# autossh tunnel interface # # TODO: User handling should be put somewhere. Here we are duplicating # code from backupninja module. Further developments should consider # have an unified user handling, maybe at puppet-user. # # For now, it's important to preserve the 'backupninja-' like tag # otherwise the behavior of this code will conflict with backupninja # and we'll see strange things like exported resources not being # realized. # this define realizes all needed resources for a hosted tunnel define tunnel_server_realize($host) { User <<| tag == "backupninja-${host}" |>> File <<| tag == "backupninja-${host}" |>> Ssh_authorized_key <<| tag == "backupninja-${host}" |>> } class tunnel { # collect all resources from hosted tunnels Tunnel_server_realize <<| tag == "${::fqdn}" |>> define setup($ensure = present, $user = $hostname, $host, $localport, $hostport, $sshport = '22', $keytype = 'rsa', $root_mail_recipient = hiera('mail::root_mail_recipient', 'nobody')) { $dir = "/var/backups/remote/${user}.${::domain}" $tag = "backupninja-${::fqdn}" $ssh_dir = "${dir}/.ssh" autossh::tunnel { $name: ensure => $ensure, user => 'root', remote_user => $user, port => $localport, hostport => $hostport, host => $host, remote_host => $host, sshport => $sshport, } if !defined(Tunnel_server_realize["${::hostname}@${host}"]) { # this defines just maps that $host host an user environment for $fdqn @@tunnel_server_realize { "${::hostname}@${host}": host => $::fqdn, tag => $host, } } if !defined(File["${dir}"]) { @@file { "${dir}": ensure => directory, mode => 0750, owner => $user, group => 0, tag => "${tag}", } } if !defined(File["${ssh_dir}"]) { @@file { "${ssh_dir}": ensure => directory, mode => 0700, owner => $user, group => 0, require => [User[$user], File["${dir}"]], tag => "${tag}", } } if !defined(File["${ssh_dir}/authorized_keys"]) { @@file { "${ssh_dir}/authorized_keys": ensure => present, mode => 0644, owner => 0, group => 0, source => "puppet:///modules/site_keys/${user}_id_${keytype}.pub", require => File["${ssh_dir}"], tag => "${tag}", } } if !defined(User["{$user}"]) { @@user { "${user}": ensure => "present", comment => "${user} backup sandbox", home => "${dir}", gid => "backupninjas", managehome => true, shell => "/bin/sh", password => '*', require => Group['backupninjas'], tag => "${tag}" } } } define mail ($sshport = '22') { package { "nullmailer": ensure => installed, } service { "nullmailer": ensure => 'running', require => Package['nullmailer'], } file { "/etc/mailname": ensure => present, owner => root, group => root, mode => 0644, content => "${::fqdn}\n", notify => Service["nullmailer"], } file { "/etc/nullmailer": ensure => directory, owner => root, group => root, mode => 0755, } file { "/etc/nullmailer/remotes": ensure => present, owner => root, group => root, mode => 0644, content => "localhost smtp --port=2525\n", notify => Service["nullmailer"], require => File["/etc/nullmailer"], } file { "/etc/nullmailer/adminaddr": ensure => present, owner => root, group => root, mode => 0644, content => "$root_mail_recipient\n", require => File["/etc/nullmailer"], } tunnel::setup { "smtp": host => "${name}.${::domain}", sshport => "${sshport}", localport => '2525', hostport => '25', } } }