From 1bfffe2e0adff6e44ec33726988b64f95ea2f599 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Mon, 23 Oct 2017 19:42:32 -0200 Subject: Squashed 'puppet/' changes from 8f7043a..59b7f11 59b7f11 Rollback sshd::print_motd 29e15a3 Set sshd::print_motd to yes 8a13cb5 Post-receive: git submodule sync d0d65d6 Ignore ssl, unignore modules 662bf5a Exclude also .git at provision_rsync_opts 745b98a Configure provision_rsync_opts at kvmxfile 1434057 Set default backupninja::keystore 36de179 Use scripts from /etc/puppet at kvmxfile provision_command fe2d343 Fixes provision_command at kvmxfile 0a45a48 Use puppet hostname at kvmxfile e3a3408 Updates kvmxfile 8648b94 Adds kvmxfile 07b03c2 Deploy: check for sudo config c6414a8 Removes examples 6507997 Cleanup manifests e867618 Fetch submodules using https ee8938e Use projects.list on mrconfig 9e67e02 Support for compiled config ceddd20 Cleanup TODO 6dad16a Adds modules folder 6f98b51 Updates hiera mount location 48f2491 Removes templates 319bdcb Cleanup modules folder 84516c6 Updates TODO a43c2f9 Updates README ca1735f Updates TODO a67e9d4 TODO: vagrant issues 2838e86 Updates TODO 9662168 Updates TODO afa676d Rename default box 58b18e5 Updates TODO 20858dc Updates TODO cd876e6 Default eyaml extension 3645ef8 Adds eyaml backend into hiera config 158f12a Adds hiera-eyaml into DEVELOP_DEPENDENCIES ec33fd1 Adds keys into .gitignore 490f2e2 Adds hiera-eyaml into DEPLOY_DEPENDENCIES 7d1fc96 Fix site_users inheritance 80088c7 Remove usb-utils from deployment dependencies 03764c2 Deploy: check for rsync 5eb3983 Updates git vhost 739c79f Test deployment without git reset c8a14ca Preload HSTS e096f08 Deploy: setup DEPLOY_DEPENDENCIES 0a4a8cc Config cleanup ace1840 Do not install storedconfigs dependencies on provision b83d85a Check for puppet.conf on provision 54c68a0 Default SSH config 56e4bea Updates TODO 51c1763 Comment wheezy dependencies specifics 3cc7d47 Removes key folder 41b8ef0 Fix deploy dependencies 64b8d70 Deploy dependencies, TODO update 6051509 Cleanup storedconfigs dependencies 1cf6e4b TODO ordering 9de3634 Updates TODO 2cf2a3b Drop pear 4048095 Get rid of storedconfigs 2eeb10b Updates TODO e678885 Fix manifest lookup on deployment 9078cac Updates Vagrantfile with new config folder 0cb845b Updates TODO b75d0f3 Rename 'hiera' to 'config' ae7cfbd Updates TODO 28e3e25 Cleanup unused, old and broken submodules deaf0de Updates TODO c33d108 Updates TODO 15abd2e Removes post-update hook 8a14f6d Deploy: dependency: augeas-tools c71aa65 Updates TODO 4c5f117 Development dependencies 73d6006 Deploy: dependencies in a single place 364912a Adds examples 85d41ce Hiera cleanup e4d5f1b Updates TODO 08bd8b7 Deploy fixes 15c0293 TODO cleanup 51b910e Updates TODO 4580c2e Updates TODO 69d46bf More TODO cleanup 0c91d41 More TODO cleanup cee91df More TODO cleanup 082c901 Updates TODO cleanup d088390 Updates TODO d721391 Updates TODO 6ec4ac1 Updates TODO ebfed6b About collected resources patch 3529cff Updates TODO 701ed3b Removes post-update hook 4a684e7 Updates TODO 4b85c5e Updates TODO b50dbb6 Removes icecast module 907ffde Deploy: support for default.pp dc8de77 Cleanup proxy template git-subtree-dir: puppet git-subtree-split: 59b7f114e4db75aa3d134b8d2d8a3a36271f37d7 --- templates/apache/htdocs/images/README.html.erb | 3 - templates/apache/htdocs/index.html.erb | 9 -- templates/apache/htdocs/missing.html.erb | 12 -- templates/apache/vhosts/cgit.erb | 30 ----- templates/apache/vhosts/git.erb | 21 --- templates/apache/vhosts/lists.erb | 22 ---- templates/apache/vhosts/mail.erb | 72 ---------- templates/apache/vhosts/nagios.erb | 61 --------- templates/apache/vhosts/wiki.erb | 17 --- templates/etc/aliases.erb | 15 --- templates/etc/nagios3/htpasswd.users.erb | 1 - templates/etc/nginx/domain.erb | 173 ------------------------- templates/postfix/tls_policy.erb | 0 templates/puppet/auth.conf.erb | 120 ----------------- templates/puppet/fileserver.conf.erb | 21 --- templates/puppet/master.pp.erb | 10 -- templates/puppet/nodes.pp.erb | 14 -- templates/puppet/proxy.pp.erb | 53 -------- templates/puppet/puppet.conf.erb | 30 ----- templates/puppet/server.pp.erb | 41 ------ templates/puppet/storage.pp.erb | 13 -- templates/puppet/test.pp.erb | 13 -- templates/puppet/users.pp.erb | 25 ---- templates/puppet/web.pp.erb | 13 -- 24 files changed, 789 deletions(-) delete mode 100644 templates/apache/htdocs/images/README.html.erb delete mode 100644 templates/apache/htdocs/index.html.erb delete mode 100644 templates/apache/htdocs/missing.html.erb delete mode 100644 templates/apache/vhosts/cgit.erb delete mode 100644 templates/apache/vhosts/git.erb delete mode 100644 templates/apache/vhosts/lists.erb delete mode 100644 templates/apache/vhosts/mail.erb delete mode 100644 templates/apache/vhosts/nagios.erb delete mode 100644 templates/apache/vhosts/wiki.erb delete mode 100644 templates/etc/aliases.erb delete mode 100644 templates/etc/nagios3/htpasswd.users.erb delete mode 100644 templates/etc/nginx/domain.erb delete mode 100644 templates/postfix/tls_policy.erb delete mode 100644 templates/puppet/auth.conf.erb delete mode 100644 templates/puppet/fileserver.conf.erb delete mode 100644 templates/puppet/master.pp.erb delete mode 100644 templates/puppet/nodes.pp.erb delete mode 100644 templates/puppet/proxy.pp.erb delete mode 100644 templates/puppet/puppet.conf.erb delete mode 100644 templates/puppet/server.pp.erb delete mode 100644 templates/puppet/storage.pp.erb delete mode 100644 templates/puppet/test.pp.erb delete mode 100644 templates/puppet/users.pp.erb delete mode 100644 templates/puppet/web.pp.erb (limited to 'templates') diff --git a/templates/apache/htdocs/images/README.html.erb b/templates/apache/htdocs/images/README.html.erb deleted file mode 100644 index 4d0f929..0000000 --- a/templates/apache/htdocs/images/README.html.erb +++ /dev/null @@ -1,3 +0,0 @@ -
-When not explicitly mentioned, the use of these images is restricted to <%= base_domain %>
-
diff --git a/templates/apache/htdocs/index.html.erb b/templates/apache/htdocs/index.html.erb deleted file mode 100644 index 6d2d7ea..0000000 --- a/templates/apache/htdocs/index.html.erb +++ /dev/null @@ -1,9 +0,0 @@ - - -<%= domain %> - -
-

You are being redirected to http://<%= domain %>.

-
- - diff --git a/templates/apache/htdocs/missing.html.erb b/templates/apache/htdocs/missing.html.erb deleted file mode 100644 index 0c95ef3..0000000 --- a/templates/apache/htdocs/missing.html.erb +++ /dev/null @@ -1,12 +0,0 @@ - - -404 - Not Found - - -
- 
-  The address you are trying to reach could not be found. :(
-
-
- - diff --git a/templates/apache/vhosts/cgit.erb b/templates/apache/vhosts/cgit.erb deleted file mode 100644 index d2d393d..0000000 --- a/templates/apache/vhosts/cgit.erb +++ /dev/null @@ -1,30 +0,0 @@ -# begin vhost for cgit - - ServerName git.<%= domain %> - ServerAlias gitweb.<%= domain %> - - ServerSignature Off - - Alias /cgit.css /var/www/htdocs/cgit/cgit.css - Alias /cgit.png /var/www/htdocs/cgit/cgit.png - - ScriptAlias /cgi-bin/ /var/www/htdocs/cgit/ - - DocumentRoot /var/git/repositories - - AllowOverride None - Options +ExecCGI - Order allow,deny - Allow from all - - DirectoryIndex /cgi-bin/cgit.cgi - - RewriteEngine on - RewriteCond %{REQUEST_FILENAME} !-f - RewriteRule ^.*$ /cgi-bin/cgit.cgi/$0 [L,PT] - - - ErrorLog /var/log/apache2/cgit.openezx.org/error.log - CustomLog /var/log/apache2/cgit.openezx.org/access.log common - -# end vhost for git diff --git a/templates/apache/vhosts/git.erb b/templates/apache/vhosts/git.erb deleted file mode 100644 index 89173ac..0000000 --- a/templates/apache/vhosts/git.erb +++ /dev/null @@ -1,21 +0,0 @@ -# begin vhost for git - - # Recipe based on http://josephspiros.com/2009/07/26/configuring-gitweb-for-apache-on-debian - - ServerName git.<%= domain %> - ServerAlias gitweb.<%= domain %> - SetEnv GITWEB_CONFIG /etc/gitweb.conf - HeaderName HEADER - DocumentRoot /var/git/repositories - Alias /gitweb.css /usr/share/gitweb/gitweb.css - Alias /git-favicon.png /usr/share/gitweb/git-favicon.png - Alias /git-logo.png /usr/share/gitweb/git-logo.png - - ScriptAlias /gitweb /usr/lib/cgi-bin/gitweb.cgi - RewriteEngine on - - # Rewrite all other paths that aren't git repo internals to gitweb - RewriteRule ^/$ /gitweb [PT] - RewriteRule ^/(.*\.git/(?!/?(HEAD|info|objects|refs)).*)?$ /gitweb%{REQUEST_URI} [L,PT] - -# end vhost for git diff --git a/templates/apache/vhosts/lists.erb b/templates/apache/vhosts/lists.erb deleted file mode 100644 index 158dfd4..0000000 --- a/templates/apache/vhosts/lists.erb +++ /dev/null @@ -1,22 +0,0 @@ -# begin vhost for lists.<%= domain %> - - ServerName lists.<%= domain %> - DocumentRoot /var/www/data/lists - - RedirectMatch ^/$ https://lists.<%= domain %>/wws - Alias /static-sympa /var/lib/sympa/static_content - Alias /wwsicons /usr/share/sympa/icons - ScriptAlias /wws /var/www/data/lists/wwsympa.fcgi - - - IPCCommTimeout 120 - MaxProcessCount 2 - - - SuexecUserGroup sympa sympa - - - SetHandler fcgid-script - - -# end vhost for lists.<%= domain %> diff --git a/templates/apache/vhosts/mail.erb b/templates/apache/vhosts/mail.erb deleted file mode 100644 index 3badcf0..0000000 --- a/templates/apache/vhosts/mail.erb +++ /dev/null @@ -1,72 +0,0 @@ -# begin vhost for mail.<%= domain > - - ServerName mail.<%= domain > - #DocumentRoot /usr/share/squirrelmail - DocumentRoot /var/lib/roundcube - - # begin squirrel config - - Options Indexes FollowSymLinks - - php_flag register_globals off - - - php_flag register_globals off - - - DirectoryIndex index.php - - - # access to configtest is limited by default to prevent information leak - - order deny,allow - deny from all - allow from 127.0.0.1 - - - # end squirrel config - - # begin roundcube config - # Access to tinymce files - Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/ - Alias /roundcube /var/lib/roundcube - - - Options Indexes MultiViews FollowSymLinks - AllowOverride None - Order allow,deny - allow from all - - - - Options +FollowSymLinks - # This is needed to parse /var/lib/roundcube/.htaccess. See its - # content before setting AllowOverride to None. - AllowOverride All - order allow,deny - allow from all - - - # Protecting basic directories: - - Options -FollowSymLinks - AllowOverride None - - - - Options -FollowSymLinks - AllowOverride None - Order allow,deny - Deny from all - - - - Options -FollowSymLinks - AllowOverride None - Order allow,deny - Deny from all - - # end roundcube config - - -# end vhost for mail.<%= domain > diff --git a/templates/apache/vhosts/nagios.erb b/templates/apache/vhosts/nagios.erb deleted file mode 100644 index 8b3d252..0000000 --- a/templates/apache/vhosts/nagios.erb +++ /dev/null @@ -1,61 +0,0 @@ -# begin vhost for nagios - - ServerName nagios.<%= domain > - DocumentRoot /usr/share/nagios3/htdocs - - # apache configuration for nagios 3.x - # note to users of nagios 1.x and 2.x: - # throughout this file are commented out sections which preserve - # backwards compatibility with bookmarks/config forî<80><80>older nagios versios. - # simply look for lines following "nagios 1.x:" and "nagios 2.x" comments. - - ScriptAlias /cgi-bin/nagios3 /usr/lib/cgi-bin/nagios3 - ScriptAlias /nagios3/cgi-bin /usr/lib/cgi-bin/nagios3 - # nagios 1.x: - #ScriptAlias /cgi-bin/nagios /usr/lib/cgi-bin/nagios3 - #ScriptAlias /nagios/cgi-bin /usr/lib/cgi-bin/nagios3 - # nagios 2.x: - #ScriptAlias /cgi-bin/nagios2 /usr/lib/cgi-bin/nagios3 - #ScriptAlias /nagios2/cgi-bin /usr/lib/cgi-bin/nagios3 - - # Where the stylesheets (config files) reside - Alias /nagios3/stylesheets /etc/nagios3/stylesheets - # nagios 1.x: - #Alias /nagios/stylesheets /etc/nagios3/stylesheets - # nagios 2.x: - #Alias /nagios2/stylesheets /etc/nagios3/stylesheets - - # Where the HTML pages live - Alias /nagios3 /usr/share/nagios3/htdocs - # nagios 2.x: - #Alias /nagios2 /usr/share/nagios3/htdocs - # nagios 1.x: - #Alias /nagios /usr/share/nagios3/htdocs - - - Options FollowSymLinks - - DirectoryIndex index.html - - AllowOverride AuthConfig - Order Allow,Deny - Allow From All - - AuthName "Nagios Access" - AuthType Basic - AuthUserFile /etc/nagios3/htpasswd.users - # nagios 1.x: - #AuthUserFile /etc/nagios/htpasswd.users - require valid-user - - - # Enable this ScriptAlias if you want to enable the grouplist patch. - # See http://apan.sourceforge.net/download.html for more info - # It allows you to see a clickable list of all hostgroups in the - # left pane of the Nagios web interface - # XXX This is not tested for nagios 2.x use at your own peril - #ScriptAlias /nagios3/side.html /usr/lib/cgi-bin/nagios3/grouplist.cgi - # nagios 1.x: - #ScriptAlias /nagios/side.html /usr/lib/cgi-bin/nagios3/grouplist.cgi - -# end vhost for nagios diff --git a/templates/apache/vhosts/wiki.erb b/templates/apache/vhosts/wiki.erb deleted file mode 100644 index 56e395b..0000000 --- a/templates/apache/vhosts/wiki.erb +++ /dev/null @@ -1,17 +0,0 @@ -# begin vhost for wiki.<%= domain > - - ServerName wiki.<%= domain > - DocumentRoot /var/www/data/wiki - - # begin wiki config - - Options Indexes Includes FollowSymLinks MultiViews - AllowOverride All - - # end wiki config - - - AssignUserId wiki wiki - - -# end vhost for wiki.<%= domain > diff --git a/templates/etc/aliases.erb b/templates/etc/aliases.erb deleted file mode 100644 index f520f68..0000000 --- a/templates/etc/aliases.erb +++ /dev/null @@ -1,15 +0,0 @@ -# /etc/aliases -mailer-daemon: postmaster -postmaster: root -nobody: root -hostmaster: root -usenet: root -news: root -webmaster: root -www: root -ftp: root -abuse: root -noc: root -security: root -reprepro: root -root: <%= first_user_email %> diff --git a/templates/etc/nagios3/htpasswd.users.erb b/templates/etc/nagios3/htpasswd.users.erb deleted file mode 100644 index c21d493..0000000 --- a/templates/etc/nagios3/htpasswd.users.erb +++ /dev/null @@ -1 +0,0 @@ -nagiosadmin:0FCabjvUTHvxF diff --git a/templates/etc/nginx/domain.erb b/templates/etc/nginx/domain.erb deleted file mode 100644 index 8beff14..0000000 --- a/templates/etc/nginx/domain.erb +++ /dev/null @@ -1,173 +0,0 @@ -# <%= domain %> proxy config - -# Set the max size for file uploads -client_max_body_size 100M; - -# SNI Configuration -server { - listen 443 default; - server_name _; - ssl on; - ssl_certificate /etc/ssl/certs/blank.crt; - ssl_certificate_key /etc/ssl/private/blank.pem; - return 403; -} - -server { - # see config tips at - # http://blog.taragana.com/index.php/archive/nginx-hacking-tips/ - - # Don't log anything - access_log /dev/null; - error_log /dev/null; - - # simple reverse-proxy - listen 80; - server_name *.<%= domain %> <%= domain %> - - # enable HSTS header - add_header Strict-Transport-Security "max-age=15768000; includeSubdomains"; - - # https redirection by default - rewrite ^(.*) https://$host$1 redirect; - - # rewrite rules for backups.<%= domain %> - #if ($host ~* ^backups\.<%= domain %>$) { - # rewrite ^(.*) https://$host$1 redirect; - # break; - #} - - # rewrite rules for admin.<%= domain %> - #if ($host ~* ^admin\.<%= domain %>$) { - # rewrite ^(.*) https://$host$1 redirect; - # break; - #} - - # rewrite rules for munin.<%= domain %> - #if ($host ~* ^munin\.<%= domain %>$) { - # rewrite ^(.*) https://$host$1 redirect; - # break; - #} - - # rewrite rules for trac.<%= domain %> - #if ($host ~* ^trac\.<%= domain %>$) { - # rewrite ^(.*) https://$host$1 redirect; - # break; - #} - - # rewrite rules for nagios.<%= domain %> - #if ($host ~* ^nagios\.<%= domain %>$) { - # rewrite ^(.*) https://$host$1 redirect; - # break; - #} - - # rewrite rules for htpasswd.<%= domain %> - #if ($host ~* ^htpasswd\.<%= domain %>$) { - # rewrite ^(.*) https://$host$1 redirect; - # break; - #} - - # rewrite rules for postfixadmin.<%= domain %> - #if ($host ~* ^postfixadmin\.<%= domain %>$) { - # rewrite ^(.*) https://$host$1 redirect; - # break; - #} - - # rewrite rules for mail.<%= domain %> - #if ($host ~* ^mail\.<%= domain %>$) { - # rewrite ^(.*) https://$host$1 redirect; - # break; - #} - - # rewrite rules for lists.<%= domain %> - #if ($host ~* ^lists\.<%= domain %>$) { - # rewrite ^(.*) https://$host$1 redirect; - # break; - #} - - # pass requests for dynamic content - location / { - proxy_set_header Host $http_host; - proxy_pass http://weblocal:80; - } - -} - -server { - # https reverse proxy - listen 443; - server_name *.<%= domain %> <%= domain %>; - - # Don't log anything - access_log /dev/null; - error_log /dev/null; - - ssl on; - ssl_certificate /etc/ssl/certs/cert.crt; - ssl_certificate_key /etc/ssl/private/cert.pem; - - ssl_session_timeout 5m; - - ssl_protocols SSLv3 TLSv1; - ssl_ciphers HIGH:MEDIUM:!aNULL:!SSLv2:!MD5:@STRENGTH; - ssl_prefer_server_ciphers on; - ssl_dhparam /etc/ssl/dhparams/dhparams_2048.pem; - - # Set the max size for file uploads - client_max_body_size 100M; - - location / { - # preserve http header and set forwarded proto - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-Proto https; - - proxy_read_timeout 120; - proxy_connect_timeout 120; - - # rewrite rules for admin.<%= domain %> - if ($host ~* ^admin\.<%= domain %>$) { - proxy_pass http://admin:80; - break; - } - - # rewrite rules for munin.<%= domain %> - if ($host ~* ^munin\.<%= domain %>$) { - proxy_pass http://admin:80; - break; - } - - # rewrite rules for trac.<%= domain %> - if ($host ~* ^trac\.<%= domain %>$) { - proxy_pass http://admin:80; - break; - } - - # rewrite rules for nagios.<%= domain %> - if ($host ~* ^nagios\.<%= domain %>$) { - proxy_pass http://admin:80; - break; - } - - # rewrite rules for postfixadmin.<%= domain %> - if ($host ~* ^postfixadmin\.<%= domain %>$) { - proxy_pass http://mail:80; - break; - } - - # rewrite rules for mail.<%= domain %> - if ($host ~* ^mail\.<%= domain %>$) { - proxy_pass http://mail:80; - break; - } - - # rewrite rules for lists.<%= domain %> - if ($host ~* ^lists\.<%= domain %>$) { - proxy_pass http://mail:80; - break; - } - - # default proxy pass - proxy_pass http://weblocal:80; - } - -} diff --git a/templates/postfix/tls_policy.erb b/templates/postfix/tls_policy.erb deleted file mode 100644 index e69de29..0000000 diff --git a/templates/puppet/auth.conf.erb b/templates/puppet/auth.conf.erb deleted file mode 100644 index 96f078c..0000000 --- a/templates/puppet/auth.conf.erb +++ /dev/null @@ -1,120 +0,0 @@ -# This is the default auth.conf file, which implements the default rules -# used by the puppet master. (That is, the rules below will still apply -# even if this file is deleted.) -# -# The ACLs are evaluated in top-down order. More specific stanzas should -# be towards the top of the file and more general ones at the bottom; -# otherwise, the general rules may "steal" requests that should be -# governed by the specific rules. -# -# See http://docs.puppetlabs.com/guides/rest_auth_conf.html for a more complete -# description of auth.conf's behavior. -# -# Supported syntax: -# Each stanza in auth.conf starts with a path to match, followed -# by optional modifiers, and finally, a series of allow or deny -# directives. -# -# Example Stanza -# --------------------------------- -# path /path/to/resource # simple prefix match -# # path ~ regex # alternately, regex match -# [environment envlist] -# [method methodlist] -# [auth[enthicated] {yes|no|on|off|any}] -# allow [host|backreference|*|regex] -# deny [host|backreference|*|regex] -# allow_ip [ip|cidr|ip_wildcard|*] -# deny_ip [ip|cidr|ip_wildcard|*] -# -# The path match can either be a simple prefix match or a regular -# expression. `path /file` would match both `/file_metadata` and -# `/file_content`. Regex matches allow the use of backreferences -# in the allow/deny directives. -# -# The regex syntax is the same as for Ruby regex, and captures backreferences -# for use in the `allow` and `deny` lines of that stanza -# -# Examples: -# -# path ~ ^/path/to/resource # Equivalent to `path /path/to/resource`. -# allow * # Allow all authenticated nodes (since auth -# # defaults to `yes`). -# -# path ~ ^/catalog/([^/]+)$ # Permit nodes to access their own catalog (by -# allow $1 # certname), but not any other node's catalog. -# -# path ~ ^/file_(metadata|content)/extra_files/ # Only allow certain nodes to -# auth yes # access the "extra_files" -# allow /^(.+)\.example\.com$/ # mount point; note this must -# allow_ip 192.168.100.0/24 # go ABOVE the "/file" rule, -# # since it is more specific. -# -# environment:: restrict an ACL to a comma-separated list of environments -# method:: restrict an ACL to a comma-separated list of HTTP methods -# auth:: restrict an ACL to an authenticated or unauthenticated request -# the default when unspecified is to restrict the ACL to authenticated requests -# (ie exactly as if auth yes was present). -# - -### Authenticated ACLs - these rules apply only when the client -### has a valid certificate and is thus authenticated - -# allow nodes to retrieve their own catalog -path ~ ^/catalog/([^/]+)$ -method find -allow $1 - -# allow nodes to retrieve their own node definition -path ~ ^/node/([^/]+)$ -method find -allow $1 - -# allow all nodes to access the certificates services -path /certificate_revocation_list/ca -method find -allow * - -# allow all nodes to store their own reports -path ~ ^/report/([^/]+)$ -method save -allow $1 - -# Allow all nodes to access all file services; this is necessary for -# pluginsync, file serving from modules, and file serving from custom -# mount points (see fileserver.conf). Note that the `/file` prefix matches -# requests to both the file_metadata and file_content paths. See "Examples" -# above if you need more granular access control for custom mount points. -path /file -allow * - -### Unauthenticated ACLs, for clients without valid certificates; authenticated -### clients can also access these paths, though they rarely need to. - -# allow access to the CA certificate; unauthenticated nodes need this -# in order to validate the puppet master's certificate -path /certificate/ca -auth any -method find -allow * - -# allow nodes to retrieve the certificate they requested earlier -path /certificate/ -auth any -method find -allow * - -# allow nodes to request a new certificate -path /certificate_request -auth any -method find, save -allow * - -path /v2.0/environments -method find -allow * - -# deny everything else; this ACL is not strictly necessary, but -# illustrates the default policy. -path / -auth any diff --git a/templates/puppet/fileserver.conf.erb b/templates/puppet/fileserver.conf.erb deleted file mode 100644 index e4d6e0a..0000000 --- a/templates/puppet/fileserver.conf.erb +++ /dev/null @@ -1,21 +0,0 @@ -# See http://docs.puppetlabs.com/guides/file_serving.html - -# Files -[files] - path /etc/puppet/files - allow *.<%= base_domain %> - -# SSL keys -[ssl] - path /etc/puppet/keys/ssl - deny * - -# SSH keys -[ssh] - path /etc/puppet/keys/ssh/%h - allow * - -# Public keys -[pubkeys] - path /etc/puppet/keys/public - allow * diff --git a/templates/puppet/master.pp.erb b/templates/puppet/master.pp.erb deleted file mode 100644 index 5865723..0000000 --- a/templates/puppet/master.pp.erb +++ /dev/null @@ -1,10 +0,0 @@ -node '<%= hostname %>-master.<%= domain %>' { - $main_master = true - include nodo::master - - # encrypted data remote backup - #backup::rdiff { "other-host": - # port => "10102", - #} - -} diff --git a/templates/puppet/nodes.pp.erb b/templates/puppet/nodes.pp.erb deleted file mode 100644 index 4acddc6..0000000 --- a/templates/puppet/nodes.pp.erb +++ /dev/null @@ -1,14 +0,0 @@ -# -# Node definitions. -# - -<%- if first_nodes == 'present' then -%> -import "nodes/<%= first_hostname %>.pp" -import "nodes/<%= first_hostname %>-master.pp" -import "nodes/<%= first_hostname %>-proxy.pp" -import "nodes/<%= first_hostname %>-web.pp" -import "nodes/<%= first_hostname %>-storage.pp" -import "nodes/<%= first_hostname %>-test.pp" -<%- else -%> -#import "nodes/example.pp" -<%- end -%> diff --git a/templates/puppet/proxy.pp.erb b/templates/puppet/proxy.pp.erb deleted file mode 100644 index 908c2ec..0000000 --- a/templates/puppet/proxy.pp.erb +++ /dev/null @@ -1,53 +0,0 @@ -node '<%= hostname %>-proxy.<%= domain %>' { - #$mail_delivery = 'tunnel' - #$mail_hostname = 'mail' - #$mail_ssh_port = '2202' - - include nodo::proxy - - # encrypted data remote backup - #backup::rdiff { "other-host": - # port => "10102", - #} - - # reference to admin vserver - host { "<%= hostname %>-master": - ensure => present, - ip => "192.168.0.2", - host_aliases => [ "<%= hostname %>-master.<%= domain %>", "puppet", "admin" ], - notify => Service["nginx"], - } - - # reference to proxy vserver - #host { "<%= hostname %>-proxy": - # ensure => present, - # ip => "192.168.0.3", - # host_aliases => [ "<%= hostname %>-proxy.<%= domain %>", "<%= hostname %>-proxy" ], - # notify => Service["nginx"], - #} - - # reference to web vserver - host { "<%= hostname %>-web": - ensure => present, - ip => "192.168.0.4", - host_aliases => [ "<%= hostname %>-web.<%= domain %>", "<%= hostname %>-web", "weblocal" ], - notify => Service["nginx"], - } - - # reference to storage vserver - host { "<%= hostname %>-storage": - ensure => present, - ip => "192.168.0.5", - host_aliases => [ "<%= hostname %>-storage.<%= domain %>", "<%= hostname %>-storage" ], - notify => Service["nginx"], - } - - # reference to test vserver - host { "<%= hostname %>-test": - ensure => present, - ip => "192.168.0.6", - host_aliases => [ "<%= hostname %>-test.<%= domain %>", "<%= hostname %>-test" ], - notify => Service["nginx"], - } - -} diff --git a/templates/puppet/puppet.conf.erb b/templates/puppet/puppet.conf.erb deleted file mode 100644 index e2751ca..0000000 --- a/templates/puppet/puppet.conf.erb +++ /dev/null @@ -1,30 +0,0 @@ -[main] -logdir = /var/log/puppet -vardir = /var/lib/puppetmaster -ssldir = $vardir/ssl -rundir = /var/run/puppet -factpath = $vardir/lib/facter -pluginsync = true - -[master] -templatedir = $vardir/templates -masterport = 8140 -autosign = false -storeconfigs = true -dbadapter = sqlite3 -#dbadapter = mysql -#dbserver = localhost -#dbuser = puppet -#dbpassword = <%= db_password %> -dbconnections = 15 -certname = puppet.<%= base_domain %> -ssl_client_header = SSL_CLIENT_S_DN -ssl_client_verify_header = SSL_CLIENT_VERIFY - -[agent] -server = puppet.<%= base_domain %> -vardir = /var/lib/puppet -ssldir = $vardir/ssl -runinterval = 7200 -puppetport = 8139 -configtimeout = 300 diff --git a/templates/puppet/server.pp.erb b/templates/puppet/server.pp.erb deleted file mode 100644 index fcd21e0..0000000 --- a/templates/puppet/server.pp.erb +++ /dev/null @@ -1,41 +0,0 @@ -node '<%= hostname %>.<%= domain %>' { - #$mail_delivery = 'tunnel' - #$mail_hostname = 'mail' - #$mail_ssh_port = '2202' - $shorewall_dmz = true - $resolvconf_nameservers = $opendns_nameservers - $has_ups = false - include nodo::server - - # - # Linux-VServers - # - #nodo::vserver::instance { "<%= hostname %>-master": - # context => '2', - # puppetmaster => true, - #} - - #nodo::vserver::instance { "<%= hostname %>-proxy": - # context => '3', - # proxy => true, - #} - - #nodo::vserver::instance { "<%= hostname %>-web": - # context => '4', - # gitd => true, - #} - - #nodo::vserver::instance { "<%= hostname %>-storage": - # context => '5', - #} - - #nodo::vserver::instance { "<%= hostname %>-test": - # context => '6', - # memory_limit => 500, - #} - - # encrypted data remote backup - #backup::rdiff { "other-host": - # port => "10105", - #} -} diff --git a/templates/puppet/storage.pp.erb b/templates/puppet/storage.pp.erb deleted file mode 100644 index be93335..0000000 --- a/templates/puppet/storage.pp.erb +++ /dev/null @@ -1,13 +0,0 @@ -node '<%= hostname %>-storage.<%= domain %>' { - #$mail_delivery = 'tunnel' - #$mail_hostname = 'mail' - #$mail_ssh_port = '2202' - - include nodo::storage - - # encrypted data remote backup - #backup::rdiff { "other-host": - # port => "10102", - #} - -} diff --git a/templates/puppet/test.pp.erb b/templates/puppet/test.pp.erb deleted file mode 100644 index 816eca9..0000000 --- a/templates/puppet/test.pp.erb +++ /dev/null @@ -1,13 +0,0 @@ -node '<%= hostname %>-test.<%= domain %>' { - #$mail_delivery = 'tunnel' - #$mail_hostname = 'mail' - #$mail_ssh_port = '2202' - - include nodo::test - - # encrypted data remote backup - #backup::rdiff { "other-host": - # port => "10102", - #} - -} diff --git a/templates/puppet/users.pp.erb b/templates/puppet/users.pp.erb deleted file mode 100644 index 3b7c857..0000000 --- a/templates/puppet/users.pp.erb +++ /dev/null @@ -1,25 +0,0 @@ -class users::virtual inherits user { - # define custom users here -} - -class users::backup inherits user { - # define third-party hosted backup users here -} - -class users::admin inherits user { - # root user and password - user::manage { "root": - tag => "admin", - homedir => '/root', - password => '<%= root_password %>', - } - - # first user config - user::manage { "<%= first_user %>": - tag => "admin", - groups => [ "sudo", ], - password => '<%= first_user_password %>', - sshkey => [ "<%= first_user_sshkey %>" ], - } - -} diff --git a/templates/puppet/web.pp.erb b/templates/puppet/web.pp.erb deleted file mode 100644 index afc328b..0000000 --- a/templates/puppet/web.pp.erb +++ /dev/null @@ -1,13 +0,0 @@ -node '<%= hostname %>-web.<%= domain %>' { - #$mail_delivery = 'tunnel' - #$mail_hostname = 'mail' - #$mail_ssh_port = '2202' - - include nodo::web - - # encrypted data remote backup - #backup::rdiff { "other-host": - # port => "10102", - #} - -} -- cgit v1.2.3