Merge remote-tracking branch 'origin/master' into staging

[mirror/dsa-puppet.git] / modules / roles / manifests / rtc.pp

diff --git a/modules/roles/manifests/rtc.pp b/modules/roles/manifests/rtc.pp
index b488e45..3dfa8b5 100644 (file)
--- a/modules/roles/manifests/rtc.pp
+++ b/modules/roles/manifests/rtc.pp
@@ -97,4 +97,42 @@ class roles::rtc {
        service { 'repro':
                ensure  => running,
        }
+
+       package { 'freeradius':
+               ensure  => installed,
+       }
+       service { 'freeradius':
+               ensure  => running,
+       }
+       $radius_password = hkdf('/etc/puppet/secret', "rtc-${::hostname}-radius-password")
+       file { '/etc/freeradius/3.0/sites-available/rtc.debian.org':
+               content => template('roles/rtc/freeradius-rtc.erb'),
+               mode    => '0440',
+               group   => freerad,
+       }
+       file { '/etc/freeradius/3.0/sites-enabled/rtc.debian.org':
+               ensure  => link,
+               target  => '../sites-available/rtc.debian.org',
+       }
+       file { '/etc/freeradius/3.0/mods-available/passwd_rtc':
+               source  => 'puppet:///modules/roles/rtc/freeradius-mod-passwd-rtc',
+               mode    => '0440',
+               group   => freerad,
+       }
+       file { '/etc/freeradius/3.0/mods-enabled/passwd_rtc':
+               ensure  => link,
+               target  => '../mods-available/passwd_rtc',
+       }
+       file { '/etc/repro/radius-servers':
+               content => inline_template('localhost/localhost <%= @radius_password %>'),
+               mode    => '0440',
+               group   => repro,
+               notify  => Service['repro'],
+       }
+       file { '/etc/freeradius/3.0/sites-enabled/default':
+               ensure  => absent,
+       }
+       file { '/etc/freeradius/3.0/sites-enabled/inner-tunnel':
+               ensure  => absent,
+       }
 }