1 files changed, 80 insertions, 0 deletions

diff --git a/manifests/autossh/instance.pp b/manifests/autossh/instance.pp
new file mode 100644
index 0000000..504162f
--- /dev/null
+++ b/manifests/autossh/instance.pp
@@ -0,0 +1,80 @@
+define tunnel::autossh::instance(
+  $host,
+  $localport,
+  $hostport,
+  $ensure              = present,
+  $user                = $hostname,
+  $sshport             = '22',
+  $keytype             = 'rsa',
+  $root_mail_recipient = hiera('mail::root_mail_recipient', 'nobody')
+) {
+  $dir     = "/var/backups/remote/${user}.${::domain}"
+  $tag     = "backupninja-${::fqdn}"
+  $ssh_dir = "${dir}/.ssh"
+
+  autossh::tunnel { $name:
+    ensure      => $ensure,
+    user        => 'root',
+    remote_user => $user,
+    port        => $localport,
+    hostport    => $hostport,
+    host        => $host,
+    remote_host => $host,
+    sshport     => $sshport,
+  }
+
+  if !defined(Tunnel_server_realize["${::hostname}@${host}"]) {
+    # this defines just maps that $host host an user environment for $fdqn
+    @@tunnel_server_realize { "${::hostname}@${host}":
+      host => $::fqdn,
+      tag  => $host,
+    }
+  }
+
+  if !defined(File["${dir}"]) {
+    @@file { "${dir}":
+      ensure => directory,
+      mode   => 0750,
+      owner  => $user,
+      group  => 0,
+      tag    => "${tag}",
+    }
+  }
+
+  if !defined(File["${ssh_dir}"]) {
+    @@file { "${ssh_dir}":
+      ensure  => directory,
+      mode    => 0700,
+      owner   => $user,
+      group   => 0,
+      require => [User[$user], File["${dir}"]],
+      tag     => "${tag}",
+    }
+  }
+
+  if !defined(File["${ssh_dir}/authorized_keys"]) {
+    @@file { "${ssh_dir}/authorized_keys":
+      ensure  => present,
+      mode    => 0644,
+      owner   => 0,
+      group   => 0,
+      source  => "puppet:///modules/site_keys/${user}_id_${keytype}.pub",
+      require => File["${ssh_dir}"],
+      tag     => "${tag}",
+    }
+  }
+
+  if !defined(User["{$user}"]) {
+    @@user { "${user}":
+      ensure     => "present",
+      comment    => "${user} backup sandbox",
+      home       => "${dir}",
+      gid        => "backupninjas",
+      managehome => true,
+      shell      => "/bin/sh",
+      password   => '*',
+      require    => Group['backupninjas'],
+      tag        => "${tag}"
+    }
+  }
+}