Adding initial tunnel support

diff --git a/manifests/init.pp b/manifests/init.pp
index 1373091ab639e58611857311efc5ccec2085e419..c9e5329df5bc7db5607411b9d74e39c30efdc704 100644 (file)
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -37,6 +37,7 @@ import "tor"
 import "postfix"
 import "reprepro"
 import "ssl"
+import "autossh"
 
 # Import subsystems
 import "subsystems/firewall.pp"
@@ -56,6 +57,7 @@ import "subsystems/xorg.pp"
 import "subsystems/modprobe.pp"
 import "subsystems/hosts.pp"
 import "subsystems/locales.pp"
+import "subsystems/tunnel.pp"
 
 # Import nodo classes
 import "nodo.pp"

diff --git a/manifests/mail.pp b/manifests/mail.pp
index d1f2b42fa098dce834d99b23d2cbcc701df57876..47b81597e01dc932afd84e9f92a6435aa6d88e69 100644 (file)
--- a/manifests/mail.pp
+++ b/manifests/mail.pp
@@ -1,6 +1,6 @@
 class nodo::mail {
   # Class for mail nodes
-  $mail_host             = true
+  $mail_delivery         = "postfix"
   $postfix_relayhost     = "$domain"
   $postfix_smtp_listen   = "$ipaddress"
   $postfix_mydestination = "\$myorigin"

diff --git a/manifests/nodo.pp b/manifests/nodo.pp
index e634ce97f495a17f76d414abfdcfa61337ef7d8b..c6d66c2be5ac6d4ce468038aa9984ccd438373ce 100644 (file)
--- a/manifests/nodo.pp
+++ b/manifests/nodo.pp
@@ -9,6 +9,7 @@ class nodo {
   include cron
   include hosts
   include locales
+  include tunnel
 
   # Set timezone and ntp config
   #
@@ -29,8 +30,15 @@ class nodo {
   include monkeysphere
 
   # Email delivery configuration
-  if $mail_host != true {
-    include exim
+  case $mail_delivery {
+    'tunnel' {              
+      include exim::disabled
+      tunnel::mail { "$mail_hostname":
+        sshport   => '$mail_ssh_port',
+      }
+    }
+    'postfix': { }
+    '','exim',default: { include exim }
   }
 
   # Apt configuration

diff --git a/manifests/subsystems/tunnel.pp b/manifests/subsystems/tunnel.pp
new file mode 100644 (file)
index 0000000..f034c61
--- /dev/null
+++ b/manifests/subsystems/tunnel.pp
@@ -0,0 +1,76 @@
+class tunnel {
+
+  User <<| tag == "autossh-$fqdn" |>>
+  File <<| tag == "autossh-$fqdn" |>>
+  Ssh_authorized_key <<| tag == "autossh-$real_backupserver_tag" |>>
+
+  define setup($ensure = present, $user = $hostname, $host, $localport, $hostport, $sshport = '22', $keytype = 'dsa') {
+    $dir     = "/var/backups/remote/$user"
+    $tag     = "autossh-$hostname"
+    $ssh_dir = "$dir/.ssh"
+
+    autossh::tunnel { $name:
+      ensure      => $ensure,
+      user        => $user,
+      port        => $localport,
+      hostport    => $hostport,
+      remote_host => $host,
+      sshport     => $sshport,
+    }
+
+    if !defined(File["$dir"]) {
+      @@file { "$dir":
+        ensure => directory,
+        mode   => 0750,
+        owner  => $user,
+        group  => 0,
+        tag    => "$tag",
+      }
+    }
+
+    if !defined(File["$sshdir"]) {
+      @@file { "$sshdir":
+        ensure  => directory,
+        mode    => 0700,
+        owner   => $user,
+        group   => 0,
+        require => [User[$user], File["$dir"]],
+        tag     => "$tag",
+      }
+    }
+
+    if !defined(File["${ssh_dir}/authorized_keys"]) {
+      @@file { "${ssh_dir}/authorized_keys":
+        ensure  => present,
+        mode    => 0644,
+        owner   => 0,
+        group   => 0,
+        source  => "puppet://$server/files/keys/${user}_id_${keytype}.pub",
+        require => File["${ssh_dir}"],
+        tag     => "$tag",
+      }
+    }
+
+    if !defined(User["$user"]) {
+      @@user { "$user":
+        ensure     => "present",
+        comment    => "$name backup sandbox",
+        home       => "$dir",
+        managehome => true,
+        shell      => "/bin/sh",
+        password   => '*',
+        require    => Group['backupninjas'],
+        tag        => "$tag"
+      }
+    }
+  }
+
+  define mail ($sshport = '22') {
+    tunnel::setup { "smtp":
+      host      => "$name.$domain",
+      sshport   => "$sshport",
+      localport => '25',
+      hostport  => '25',
+    }
+  }
+}