Initial version of sks module

2013-11-25 11:48:53 +02:00 · 2013-11-25 11:48:53 +02:00 · bda0cb174a
commit bda0cb174a
parent 74b91b8380
3 changed files with 167 additions and 0 deletions
--- a/sks/manifests/init.pp
+++ b/sks/manifests/init.pp
@ -0,0 +1,95 @@
+# Install and configure SKS keyserver.
+#
+class sks($datadir=undef) {
+
+    case $::operatingsystem {
+        "ubuntu": {
+            $user = "debian-sks"
+            $group = "debian-sks"
+            $config = "/etc/sks/sksconf"
+        }
+        default: {
+            fail("sks not supported on ${::operatingsystem}")
+        }
+    }
+
+    package { "sks":
+        ensure => installed,
+    }
+
+    if $datadir {
+        file { $datadir:
+            ensure  => directory,
+            mode    => "0700",
+            owner   => $user,
+            group   => $group,
+            require => Package["sks"],
+        }
+        file { "/var/lib/sks":
+            ensure  => link,
+            target  => $datadir,
+            force   => true,
+            require => File[$datadir],
+        }
+    } else {
+        file { "/var/lib/sks":
+            ensure  => directory,
+            mode    => "0700",
+            owner   => $user,
+            group   => $group,
+            require => Package["sks"],
+        }
+    }
+
+    exec { "sks build":
+        path    => "/bin:/usr/bin:/sbin:/usr/sbin",
+        user    => $user,
+        creates => "/var/lib/sks/DB",
+        require => File["/var/lib/sks"],
+        before  => Service["sks"],
+    }
+
+    file { $config:
+        ensure  => present,
+        mode    => "0644",
+        owner   => "root",
+        group   => "root",
+        content => template("sks/sksconf.erb"),
+        require => Package["sks"],
+        notify  => Service["sks"],
+    }
+
+    case $::operatingsystem {
+        "debian","ubuntu": {
+            augeas { "enable-sks":
+                context => "/files/etc/default/sks",
+                changes => "set initstart yes",
+                require => Package["sks"],
+                notify  => Service["sks"],
+            }
+        }
+    }
+
+    file { "/var/lib/sks/www":
+        ensure => directory,
+        mode   => "0700",
+        owner  => $user,
+        group  => $group,
+    }
+
+    file { "/var/lib/sks/www/index.html":
+         ensure  => present,
+         mode    => "0600",
+         owner   => $user,
+         group   => $group,
+         content => template("sks/index.html.erb"),
+         before  => Service["sks"],
+    }
+
+    service { "sks":
+        ensure => running,
+        enable => true,
+        status => "pgrep -f /usr/sbin/sks",
+    }
+
+}
--- a/sks/templates/index.html.erb
+++ b/sks/templates/index.html.erb
@ -0,0 +1,40 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>SKS Search Page</title>
+<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
+</head>
+<body>
+<h1>SKS OpenPGP Keyserver</h1>
+<h3>Extract a key</h3>
+You can extract a key by typing in some words that appear in the userid
+of the key you're looking for, or by typing in the keyid in hex format ("0x...")
+<p>
+<form action="/pks/lookup" method="get">
+Search String: <input name="search" size="40"> <br>
+Show PGP "fingerprints" for keys
+<input type="checkbox" name="fingerprint"> <br>
+Show SKS full-key hashes
+<input type="checkbox" name="hash"> <br>
+Search for keys: <br>
+<input type="radio" name="op" value="index"> get regular index of matching keys
+<br>
+<input type="radio" name="op" value="vindex" CHECKED> get <b>verbose</b>
+index of matching keys <br>
+<input type="radio" name="op" value="get"> retrieve ascii-armored keys <br>
+<input type="radio" name="op" value="hget"> retrieve keys by full-key hash
+<br>
+<input type="reset" value="Reset">
+<input type="submit">
+</form>
+<br>
+<h3>Submit a key</h3>
+You can submit a key by simply pasting in the ASCII-armored version
+of your key and clicking on submit.
+<form action="/pks/add" method="post">
+<textarea name="keytext" rows="20" cols="66"></textarea> <br>
+<input type="reset" value="Reset">
+<input type="submit" value="Submit this key to the keyserver!">
+</form>
+<br>
+<br>
--- a/sks/templates/sksconf.erb
+++ b/sks/templates/sksconf.erb
@ -0,0 +1,32 @@
+# /etc/sks/sksconf
+#
+# The configuration file for your SKS server.
+# You can find more options in sks(8) manpage.
+
+# Set server hostname
+hostname: <%= @fqdn %>
+
+# Set recon binding address
+recon_address: <%= @ipaddress %>
+
+# Set recon port number
+#recon_port: 11370
+
+# Set hkp binding address
+hkp_address: <%= @ipaddress %>
+
+# Set hkp port number
+#hkp_port: 11371
+
+# Have the HKP interface listen on port 80, as well as the hkp_port
+#use_port_80:
+
+# From address used in synchronization emails used to communicate with PKS
+#from_addr: "PGP Key Server Administrator <pgp-public-keys@this.server.fdqn>"
+
+# Command used for sending mail (you can use -f option to specify the
+# envelope sender address, if your MTA trusts the sks user)
+#sendmail_cmd: /usr/lib/sendmail -t -oi
+
+# Runs database statistics calculation on boot (time and cpu expensive)
+#initial_stat: