1 files changed, 57 insertions, 0 deletions

diff --git a/services/applications/openvpn.cf b/services/applications/openvpn.cf
new file mode 100644
index 0000000..597318f
--- /dev/null
+++ b/services/applications/openvpn.cf
@@ -0,0 +1,57 @@
+bundle agent openvpn
+{
+    vars:
+        any::
+            "tunnels" slist => getindices("g.host_data[tunnels]");
+    classes:
+        any::
+            "$(tunnels)_needs_restart" or => { "openvpn_common_key_repaired", "linux.openvpn_$(tunnels)_conf_repaired" };
+    files:
+        any::
+            "/etc/openvpn/common.key"
+                create => "true",
+                edit_defaults => empty,
+                perms => system_owned("440"),
+                edit_template => "$(sys.inputdir)/templates/openvpn/common.key.cftpl",
+                classes => if_repaired("openvpn_common_key_repaired");
+    methods:
+        any::
+            "any" usebundle => install_package("$(this.bundle)", "openvpn");
+            "any" usebundle => openvpn_tunnel("$(tunnels)");
+    services:
+        linux::
+            "openvpn@$(tunnels)"
+                service_policy => "start",
+                classes => if_repaired("tunnel_$(tunnels)_service_repaired");
+    commands:
+        any::
+            "/usr/sbin/service openvpn@$(tunnels) restart" classes => if_repaired("tunnel_$(tunnels)_service_repaired"), ifvarclass => "$(tunnels)_needs_restart";
+    reports:
+        any::
+            "$(this.bundle): common.key repaired" ifvarclass => "openvpn_common_key_repaired";
+            "$(this.bundle): $(tunnels) service repaired" ifvarclass => "tunnel_$(tunnels)_service_repaired";
+}
+
+bundle agent openvpn_tunnel(tunnel)
+{
+    classes:
+        any::
+            "$(tunnel)_needs_restart" or => { "openvpn_common_key_repaired", "linux.openvpn_$(tunnel)_conf_repaired" };
+            "has_remote" and => { isvariable("g.host_data[tunnels][$(tunnel)][remote_host]"), isvariable("g.host_data[tunnels][$(tunnel)][remote_port]") };
+    files:
+        any::
+            "/etc/openvpn/$(tunnel).conf"
+                create => "true",
+                edit_defaults => empty,
+                perms => system_owned("440"),
+                edit_template => "$(sys.inputdir)/templates/openvpn/tunnel.conf.cftpl",
+                template_method => "cfengine",
+                classes => if_repaired("openvpn_$(tunnel)_conf_repaired");
+    commands:
+        any::
+            "/usr/sbin/service openvpn@$(tunnel) restart" classes => if_repaired("tunnel_$(tunnel)_service_repaired"), ifvarclass => "$(tunnel)_needs_restart";
+    reports:
+        any::
+            "$(this.bundle): $(tunnel).conf repaired" ifvarclass => "openvpn_$(tunnel)_conf_repaired";
+            "$(this.bundle): $(tunnel) service repaired" ifvarclass => "tunnel_$(tunnel)_service_repaired";
+}