diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2013-04-14 15:12:28 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2013-04-14 15:12:28 -0300 |
commit | 3f2aad8d17bde2354ad6d222d85d7281c40391b5 (patch) | |
tree | c8f290a1d6609baf41e97017c4e10022c1fdbe9e | |
parent | 11466421c5c5ebb56d345b8f100e22fcd4b539ce (diff) | |
download | puppet-nodo-3f2aad8d17bde2354ad6d222d85d7281c40391b5.tar.gz puppet-nodo-3f2aad8d17bde2354ad6d222d85d7281c40391b5.tar.bz2 |
Splitting nodo code into subsystems
-rw-r--r-- | manifests/base.pp | 135 | ||||
-rw-r--r-- | manifests/role/default.pp | 2 | ||||
-rw-r--r-- | manifests/subsystem/apt.pp | 48 | ||||
-rw-r--r-- | manifests/subsystem/backup.pp | 26 | ||||
-rw-r--r-- | manifests/subsystem/hostname.pp | 9 | ||||
-rw-r--r-- | manifests/subsystem/local.pp | 9 | ||||
-rw-r--r-- | manifests/subsystem/mail.pp | 14 | ||||
-rw-r--r-- | manifests/subsystem/sshd.pp | 29 |
8 files changed, 143 insertions, 129 deletions
diff --git a/manifests/base.pp b/manifests/base.pp index 6507c27..746a6fa 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -3,6 +3,12 @@ class nodo::base { include nodo::subsystem::sudo include nodo::subsystem::locales include nodo::subsystem::profile + include nodo::subsystem::apt + include nodo::subsystem::backup + include nodo::subsystem::mail + include nodo::subsystem::sshd + include nodo::subsystem::hostname + include nodo::subsystem::local include nodo::utils include tunnel::autossh include domain_check @@ -17,135 +23,6 @@ class nodo::base { master => hiera('nodo::role::master::main', false) } - # - # Backup - # - class { 'backup': } - - $local_backup = hiera('nodo::backup::localhost', false) - - # Local encrypted backup - case $local_backup { - true,enabled,present: { - backup::duplicity { "localhost": - encryptkey => hiera('nodo::backup::encryptkey'), - password => hiera('nodo::backup::password'), - } - } - absent: { - backup::duplicity { "localhost": - encryptkey => hiera('nodo::backup::encryptkey'), - password => hiera('nodo::backup::password'), - ensure => absent, - } - } - default: { } - } - # Does not work well inside vservers class { 'runit': ensure => absent } - - # Email delivery configuration - $mail_delivery = hiera('nodo::mail_delivery', 'exim') - case $mail_delivery { - 'tunnel': { - $mail_hostname = hiera('nodo::mail_hostname') - tunnel::autossh::mail { "$mail_hostname": - sshport => hiera('nodo::mail_ssh_port'), - } - } - 'postfix': { } - '','exim',default: { include exim::tls } - } - - # - # Apt configuration - # - class { 'apt': - include_src => hiera('nodo::apt_include_src', false), - use_next_release => hiera('nodo::apt_use_next_release', false), - custom_key_dir => hiera('nodo::apt_custom_key_dir', 'puppet:///modules/site_apt/keys.d') - } - - include apt::unattended_upgrades - - $apt_domain_source = hiera('nodo::apt_domain_source', false) - - apt::sources_list { "${::domain}.list": - source => [ "puppet:///modules/site_apt/sources.list.d/${::operatingsystem}/${::lsbdistcodename}/${::domain}.list", - "puppet:///modules/site_apt/sources.list.d/${::operatingsystem}/${::domain}.list", ], - ensure => $apt_domain_source ? { - true => present, - default => absent, - } - } - - # Preferences file can't have dots in the filename - $apt_domain_preferences = regsubst($::domain, '\.', '-', 'G') - - file { "/etc/apt/preferences.d/${apt_domain_preferences}": - source => [ "puppet:///modules/site_apt/preferences.d/${::operatingsystem}/${::domain}", - "puppet:///modules/nodo/preferences.d/custom" ], - ensure => $apt_domain_source ? { - true => present, - default => absent, - } - } - - $apt_proxy = hiera('nodo::apt_proxy', false) - - if $apt_proxy != false { - class { 'apt::proxy_client': - proxy => $apt_proxy, - port => hiera('nodo::apt_proxy_port', ''), - } - } - - package { 'apt-transport-https': - ensure => present, - } - - # SSH Server - # - # We need to restrict listen address by default so multiple - # instances can live together in the same physical host. - # - class { 'sshd': - manage_nagios => hiera('nodo::sshd_manage_nagios', false), - listen_address => hiera('nodo::sshd_listen_address', [ "${::ipaddress}", '127.0.0.1' ]), - password_authentication => hiera('nodo::sshd_password_authentication', 'yes'), - shared_ip => hiera('nodo::sshd_shared_ip', 'yes'), - tcp_forwarding => hiera('nodo::sshd_tcp_forwarding', 'yes'), - hardened_ssl => hiera('nodo::sshd_hardened_ssl', 'yes'), - print_motd => hiera('nodo::sshd_print_motd', 'no'), - ports => hiera('nodo::sshd_ports', [ 22 ]), - use_pam => hiera('nodo::sshd_use_pam', 'no'), - } - - # Add the localhost ssh key, useful when one needs - # to ssh to localhost. - sshkey { [ 'localhost', '127.0.0.1' ]: - type => ssh-rsa, - key => $::sshrsakey, - ensure => $::sshrsakey ? { - '' => absent, - default => present, - }, - } - - file { "/etc/hostname": - owner => "root", - group => "root", - mode => 0644, - ensure => present, - content => "${::fqdn}\n", - } - - file { "/etc/rc.local": - source => "puppet:///modules/nodo/etc/rc.local", - owner => "root", - group => "root", - mode => 0755, - ensure => present, - } } diff --git a/manifests/role/default.pp b/manifests/role/default.pp new file mode 100644 index 0000000..6a5717e --- /dev/null +++ b/manifests/role/default.pp @@ -0,0 +1,2 @@ +class nodo::role::default { +} diff --git a/manifests/subsystem/apt.pp b/manifests/subsystem/apt.pp new file mode 100644 index 0000000..b3f643d --- /dev/null +++ b/manifests/subsystem/apt.pp @@ -0,0 +1,48 @@ +class nodo::subsystem::apt { + # + # Apt configuration + # + class { 'apt': + include_src => hiera('nodo::subsystem::apt::include_src', false), + use_next_release => hiera('nodo::subsystem::apt::use_next_release', false), + custom_key_dir => hiera('nodo::subsystem::apt::custom_key_dir', 'puppet:///modules/site_apt/keys.d') + } + + include apt::unattended_upgrades + + $apt_domain_source = hiera('nodo::subsystem::apt::domain_source', false) + + apt::sources_list { "${::domain}.list": + source => [ "puppet:///modules/site_apt/sources.list.d/${::operatingsystem}/${::lsbdistcodename}/${::domain}.list", + "puppet:///modules/site_apt/sources.list.d/${::operatingsystem}/${::domain}.list", ], + ensure => $apt_domain_source ? { + true => present, + default => absent, + } + } + + # Preferences file can't have dots in the filename + $apt_domain_preferences = regsubst($::domain, '\.', '-', 'G') + + file { "/etc/apt/preferences.d/${apt_domain_preferences}": + source => [ "puppet:///modules/site_apt/preferences.d/${::operatingsystem}/${::domain}", + "puppet:///modules/nodo/preferences.d/custom" ], + ensure => $apt_domain_source ? { + true => present, + default => absent, + } + } + + $apt_proxy = hiera('nodo::subsystem::apt::proxy', false) + + if $apt_proxy != false { + class { 'apt::proxy_client': + proxy => $apt_proxy, + port => hiera('nodo::subsystem::apt::proxy_port', ''), + } + } + + package { 'apt-transport-https': + ensure => present, + } +} diff --git a/manifests/subsystem/backup.pp b/manifests/subsystem/backup.pp new file mode 100644 index 0000000..eb3dafc --- /dev/null +++ b/manifests/subsystem/backup.pp @@ -0,0 +1,26 @@ +class nodo::subsystem::backup { + # + # Backup + # + class { 'backup': } + + $local_backup = hiera('nodo::subsystem::backup::localhost', false) + + # Local encrypted backup + case $local_backup { + true,enabled,present: { + backup::duplicity { "localhost": + encryptkey => hiera('nodo::subsystem::backup::encryptkey'), + password => hiera('nodo::subsystem::backup::password'), + } + } + absent: { + backup::duplicity { "localhost": + encryptkey => hiera('nodo::subsystem::backup::encryptkey'), + password => hiera('nodo::subsystem::backup::password'), + ensure => absent, + } + } + default: { } + } +} diff --git a/manifests/subsystem/hostname.pp b/manifests/subsystem/hostname.pp new file mode 100644 index 0000000..4dedcec --- /dev/null +++ b/manifests/subsystem/hostname.pp @@ -0,0 +1,9 @@ +class nodo::subsystem::hostname { + file { "/etc/hostname": + owner => "root", + group => "root", + mode => 0644, + ensure => present, + content => "${::fqdn}\n", + } +} diff --git a/manifests/subsystem/local.pp b/manifests/subsystem/local.pp new file mode 100644 index 0000000..be02bbe --- /dev/null +++ b/manifests/subsystem/local.pp @@ -0,0 +1,9 @@ +class nodo::subsystem::local { + file { "/etc/rc.local": + source => "puppet:///modules/nodo/etc/rc.local", + owner => "root", + group => "root", + mode => 0755, + ensure => present, + } +} diff --git a/manifests/subsystem/mail.pp b/manifests/subsystem/mail.pp new file mode 100644 index 0000000..12c7e4b --- /dev/null +++ b/manifests/subsystem/mail.pp @@ -0,0 +1,14 @@ +class nodo::subsystem::mail { + # Email delivery configuration + $mail_delivery = hiera('nodo::subsystem::mail::delivery', 'exim') + case $mail_delivery { + 'tunnel': { + $mail_hostname = hiera('nodo::subsystem::mail::hostname') + tunnel::autossh::mail { "$mail_hostname": + sshport => hiera('nodo::subsystem::mail::ssh_port'), + } + } + 'postfix': { } + '','exim',default: { include exim::tls } + } +} diff --git a/manifests/subsystem/sshd.pp b/manifests/subsystem/sshd.pp new file mode 100644 index 0000000..80c6747 --- /dev/null +++ b/manifests/subsystem/sshd.pp @@ -0,0 +1,29 @@ +class nodo::subsystem::sshd { + # SSH Server + # + # We need to restrict listen address by default so multiple + # instances can live together in the same physical host. + # + class { 'sshd': + manage_nagios => hiera('nodo::subsystem::sshd::manage_nagios', false), + listen_address => hiera('nodo::subsystem::sshd::listen_address', [ "${::ipaddress}", '127.0.0.1' ]), + password_authentication => hiera('nodo::subsystem::sshd::password_authentication', 'yes'), + shared_ip => hiera('nodo::subsystem::sshd::shared_ip', 'yes'), + tcp_forwarding => hiera('nodo::subsystem::sshd::tcp_forwarding', 'yes'), + hardened_ssl => hiera('nodo::subsystem::sshd::hardened_ssl', 'yes'), + print_motd => hiera('nodo::subsystem::sshd::print_motd', 'no'), + ports => hiera('nodo::subsystem::sshd::ports', [ 22 ]), + use_pam => hiera('nodo::subsystem::sshd::use_pam', 'no'), + } + + # Add the localhost ssh key, useful when one needs + # to ssh to localhost. + sshkey { [ 'localhost', '127.0.0.1' ]: + type => ssh-rsa, + key => $::sshrsakey, + ensure => $::sshrsakey ? { + '' => absent, + default => present, + }, + } +} |