aboutsummaryrefslogtreecommitdiff
path: root/manifests/subsystem/scanner.pp
blob: b1401cd64808a698ab7d9bccf130b1e80f63210c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
class nodo::subsystem::scanner($access_list = lookup('nodo::subsystem::scanner::access_list', undef, undef, '')) {
  package { [ 'sane', 'sane-utils' ]:
    ensure  => present,
  }

  if !defined(Group['scanner']) {
    group { 'scanner':
      ensure    => present,
      allowdupe => false,
    }
  }

  group { [ 'lp', 'saned' ]:
    ensure    => present,
    allowdupe => false,
  }

  user { 'saned':
    ensure    => present,
    comment   => 'saned',
    gid       => 'saned',
    groups    => 'lp',
    home      => '/var/lib/saned',
    shell     => '/bin/false',
    allowdupe => false,
    require   => Group['lp', 'saned', 'scanner'],
  }

  file { '/etc/default/saned' :
    ensure  => present,
    owner   => 'root',
    group   => 'root',
    mode    => '0644',
    source  => 'puppet:///modules/nodo/etc/default/saned',
    require => Package['sane'],
  }

  file { '/etc/sane.d/saned.conf' :
    ensure  => present,
    owner   => 'root',
    group   => 'root',
    mode    => '0644',
    content => template('nodo/sane.d/saned.conf.erb'),
    require => Package['sane'],
  }

  service { 'saned' :
    ensure    => running,
    enable    => true,
    require   => Package['sane'],
    subscribe => [ File['/etc/default/saned/', '/etc/sane.d/saned.conf'], User['saned'] ],
  }

  # Firewall
  shorewall::rule { "saned":
    action          => 'ACCEPT',
    source          => 'net',
    destination     => '$FW',
    proto           => 'tcp',
    destinationport => "6566",
    ratelimit       => '-',
    order           => 200,
  }

  shorewall::rule { "saned-range":
    action          => 'ACCEPT',
    source          => 'net',
    destination     => '$FW',
    proto           => 'tcp',
    destinationport => "10000:10100",
    ratelimit       => '-',
    order           => 200,
  }
}