diff options
Diffstat (limited to 'puppet/config')
-rw-r--r-- | puppet/config/common.yaml | 65 | ||||
-rw-r--r-- | puppet/config/hiera.yaml | 41 | ||||
-rw-r--r-- | puppet/config/node/box.example.org.yaml | 47 |
3 files changed, 153 insertions, 0 deletions
diff --git a/puppet/config/common.yaml b/puppet/config/common.yaml new file mode 100644 index 0000000..29fb400 --- /dev/null +++ b/puppet/config/common.yaml @@ -0,0 +1,65 @@ +--- +# +# General +# +nodo::subsystem::apt::include_src : false +nodo::subsystem::apt::use_next_release : false +nodo::subsystem::monitor::use_nagios : false +nodo::subsystem::monitor::address : "%{::fqdn}" + +# +# Firewall +# +firewall::ssl_ratelimit : "s:ssl:200/min:20" +firewall::local_net : false +firewall::local::manage_host : true +firewall::local::manage_iface : false + +# +# Mail +# +mail::sympa::subdomain : "listas" +mail::sympa::lang : "pt_BR" + +# +# Monitoring +# +nodo::munin_node::allow: '127.0.0.1:192.168.0.[0-9]*:192.168.1.[0-9]*' + +# +# Timezone and ntp +# +ntp::zone : "Brazil/East" +ntp::pool : "south-america.pool.ntp.org" +ntp::servers : + - 'a.ntp.br' + - 'b.ntp.br' + - 'c.ntp.br' + +# +# Nameservers +# +# OpenDNS +nodo::subsystem::resolver::nameservers: + - '208.67.222.222' + - '208.67.220.220' + +# +# OpenSSH +# +sshd::use_storedconfigs : false +sshd::manage_nagios : false +sshd::listen_address : [ "%{::ipaddress}", '127.0.0.1' ] +sshd::password_authentication : 'yes' +sshd::shared_ip : 'yes' +sshd::tcp_forwarding : 'yes' +sshd::x11_forwarding : 'no' +sshd::hardened : 'yes' +sshd::print_motd : 'no' +sshd::ports : [ 22 ] +sshd::use_pam : 'no' + +# +# Backup +# +backupninja::keystore: '' diff --git a/puppet/config/hiera.yaml b/puppet/config/hiera.yaml new file mode 100644 index 0000000..c39c8e7 --- /dev/null +++ b/puppet/config/hiera.yaml @@ -0,0 +1,41 @@ +--- +:backends: + - eyaml + - yaml +:yaml: + # Right now vagrant and puppet are not fully supporting + # a relative datadir. For it to work, we were forced to + # create a manifests/hiera symlink. This should be + # reconsidered in the future. + # + # See http://docs.vagrantup.com/v2/provisioning/puppet_apply.html + :datadir: '%{settings::confdir}/config' +:eyaml: + :datadir: '%{settings::confdir}/config' + :extension: 'yaml' + + # If using the pkcs7 encryptor (default) + :pkcs7_private_key: '%{settings::confdir}/keys/private_key.pkcs7.pem' + :pkcs7_public_key: '%{settings::confdir}/keys/public_key.pkcs7.pem' +:hierarchy: + # + # Put in the secrets folder all sensitive information that + # wont be spread into every system if you're using the Hydra Suite. + # + # We also recommend to leave only encrypted data in your hiera config. + # + - 'secrets/node/%{::clientcert}' + - 'secrets/role/%{::nodo::role}' + - 'secrets/location/%{::nodo::location}' + - 'secrets/domain/%{::domain}' + + # + # All other stuff goes in regular YAML files. + # + - 'node/%{::clientcert}' + - 'role/%{::nodo::role}' + - 'virtual/%{::virtual}' + - 'location/%{::nodo::location}' + - 'domain/%{::domain}' + - compiled + - common diff --git a/puppet/config/node/box.example.org.yaml b/puppet/config/node/box.example.org.yaml new file mode 100644 index 0000000..304d915 --- /dev/null +++ b/puppet/config/node/box.example.org.yaml @@ -0,0 +1,47 @@ +--- +# +# Nodo +# +nodo::role 'vagrant' + +# +# Classes +# +classes: + - 'database' + - 'apache' + +# +# MySQL +# +# The following password is public information and therefore +# shall not be user on production. +mysql::server::rootpw: '9pRfteNbSFFyrHhackme' + +# +# Backup +# +nodo::subsystem::backup::localhost : false +nodo::subsystem::backup::encryptkey : 'none' +nodo::subsystem::backup::password : 'hacked' + +# +# Apache +# +apache::default_folder : '/vagrant' +apache::default_user : 'vagrant' +apache::default_group : 'vagrant' + +# Manage your app +apache::sites: + myapp: + docroot : "/vagrant/" + server_alias : 'myapp vagrant localhost' + use : [ "Site myapp" ] + tag : 'all' + owner : vagrant + group : vagrant + mpm_user : vagrant + mpm_group : vagrant + password : '$5$NZfZqcdyZ3Xt$.kfZejriEJP3fc6RU0gBGEzMPQ/c3XiowVImB6VDrtD' + shell : '/bin/bash' |