root / manifests / file.pp @ 1ef7d5c4
Historique | Voir | Annoter | Télécharger (1,4 ko)
| 1 | 331b8d85 | Steve Traylen | # @summary Insert a file into the nftables configuration |
|---|---|---|---|
| 2 | # @example Include a file that includes other files |
||
| 3 | # nftables::file{'geoip':
|
||
| 4 | # content => @(EOT) |
||
| 5 | # include "/var/local/geoipsets/dbip/nftset/ipv4/*.ipv4" |
||
| 6 | # include "/var/local/geoipsets/dbip/nftset/ipv6/*.ipv6" |
||
| 7 | # |EOT, |
||
| 8 | # } |
||
| 9 | # |
||
| 10 | # @param label Unique name to include in filename. |
||
| 11 | # @param content The content to place in the file. |
||
| 12 | # @param source A source to obtain the file content from. |
||
| 13 | # @param prefix |
||
| 14 | # Prefix of file name to be created, if left as `file-` it will be |
||
| 15 | # auto included in the main nft configuration |
||
| 16 | # |
||
| 17 | define nftables::file ( |
||
| 18 | String[1] $label = $title, |
||
| 19 | Optional[String] $content = undef, |
||
| 20 | Optional[Variant[String,Array[String,1]]] $source = undef, |
||
| 21 | String $prefix = 'file-', |
||
| 22 | ) {
|
||
| 23 | if $content and $source {
|
||
| 24 | fail('Please pass only $content or $source, not both.')
|
||
| 25 | } |
||
| 26 | |||
| 27 | $concat_name = "nftables-${name}"
|
||
| 28 | |||
| 29 | Package['nftables'] -> file { "/etc/nftables/puppet-preflight/${prefix}${label}.nft":
|
||
| 30 | ensure => file, |
||
| 31 | owner => root, |
||
| 32 | group => root, |
||
| 33 | 0b7bcb5d | mh | mode => $nftables::default_config_mode, |
| 34 | 331b8d85 | Steve Traylen | content => $content, |
| 35 | source => $source, |
||
| 36 | } ~> Exec['nft validate'] -> file { "/etc/nftables/puppet/${prefix}${label}.nft":
|
||
| 37 | ensure => file, |
||
| 38 | owner => root, |
||
| 39 | group => root, |
||
| 40 | 0b7bcb5d | mh | mode => $nftables::default_config_mode, |
| 41 | 331b8d85 | Steve Traylen | content => $content, |
| 42 | source => $source, |
||
| 43 | } ~> Service['nftables'] |
||
| 44 | } |