projects / mirror / dsa-puppet.git / blob
? search:


6952c0656fae57af5b2029e9d7f0df9a4155526c
[mirror/dsa-puppet.git] / modules / ipsec / manifests / init.pp
1 class ipsec {
2         $ipsec_config = @(EOF)
3                 --- 
4
5                 storace.debian.org:
6                   address: 93.94.130.161
7
8                 fasolo.debian.org:
9                   address: 138.16.160.17
10
11                 | EOF
12
13         package { [
14                 'strongswan',
15                 'libstrongswan-standard-plugins'
16                 ]:
17                 ensure => installed
18         }
19
20         service { 'ipsec':
21                 ensure => running,
22         }
23
24         file { '/etc/ipsec.conf':
25                 content  => template("ipsec/ipsec.conf.erb"),
26                 notify  => Service['ipsec'],
27         }
28         file { '/etc/ipsec.secrets':
29                 mode => '0400',
30                 content  => template("ipsec/ipsec.secrets.erb"),
31                 notify  => Service['ipsec'],
32         }
33
34         file { '/etc/ipsec.conf.d':
35                 mode => '0755',
36                 ensure => 'directory',
37         }
38         file { '/etc/ipsec.secrets.d':
39                 ensure => 'directory',
40                 mode => '0700',
41         }
42
43         file { '/etc/ipsec.conf.d/00-default.conf':
44                 content  => template("ipsec/ipsec.conf-00-default.conf.erb"),
45                 notify  => Service['ipsec'],
46         }
47
48         file { '/etc/ipsec.conf.d/10-puppet-peers.conf':
49                 content => template("ipsec/ipsec.conf-10-puppet-peers.conf.erb"),
50                 notify  => Service['ipsec'],
51         }
52         file { '/etc/ipsec.secrets.d/10-puppet-peers.secrets':
53                 mode => '0400',
54                 content => template("ipsec/ipsec.secrets-10-puppet-peers.secrets.erb"),
55                 notify  => Service['ipsec'],
56         }
57
58         file {
59                 "/etc/ferm/dsa.d/10-ipsec":
60                         mode    => '0400',
61                         content => template("ipsec/ferm.erb"),
62                         notify  => Exec['ferm reload'],
63         }
64 }
Unnamed repository; edit this file 'description' to name the repository.