class tunnel { User <<| tag == "autossh-$fqdn" |>> File <<| tag == "autossh-$fqdn" |>> Ssh_authorized_key <<| tag == "autossh-$fqdn" |>> define setup($ensure = present, $user = $hostname, $host, $localport, $hostport, $sshport = '22', $keytype = 'dsa') { $dir = "/var/backups/remote/$user" $tag = "autossh-$host" $ssh_dir = "$dir/.ssh" autossh::tunnel { $name: ensure => $ensure, user => $user, port => $localport, hostport => $hostport, host => $host, remote_host => $host, sshport => $sshport, } if !defined(File["$dir"]) { @@file { "$dir": ensure => directory, mode => 0750, owner => $user, group => 0, tag => "$tag", } } if !defined(File["$ssh_dir"]) { @@file { "$ssh_dir": ensure => directory, mode => 0700, owner => $user, group => 0, require => [User[$user], File["$dir"]], tag => "$tag", } } if !defined(File["${ssh_dir}/authorized_keys"]) { @@file { "${ssh_dir}/authorized_keys": ensure => present, mode => 0644, owner => 0, group => 0, source => "puppet://$server/files/keys/${user}_id_${keytype}.pub", require => File["${ssh_dir}"], tag => "$tag", } } if !defined(User["$user"]) { @@user { "$user": ensure => "present", comment => "$name backup sandbox", home => "$dir", managehome => true, shell => "/bin/sh", password => '*', require => Group['backupninjas'], tag => "$tag" } } } define mail ($sshport = '22') { tunnel::setup { "smtp": host => "$name.$domain", sshport => "$sshport", localport => '25', hostport => '25', } } }