From: Stephen Gran <steve@lobefin.net>
Date: Sun, 22 Apr 2012 19:48:10 +0000 (+0100)
Subject: this is probably more like it
X-Git-Url: https://git.donarmstrong.com/?a=commitdiff_plain;h=a8faece43f89960c6686321309b3082c7a531cac;p=dsa-puppet.git

this is probably more like it

Signed-off-by: Stephen Gran <steve@lobefin.net>
---

diff --git a/manifests/site.pp b/manifests/site.pp
index 54ed6528..77007e10 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -148,7 +148,7 @@ node default {
 		munin::check { 'spamassassin': }
 	}
 
-	if $::hostname in [chopin,franck,gluck,kassia,klecker,lobos,morricone,ravel,saens,schein,santoro,steffani,villa,wieck,bizet] {
+	if $::hostname in [chopin,franck,kassia,klecker,morricone,ravel,bizet] {
 		include vsftpd
 	}
 }
diff --git a/modules/roles/files/security_mirror/vsftpd.conf b/modules/roles/files/security_mirror/vsftpd.conf
new file mode 100644
index 00000000..2cbe373d
--- /dev/null
+++ b/modules/roles/files/security_mirror/vsftpd.conf
@@ -0,0 +1,14 @@
+anonymous_enable=YES
+connect_from_port_20=NO
+connect_from_port_20=YES
+dirmessage_enable=NO
+dirmessage_enable=YES
+ftpd_banner=security.debian.org FTP server (vsftpd)
+listen=YES
+ls_recurse_enable=YES
+pam_service_name=vsftpd
+rsa_cert_file=/etc/ssl/certs/vsftpd.pem
+secure_chroot_dir=/var/run/vsftpd
+setproctitle_enable=YES
+xferlog_enable=YES
+xferlog_file=/var/log/vsftpd.log
diff --git a/modules/roles/manifests/security_mirror.pp b/modules/roles/manifests/security_mirror.pp
index 46f9b5f9..9b9ec2d2 100644
--- a/modules/roles/manifests/security_mirror.pp
+++ b/modules/roles/manifests/security_mirror.pp
@@ -5,4 +5,7 @@ class roles::security_mirror {
 		config => 'puppet:///modules/roles/security_mirror/security.debian.org'
 	}
 
+	class { 'vsftpd::site':
+		source => 'puppet:///modules/roles/security_mirror/vsftpd.conf'
+	}
 }
diff --git a/modules/vsftpd/manifests/site.pp b/modules/vsftpd/manifests/site.pp
new file mode 100644
index 00000000..bc66c95d
--- /dev/null
+++ b/modules/vsftpd/manifests/site.pp
@@ -0,0 +1,34 @@
+class vsftpd::site (
+	$source='',
+	$content='',
+	$ensure=present,
+){
+
+	include vsftpd
+
+	if ($source and $content) {
+		fail ( "Can't have both source and content for $name" )
+	}
+
+	case $ensure {
+		present,absent: {}
+		default: { fail ( "Invald ensure `$ensure' for $name" ) }
+	}
+
+	if $source {
+		file { '/etc/vsftpd.conf':
+			ensure => $ensure,
+			source => $source,
+			notify => Service['vsftpd']
+		}
+	} elsif $content {
+		file { '/etc/vsftpd.conf':
+			ensure  => $ensure,
+			content => $content,
+			notify  => Service['vsftpd']
+		}
+	} else {
+		fail ( "Need one of source or content for $name" )
+	}
+
+}