": - zone => 'debian.org', - certfile => [ "${certdir}/${sslname}.crt" ], - port => 1873, - hostname => $sslname, - } - } + include rsync + + $fname_real_rsync = "/etc/rsyncd-${name}.conf" + $fname_real_stunnel = "/etc/rsyncd-${name}-stunnel.conf" + + file { $fname_real_rsync: + ensure => $ensure, + content => $content, + source => $source, + } + + dsa_systemd::socket_service { "rsyncd-${name}": + ensure => $ensure, + service_content => template('rsync/systemd-rsyncd.service.erb'), + socket_content => template('rsync/systemd-rsyncd.socket.erb'), + require => File[$fname_real_rsync], + } + + if $sslname { + file { $fname_real_stunnel: + ensure => $ensure, + content => template('rsync/systemd-rsyncd-stunnel.conf.erb'), + require => File["/etc/ssl/debian/certs/${sslname}.crt-chained"], + } + + dsa_systemd::socket_service { "rsyncd-${name}-stunnel": + ensure => $ensure, + service_content => template('rsync/systemd-rsyncd-stunnel.service.erb'), + socket_content => template('rsync/systemd-rsyncd-stunnel.socket.erb'), + require => File[$fname_real_stunnel], + } + + ferm::rule { "rsync-${name}-ssl": + domain => '(ip ip6)', + description => 'Allow rsync access', + rule => '&SERVICE(tcp, 1873)', + } + + $certdir = hiera('paths.letsencrypt_dir') + dnsextras::tlsa_record{ "tlsa-${sslname}-1873": + zone => 'debian.org', + certfile => [ "${certdir}/${sslname}.crt" ], + port => 1873, + hostname => $sslname, + } + } } -- 2.20.1