diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2017-10-23 19:43:47 -0200 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2017-10-23 19:43:47 -0200 |
commit | b45c60df8af294fe97b8912a0b9703c76e5de8d6 (patch) | |
tree | 2a3442f2e0b3c7494cc591ac8c8053d84c3c9d84 /puppet/config/common.yaml | |
parent | c880b15f013c6d761e4632570112f796ffc1dcda (diff) | |
parent | 1bfffe2e0adff6e44ec33726988b64f95ea2f599 (diff) | |
download | debian-b45c60df8af294fe97b8912a0b9703c76e5de8d6.tar.gz debian-b45c60df8af294fe97b8912a0b9703c76e5de8d6.tar.bz2 |
Merge commit '1bfffe2e0adff6e44ec33726988b64f95ea2f599' into develop
Diffstat (limited to 'puppet/config/common.yaml')
-rw-r--r-- | puppet/config/common.yaml | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/puppet/config/common.yaml b/puppet/config/common.yaml new file mode 100644 index 0000000..29fb400 --- /dev/null +++ b/puppet/config/common.yaml @@ -0,0 +1,65 @@ +--- +# +# General +# +nodo::subsystem::apt::include_src : false +nodo::subsystem::apt::use_next_release : false +nodo::subsystem::monitor::use_nagios : false +nodo::subsystem::monitor::address : "%{::fqdn}" + +# +# Firewall +# +firewall::ssl_ratelimit : "s:ssl:200/min:20" +firewall::local_net : false +firewall::local::manage_host : true +firewall::local::manage_iface : false + +# +# Mail +# +mail::sympa::subdomain : "listas" +mail::sympa::lang : "pt_BR" + +# +# Monitoring +# +nodo::munin_node::allow: '127.0.0.1:192.168.0.[0-9]*:192.168.1.[0-9]*' + +# +# Timezone and ntp +# +ntp::zone : "Brazil/East" +ntp::pool : "south-america.pool.ntp.org" +ntp::servers : + - 'a.ntp.br' + - 'b.ntp.br' + - 'c.ntp.br' + +# +# Nameservers +# +# OpenDNS +nodo::subsystem::resolver::nameservers: + - '208.67.222.222' + - '208.67.220.220' + +# +# OpenSSH +# +sshd::use_storedconfigs : false +sshd::manage_nagios : false +sshd::listen_address : [ "%{::ipaddress}", '127.0.0.1' ] +sshd::password_authentication : 'yes' +sshd::shared_ip : 'yes' +sshd::tcp_forwarding : 'yes' +sshd::x11_forwarding : 'no' +sshd::hardened : 'yes' +sshd::print_motd : 'no' +sshd::ports : [ 22 ] +sshd::use_pam : 'no' + +# +# Backup +# +backupninja::keystore: '' |