Add key option for tunnels (ucbpi#41)

micah · May 3, 2017 · 411a0c3 · 411a0c3
1 parent 2c6e85e
commit 411a0c3
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/manifests/tun.pp b/manifests/tun.pp
@@ -13,6 +13,9 @@
 # [*cert*]
 #   Certificate to use for this tunnel
 #
+# [*key*]
+#   Key to use for this tunnel
+#
 # [*client*]
 #   Whether this tunnel should be setup in client mode.
 #
@@ -68,6 +71,7 @@
   $connect,
   $cafile = '',
   $cert = 'UNSET',
+  $key = '',
   $client = false,
   $options = [ ],
   $failover = 'rr',
@@ -95,6 +99,11 @@
     default => $cafile,
   }
 
+  $key_real = $key ? {
+    'UNSET' => '',
+    default => $key,
+  }
+
   # Clients don't require a certificate but servers do
   if $client {
     $cert_default = ''
@@ -113,6 +122,9 @@
   if $cert_real != '' {
     validate_absolute_path( $cert_real )
   }
+  if $key_real != '' {
+    validate_absolute_path( $key_real )
+  }
   validate_bool( str2bool($client) )
 
   if is_string($options) {

diff --git a/templates/tun.erb b/templates/tun.erb
@@ -35,6 +35,9 @@ CAfile = <%= @cafile_real %>
 <% else -%>
 # CAfile = /path/to/cafile.crt
 <% end -%>
+<% if @key_real != '' -%>
+key = <%= @key_real %>
+<% end -%>
 <% if @accept -%>
   accept=<%= @accept %>
 <% end -%>