Commit 201e92a3 authored by Zen Fu's avatar Zen Fu
Browse files

Use EPP for VPN templates

parent e05ad1b5
......@@ -77,19 +77,32 @@ define tails::vpn::instance (
owner => 'root',
group => 'root',
mode => '0700',
content => template('tails/vpn/tinc-up.erb');
content => epp('tails/vpn/tinc-up.epp', {
interface => $interface,
vpn_ip => $vpn_ip,
vpn_net => $vpn_net,
vpn_netmask => $vpn_netmask,
route_to_lizard => $route_to_lizard_vm_net,
lizard_vpn_address => $lizard_vpn_address,
});
"/etc/tinc/${vpn_name}/tinc-down":
ensure => $ensure,
owner => 'root',
group => 'root',
mode => '0700',
content => template('tails/vpn/tinc-down.erb');
content => epp('tails/vpn/tinc-down.epp', {
interface => $interface
});
"/etc/tinc/${vpn_name}/tinc.conf":
ensure => $ensure,
owner => 'root',
group => 'root',
mode => '0600',
content => template('tails/vpn/tinc.conf.erb');
content => epp('tails/vpn/tinc.conf.erb', {
hostname => $hostname,
connect_to => $connect_to,
proxy => $proxy,
});
"/etc/tinc/${vpn_name}/rsa_key.priv":
ensure => $ensure,
owner => 'root',
......
<%- | String $interface | -%>
#!/bin/sh
## Down tinc
set -e
ip link set <%= @interface %> down
ip link set <%= $interface %> down
<%- | String $interface,
String $vpn_ip,
String $vpn_net,
String $vpn_netmask,
Boolean $route_to_lizard_vm_net,
String $lizard_vpn_address,
| -%>
#!/bin/sh
set -e
## Up tinc, add IP
ip link set <%= $interface %> up
ip addr add <%= $vpn_ip %> dev <%= $interface %>
route add -net <%= $vpn_net %> netmask <%= $vpn_netmask %> gw <%= $vpn_ip %> dev <%= $interface %>
<%- if $route_to_lizard_vm_net { -%>
route add -net 192.168.122.0 netmask 255.255.255.0 gw <%= $lizard_vpn_address %> dev <%= $interface %>
<%- } -%>
#!/bin/sh
set -e
## Up tinc, add IP
ip link set <%= @interface %> up
ip addr add <%= @vpn_ip %> dev <%= @interface %>
route add -net <%= @vpn_net %> netmask <%= @vpn_netmask %> gw <%= @vpn_ip %> dev <%= @interface %>
<%- if @route_to_lizard_vm_net %>
route add -net 192.168.122.0 netmask 255.255.255.0 gw <%= @lizard_vpn_address %> dev <%= @interface %>
<%- end %>
<%- | String $hostname,
Array[String] $connect_to,
String $proxy,
| -%>
Name=<%= $hostname %>
Device=/dev/net/tun
Mode=switch
<%- $connect_to.each | $address | { -%>
ConnectTo=<%= $address %>
<%- } -%>
<%- if $proxy { -%>
Proxy=<%= $proxy %>
<%- } -%>
Name=<%= @hostname %>
Device=/dev/net/tun
Mode=switch
<%- @connect_to.each do |address| %>
ConnectTo=<%= address %>
<%- end %>
<%- if @proxy %>
Proxy=<%= @proxy %>
<%- end %>
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment