#Copyright (C) 2009, Tom Judge
# ----------------------------------------------------------------------------
# "THE BEER-WARE LICENSE" (Revision 42):
# <tom@tomjudge.com> wrote this file. As long as you retain this notice you
# can do whatever you want with this stuff. If we meet some day, and you think
# this stuff is worth it, you can buy me a beer in return Tom Judge.
# ----------------------------------------------------------------------------

## THESE VARIABLES MUST MATCH /usr/local/etc/ezjail.conf on the jail host.
control:
    ROLE_JailHost::
        AddInstallable = (
            ezjail_failed_primary
            ezjail_failed_backup 
            )

        ezjail_jailbase = ( /data/jails/basejail )
        ezjail_jailtemplate = ( /data/jails/newjail )

groups:
    ROLE_JailHost::
        ezjail_has_jailbase = ( IsDir(${ezjail_jailbase}) )
        ezjail_has_jailtemplate = ( IsDir(${ezjail_jailtemplate}) )

copy:
    freebsd.ROLE_JailHost::
        ${configroot}/config/ezjail/ezjail.conf
            dest=/usr/local/etc/ezjail.conf
            failover=ezjail_failed_primary
            ignore=.svn
            mode=0644
            recurse=inf
            server=${primary_server}
            type=checksum
        ${configroot}/config/ezjail/flavours
            dest=/data/jails/flavours
            failover=ezjail_failed_primary
            ignore=.svn
            mode=0644
            recurse=inf
            server=${primary_server}
            type=checksum

    freebsd.ROLE_JailHost.ezjail_jailed_primary::
        ${configroot}/config/ezjail/ezjail.conf
            dest=/usr/local/etc/ezjail.conf
            failover=ezjail_failed_backup
            ignore=.svn
            mode=0644
            recurse=inf
            server=${backup_server}
            type=checksum
        ${configroot}/config/ezjail/flavours
            dest=/data/jails/flavours
            failover=ezjail_failed_backup
            ignore=.svn
            mode=0644
            recurse=inf
            server=${backup_server}
            type=checksum

directories:
    freebsd.ROLE_JailHost::
        ${ezjail_jailtemplate}/usr/home
            mode=775
            owner=root
            group=${root_group}

    freebsd.ROLE_JailHost.ezjail_has_jailbase::
        ${ezjail_jailbase}
            mode=755
            owner=root
            group=${root_group}

        ${ezjail_jailbase}/usr
            mode=755
            owner=root
            group=${root_group}

        ${ezjail_jailbase}/usr/lib32
            mode=755
            owner=root
            group=${root_group}

files:
    freebsd.ROLE_JailHost::
        /data/jails
            mode=700
            owner=root
            group=${root_group}
            action=fixall

        
editfiles:
    freebsd.ROLE_JailHost::
        { /etc/rc.conf
            AppendIfNoSuchLine "ezjail_enable=\"YES\""
            AppendIfNoSuchLine "jail_sysvipc_allow=\"YES\""
        }

shellcommands:
    freebsd.ROLE_JailHost.!ezjail_has_jailbase::
        "/usr/local/bin/ezjail-admin update -i"
            useshell=true
            inform=true
            timeout=10
            expireafter=10

alerts:
    ezjail_failed_backup::
        "Failed to copy the ezjail configuration file."

# vim:set syntax=cfengine:
# vim:set tabstop=4:
# vim:set shiftwidth=4:
# vim:set expandtab: