summaryrefslogtreecommitdiff
path: root/puppet/config
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2017-10-23 19:43:47 -0200
committerSilvio Rhatto <rhatto@riseup.net>2017-10-23 19:43:47 -0200
commitb45c60df8af294fe97b8912a0b9703c76e5de8d6 (patch)
tree2a3442f2e0b3c7494cc591ac8c8053d84c3c9d84 /puppet/config
parentc880b15f013c6d761e4632570112f796ffc1dcda (diff)
parent1bfffe2e0adff6e44ec33726988b64f95ea2f599 (diff)
downloaddebian-b45c60df8af294fe97b8912a0b9703c76e5de8d6.tar.gz
debian-b45c60df8af294fe97b8912a0b9703c76e5de8d6.tar.bz2
Merge commit '1bfffe2e0adff6e44ec33726988b64f95ea2f599' into develop
Diffstat (limited to 'puppet/config')
-rw-r--r--puppet/config/common.yaml65
-rw-r--r--puppet/config/hiera.yaml41
-rw-r--r--puppet/config/node/box.example.org.yaml47
3 files changed, 153 insertions, 0 deletions
diff --git a/puppet/config/common.yaml b/puppet/config/common.yaml
new file mode 100644
index 0000000..29fb400
--- /dev/null
+++ b/puppet/config/common.yaml
@@ -0,0 +1,65 @@
+---
+#
+# General
+#
+nodo::subsystem::apt::include_src : false
+nodo::subsystem::apt::use_next_release : false
+nodo::subsystem::monitor::use_nagios : false
+nodo::subsystem::monitor::address : "%{::fqdn}"
+
+#
+# Firewall
+#
+firewall::ssl_ratelimit : "s:ssl:200/min:20"
+firewall::local_net : false
+firewall::local::manage_host : true
+firewall::local::manage_iface : false
+
+#
+# Mail
+#
+mail::sympa::subdomain : "listas"
+mail::sympa::lang : "pt_BR"
+
+#
+# Monitoring
+#
+nodo::munin_node::allow: '127.0.0.1:192.168.0.[0-9]*:192.168.1.[0-9]*'
+
+#
+# Timezone and ntp
+#
+ntp::zone : "Brazil/East"
+ntp::pool : "south-america.pool.ntp.org"
+ntp::servers :
+ - 'a.ntp.br'
+ - 'b.ntp.br'
+ - 'c.ntp.br'
+
+#
+# Nameservers
+#
+# OpenDNS
+nodo::subsystem::resolver::nameservers:
+ - '208.67.222.222'
+ - '208.67.220.220'
+
+#
+# OpenSSH
+#
+sshd::use_storedconfigs : false
+sshd::manage_nagios : false
+sshd::listen_address : [ "%{::ipaddress}", '127.0.0.1' ]
+sshd::password_authentication : 'yes'
+sshd::shared_ip : 'yes'
+sshd::tcp_forwarding : 'yes'
+sshd::x11_forwarding : 'no'
+sshd::hardened : 'yes'
+sshd::print_motd : 'no'
+sshd::ports : [ 22 ]
+sshd::use_pam : 'no'
+
+#
+# Backup
+#
+backupninja::keystore: ''
diff --git a/puppet/config/hiera.yaml b/puppet/config/hiera.yaml
new file mode 100644
index 0000000..c39c8e7
--- /dev/null
+++ b/puppet/config/hiera.yaml
@@ -0,0 +1,41 @@
+---
+:backends:
+ - eyaml
+ - yaml
+:yaml:
+ # Right now vagrant and puppet are not fully supporting
+ # a relative datadir. For it to work, we were forced to
+ # create a manifests/hiera symlink. This should be
+ # reconsidered in the future.
+ #
+ # See http://docs.vagrantup.com/v2/provisioning/puppet_apply.html
+ :datadir: '%{settings::confdir}/config'
+:eyaml:
+ :datadir: '%{settings::confdir}/config'
+ :extension: 'yaml'
+
+ # If using the pkcs7 encryptor (default)
+ :pkcs7_private_key: '%{settings::confdir}/keys/private_key.pkcs7.pem'
+ :pkcs7_public_key: '%{settings::confdir}/keys/public_key.pkcs7.pem'
+:hierarchy:
+ #
+ # Put in the secrets folder all sensitive information that
+ # wont be spread into every system if you're using the Hydra Suite.
+ #
+ # We also recommend to leave only encrypted data in your hiera config.
+ #
+ - 'secrets/node/%{::clientcert}'
+ - 'secrets/role/%{::nodo::role}'
+ - 'secrets/location/%{::nodo::location}'
+ - 'secrets/domain/%{::domain}'
+
+ #
+ # All other stuff goes in regular YAML files.
+ #
+ - 'node/%{::clientcert}'
+ - 'role/%{::nodo::role}'
+ - 'virtual/%{::virtual}'
+ - 'location/%{::nodo::location}'
+ - 'domain/%{::domain}'
+ - compiled
+ - common
diff --git a/puppet/config/node/box.example.org.yaml b/puppet/config/node/box.example.org.yaml
new file mode 100644
index 0000000..304d915
--- /dev/null
+++ b/puppet/config/node/box.example.org.yaml
@@ -0,0 +1,47 @@
+---
+#
+# Nodo
+#
+nodo::role 'vagrant'
+
+#
+# Classes
+#
+classes:
+ - 'database'
+ - 'apache'
+
+#
+# MySQL
+#
+# The following password is public information and therefore
+# shall not be user on production.
+mysql::server::rootpw: '9pRfteNbSFFyrHhackme'
+
+#
+# Backup
+#
+nodo::subsystem::backup::localhost : false
+nodo::subsystem::backup::encryptkey : 'none'
+nodo::subsystem::backup::password : 'hacked'
+
+#
+# Apache
+#
+apache::default_folder : '/vagrant'
+apache::default_user : 'vagrant'
+apache::default_group : 'vagrant'
+
+# Manage your app
+apache::sites:
+ myapp:
+ docroot : "/vagrant/"
+ server_alias : 'myapp vagrant localhost'
+ use : [ "Site myapp" ]
+ tag : 'all'
+ owner : vagrant
+ group : vagrant
+ mpm_user : vagrant
+ mpm_group : vagrant
+ password : '$5$NZfZqcdyZ3Xt$.kfZejriEJP3fc6RU0gBGEzMPQ/c3XiowVImB6VDrtD'
+ shell : '/bin/bash'