-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathvpn.rb
83 lines (74 loc) · 2.7 KB
/
vpn.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
dep 'L2TP IPSec VPN' do
requires 'openswan configured', 'openswan booting on startup'
requires 'xl2tpd configured'
requires 'ppp configured'
end
dep 'openswan.managed' do
requires 'lsof.managed'
provides 'ipsec'
end
dep 'xl2tpd.managed' do
end
dep 'ppp.managed' do
provides 'pppd'
end
dep 'openswan booting on startup' do
met? {
not Dir.glob('/etc/rc*/*ipsec').empty?
}
meet {
#TODO: Refactor
`sudo update-rc.d ipsec defaults`
}
end
dep 'lsof.managed' do
end
dep 'openswan configured' do
requires 'openswan.managed'
define_var :server_ip, :default => Utilities.local_ip
met? {
Babushka::Renderable.new('/etc/ipsec.conf').from?(dependency.load_path.parent / 'vpn/ipsec.conf.erb') and
Babushka::Renderable.new('/etc/ipsec.secrets').from?(dependency.load_path.parent / 'vpn/ipsec.secrets.erb') and
Babushka::Renderable.new('/etc/ipsec.d/l2tp-psk.conf').from?(dependency.load_path.parent / 'vpn/l2tp-psk.conf.erb') and
Babushka::Renderable.new('/etc/sysctl.d/30-openswan-network-config.conf').from?(dependency.load_path.parent / 'vpn/openswan.conf.erb')
}
meet {
render_erb 'vpn/ipsec.conf.erb', :to => '/etc/ipsec.conf', :sudo => true
render_erb 'vpn/ipsec.secrets.erb', :to => '/etc/ipsec.secrets', :sudo => true
render_erb 'vpn/l2tp-psk.conf.erb', :to => '/etc/ipsec.d/l2tp-psk.conf', :sudo => true
render_erb 'vpn/openswan.conf.erb', :to => '/etc/sysctl.d/30-openswan-network-config.conf', :sudo => true
}
end
dep 'xl2tpd configured' do
requires 'xl2tpd.managed', 'iptables masquerade'
met? {
Babushka::Renderable.new('/etc/xl2tpd/xl2tpd.conf').from?(dependency.load_path.parent / 'vpn/xl2tpd.conf.erb')
}
meet {
render_erb 'vpn/xl2tpd.conf.erb', :to => '/etc/xl2tpd/xl2tpd.conf', :sudo => true
}
end
dep 'ppp configured' do
requires 'ppp.managed'
met? {
Babushka::Renderable.new('/etc/ppp/options.xl2tpd').from?(dependency.load_path.parent / 'vpn/ppp-options.xl2tpd.erb') and
Babushka::Renderable.new('/etc/ppp/chap-secrets').from?(dependency.load_path.parent / 'vpn/chap-secrets.erb')
}
meet {
render_erb 'vpn/ppp-options.xl2tpd.erb', :to => '/etc/ppp/options.xl2tpd', :sudo => true
render_erb 'vpn/chap-secrets.erb', :to => '/etc/ppp/chap-secrets', :sudo => true
}
end
dep 'iptables masquerade' do
met? {
Babushka::Renderable.new('/etc/init.d/masquerade').from?(dependency.load_path.parent / 'vpn/masquerade.erb') and
File.executable?('/etc/init.d/masquerade') and
not Dir.glob('/etc/rc*/*masquerade').empty?
}
meet {
render_erb 'vpn/masquerade.erb', :to => '/etc/init.d/masquerade', :sudo => true
File.chmod 0755, '/etc/init.d/masquerade'
#TODO: Refactor
`sudo update-rc.d masquerade defaults`
}
end