Move bacula::bacula_ssl_ca_path to hiera

[mirror/dsa-puppet.git] / modules / bacula / manifests / init.pp

# bacula class -- defines all the variables we care about in our bacula deployment
#
# @param operator_email   email address for reports
# @param do_ssl           use TLS between systems
# @param ssl_ca_path      full path and filename specifying a PEM encoded TLS CA certificate(s)
# @param public_addresses this host's public IP addresses.  The ones it connects out from and is reachable from outsite.
# @param has_ipv4         daemons should listen on ipv4
# @param has_ipv6         daemons should listen on ipv6
class bacula (
  String  $operator_email          = 'root@localhost',
  Boolean $do_ssl                  = true,
  Optional[String] $ssl_ca_path,
  String  $bacula_ssl_client_cert  = '/etc/ssl/debian/certs/thishost.crt',
  String  $bacula_ssl_client_key   = '/etc/ssl/private/thishost.key',
  String  $bacula_ssl_server_cert  = '/etc/ssl/debian/certs/thishost-server.crt',
  String  $bacula_ssl_server_key   = '/etc/ssl/private/thishost-server.key',

  Array[Stdlib::IP::Address] $public_addresses = $base::public_addresses,

  Boolean $has_ipv4        = $bacula::public_addresses.any |$addr| { $addr =~ Stdlib::IP::Address::V4 },
  Boolean $has_ipv6        = $bacula::public_addresses.any |$addr| { $addr =~ Stdlib::IP::Address::V6 },
) {
  # This file is used by our helper scripts on the director
  $bacula_dsa_client_list     = '/etc/bacula/dsa-clients'
  $tag_bacula_dsa_client_list = 'bacula::dsa::clientlist'

  if $do_ssl {
    if !$ssl_ca_path { fail('Need ssl_ca_path with do_ssl') }

    $bacula_tls_ca_certificate_file = "TLS CA Certificate File = \"${ssl_ca_path}\""
  } else {
    $bacula_tls_ca_certificate_file = ''
  }


  file { '/usr/local/sbin/bacula-idle-restart':
    mode   => '0555',
    source => 'puppet:///modules/bacula/bacula-idle-restart',
  }
}