root / manifests / config.pp @ c5418fd3
Historique | Voir | Annoter | Télécharger (1,55 ko)
| 1 | 0ba57c66 | mh | # manage a config snippet |
|---|---|---|---|
| 2 | 11bf7237 | Steve Traylen | define nftables::config ( |
| 3 | c5418fd3 | Nacho Barrientos | Pattern[/^\w+-\w+$/] $tablespec = $title, |
| 4 | 31b17627 | Steve Traylen | Optional[String] $content = undef, |
| 5 | Optional[Variant[String,Array[String,1]]] $source = undef, |
||
| 6 | 11bf7237 | Steve Traylen | ) {
|
| 7 | 294a38ff | Nacho Barrientos | if $content and $source {
|
| 8 | fail('Please pass only $content or $source, not both.')
|
||
| 9 | } |
||
| 10 | |||
| 11 | e4c32222 | Nacho Barrientos | $concat_name = "nftables-${name}"
|
| 12 | |||
| 13 | 11bf7237 | Steve Traylen | Package['nftables'] -> concat {
|
| 14 | e4c32222 | Nacho Barrientos | $concat_name: |
| 15 | 30462da1 | Steve Traylen | path => "/etc/nftables/puppet-preflight/${name}.nft",
|
| 16 | e4c32222 | Nacho Barrientos | ensure_newline => true, |
| 17 | owner => root, |
||
| 18 | group => root, |
||
| 19 | mode => '0640', |
||
| 20 | 11bf7237 | Steve Traylen | } ~> Exec['nft validate'] -> file {
|
| 21 | 30462da1 | Steve Traylen | "/etc/nftables/puppet/${name}.nft":
|
| 22 | 11bf7237 | Steve Traylen | ensure => file, |
| 23 | source => "/etc/nftables/puppet-preflight/${name}.nft",
|
||
| 24 | owner => root, |
||
| 25 | group => root, |
||
| 26 | mode => '0640', |
||
| 27 | 0ba57c66 | mh | } ~> Service['nftables'] |
| 28 | |||
| 29 | e4c32222 | Nacho Barrientos | $data = split($name, '-') |
| 30 | |||
| 31 | concat::fragment {
|
||
| 32 | "${concat_name}-header":
|
||
| 33 | target => $concat_name, |
||
| 34 | order => '00', |
||
| 35 | content => "table ${data[0]} ${data[1]} {",
|
||
| 36 | } |
||
| 37 | |||
| 38 | 0ba57c66 | mh | if $source {
|
| 39 | e4c32222 | Nacho Barrientos | concat::fragment {
|
| 40 | "${concat_name}-body":
|
||
| 41 | target => $concat_name, |
||
| 42 | order => 98, |
||
| 43 | source => $source, |
||
| 44 | 0ba57c66 | mh | } |
| 45 | } else {
|
||
| 46 | fcb1d356 | Nacho Barrientos | if $content {
|
| 47 | $_content = $content |
||
| 48 | } else {
|
||
| 49 | $_content = " include \"${name}-chain-*.nft\""
|
||
| 50 | } |
||
| 51 | e4c32222 | Nacho Barrientos | concat::fragment {
|
| 52 | "${concat_name}-body":
|
||
| 53 | target => $concat_name, |
||
| 54 | order => '98', |
||
| 55 | fcb1d356 | Nacho Barrientos | content => $_content, |
| 56 | 0ba57c66 | mh | } |
| 57 | } |
||
| 58 | e4c32222 | Nacho Barrientos | |
| 59 | concat::fragment {
|
||
| 60 | "${concat_name}-footer":
|
||
| 61 | target => $concat_name, |
||
| 62 | order => '99', |
||
| 63 | content => '}', |
||
| 64 | } |
||
| 65 | 0ba57c66 | mh | } |