aboutsummaryrefslogtreecommitdiff
path: root/manifests/subsystems/tunnel.pp
blob: 72c87f8cc1ae6475a3e520a48a6a5a4be345dc3d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
class tunnel {

  User <<| tag == "autossh-$fqdn" |>>
  File <<| tag == "autossh-$fqdn" |>>

  define setup($ensure = present, $user = $hostname, $host, $localport, $hostport, $sshport = '22', $keytype = 'dsa') {
    $dir     = "/var/backups/remote/$user.$domain"
    $tag     = "autossh-$host"
    $ssh_dir = "$dir/.ssh"

    autossh::tunnel { $name:
      ensure      => $ensure,
      user        => 'root',
      remote_user => $user,
      port        => $localport,
      hostport    => $hostport,
      host        => $host,
      remote_host => $host,
      sshport     => $sshport,
    }

    if !defined(File["$dir"]) {
      @@file { "$dir":
        ensure => directory,
        mode   => 0750,
        owner  => $user,
        group  => 0,
        tag    => "$tag",
      }
    }

    if !defined(File["$ssh_dir"]) {
      @@file { "$ssh_dir":
        ensure  => directory,
        mode    => 0700,
        owner   => $user,
        group   => 0,
        require => [User[$user], File["$dir"]],
        tag     => "$tag",
      }
    }

    if !defined(File["${ssh_dir}/authorized_keys"]) {
      @@file { "${ssh_dir}/authorized_keys":
        ensure  => present,
        mode    => 0644,
        owner   => 0,
        group   => 0,
        source  => "puppet://$server/files/keys/${user}_id_${keytype}.pub",
        require => File["${ssh_dir}"],
        tag     => "$tag",
      }
    }

    if !defined(User["$user"]) {
      @@user { "$user":
        ensure     => "present",
        comment    => "$name backup sandbox",
        home       => "$dir",
        gid        => "backupninjas",
        managehome => true,
        shell      => "/bin/sh",
        password   => '*',
        require    => Group['backupninjas'],
        tag        => "$tag"
      }
    }
  }

  define mail ($sshport = '22') {
    tunnel::setup { "smtp":
      host      => "$name.$domain",
      sshport   => "$sshport",
      localport => '25',
      hostport  => '25',
    }
  }
}