Initial import

author: Silvio Rhatto <rhatto@riseup.net> 2013-04-12 17:12:52 -0300
committer: Silvio Rhatto <rhatto@riseup.net> 2013-04-12 17:12:52 -0300
commit: 5f629355ff36b73968960ec7a98b718d9390c5f9 (patch)
tree: ea56f17eb75fd33db26b592ef6f730a02a2459bf /manifests
download: puppet-tunnel-5f629355ff36b73968960ec7a98b718d9390c5f9.tar.gz
puppet-tunnel-5f629355ff36b73968960ec7a98b718d9390c5f9.tar.bz2
4 files changed, 156 insertions, 0 deletions
diff --git a/manifests/autossh.pp b/manifests/autossh.pp
new file mode 100644
index 0000000..3f47ff0
--- /dev/null
+++ b/manifests/autossh.pp
@@ -0,0 +1,4 @@
+class tunnel::autossh {
+  # collect all resources from hosted tunnels
+  Tunnel_server_realize <<| tag == "${::fqdn}" |>>
+}
diff --git a/manifests/autossh/instance.pp b/manifests/autossh/instance.pp
new file mode 100644
index 0000000..504162f
--- /dev/null
+++ b/manifests/autossh/instance.pp
@@ -0,0 +1,80 @@
+define tunnel::autossh::instance(
+  $host,
+  $localport,
+  $hostport,
+  $ensure              = present,
+  $user                = $hostname,
+  $sshport             = '22',
+  $keytype             = 'rsa',
+  $root_mail_recipient = hiera('mail::root_mail_recipient', 'nobody')
+) {
+  $dir     = "/var/backups/remote/${user}.${::domain}"
+  $tag     = "backupninja-${::fqdn}"
+  $ssh_dir = "${dir}/.ssh"
+
+  autossh::tunnel { $name:
+    ensure      => $ensure,
+    user        => 'root',
+    remote_user => $user,
+    port        => $localport,
+    hostport    => $hostport,
+    host        => $host,
+    remote_host => $host,
+    sshport     => $sshport,
+  }
+
+  if !defined(Tunnel_server_realize["${::hostname}@${host}"]) {
+    # this defines just maps that $host host an user environment for $fdqn
+    @@tunnel_server_realize { "${::hostname}@${host}":
+      host => $::fqdn,
+      tag  => $host,
+    }
+  }
+
+  if !defined(File["${dir}"]) {
+    @@file { "${dir}":
+      ensure => directory,
+      mode   => 0750,
+      owner  => $user,
+      group  => 0,
+      tag    => "${tag}",
+    }
+  }
+
+  if !defined(File["${ssh_dir}"]) {
+    @@file { "${ssh_dir}":
+      ensure  => directory,
+      mode    => 0700,
+      owner   => $user,
+      group   => 0,
+      require => [User[$user], File["${dir}"]],
+      tag     => "${tag}",
+    }
+  }
+
+  if !defined(File["${ssh_dir}/authorized_keys"]) {
+    @@file { "${ssh_dir}/authorized_keys":
+      ensure  => present,
+      mode    => 0644,
+      owner   => 0,
+      group   => 0,
+      source  => "puppet:///modules/site_keys/${user}_id_${keytype}.pub",
+      require => File["${ssh_dir}"],
+      tag     => "${tag}",
+    }
+  }
+
+  if !defined(User["{$user}"]) {
+    @@user { "${user}":
+      ensure     => "present",
+      comment    => "${user} backup sandbox",
+      home       => "${dir}",
+      gid        => "backupninjas",
+      managehome => true,
+      shell      => "/bin/sh",
+      password   => '*',
+      require    => Group['backupninjas'],
+      tag        => "${tag}"
+    }
+  }
+}
diff --git a/manifests/autossh/mail.pp b/manifests/autossh/mail.pp
new file mode 100644
index 0000000..277beac
--- /dev/null
+++ b/manifests/autossh/mail.pp
@@ -0,0 +1,52 @@
+define tunnel::autossh::mail ($sshport = '22') {
+  package { "nullmailer":
+    ensure => installed,
+  }
+
+  service { "nullmailer":
+    ensure  => 'running',
+    require => Package['nullmailer'],
+  }
+
+  file { "/etc/mailname":
+    ensure  => present,
+    owner   => root,
+    group   => root,
+    mode    => 0644,
+    content => "${::fqdn}\n",
+    notify  => Service["nullmailer"],
+  }
+
+  file { "/etc/nullmailer":
+    ensure => directory,
+    owner   => root,
+    group   => root,
+    mode   => 0755,
+  }
+
+  file { "/etc/nullmailer/remotes":
+    ensure  => present,
+    owner   => root,
+    group   => root,
+    mode    => 0644,
+    content => "localhost smtp --port=2525\n",
+    notify  => Service["nullmailer"],
+    require => File["/etc/nullmailer"],
+  }
+
+  file { "/etc/nullmailer/adminaddr":
+    ensure  => present,
+    owner   => root,
+    group   => root,
+    mode    => 0644,
+    content => "$root_mail_recipient\n",
+    require => File["/etc/nullmailer"],
+  }
+
+  tunnel::autossh::instance{ "smtp":
+    host      => "${name}.${::domain}",
+    sshport   => "${sshport}",
+    localport => '2525',
+    hostport  => '25',
+  }
+}
diff --git a/manifests/init.pp b/manifests/init.pp
new file mode 100644
index 0000000..83ccf1b
--- /dev/null
+++ b/manifests/init.pp
@@ -0,0 +1,20 @@
+# autossh tunnel interface
+#
+# TODO: User handling should be put somewhere. Here we are duplicating
+#       code from backupninja module. Further developments should consider
+#       have an unified user handling, maybe at puppet-user.
+#
+#       For now, it's important to preserve the 'backupninja-' like tag
+#       otherwise the behavior of this code will conflict with backupninja
+#       and we'll see strange things like exported resources not being
+#       realized.
+
+# this define realizes all needed resources for a hosted tunnel
+define tunnel_server_realize($host) {
+  User               <<| tag == "backupninja-${host}" |>>
+  File               <<| tag == "backupninja-${host}" |>>
+  Ssh_authorized_key <<| tag == "backupninja-${host}" |>>
+}
+
+class tunnel {
+}
author	Silvio Rhatto <rhatto@riseup.net>	2013-04-12 17:12:52 -0300
committer	Silvio Rhatto <rhatto@riseup.net>	2013-04-12 17:12:52 -0300
commit	5f629355ff36b73968960ec7a98b718d9390c5f9 (patch)
tree	ea56f17eb75fd33db26b592ef6f730a02a2459bf /manifests
download	puppet-tunnel-5f629355ff36b73968960ec7a98b718d9390c5f9.tar.gz puppet-tunnel-5f629355ff36b73968960ec7a98b718d9390c5f9.tar.bz2