diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2017-10-23 19:42:32 -0200 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2017-10-23 19:42:32 -0200 |
| commit | 1bfffe2e0adff6e44ec33726988b64f95ea2f599 (patch) | |
| tree | faee925240714b633218448633c841f0de89dbe1 /templates | |
| parent | 5512c493e13998d4c83d7eab3d89e5a1c0836566 (diff) | |
| download | debian-1bfffe2e0adff6e44ec33726988b64f95ea2f599.tar.gz debian-1bfffe2e0adff6e44ec33726988b64f95ea2f599.tar.bz2 | |
Squashed 'puppet/' changes from 8f7043a..59b7f11
59b7f11 Rollback sshd::print_motd
29e15a3 Set sshd::print_motd to yes
8a13cb5 Post-receive: git submodule sync
d0d65d6 Ignore ssl, unignore modules
662bf5a Exclude also .git at provision_rsync_opts
745b98a Configure provision_rsync_opts at kvmxfile
1434057 Set default backupninja::keystore
36de179 Use scripts from /etc/puppet at kvmxfile provision_command
fe2d343 Fixes provision_command at kvmxfile
0a45a48 Use puppet hostname at kvmxfile
e3a3408 Updates kvmxfile
8648b94 Adds kvmxfile
07b03c2 Deploy: check for sudo config
c6414a8 Removes examples
6507997 Cleanup manifests
e867618 Fetch submodules using https
ee8938e Use projects.list on mrconfig
9e67e02 Support for compiled config
ceddd20 Cleanup TODO
6dad16a Adds modules folder
6f98b51 Updates hiera mount location
48f2491 Removes templates
319bdcb Cleanup modules folder
84516c6 Updates TODO
a43c2f9 Updates README
ca1735f Updates TODO
a67e9d4 TODO: vagrant issues
2838e86 Updates TODO
9662168 Updates TODO
afa676d Rename default box
58b18e5 Updates TODO
20858dc Updates TODO
cd876e6 Default eyaml extension
3645ef8 Adds eyaml backend into hiera config
158f12a Adds hiera-eyaml into DEVELOP_DEPENDENCIES
ec33fd1 Adds keys into .gitignore
490f2e2 Adds hiera-eyaml into DEPLOY_DEPENDENCIES
7d1fc96 Fix site_users inheritance
80088c7 Remove usb-utils from deployment dependencies
03764c2 Deploy: check for rsync
5eb3983 Updates git vhost
739c79f Test deployment without git reset
c8a14ca Preload HSTS
e096f08 Deploy: setup DEPLOY_DEPENDENCIES
0a4a8cc Config cleanup
ace1840 Do not install storedconfigs dependencies on provision
b83d85a Check for puppet.conf on provision
54c68a0 Default SSH config
56e4bea Updates TODO
51c1763 Comment wheezy dependencies specifics
3cc7d47 Removes key folder
41b8ef0 Fix deploy dependencies
64b8d70 Deploy dependencies, TODO update
6051509 Cleanup storedconfigs dependencies
1cf6e4b TODO ordering
9de3634 Updates TODO
2cf2a3b Drop pear
4048095 Get rid of storedconfigs
2eeb10b Updates TODO
e678885 Fix manifest lookup on deployment
9078cac Updates Vagrantfile with new config folder
0cb845b Updates TODO
b75d0f3 Rename 'hiera' to 'config'
ae7cfbd Updates TODO
28e3e25 Cleanup unused, old and broken submodules
deaf0de Updates TODO
c33d108 Updates TODO
15abd2e Removes post-update hook
8a14f6d Deploy: dependency: augeas-tools
c71aa65 Updates TODO
4c5f117 Development dependencies
73d6006 Deploy: dependencies in a single place
364912a Adds examples
85d41ce Hiera cleanup
e4d5f1b Updates TODO
08bd8b7 Deploy fixes
15c0293 TODO cleanup
51b910e Updates TODO
4580c2e Updates TODO
69d46bf More TODO cleanup
0c91d41 More TODO cleanup
cee91df More TODO cleanup
082c901 Updates TODO cleanup
d088390 Updates TODO
d721391 Updates TODO
6ec4ac1 Updates TODO
ebfed6b About collected resources patch
3529cff Updates TODO
701ed3b Removes post-update hook
4a684e7 Updates TODO
4b85c5e Updates TODO
b50dbb6 Removes icecast module
907ffde Deploy: support for default.pp
dc8de77 Cleanup proxy template
git-subtree-dir: puppet
git-subtree-split: 59b7f114e4db75aa3d134b8d2d8a3a36271f37d7
Diffstat (limited to 'templates')
24 files changed, 0 insertions, 789 deletions
diff --git a/templates/apache/htdocs/images/README.html.erb b/templates/apache/htdocs/images/README.html.erb deleted file mode 100644 index 4d0f929..0000000 --- a/templates/apache/htdocs/images/README.html.erb +++ /dev/null @@ -1,3 +0,0 @@ -<pre> -When not explicitly mentioned, the use of these images is restricted to <%= base_domain %> -</pre> diff --git a/templates/apache/htdocs/index.html.erb b/templates/apache/htdocs/index.html.erb deleted file mode 100644 index 6d2d7ea..0000000 --- a/templates/apache/htdocs/index.html.erb +++ /dev/null @@ -1,9 +0,0 @@ -<html><head> -<meta http-equiv="refresh" content="1;url=http://<%= domain %>"> -<title><%= domain %></title></head><body> - -<center> - <p><code>You are being redirected to <a href="http://<%= domain %>">http://<%= domain %></a>.</code></p> -</center> - -</body></html> diff --git a/templates/apache/htdocs/missing.html.erb b/templates/apache/htdocs/missing.html.erb deleted file mode 100644 index 0c95ef3..0000000 --- a/templates/apache/htdocs/missing.html.erb +++ /dev/null @@ -1,12 +0,0 @@ -<html> -<head> -<title>404 - Not Found</title> -</head> -<body> - <center> - <pre> - The address you are trying to reach could not be found. :( - </pre> - </center> -</body> -</html> diff --git a/templates/apache/vhosts/cgit.erb b/templates/apache/vhosts/cgit.erb deleted file mode 100644 index d2d393d..0000000 --- a/templates/apache/vhosts/cgit.erb +++ /dev/null @@ -1,30 +0,0 @@ -# begin vhost for cgit -<VirtualHost *:80> - ServerName git.<%= domain %> - ServerAlias gitweb.<%= domain %> - - ServerSignature Off - - Alias /cgit.css /var/www/htdocs/cgit/cgit.css - Alias /cgit.png /var/www/htdocs/cgit/cgit.png - - ScriptAlias /cgi-bin/ /var/www/htdocs/cgit/ - - DocumentRoot /var/git/repositories - <Directory /var/git/repositories> - AllowOverride None - Options +ExecCGI - Order allow,deny - Allow from all - - DirectoryIndex /cgi-bin/cgit.cgi - - RewriteEngine on - RewriteCond %{REQUEST_FILENAME} !-f - RewriteRule ^.*$ /cgi-bin/cgit.cgi/$0 [L,PT] - </Directory> - - ErrorLog /var/log/apache2/cgit.openezx.org/error.log - CustomLog /var/log/apache2/cgit.openezx.org/access.log common -</VirtualHost> -# end vhost for git diff --git a/templates/apache/vhosts/git.erb b/templates/apache/vhosts/git.erb deleted file mode 100644 index 89173ac..0000000 --- a/templates/apache/vhosts/git.erb +++ /dev/null @@ -1,21 +0,0 @@ -# begin vhost for git -<VirtualHost *:80> - # Recipe based on http://josephspiros.com/2009/07/26/configuring-gitweb-for-apache-on-debian - - ServerName git.<%= domain %> - ServerAlias gitweb.<%= domain %> - SetEnv GITWEB_CONFIG /etc/gitweb.conf - HeaderName HEADER - DocumentRoot /var/git/repositories - Alias /gitweb.css /usr/share/gitweb/gitweb.css - Alias /git-favicon.png /usr/share/gitweb/git-favicon.png - Alias /git-logo.png /usr/share/gitweb/git-logo.png - - ScriptAlias /gitweb /usr/lib/cgi-bin/gitweb.cgi - RewriteEngine on - - # Rewrite all other paths that aren't git repo internals to gitweb - RewriteRule ^/$ /gitweb [PT] - RewriteRule ^/(.*\.git/(?!/?(HEAD|info|objects|refs)).*)?$ /gitweb%{REQUEST_URI} [L,PT] -</VirtualHost> -# end vhost for git diff --git a/templates/apache/vhosts/lists.erb b/templates/apache/vhosts/lists.erb deleted file mode 100644 index 158dfd4..0000000 --- a/templates/apache/vhosts/lists.erb +++ /dev/null @@ -1,22 +0,0 @@ -# begin vhost for lists.<%= domain %> -<VirtualHost *:80> - ServerName lists.<%= domain %> - DocumentRoot /var/www/data/lists - - RedirectMatch ^/$ https://lists.<%= domain %>/wws - Alias /static-sympa /var/lib/sympa/static_content - Alias /wwsicons /usr/share/sympa/icons - ScriptAlias /wws /var/www/data/lists/wwsympa.fcgi - - <IfModule mod_fcgid.c> - IPCCommTimeout 120 - MaxProcessCount 2 - </IfModule> - - SuexecUserGroup sympa sympa - - <Location /wws> - SetHandler fcgid-script - </Location> -</VirtualHost> -# end vhost for lists.<%= domain %> diff --git a/templates/apache/vhosts/mail.erb b/templates/apache/vhosts/mail.erb deleted file mode 100644 index 3badcf0..0000000 --- a/templates/apache/vhosts/mail.erb +++ /dev/null @@ -1,72 +0,0 @@ -# begin vhost for mail.<%= domain > -<VirtualHost *:80> - ServerName mail.<%= domain > - #DocumentRoot /usr/share/squirrelmail - DocumentRoot /var/lib/roundcube - - # begin squirrel config - <Directory /usr/share/squirrelmail> - Options Indexes FollowSymLinks - <IfModule mod_php4.c> - php_flag register_globals off - </IfModule> - <IfModule mod_php5.c> - php_flag register_globals off - </IfModule> - <IfModule mod_dir.c> - DirectoryIndex index.php - </IfModule> - - # access to configtest is limited by default to prevent information leak - <Files configtest.php> - order deny,allow - deny from all - allow from 127.0.0.1 - </Files> - </Directory> - # end squirrel config - - # begin roundcube config - # Access to tinymce files - Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/ - Alias /roundcube /var/lib/roundcube - - <Directory "/usr/share/tinymce/www/"> - Options Indexes MultiViews FollowSymLinks - AllowOverride None - Order allow,deny - allow from all - </Directory> - - <Directory /var/lib/roundcube/> - Options +FollowSymLinks - # This is needed to parse /var/lib/roundcube/.htaccess. See its - # content before setting AllowOverride to None. - AllowOverride All - order allow,deny - allow from all - </Directory> - - # Protecting basic directories: - <Directory /var/lib/roundcube/config> - Options -FollowSymLinks - AllowOverride None - </Directory> - - <Directory /var/lib/roundcube/temp> - Options -FollowSymLinks - AllowOverride None - Order allow,deny - Deny from all - </Directory> - - <Directory /var/lib/roundcube/logs> - Options -FollowSymLinks - AllowOverride None - Order allow,deny - Deny from all - </Directory> - # end roundcube config - -</VirtualHost> -# end vhost for mail.<%= domain > diff --git a/templates/apache/vhosts/nagios.erb b/templates/apache/vhosts/nagios.erb deleted file mode 100644 index 8b3d252..0000000 --- a/templates/apache/vhosts/nagios.erb +++ /dev/null @@ -1,61 +0,0 @@ -# begin vhost for nagios -<VirtualHost *:80> - ServerName nagios.<%= domain > - DocumentRoot /usr/share/nagios3/htdocs - - # apache configuration for nagios 3.x - # note to users of nagios 1.x and 2.x: - # throughout this file are commented out sections which preserve - # backwards compatibility with bookmarks/config forî<80><80>older nagios versios. - # simply look for lines following "nagios 1.x:" and "nagios 2.x" comments. - - ScriptAlias /cgi-bin/nagios3 /usr/lib/cgi-bin/nagios3 - ScriptAlias /nagios3/cgi-bin /usr/lib/cgi-bin/nagios3 - # nagios 1.x: - #ScriptAlias /cgi-bin/nagios /usr/lib/cgi-bin/nagios3 - #ScriptAlias /nagios/cgi-bin /usr/lib/cgi-bin/nagios3 - # nagios 2.x: - #ScriptAlias /cgi-bin/nagios2 /usr/lib/cgi-bin/nagios3 - #ScriptAlias /nagios2/cgi-bin /usr/lib/cgi-bin/nagios3 - - # Where the stylesheets (config files) reside - Alias /nagios3/stylesheets /etc/nagios3/stylesheets - # nagios 1.x: - #Alias /nagios/stylesheets /etc/nagios3/stylesheets - # nagios 2.x: - #Alias /nagios2/stylesheets /etc/nagios3/stylesheets - - # Where the HTML pages live - Alias /nagios3 /usr/share/nagios3/htdocs - # nagios 2.x: - #Alias /nagios2 /usr/share/nagios3/htdocs - # nagios 1.x: - #Alias /nagios /usr/share/nagios3/htdocs - - <DirectoryMatch (/usr/share/nagios3/htdocs|/usr/lib/cgi-bin/nagios3)> - Options FollowSymLinks - - DirectoryIndex index.html - - AllowOverride AuthConfig - Order Allow,Deny - Allow From All - - AuthName "Nagios Access" - AuthType Basic - AuthUserFile /etc/nagios3/htpasswd.users - # nagios 1.x: - #AuthUserFile /etc/nagios/htpasswd.users - require valid-user - </DirectoryMatch> - - # Enable this ScriptAlias if you want to enable the grouplist patch. - # See http://apan.sourceforge.net/download.html for more info - # It allows you to see a clickable list of all hostgroups in the - # left pane of the Nagios web interface - # XXX This is not tested for nagios 2.x use at your own peril - #ScriptAlias /nagios3/side.html /usr/lib/cgi-bin/nagios3/grouplist.cgi - # nagios 1.x: - #ScriptAlias /nagios/side.html /usr/lib/cgi-bin/nagios3/grouplist.cgi -</VirtualHost> -# end vhost for nagios diff --git a/templates/apache/vhosts/wiki.erb b/templates/apache/vhosts/wiki.erb deleted file mode 100644 index 56e395b..0000000 --- a/templates/apache/vhosts/wiki.erb +++ /dev/null @@ -1,17 +0,0 @@ -# begin vhost for wiki.<%= domain > -<VirtualHost *:80> - ServerName wiki.<%= domain > - DocumentRoot /var/www/data/wiki - - # begin wiki config - <Directory /var/www/data/wiki> - Options Indexes Includes FollowSymLinks MultiViews - AllowOverride All - </Directory> - # end wiki config - - <IfModule mpm_itk_module> - AssignUserId wiki wiki - </IfModule> -</VirtualHost> -# end vhost for wiki.<%= domain > diff --git a/templates/etc/aliases.erb b/templates/etc/aliases.erb deleted file mode 100644 index f520f68..0000000 --- a/templates/etc/aliases.erb +++ /dev/null @@ -1,15 +0,0 @@ -# /etc/aliases -mailer-daemon: postmaster -postmaster: root -nobody: root -hostmaster: root -usenet: root -news: root -webmaster: root -www: root -ftp: root -abuse: root -noc: root -security: root -reprepro: root -root: <%= first_user_email %> diff --git a/templates/etc/nagios3/htpasswd.users.erb b/templates/etc/nagios3/htpasswd.users.erb deleted file mode 100644 index c21d493..0000000 --- a/templates/etc/nagios3/htpasswd.users.erb +++ /dev/null @@ -1 +0,0 @@ -nagiosadmin:0FCabjvUTHvxF diff --git a/templates/etc/nginx/domain.erb b/templates/etc/nginx/domain.erb deleted file mode 100644 index 8beff14..0000000 --- a/templates/etc/nginx/domain.erb +++ /dev/null @@ -1,173 +0,0 @@ -# <%= domain %> proxy config - -# Set the max size for file uploads -client_max_body_size 100M; - -# SNI Configuration -server { - listen 443 default; - server_name _; - ssl on; - ssl_certificate /etc/ssl/certs/blank.crt; - ssl_certificate_key /etc/ssl/private/blank.pem; - return 403; -} - -server { - # see config tips at - # http://blog.taragana.com/index.php/archive/nginx-hacking-tips/ - - # Don't log anything - access_log /dev/null; - error_log /dev/null; - - # simple reverse-proxy - listen 80; - server_name *.<%= domain %> <%= domain %> - - # enable HSTS header - add_header Strict-Transport-Security "max-age=15768000; includeSubdomains"; - - # https redirection by default - rewrite ^(.*) https://$host$1 redirect; - - # rewrite rules for backups.<%= domain %> - #if ($host ~* ^backups\.<%= domain %>$) { - # rewrite ^(.*) https://$host$1 redirect; - # break; - #} - - # rewrite rules for admin.<%= domain %> - #if ($host ~* ^admin\.<%= domain %>$) { - # rewrite ^(.*) https://$host$1 redirect; - # break; - #} - - # rewrite rules for munin.<%= domain %> - #if ($host ~* ^munin\.<%= domain %>$) { - # rewrite ^(.*) https://$host$1 redirect; - # break; - #} - - # rewrite rules for trac.<%= domain %> - #if ($host ~* ^trac\.<%= domain %>$) { - # rewrite ^(.*) https://$host$1 redirect; - # break; - #} - - # rewrite rules for nagios.<%= domain %> - #if ($host ~* ^nagios\.<%= domain %>$) { - # rewrite ^(.*) https://$host$1 redirect; - # break; - #} - - # rewrite rules for htpasswd.<%= domain %> - #if ($host ~* ^htpasswd\.<%= domain %>$) { - # rewrite ^(.*) https://$host$1 redirect; - # break; - #} - - # rewrite rules for postfixadmin.<%= domain %> - #if ($host ~* ^postfixadmin\.<%= domain %>$) { - # rewrite ^(.*) https://$host$1 redirect; - # break; - #} - - # rewrite rules for mail.<%= domain %> - #if ($host ~* ^mail\.<%= domain %>$) { - # rewrite ^(.*) https://$host$1 redirect; - # break; - #} - - # rewrite rules for lists.<%= domain %> - #if ($host ~* ^lists\.<%= domain %>$) { - # rewrite ^(.*) https://$host$1 redirect; - # break; - #} - - # pass requests for dynamic content - location / { - proxy_set_header Host $http_host; - proxy_pass http://weblocal:80; - } - -} - -server { - # https reverse proxy - listen 443; - server_name *.<%= domain %> <%= domain %>; - - # Don't log anything - access_log /dev/null; - error_log /dev/null; - - ssl on; - ssl_certificate /etc/ssl/certs/cert.crt; - ssl_certificate_key /etc/ssl/private/cert.pem; - - ssl_session_timeout 5m; - - ssl_protocols SSLv3 TLSv1; - ssl_ciphers HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH; - ssl_prefer_server_ciphers on; - ssl_dhparam /etc/ssl/dhparams/dhparams_2048.pem; - - # Set the max size for file uploads - client_max_body_size 100M; - - location / { - # preserve http header and set forwarded proto - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-Proto https; - - proxy_read_timeout 120; - proxy_connect_timeout 120; - - # rewrite rules for admin.<%= domain %> - if ($host ~* ^admin\.<%= domain %>$) { - proxy_pass http://admin:80; - break; - } - - # rewrite rules for munin.<%= domain %> - if ($host ~* ^munin\.<%= domain %>$) { - proxy_pass http://admin:80; - break; - } - - # rewrite rules for trac.<%= domain %> - if ($host ~* ^trac\.<%= domain %>$) { - proxy_pass http://admin:80; - break; - } - - # rewrite rules for nagios.<%= domain %> - if ($host ~* ^nagios\.<%= domain %>$) { - proxy_pass http://admin:80; - break; - } - - # rewrite rules for postfixadmin.<%= domain %> - if ($host ~* ^postfixadmin\.<%= domain %>$) { - proxy_pass http://mail:80; - break; - } - - # rewrite rules for mail.<%= domain %> - if ($host ~* ^mail\.<%= domain %>$) { - proxy_pass http://mail:80; - break; - } - - # rewrite rules for lists.<%= domain %> - if ($host ~* ^lists\.<%= domain %>$) { - proxy_pass http://mail:80; - break; - } - - # default proxy pass - proxy_pass http://weblocal:80; - } - -} diff --git a/templates/postfix/tls_policy.erb b/templates/postfix/tls_policy.erb deleted file mode 100644 index e69de29..0000000 --- a/templates/postfix/tls_policy.erb +++ /dev/null diff --git a/templates/puppet/auth.conf.erb b/templates/puppet/auth.conf.erb deleted file mode 100644 index 96f078c..0000000 --- a/templates/puppet/auth.conf.erb +++ /dev/null @@ -1,120 +0,0 @@ -# This is the default auth.conf file, which implements the default rules -# used by the puppet master. (That is, the rules below will still apply -# even if this file is deleted.) -# -# The ACLs are evaluated in top-down order. More specific stanzas should -# be towards the top of the file and more general ones at the bottom; -# otherwise, the general rules may "steal" requests that should be -# governed by the specific rules. -# -# See http://docs.puppetlabs.com/guides/rest_auth_conf.html for a more complete -# description of auth.conf's behavior. -# -# Supported syntax: -# Each stanza in auth.conf starts with a path to match, followed -# by optional modifiers, and finally, a series of allow or deny -# directives. -# -# Example Stanza -# --------------------------------- -# path /path/to/resource # simple prefix match -# # path ~ regex # alternately, regex match -# [environment envlist] -# [method methodlist] -# [auth[enthicated] {yes|no|on|off|any}] -# allow [host|backreference|*|regex] -# deny [host|backreference|*|regex] -# allow_ip [ip|cidr|ip_wildcard|*] -# deny_ip [ip|cidr|ip_wildcard|*] -# -# The path match can either be a simple prefix match or a regular -# expression. `path /file` would match both `/file_metadata` and -# `/file_content`. Regex matches allow the use of backreferences -# in the allow/deny directives. -# -# The regex syntax is the same as for Ruby regex, and captures backreferences -# for use in the `allow` and `deny` lines of that stanza -# -# Examples: -# -# path ~ ^/path/to/resource # Equivalent to `path /path/to/resource`. -# allow * # Allow all authenticated nodes (since auth -# # defaults to `yes`). -# -# path ~ ^/catalog/([^/]+)$ # Permit nodes to access their own catalog (by -# allow $1 # certname), but not any other node's catalog. -# -# path ~ ^/file_(metadata|content)/extra_files/ # Only allow certain nodes to -# auth yes # access the "extra_files" -# allow /^(.+)\.example\.com$/ # mount point; note this must -# allow_ip 192.168.100.0/24 # go ABOVE the "/file" rule, -# # since it is more specific. -# -# environment:: restrict an ACL to a comma-separated list of environments -# method:: restrict an ACL to a comma-separated list of HTTP methods -# auth:: restrict an ACL to an authenticated or unauthenticated request -# the default when unspecified is to restrict the ACL to authenticated requests -# (ie exactly as if auth yes was present). -# - -### Authenticated ACLs - these rules apply only when the client -### has a valid certificate and is thus authenticated - -# allow nodes to retrieve their own catalog -path ~ ^/catalog/([^/]+)$ -method find -allow $1 - -# allow nodes to retrieve their own node definition -path ~ ^/node/([^/]+)$ -method find -allow $1 - -# allow all nodes to access the certificates services -path /certificate_revocation_list/ca -method find -allow * - -# allow all nodes to store their own reports -path ~ ^/report/([^/]+)$ -method save -allow $1 - -# Allow all nodes to access all file services; this is necessary for -# pluginsync, file serving from modules, and file serving from custom -# mount points (see fileserver.conf). Note that the `/file` prefix matches -# requests to both the file_metadata and file_content paths. See "Examples" -# above if you need more granular access control for custom mount points. -path /file -allow * - -### Unauthenticated ACLs, for clients without valid certificates; authenticated -### clients can also access these paths, though they rarely need to. - -# allow access to the CA certificate; unauthenticated nodes need this -# in order to validate the puppet master's certificate -path /certificate/ca -auth any -method find -allow * - -# allow nodes to retrieve the certificate they requested earlier -path /certificate/ -auth any -method find -allow * - -# allow nodes to request a new certificate -path /certificate_request -auth any -method find, save -allow * - -path /v2.0/environments -method find -allow * - -# deny everything else; this ACL is not strictly necessary, but -# illustrates the default policy. -path / -auth any diff --git a/templates/puppet/fileserver.conf.erb b/templates/puppet/fileserver.conf.erb deleted file mode 100644 index e4d6e0a..0000000 --- a/templates/puppet/fileserver.conf.erb +++ /dev/null @@ -1,21 +0,0 @@ -# See http://docs.puppetlabs.com/guides/file_serving.html - -# Files -[files] - path /etc/puppet/files - allow *.<%= base_domain %> - -# SSL keys -[ssl] - path /etc/puppet/keys/ssl - deny * - -# SSH keys -[ssh] - path /etc/puppet/keys/ssh/%h - allow * - -# Public keys -[pubkeys] - path /etc/puppet/keys/public - allow * diff --git a/templates/puppet/master.pp.erb b/templates/puppet/master.pp.erb deleted file mode 100644 index 5865723..0000000 --- a/templates/puppet/master.pp.erb +++ /dev/null @@ -1,10 +0,0 @@ -node '<%= hostname %>-master.<%= domain %>' { - $main_master = true - include nodo::master - - # encrypted data remote backup - #backup::rdiff { "other-host": - # port => "10102", - #} - -} diff --git a/templates/puppet/nodes.pp.erb b/templates/puppet/nodes.pp.erb deleted file mode 100644 index 4acddc6..0000000 --- a/templates/puppet/nodes.pp.erb +++ /dev/null @@ -1,14 +0,0 @@ -# -# Node definitions. -# - -<%- if first_nodes == 'present' then -%> -import "nodes/<%= first_hostname %>.pp" -import "nodes/<%= first_hostname %>-master.pp" -import "nodes/<%= first_hostname %>-proxy.pp" -import "nodes/<%= first_hostname %>-web.pp" -import "nodes/<%= first_hostname %>-storage.pp" -import "nodes/<%= first_hostname %>-test.pp" -<%- else -%> -#import "nodes/example.pp" -<%- end -%> diff --git a/templates/puppet/proxy.pp.erb b/templates/puppet/proxy.pp.erb deleted file mode 100644 index 908c2ec..0000000 --- a/templates/puppet/proxy.pp.erb +++ /dev/null @@ -1,53 +0,0 @@ -node '<%= hostname %>-proxy.<%= domain %>' { - #$mail_delivery = 'tunnel' - #$mail_hostname = 'mail' - #$mail_ssh_port = '2202' - - include nodo::proxy - - # encrypted data remote backup - #backup::rdiff { "other-host": - # port => "10102", - #} - - # reference to admin vserver - host { "<%= hostname %>-master": - ensure => present, - ip => "192.168.0.2", - host_aliases => [ "<%= hostname %>-master.<%= domain %>", "puppet", "admin" ], - notify => Service["nginx"], - } - - # reference to proxy vserver - #host { "<%= hostname %>-proxy": - # ensure => present, - # ip => "192.168.0.3", - # host_aliases => [ "<%= hostname %>-proxy.<%= domain %>", "<%= hostname %>-proxy" ], - # notify => Service["nginx"], - #} - - # reference to web vserver - host { "<%= hostname %>-web": - ensure => present, - ip => "192.168.0.4", - host_aliases => [ "<%= hostname %>-web.<%= domain %>", "<%= hostname %>-web", "weblocal" ], - notify => Service["nginx"], - } - - # reference to storage vserver - host { "<%= hostname %>-storage": - ensure => present, - ip => "192.168.0.5", - host_aliases => [ "<%= hostname %>-storage.<%= domain %>", "<%= hostname %>-storage" ], - notify => Service["nginx"], - } - - # reference to test vserver - host { "<%= hostname %>-test": - ensure => present, - ip => "192.168.0.6", - host_aliases => [ "<%= hostname %>-test.<%= domain %>", "<%= hostname %>-test" ], - notify => Service["nginx"], - } - -} diff --git a/templates/puppet/puppet.conf.erb b/templates/puppet/puppet.conf.erb deleted file mode 100644 index e2751ca..0000000 --- a/templates/puppet/puppet.conf.erb +++ /dev/null @@ -1,30 +0,0 @@ -[main] -logdir = /var/log/puppet -vardir = /var/lib/puppetmaster -ssldir = $vardir/ssl -rundir = /var/run/puppet -factpath = $vardir/lib/facter -pluginsync = true - -[master] -templatedir = $vardir/templates -masterport = 8140 -autosign = false -storeconfigs = true -dbadapter = sqlite3 -#dbadapter = mysql -#dbserver = localhost -#dbuser = puppet -#dbpassword = <%= db_password %> -dbconnections = 15 -certname = puppet.<%= base_domain %> -ssl_client_header = SSL_CLIENT_S_DN -ssl_client_verify_header = SSL_CLIENT_VERIFY - -[agent] -server = puppet.<%= base_domain %> -vardir = /var/lib/puppet -ssldir = $vardir/ssl -runinterval = 7200 -puppetport = 8139 -configtimeout = 300 diff --git a/templates/puppet/server.pp.erb b/templates/puppet/server.pp.erb deleted file mode 100644 index fcd21e0..0000000 --- a/templates/puppet/server.pp.erb +++ /dev/null @@ -1,41 +0,0 @@ -node '<%= hostname %>.<%= domain %>' { - #$mail_delivery = 'tunnel' - #$mail_hostname = 'mail' - #$mail_ssh_port = '2202' - $shorewall_dmz = true - $resolvconf_nameservers = $opendns_nameservers - $has_ups = false - include nodo::server - - # - # Linux-VServers - # - #nodo::vserver::instance { "<%= hostname %>-master": - # context => '2', - # puppetmaster => true, - #} - - #nodo::vserver::instance { "<%= hostname %>-proxy": - # context => '3', - # proxy => true, - #} - - #nodo::vserver::instance { "<%= hostname %>-web": - # context => '4', - # gitd => true, - #} - - #nodo::vserver::instance { "<%= hostname %>-storage": - # context => '5', - #} - - #nodo::vserver::instance { "<%= hostname %>-test": - # context => '6', - # memory_limit => 500, - #} - - # encrypted data remote backup - #backup::rdiff { "other-host": - # port => "10105", - #} -} diff --git a/templates/puppet/storage.pp.erb b/templates/puppet/storage.pp.erb deleted file mode 100644 index be93335..0000000 --- a/templates/puppet/storage.pp.erb +++ /dev/null @@ -1,13 +0,0 @@ -node '<%= hostname %>-storage.<%= domain %>' { - #$mail_delivery = 'tunnel' - #$mail_hostname = 'mail' - #$mail_ssh_port = '2202' - - include nodo::storage - - # encrypted data remote backup - #backup::rdiff { "other-host": - # port => "10102", - #} - -} diff --git a/templates/puppet/test.pp.erb b/templates/puppet/test.pp.erb deleted file mode 100644 index 816eca9..0000000 --- a/templates/puppet/test.pp.erb +++ /dev/null @@ -1,13 +0,0 @@ -node '<%= hostname %>-test.<%= domain %>' { - #$mail_delivery = 'tunnel' - #$mail_hostname = 'mail' - #$mail_ssh_port = '2202' - - include nodo::test - - # encrypted data remote backup - #backup::rdiff { "other-host": - # port => "10102", - #} - -} diff --git a/templates/puppet/users.pp.erb b/templates/puppet/users.pp.erb deleted file mode 100644 index 3b7c857..0000000 --- a/templates/puppet/users.pp.erb +++ /dev/null @@ -1,25 +0,0 @@ -class users::virtual inherits user { - # define custom users here -} - -class users::backup inherits user { - # define third-party hosted backup users here -} - -class users::admin inherits user { - # root user and password - user::manage { "root": - tag => "admin", - homedir => '/root', - password => '<%= root_password %>', - } - - # first user config - user::manage { "<%= first_user %>": - tag => "admin", - groups => [ "sudo", ], - password => '<%= first_user_password %>', - sshkey => [ "<%= first_user_sshkey %>" ], - } - -} diff --git a/templates/puppet/web.pp.erb b/templates/puppet/web.pp.erb deleted file mode 100644 index afc328b..0000000 --- a/templates/puppet/web.pp.erb +++ /dev/null @@ -1,13 +0,0 @@ -node '<%= hostname %>-web.<%= domain %>' { - #$mail_delivery = 'tunnel' - #$mail_hostname = 'mail' - #$mail_ssh_port = '2202' - - include nodo::web - - # encrypted data remote backup - #backup::rdiff { "other-host": - # port => "10102", - #} - -} |