aboutsummaryrefslogtreecommitdiff
path: root/manifests/subsystems/tunnel.pp
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/subsystems/tunnel.pp')
-rw-r--r--manifests/subsystems/tunnel.pp76
1 files changed, 76 insertions, 0 deletions
diff --git a/manifests/subsystems/tunnel.pp b/manifests/subsystems/tunnel.pp
new file mode 100644
index 0000000..f034c61
--- /dev/null
+++ b/manifests/subsystems/tunnel.pp
@@ -0,0 +1,76 @@
+class tunnel {
+
+ User <<| tag == "autossh-$fqdn" |>>
+ File <<| tag == "autossh-$fqdn" |>>
+ Ssh_authorized_key <<| tag == "autossh-$real_backupserver_tag" |>>
+
+ define setup($ensure = present, $user = $hostname, $host, $localport, $hostport, $sshport = '22', $keytype = 'dsa') {
+ $dir = "/var/backups/remote/$user"
+ $tag = "autossh-$hostname"
+ $ssh_dir = "$dir/.ssh"
+
+ autossh::tunnel { $name:
+ ensure => $ensure,
+ user => $user,
+ port => $localport,
+ hostport => $hostport,
+ remote_host => $host,
+ sshport => $sshport,
+ }
+
+ if !defined(File["$dir"]) {
+ @@file { "$dir":
+ ensure => directory,
+ mode => 0750,
+ owner => $user,
+ group => 0,
+ tag => "$tag",
+ }
+ }
+
+ if !defined(File["$sshdir"]) {
+ @@file { "$sshdir":
+ ensure => directory,
+ mode => 0700,
+ owner => $user,
+ group => 0,
+ require => [User[$user], File["$dir"]],
+ tag => "$tag",
+ }
+ }
+
+ if !defined(File["${ssh_dir}/authorized_keys"]) {
+ @@file { "${ssh_dir}/authorized_keys":
+ ensure => present,
+ mode => 0644,
+ owner => 0,
+ group => 0,
+ source => "puppet://$server/files/keys/${user}_id_${keytype}.pub",
+ require => File["${ssh_dir}"],
+ tag => "$tag",
+ }
+ }
+
+ if !defined(User["$user"]) {
+ @@user { "$user":
+ ensure => "present",
+ comment => "$name backup sandbox",
+ home => "$dir",
+ managehome => true,
+ shell => "/bin/sh",
+ password => '*',
+ require => Group['backupninjas'],
+ tag => "$tag"
+ }
+ }
+ }
+
+ define mail ($sshport = '22') {
+ tunnel::setup { "smtp":
+ host => "$name.$domain",
+ sshport => "$sshport",
+ localport => '25',
+ hostport => '25',
+ }
+ }
+}