##
## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
##

<%=
def getportforwarderkey(host)
	key = nil
	begin
		facts = YAML.load(File.open("/var/lib/puppet/yaml/facts/#{host}.yaml").read)
		return facts.values['portforwarder_key']
	rescue Exception => e
	end
	return key
end


lines = []
config = YAML.load(File.open('/etc/puppet/modules/portforwarder/misc/config.yaml').read)
config.each_pair do |sourcehost, services|
	allowed_ports = []

	##lines << "# sourcehost is #{sourcehost}"
	services.each do |service|
		##lines << "# targethost is #{service['target_host']}, my hostname #{hostname}, fqdn is #{fqdn}"
		next if service['target_host'] != fqdn
		allowed_ports << service['target_port'] if service['target_port']
	end

	if allowed_ports.length > 0
		sshkey = getportforwarderkey(sourcehost)
		remote_ip = allnodeinfo[sourcehost]['ipHostNumber'].join(',')
		local_bind = '127.101.%d.%d'%[ (sourcehost.hash / 256 % 256), sourcehost.hash % 256 ]

		lines << "# from #{sourcehost}"
		if sshkey.nil? or remote_ip.nil? or local_bind.nil?
			lines << "# insufficient config values"
		else
			command = "/usr/bin/portforwarder-ssh-wrap #{sourcehost} #{local_bind} #{allowed_ports.join(' ')}"
			lines << "from=\"#{remote_ip}\",command=\"#{command}\",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding #{sshkey}"
		end
	end
end
lines.join("\n")
%>