1 files changed, 66 insertions, 0 deletions

diff --git a/manifests/subsystem/scanner.pp b/manifests/subsystem/scanner.pp
new file mode 100644
index 0000000..26622e9
--- /dev/null
+++ b/manifests/subsystem/scanner.pp
@@ -0,0 +1,66 @@
+class nodo::subsystem::scanner {
+  package { 'sane':
+    ensure  => present,
+  }
+
+  group { [ 'lp', 'saned', 'scanner' ]:
+    ensure    => present,
+    allowdupe => false,
+  }
+
+  user { 'saned':
+    ensure    => present,
+    comment   => 'saned',
+    gid       => 'saned',
+    home      => '/home/saned',
+    shell     => '/bin/false',
+    allowdupe => false,
+    require   => Group['lp', 'saned', 'scanner'],
+  }
+
+  file { '/etc/default/saned' :
+    ensure  => present,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    source  => 'puppet:///modules/nodo/etc/default/saned',
+    require => Package['saned'],
+  }
+
+  file { '/etc/sane.d/saned.conf' :
+    ensure  => present,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    source  => 'puppet:///modules/nodo/etc/sane.d/saned.conf',
+    require => Package['sane'],
+  }
+
+  service { 'saned' :
+    ensure    => running,
+    enable    => true,
+    require   => Package['saned'],
+    subscribe => [ File['/etc/default/saned/', '/etc/sane.d/saned.conf'], User['saned'] ],
+  }
+
+  # Firewall
+  shorewall::rule { "saned":
+    action          => 'ACCEPT',
+    source          => 'net',
+    destination     => '$FW',
+    proto           => 'tcp',
+    destinationport => "6566",
+    ratelimit       => '-',
+    order           => 200,
+  }
+
+  shorewall::rule { "saned-range":
+    action          => 'ACCEPT',
+    source          => 'net',
+    destination     => '$FW',
+    proto           => 'tcp',
+    destinationport => "10000:10100",
+    ratelimit       => '-',
+    order           => 200,
+  }
+}