Initial version of sks module

2013-11-25 11:48:53 +02:00 · 2013-11-25 11:48:53 +02:00 · bda0cb174a
commit bda0cb174a
parent 74b91b8380
3 changed files with 167 additions and 0 deletions
--- a/sks/manifests/init.pp
+++ b/sks/manifests/init.pp
@ -0,0 +1,95 @@
 # Install and configure SKS keyserver.
 #
 class sks($datadir=undef) {
    case $::operatingsystem {
        "ubuntu": {
            $user = "debian-sks"
            $group = "debian-sks"
            $config = "/etc/sks/sksconf"
        }
        default: {
            fail("sks not supported on ${::operatingsystem}")
        }
    }
    package { "sks":
        ensure => installed,
    }
    if $datadir {
        file { $datadir:
            ensure  => directory,
            mode    => "0700",
            owner   => $user,
            group   => $group,
            require => Package["sks"],
        }
        file { "/var/lib/sks":
            ensure  => link,
            target  => $datadir,
            force   => true,
            require => File[$datadir],
        }
    } else {
        file { "/var/lib/sks":
            ensure  => directory,
            mode    => "0700",
            owner   => $user,
            group   => $group,
            require => Package["sks"],
        }
    }
    exec { "sks build":
        path    => "/bin:/usr/bin:/sbin:/usr/sbin",
        user    => $user,
        creates => "/var/lib/sks/DB",
        require => File["/var/lib/sks"],
        before  => Service["sks"],
    }
    file { $config:
        ensure  => present,
        mode    => "0644",
        owner   => "root",
        group   => "root",
        content => template("sks/sksconf.erb"),
        require => Package["sks"],
        notify  => Service["sks"],
    }
    case $::operatingsystem {
        "debian","ubuntu": {
            augeas { "enable-sks":
                context => "/files/etc/default/sks",
                changes => "set initstart yes",
                require => Package["sks"],
                notify  => Service["sks"],
            }
        }
    }
    file { "/var/lib/sks/www":
        ensure => directory,
        mode   => "0700",
        owner  => $user,
        group  => $group,
    }
    file { "/var/lib/sks/www/index.html":
         ensure  => present,
         mode    => "0600",
         owner   => $user,
         group   => $group,
         content => template("sks/index.html.erb"),
         before  => Service["sks"],
    }
    service { "sks":
        ensure => running,
        enable => true,
        status => "pgrep -f /usr/sbin/sks",
    }
 }
--- a/sks/templates/index.html.erb
+++ b/sks/templates/index.html.erb
@ -0,0 +1,40 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 <html>
 <head>
 <title>SKS Search Page</title>
 <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
 </head>
 <body>
 <h1>SKS OpenPGP Keyserver</h1>
 <h3>Extract a key</h3>
 You can extract a key by typing in some words that appear in the userid
 of the key you're looking for, or by typing in the keyid in hex format ("0x...")
 <p>
 <form action="/pks/lookup" method="get">
 Search String: <input name="search" size="40"> <br>
 Show PGP "fingerprints" for keys
 <input type="checkbox" name="fingerprint"> <br>
 Show SKS full-key hashes
 <input type="checkbox" name="hash"> <br>
 Search for keys: <br>
 <input type="radio" name="op" value="index"> get regular index of matching keys
 <br>
 <input type="radio" name="op" value="vindex" CHECKED> get <b>verbose</b>
 index of matching keys <br>
 <input type="radio" name="op" value="get"> retrieve ascii-armored keys <br>
 <input type="radio" name="op" value="hget"> retrieve keys by full-key hash
 <br>
 <input type="reset" value="Reset">
 <input type="submit">
 </form>
 <br>
 <h3>Submit a key</h3>
 You can submit a key by simply pasting in the ASCII-armored version
 of your key and clicking on submit.
 <form action="/pks/add" method="post">
 <textarea name="keytext" rows="20" cols="66"></textarea> <br>
 <input type="reset" value="Reset">
 <input type="submit" value="Submit this key to the keyserver!">
 </form>
 <br>
 <br>
--- a/sks/templates/sksconf.erb
+++ b/sks/templates/sksconf.erb
@ -0,0 +1,32 @@
 # /etc/sks/sksconf
 #
 # The configuration file for your SKS server.
 # You can find more options in sks(8) manpage.
 # Set server hostname
 hostname: <%= @fqdn %>
 # Set recon binding address
 recon_address: <%= @ipaddress %>
 # Set recon port number
 #recon_port: 11370
 # Set hkp binding address
 hkp_address: <%= @ipaddress %>
 # Set hkp port number
 #hkp_port: 11371
 # Have the HKP interface listen on port 80, as well as the hkp_port
 #use_port_80:
 # From address used in synchronization emails used to communicate with PKS
 #from_addr: "PGP Key Server Administrator <pgp-public-keys@this.server.fdqn>"
 # Command used for sending mail (you can use -f option to specify the
 # envelope sender address, if your MTA trusts the sks user)
 #sendmail_cmd: /usr/lib/sendmail -t -oi
 # Runs database statistics calculation on boot (time and cpu expensive)
 #initial_stat: