modules/portforwarder/manifests/init.pp

   1 class portforwarder {
   2         # do not depend on xinetd, yet.  it might uninstall other inetds
   3         # for now this will have to be done manually
   4
   5         if ! $::portforwarder_key {
   6                 exec { 'create-portforwarder-key':
   7                         command => '/bin/su - portforwarder -c \'mkdir -p -m 02700 .ssh && ssh-keygen -C "`whoami`@`hostname` (`date +%Y-%m-%d`)" -P "" -f .ssh/id_rsa -q\'',
   8                         onlyif  => '/usr/bin/getent passwd portforwarder > /dev/null && ! [ -e /home/portforwarder/.ssh/id_rsa ]'
   9                 }
  10         }
  11
  12         file { '/etc/ssh/userkeys/portforwarder':
  13                 content => template('portforwarder/authorized_keys.erb'),
  14         }
  15         file { '/etc/xinetd.d':
  16                 ensure  => directory,
  17                 owner   => root,
  18                 group   => root,
  19                 mode    => '0755',
  20         }
  21         file { '/etc/xinetd.d/dsa-portforwader':
  22                 content => template('portforwarder/xinetd.erb'),
  23                 notify  => Exec['service xinetd reload']
  24         }
  25
  26         exec { 'service xinetd reload':
  27                 refreshonly => true,
  28         }
  29 }