aboutsummaryrefslogtreecommitdiff
path: root/manifests/subsystems/tunnel.pp
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/subsystems/tunnel.pp')
-rw-r--r--manifests/subsystems/tunnel.pp148
1 files changed, 0 insertions, 148 deletions
diff --git a/manifests/subsystems/tunnel.pp b/manifests/subsystems/tunnel.pp
deleted file mode 100644
index 47384df..0000000
--- a/manifests/subsystems/tunnel.pp
+++ /dev/null
@@ -1,148 +0,0 @@
-# autossh tunnel interface
-#
-# TODO: User handling should be put somewhere. Here we are duplicating
-# code from backupninja module. Further developments should consider
-# have an unified user handling, maybe at puppet-user.
-#
-# For now, it's important to preserve the 'backupninja-' like tag
-# otherwise the behavior of this code will conflict with backupninja
-# and we'll see strange things like exported resources not being
-# realized.
-
-# this define realizes all needed resources for a hosted tunnel
-define tunnel_server_realize($host) {
- User <<| tag == "backupninja-${host}" |>>
- File <<| tag == "backupninja-${host}" |>>
- Ssh_authorized_key <<| tag == "backupninja-${host}" |>>
-}
-
-class tunnel {
-
- # collect all resources from hosted tunnels
- Tunnel_server_realize <<| tag == "${::fqdn}" |>>
-
- define setup($ensure = present, $user = $hostname, $host, $localport, $hostport, $sshport = '22', $keytype = 'rsa', $root_mail_recipient = hiera('mail::root_mail_recipient', 'nobody')) {
- $dir = "/var/backups/remote/${user}.${::domain}"
- $tag = "backupninja-${::fqdn}"
- $ssh_dir = "${dir}/.ssh"
-
- autossh::tunnel { $name:
- ensure => $ensure,
- user => 'root',
- remote_user => $user,
- port => $localport,
- hostport => $hostport,
- host => $host,
- remote_host => $host,
- sshport => $sshport,
- }
-
- if !defined(Tunnel_server_realize["${::hostname}@${host}"]) {
- # this defines just maps that $host host an user environment for $fdqn
- @@tunnel_server_realize { "${::hostname}@${host}":
- host => $::fqdn,
- tag => $host,
- }
- }
-
- if !defined(File["${dir}"]) {
- @@file { "${dir}":
- ensure => directory,
- mode => 0750,
- owner => $user,
- group => 0,
- tag => "${tag}",
- }
- }
-
- if !defined(File["${ssh_dir}"]) {
- @@file { "${ssh_dir}":
- ensure => directory,
- mode => 0700,
- owner => $user,
- group => 0,
- require => [User[$user], File["${dir}"]],
- tag => "${tag}",
- }
- }
-
- if !defined(File["${ssh_dir}/authorized_keys"]) {
- @@file { "${ssh_dir}/authorized_keys":
- ensure => present,
- mode => 0644,
- owner => 0,
- group => 0,
- source => "puppet:///modules/site_keys/${user}_id_${keytype}.pub",
- require => File["${ssh_dir}"],
- tag => "${tag}",
- }
- }
-
- if !defined(User["{$user}"]) {
- @@user { "${user}":
- ensure => "present",
- comment => "${user} backup sandbox",
- home => "${dir}",
- gid => "backupninjas",
- managehome => true,
- shell => "/bin/sh",
- password => '*',
- require => Group['backupninjas'],
- tag => "${tag}"
- }
- }
- }
-
- define mail ($sshport = '22') {
- package { "nullmailer":
- ensure => installed,
- }
-
- service { "nullmailer":
- ensure => 'running',
- require => Package['nullmailer'],
- }
-
- file { "/etc/mailname":
- ensure => present,
- owner => root,
- group => root,
- mode => 0644,
- content => "${::fqdn}\n",
- notify => Service["nullmailer"],
- }
-
- file { "/etc/nullmailer":
- ensure => directory,
- owner => root,
- group => root,
- mode => 0755,
- }
-
- file { "/etc/nullmailer/remotes":
- ensure => present,
- owner => root,
- group => root,
- mode => 0644,
- content => "localhost smtp --port=2525\n",
- notify => Service["nullmailer"],
- require => File["/etc/nullmailer"],
- }
-
- file { "/etc/nullmailer/adminaddr":
- ensure => present,
- owner => root,
- group => root,
- mode => 0644,
- content => "$root_mail_recipient\n",
- require => File["/etc/nullmailer"],
- }
-
- tunnel::setup { "smtp":
- host => "${name}.${::domain}",
- sshport => "${sshport}",
- localport => '2525',
- hostport => '25',
- }
- }
-}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-07 06:26:55 +0000