summaryrefslogtreecommitdiff
path: root/services/applications
diff options
context:
space:
mode:
Diffstat (limited to 'services/applications')
-rw-r--r--services/applications/openvpn.cf57
1 files changed, 57 insertions, 0 deletions
diff --git a/services/applications/openvpn.cf b/services/applications/openvpn.cf
new file mode 100644
index 0000000..597318f
--- /dev/null
+++ b/services/applications/openvpn.cf
@@ -0,0 +1,57 @@
+bundle agent openvpn
+{
+ vars:
+ any::
+ "tunnels" slist => getindices("g.host_data[tunnels]");
+ classes:
+ any::
+ "$(tunnels)_needs_restart" or => { "openvpn_common_key_repaired", "linux.openvpn_$(tunnels)_conf_repaired" };
+ files:
+ any::
+ "/etc/openvpn/common.key"
+ create => "true",
+ edit_defaults => empty,
+ perms => system_owned("440"),
+ edit_template => "$(sys.inputdir)/templates/openvpn/common.key.cftpl",
+ classes => if_repaired("openvpn_common_key_repaired");
+ methods:
+ any::
+ "any" usebundle => install_package("$(this.bundle)", "openvpn");
+ "any" usebundle => openvpn_tunnel("$(tunnels)");
+ services:
+ linux::
+ "openvpn@$(tunnels)"
+ service_policy => "start",
+ classes => if_repaired("tunnel_$(tunnels)_service_repaired");
+ commands:
+ any::
+ "/usr/sbin/service openvpn@$(tunnels) restart" classes => if_repaired("tunnel_$(tunnels)_service_repaired"), ifvarclass => "$(tunnels)_needs_restart";
+ reports:
+ any::
+ "$(this.bundle): common.key repaired" ifvarclass => "openvpn_common_key_repaired";
+ "$(this.bundle): $(tunnels) service repaired" ifvarclass => "tunnel_$(tunnels)_service_repaired";
+}
+
+bundle agent openvpn_tunnel(tunnel)
+{
+ classes:
+ any::
+ "$(tunnel)_needs_restart" or => { "openvpn_common_key_repaired", "linux.openvpn_$(tunnel)_conf_repaired" };
+ "has_remote" and => { isvariable("g.host_data[tunnels][$(tunnel)][remote_host]"), isvariable("g.host_data[tunnels][$(tunnel)][remote_port]") };
+ files:
+ any::
+ "/etc/openvpn/$(tunnel).conf"
+ create => "true",
+ edit_defaults => empty,
+ perms => system_owned("440"),
+ edit_template => "$(sys.inputdir)/templates/openvpn/tunnel.conf.cftpl",
+ template_method => "cfengine",
+ classes => if_repaired("openvpn_$(tunnel)_conf_repaired");
+ commands:
+ any::
+ "/usr/sbin/service openvpn@$(tunnel) restart" classes => if_repaired("tunnel_$(tunnel)_service_repaired"), ifvarclass => "$(tunnel)_needs_restart";
+ reports:
+ any::
+ "$(this.bundle): $(tunnel).conf repaired" ifvarclass => "openvpn_$(tunnel)_conf_repaired";
+ "$(this.bundle): $(tunnel) service repaired" ifvarclass => "tunnel_$(tunnel)_service_repaired";
+}