summaryrefslogtreecommitdiff
path: root/sitemodules/profiles/manifests/sniproxy.pp
blob: 7cba9b1ad0624ca401a106bcfd0790861c141f0b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# Class: profiles::sniproxy
# =========================
#
# This class takes care if setting up SNIProxy.
#
# Parameters
# ----------
#
# @param https_forwards a list of server names to target ips/ports
#
# Examples
# --------
#
# @example
#   class roles::myhost {
#     include profiles::sniproxy
#   }
#
# Authors
# -------
#
# Jan Dittberner <jandd@cacert.org>
#
# Copyright
# ---------
#
# Copyright 2017 Jan Dittberner
#
class profiles::sniproxy (
  Array[String] $https_forwards,
) {
  file { '/etc/apt/sources.list.d/debian-testing.list':
    ensure => file,
    owner  => 'root',
    group  => 'root',
    mode   => '0644',
    source => 'puppet:///modules/profiles/apt_sources_debian_testing.list',
  }

  file { '/etc/apt/preferences.d/sniproxy':
    ensure => file,
    owner  => 'root',
    group  => 'root',
    mode   => '0644',
    source => 'puppet:///modules/profiles/sniproxy/sniproxy_apt_preferences',
  }

  package { 'sniproxy':
    ensure => present,
  }

  file { '/etc/default/sniproxy':
    ensure  => file,
    owner   => 'root',
    group   => 'root',
    mode    => '0644',
    source  => 'puppet:///modules/profiles/sniproxy/etc_default_sniproxy',
    require => Package['sniproxy'],
  }

  file { '/etc/sniproxy.conf':
    ensure  => file,
    owner   => 'root',
    group   => 'root',
    mode    => '0644',
    content => epp(
      'profiles/sniproxy/sniproxy.conf.epp',
      {'https_forwards' => $https_forwards}
    ),
    require => Package['sniproxy'],
  }

  service { 'sniproxy':
    ensure  => running,
    enable  => true,
    require => [Package['sniproxy'], File['/etc/default/sniproxy'], File['/etc/sniproxy.conf']],
  }
}