From 2bac5cd16d08f76d19b66c40d386009c24e87b76 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 18 Mar 2017 19:42:04 +0100
Subject: [PATCH] remove portforwarder files if we do not have a portforwarding
 user

---
 manifests/site.pp                       |  6 +--
 modules/portforwarder/manifests/init.pp | 49 +++++++++++++++----------
 2 files changed, 31 insertions(+), 24 deletions(-)

diff --git a/manifests/site.pp b/manifests/site.pp
index 28a443c29..55d18f819 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -40,6 +40,8 @@ node default {
 	include grub
 	include multipath
 	include popcon
+	include portforwarder
+
 	if $::lsbdistcodename == squeeze {
 		include roles::udldap::client
 	} else {
@@ -104,10 +106,6 @@ node default {
 		include hosts
 	}
 
-	if $::portforwarder_user_exists {
-		include portforwarder
-	}
-
 	if $::samhain {
 		include samhain
 	}
diff --git a/modules/portforwarder/manifests/init.pp b/modules/portforwarder/manifests/init.pp
index e7009b22e..e5a59828f 100644
--- a/modules/portforwarder/manifests/init.pp
+++ b/modules/portforwarder/manifests/init.pp
@@ -2,28 +2,37 @@ class portforwarder {
 	# do not depend on xinetd, yet.  it might uninstall other inetds
 	# for now this will have to be done manually
 
-	if ! $::portforwarder_key {
-		exec { 'create-portforwarder-key':
-			command => '/bin/su - portforwarder -c \'mkdir -p -m 02700 .ssh && ssh-keygen -C "`whoami`@`hostname` (`date +%Y-%m-%d`)" -P "" -f .ssh/id_rsa -q\'',
-			onlyif  => '/usr/bin/getent passwd portforwarder > /dev/null && ! [ -e /home/portforwarder/.ssh/id_rsa ]'
+	if $::portforwarder_user_exists {
+		if ! $::portforwarder_key {
+			exec { 'create-portforwarder-key':
+				command => '/bin/su - portforwarder -c \'mkdir -p -m 02700 .ssh && ssh-keygen -C "`whoami`@`hostname` (`date +%Y-%m-%d`)" -P "" -f .ssh/id_rsa -q\'',
+				onlyif  => '/usr/bin/getent passwd portforwarder > /dev/null && ! [ -e /home/portforwarder/.ssh/id_rsa ]'
+			}
 		}
-	}
 
-	file { '/etc/ssh/userkeys/portforwarder':
-		content => template('portforwarder/authorized_keys.erb'),
-	}
-	file { '/etc/xinetd.d':
-		ensure  => directory,
-		owner   => root,
-		group   => root,
-		mode    => '0755',
-	}
-	file { '/etc/xinetd.d/dsa-portforwader':
-		content => template('portforwarder/xinetd.erb'),
-		notify  => Exec['service xinetd reload']
-	}
+		file { '/etc/ssh/userkeys/portforwarder':
+			content => template('portforwarder/authorized_keys.erb'),
+		}
+		file { '/etc/xinetd.d':
+			ensure  => directory,
+			owner   => root,
+			group   => root,
+			mode    => '0755',
+		}
+		file { '/etc/xinetd.d/dsa-portforwader':
+			content => template('portforwarder/xinetd.erb'),
+			notify  => Exec['service xinetd reload']
+		}
 
-	exec { 'service xinetd reload':
-		refreshonly => true,
+		exec { 'service xinetd reload':
+			refreshonly => true,
+		}
+	} else {
+		file { [
+			'/etc/ssh/userkeys/portforwarder',
+			'/etc/xinetd.d/dsa-portforwader',
+			]:
+			ensure => 'absent',
+		}
 	}
 }
-- 
2.20.1