define tunnel::autossh::instance( $host, $localport, $hostport, $ensure = present, $user = $hostname, $sshport = '22', $keytype = 'rsa', $root_mail_recipient = hiera('mail::root_mail_recipient', 'nobody') ) { $dir = "/var/backups/remote/${user}.${::domain}" $tag = "backupninja-${::fqdn}" $ssh_dir = "${dir}/.ssh" autossh::tunnel { $name: ensure => $ensure, user => 'root', remote_user => $user, port => $localport, hostport => $hostport, host => $host, remote_host => $host, sshport => $sshport, } if !defined(Tunnel_server_realize["${::hostname}@${host}"]) { # this defines just maps that $host host an user environment for $fdqn @@tunnel_server_realize { "${::hostname}@${host}": host => $::fqdn, tag => $host, } } if !defined(File["${dir}"]) { @@file { "${dir}": ensure => directory, mode => 0750, owner => $user, group => 0, tag => "${tag}", } } if !defined(File["${ssh_dir}"]) { @@file { "${ssh_dir}": ensure => directory, mode => 0700, owner => $user, group => 0, require => [User[$user], File["${dir}"]], tag => "${tag}", } } if !defined(File["${ssh_dir}/authorized_keys"]) { @@file { "${ssh_dir}/authorized_keys": ensure => present, mode => 0644, owner => 0, group => 0, source => "puppet:///modules/site_keys/${user}_id_${keytype}.pub", require => File["${ssh_dir}"], tag => "${tag}", } } if !defined(User["{$user}"]) { @@user { "${user}": ensure => "present", comment => "${user} backup sandbox", home => "${dir}", gid => "backupninjas", managehome => true, shell => "/bin/sh", password => '*', require => Group['backupninjas'], tag => "${tag}" } } }