1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
class tunnel {
User <<| tag == "autossh-$fqdn" |>>
File <<| tag == "autossh-$fqdn" |>>
# TODO: user setup should be put somewhere
define setup($ensure = present, $user = $hostname, $host, $localport, $hostport, $sshport = '22', $keytype = 'dsa') {
$dir = "/var/backups/remote/$user.$domain"
$tag = "autossh-$host"
$ssh_dir = "$dir/.ssh"
autossh::tunnel { $name:
ensure => $ensure,
user => 'root',
remote_user => $user,
port => $localport,
hostport => $hostport,
host => $host,
remote_host => $host,
sshport => $sshport,
}
if !defined(File["$dir"]) {
@@file { "$dir":
ensure => directory,
mode => 0750,
owner => $user,
group => 0,
tag => "$tag",
}
}
if !defined(File["$ssh_dir"]) {
@@file { "$ssh_dir":
ensure => directory,
mode => 0700,
owner => $user,
group => 0,
require => [User[$user], File["$dir"]],
tag => "$tag",
}
}
if !defined(File["${ssh_dir}/authorized_keys"]) {
@@file { "${ssh_dir}/authorized_keys":
ensure => present,
mode => 0644,
owner => 0,
group => 0,
source => "puppet://$server/files/keys/${user}_id_${keytype}.pub",
require => File["${ssh_dir}"],
tag => "$tag",
}
}
if !defined(User["$user"]) {
@@user { "$user":
ensure => "present",
comment => "$name backup sandbox",
home => "$dir",
gid => "backupninjas",
managehome => true,
shell => "/bin/sh",
password => '*',
require => Group['backupninjas'],
tag => "$tag"
}
}
}
define mail ($sshport = '22') {
package { "nullmailer":
ensure => installed,
}
service { "nullmailer":
ensure => 'running',
require => Package['nullmailer'],
}
file { "/etc/mailname":
ensure => present,
owner => root,
group => root,
mode => 0644,
content => "$fqdn\n",
notify => Service["nullmailer"],
}
file { "/etc/nullmailer":
ensure => directory,
owner => root,
group => root,
mode => 0755,
}
file { "/etc/nullmailer/remotes":
ensure => present,
owner => root,
group => root,
mode => 0644,
content => "localhost smtp --port=2525\n",
notify => Service["nullmailer"],
require => File["/etc/nullmailer"],
}
file { "/etc/nullmailer/adminaddr":
ensure => present,
owner => root,
group => root,
mode => 0644,
content => "$root_mail_recipient\n",
require => File["/etc/nullmailer"],
}
tunnel::setup { "smtp":
host => "$name.$domain",
sshport => "$sshport",
localport => '2525',
hostport => '25',
}
}
}
|
