aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2010-05-29 13:52:30 -0300
committerSilvio Rhatto <rhatto@riseup.net>2010-05-29 13:52:30 -0300
commit09aa9b1d4caeaa090e4a303e101e982ed04123ca (patch)
tree02fb14d45204e815ba2b1d20e369623bbbb14f4c
parent0a9574960869f97f89e1f2ed36ba67403dd95089 (diff)
downloadpuppet-nodo-09aa9b1d4caeaa090e4a303e101e982ed04123ca.tar.gz
puppet-nodo-09aa9b1d4caeaa090e4a303e101e982ed04123ca.tar.bz2
Adding initial tunnel support
-rw-r--r--manifests/init.pp2
-rw-r--r--manifests/mail.pp2
-rw-r--r--manifests/nodo.pp12
-rw-r--r--manifests/subsystems/tunnel.pp76
4 files changed, 89 insertions, 3 deletions
diff --git a/manifests/init.pp b/manifests/init.pp
index 1373091..c9e5329 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -37,6 +37,7 @@ import "tor"
import "postfix"
import "reprepro"
import "ssl"
+import "autossh"
# Import subsystems
import "subsystems/firewall.pp"
@@ -56,6 +57,7 @@ import "subsystems/xorg.pp"
import "subsystems/modprobe.pp"
import "subsystems/hosts.pp"
import "subsystems/locales.pp"
+import "subsystems/tunnel.pp"
# Import nodo classes
import "nodo.pp"
diff --git a/manifests/mail.pp b/manifests/mail.pp
index d1f2b42..47b8159 100644
--- a/manifests/mail.pp
+++ b/manifests/mail.pp
@@ -1,6 +1,6 @@
class nodo::mail {
# Class for mail nodes
- $mail_host = true
+ $mail_delivery = "postfix"
$postfix_relayhost = "$domain"
$postfix_smtp_listen = "$ipaddress"
$postfix_mydestination = "\$myorigin"
diff --git a/manifests/nodo.pp b/manifests/nodo.pp
index e634ce9..c6d66c2 100644
--- a/manifests/nodo.pp
+++ b/manifests/nodo.pp
@@ -9,6 +9,7 @@ class nodo {
include cron
include hosts
include locales
+ include tunnel
# Set timezone and ntp config
#
@@ -29,8 +30,15 @@ class nodo {
include monkeysphere
# Email delivery configuration
- if $mail_host != true {
- include exim
+ case $mail_delivery {
+ 'tunnel' {
+ include exim::disabled
+ tunnel::mail { "$mail_hostname":
+ sshport => '$mail_ssh_port',
+ }
+ }
+ 'postfix': { }
+ '','exim',default: { include exim }
}
# Apt configuration
diff --git a/manifests/subsystems/tunnel.pp b/manifests/subsystems/tunnel.pp
new file mode 100644
index 0000000..f034c61
--- /dev/null
+++ b/manifests/subsystems/tunnel.pp
@@ -0,0 +1,76 @@
+class tunnel {
+
+ User <<| tag == "autossh-$fqdn" |>>
+ File <<| tag == "autossh-$fqdn" |>>
+ Ssh_authorized_key <<| tag == "autossh-$real_backupserver_tag" |>>
+
+ define setup($ensure = present, $user = $hostname, $host, $localport, $hostport, $sshport = '22', $keytype = 'dsa') {
+ $dir = "/var/backups/remote/$user"
+ $tag = "autossh-$hostname"
+ $ssh_dir = "$dir/.ssh"
+
+ autossh::tunnel { $name:
+ ensure => $ensure,
+ user => $user,
+ port => $localport,
+ hostport => $hostport,
+ remote_host => $host,
+ sshport => $sshport,
+ }
+
+ if !defined(File["$dir"]) {
+ @@file { "$dir":
+ ensure => directory,
+ mode => 0750,
+ owner => $user,
+ group => 0,
+ tag => "$tag",
+ }
+ }
+
+ if !defined(File["$sshdir"]) {
+ @@file { "$sshdir":
+ ensure => directory,
+ mode => 0700,
+ owner => $user,
+ group => 0,
+ require => [User[$user], File["$dir"]],
+ tag => "$tag",
+ }
+ }
+
+ if !defined(File["${ssh_dir}/authorized_keys"]) {
+ @@file { "${ssh_dir}/authorized_keys":
+ ensure => present,
+ mode => 0644,
+ owner => 0,
+ group => 0,
+ source => "puppet://$server/files/keys/${user}_id_${keytype}.pub",
+ require => File["${ssh_dir}"],
+ tag => "$tag",
+ }
+ }
+
+ if !defined(User["$user"]) {
+ @@user { "$user":
+ ensure => "present",
+ comment => "$name backup sandbox",
+ home => "$dir",
+ managehome => true,
+ shell => "/bin/sh",
+ password => '*',
+ require => Group['backupninjas'],
+ tag => "$tag"
+ }
+ }
+ }
+
+ define mail ($sshport = '22') {
+ tunnel::setup { "smtp":
+ host => "$name.$domain",
+ sshport => "$sshport",
+ localport => '25',
+ hostport => '25',
+ }
+ }
+}