fix(config): configurable distinction between server and client services

alxwr · alxwr · commit 18c4c4a11c98 · 2019-08-27T23:26:31.000+02:00
diff --git a/openvpn/config.sls b/openvpn/config.sls
@@ -19,10 +19,12 @@ include:
 
 {% set service_id = "openvpn_{0}_service".format(name) if map.multi_services else "openvpn_service" %}
 
-{%- set config_dir = config.conf_dir if config.conf_dir is defined else map.conf_dir %}
-{%- if grains.os == "Fedora" %}
-{#-   Fedora uses /etc/openvpn/{client,server} as their working directory #}
-{%-   set config_dir = config_dir ~ '/' ~ type %}
+{%- if config.conf_dir is defined %}
+{#-   Use the explicit config from Pillar, if it is present. #}
+{%-   set config_dir = config.conf_dir %}
+{%- else %}
+{#-   Some distributions use /etc/openvpn/{client,server} as their working directory #}
+{%-   set config_dir = map.get(type ~ "_conf_dir", map.conf_dir) %}
 {%- endif %}
 
 {% set config_file = "{0}/openvpn_{1}.conf".format(config_dir, name) if map.multi_services and grains['os_family'] == 'FreeBSD' else "{0}/{1}.{2}".format(config_dir, name, map.conf_ext) %}
diff --git a/openvpn/dhparams.sls b/openvpn/dhparams.sls
@@ -2,11 +2,14 @@
 
 # Generate diffie hellman files
 {% if salt['pillar.get']('openvpn:server', False) %}
+  {#- Some distributions use /etc/openvpn/{client,server} as their working directory #}
+  {%- set config_dir = map.get("server_conf_dir", map.conf_dir) %}
   {%- for dh in map.dh_files %}
+    {%- set dh_file = config_dir ~ "/dh" ~ dh ~ ".pem" %}
 openvpn_create_dh_{{ dh }}:
   cmd.run:
-    - name: openssl dhparam {% if map.dsaparam %}-dsaparam {% endif %}-out {{ map.conf_dir }}/dh{{ dh }}.pem {{ dh }}
-    - creates: {{ map.conf_dir }}/dh{{ dh }}.pem
+    - name: openssl dhparam {% if map.dsaparam %}-dsaparam {% endif %}-out {{ dh_file }} {{ dh }}
+    - creates: {{ dh_file }}
     - require:
       - pkg: openvpn_pkgs
   {%- endfor %}
diff --git a/openvpn/osfamilymap.yaml b/openvpn/osfamilymap.yaml
@@ -8,6 +8,10 @@ Arch:
 Debian:
   group: nogroup
   log_user: root
+  client_conf_dir: /etc/openvpn/client
+  client_service: openvpn-client
+  server_conf_dir: /etc/openvpn/server
+  server_service: openvpn-server
 RedHat:
   pkgs:
     - openvpn
diff --git a/openvpn/osmap.yaml b/openvpn/osmap.yaml
@@ -6,6 +6,11 @@ Debian:
     - wheezy
     - jessie
     - stretch
+Fedora:
+  client_conf_dir: /etc/openvpn/client
+  client_service: openvpn-client
+  server_conf_dir: /etc/openvpn/server
+  server_service: openvpn-server
 Ubuntu:
   external_repo_supported:
     - precise
diff --git a/openvpn/service.sls b/openvpn/service.sls
@@ -12,12 +12,11 @@
 
 # How to name the service (instance)?
 {% if salt['grains.has_value']('systemd') %}
-{%-   if grains.os == "Fedora" %}
-{#-     Fedora uses /etc/openvpn/{client,server} as their working directory #}
-{%      set service_name = map.service ~ '-' ~ type ~ '@' ~ name %}
-{%-   else %}
-{%      set service_name = map.service ~ '@' ~ name %}
-{%-   endif %}
+{#-   
+   Some distributions use /etc/openvpn/{client,server} as their working directory
+   and openvpn-{client,server} as their service.
+#}
+{% set service_name = map.get(type ~ "_service", map.service) ~ '@' ~ name %}
 {% else %}
 {% set service_name = map.service ~ '_' ~ name %}
 {% endif %}
