aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2013-04-14 15:12:28 -0300
committerSilvio Rhatto <rhatto@riseup.net>2013-04-14 15:12:28 -0300
commit3f2aad8d17bde2354ad6d222d85d7281c40391b5 (patch)
treec8f290a1d6609baf41e97017c4e10022c1fdbe9e
parent11466421c5c5ebb56d345b8f100e22fcd4b539ce (diff)
downloadpuppet-nodo-3f2aad8d17bde2354ad6d222d85d7281c40391b5.tar.gz
puppet-nodo-3f2aad8d17bde2354ad6d222d85d7281c40391b5.tar.bz2
Splitting nodo code into subsystems
-rw-r--r--manifests/base.pp135
-rw-r--r--manifests/role/default.pp2
-rw-r--r--manifests/subsystem/apt.pp48
-rw-r--r--manifests/subsystem/backup.pp26
-rw-r--r--manifests/subsystem/hostname.pp9
-rw-r--r--manifests/subsystem/local.pp9
-rw-r--r--manifests/subsystem/mail.pp14
-rw-r--r--manifests/subsystem/sshd.pp29
8 files changed, 143 insertions, 129 deletions
diff --git a/manifests/base.pp b/manifests/base.pp
index 6507c27..746a6fa 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -3,6 +3,12 @@ class nodo::base {
include nodo::subsystem::sudo
include nodo::subsystem::locales
include nodo::subsystem::profile
+ include nodo::subsystem::apt
+ include nodo::subsystem::backup
+ include nodo::subsystem::mail
+ include nodo::subsystem::sshd
+ include nodo::subsystem::hostname
+ include nodo::subsystem::local
include nodo::utils
include tunnel::autossh
include domain_check
@@ -17,135 +23,6 @@ class nodo::base {
master => hiera('nodo::role::master::main', false)
}
- #
- # Backup
- #
- class { 'backup': }
-
- $local_backup = hiera('nodo::backup::localhost', false)
-
- # Local encrypted backup
- case $local_backup {
- true,enabled,present: {
- backup::duplicity { "localhost":
- encryptkey => hiera('nodo::backup::encryptkey'),
- password => hiera('nodo::backup::password'),
- }
- }
- absent: {
- backup::duplicity { "localhost":
- encryptkey => hiera('nodo::backup::encryptkey'),
- password => hiera('nodo::backup::password'),
- ensure => absent,
- }
- }
- default: { }
- }
-
# Does not work well inside vservers
class { 'runit': ensure => absent }
-
- # Email delivery configuration
- $mail_delivery = hiera('nodo::mail_delivery', 'exim')
- case $mail_delivery {
- 'tunnel': {
- $mail_hostname = hiera('nodo::mail_hostname')
- tunnel::autossh::mail { "$mail_hostname":
- sshport => hiera('nodo::mail_ssh_port'),
- }
- }
- 'postfix': { }
- '','exim',default: { include exim::tls }
- }
-
- #
- # Apt configuration
- #
- class { 'apt':
- include_src => hiera('nodo::apt_include_src', false),
- use_next_release => hiera('nodo::apt_use_next_release', false),
- custom_key_dir => hiera('nodo::apt_custom_key_dir', 'puppet:///modules/site_apt/keys.d')
- }
-
- include apt::unattended_upgrades
-
- $apt_domain_source = hiera('nodo::apt_domain_source', false)
-
- apt::sources_list { "${::domain}.list":
- source => [ "puppet:///modules/site_apt/sources.list.d/${::operatingsystem}/${::lsbdistcodename}/${::domain}.list",
- "puppet:///modules/site_apt/sources.list.d/${::operatingsystem}/${::domain}.list", ],
- ensure => $apt_domain_source ? {
- true => present,
- default => absent,
- }
- }
-
- # Preferences file can't have dots in the filename
- $apt_domain_preferences = regsubst($::domain, '\.', '-', 'G')
-
- file { "/etc/apt/preferences.d/${apt_domain_preferences}":
- source => [ "puppet:///modules/site_apt/preferences.d/${::operatingsystem}/${::domain}",
- "puppet:///modules/nodo/preferences.d/custom" ],
- ensure => $apt_domain_source ? {
- true => present,
- default => absent,
- }
- }
-
- $apt_proxy = hiera('nodo::apt_proxy', false)
-
- if $apt_proxy != false {
- class { 'apt::proxy_client':
- proxy => $apt_proxy,
- port => hiera('nodo::apt_proxy_port', ''),
- }
- }
-
- package { 'apt-transport-https':
- ensure => present,
- }
-
- # SSH Server
- #
- # We need to restrict listen address by default so multiple
- # instances can live together in the same physical host.
- #
- class { 'sshd':
- manage_nagios => hiera('nodo::sshd_manage_nagios', false),
- listen_address => hiera('nodo::sshd_listen_address', [ "${::ipaddress}", '127.0.0.1' ]),
- password_authentication => hiera('nodo::sshd_password_authentication', 'yes'),
- shared_ip => hiera('nodo::sshd_shared_ip', 'yes'),
- tcp_forwarding => hiera('nodo::sshd_tcp_forwarding', 'yes'),
- hardened_ssl => hiera('nodo::sshd_hardened_ssl', 'yes'),
- print_motd => hiera('nodo::sshd_print_motd', 'no'),
- ports => hiera('nodo::sshd_ports', [ 22 ]),
- use_pam => hiera('nodo::sshd_use_pam', 'no'),
- }
-
- # Add the localhost ssh key, useful when one needs
- # to ssh to localhost.
- sshkey { [ 'localhost', '127.0.0.1' ]:
- type => ssh-rsa,
- key => $::sshrsakey,
- ensure => $::sshrsakey ? {
- '' => absent,
- default => present,
- },
- }
-
- file { "/etc/hostname":
- owner => "root",
- group => "root",
- mode => 0644,
- ensure => present,
- content => "${::fqdn}\n",
- }
-
- file { "/etc/rc.local":
- source => "puppet:///modules/nodo/etc/rc.local",
- owner => "root",
- group => "root",
- mode => 0755,
- ensure => present,
- }
}
diff --git a/manifests/role/default.pp b/manifests/role/default.pp
new file mode 100644
index 0000000..6a5717e
--- /dev/null
+++ b/manifests/role/default.pp
@@ -0,0 +1,2 @@
+class nodo::role::default {
+}
diff --git a/manifests/subsystem/apt.pp b/manifests/subsystem/apt.pp
new file mode 100644
index 0000000..b3f643d
--- /dev/null
+++ b/manifests/subsystem/apt.pp
@@ -0,0 +1,48 @@
+class nodo::subsystem::apt {
+ #
+ # Apt configuration
+ #
+ class { 'apt':
+ include_src => hiera('nodo::subsystem::apt::include_src', false),
+ use_next_release => hiera('nodo::subsystem::apt::use_next_release', false),
+ custom_key_dir => hiera('nodo::subsystem::apt::custom_key_dir', 'puppet:///modules/site_apt/keys.d')
+ }
+
+ include apt::unattended_upgrades
+
+ $apt_domain_source = hiera('nodo::subsystem::apt::domain_source', false)
+
+ apt::sources_list { "${::domain}.list":
+ source => [ "puppet:///modules/site_apt/sources.list.d/${::operatingsystem}/${::lsbdistcodename}/${::domain}.list",
+ "puppet:///modules/site_apt/sources.list.d/${::operatingsystem}/${::domain}.list", ],
+ ensure => $apt_domain_source ? {
+ true => present,
+ default => absent,
+ }
+ }
+
+ # Preferences file can't have dots in the filename
+ $apt_domain_preferences = regsubst($::domain, '\.', '-', 'G')
+
+ file { "/etc/apt/preferences.d/${apt_domain_preferences}":
+ source => [ "puppet:///modules/site_apt/preferences.d/${::operatingsystem}/${::domain}",
+ "puppet:///modules/nodo/preferences.d/custom" ],
+ ensure => $apt_domain_source ? {
+ true => present,
+ default => absent,
+ }
+ }
+
+ $apt_proxy = hiera('nodo::subsystem::apt::proxy', false)
+
+ if $apt_proxy != false {
+ class { 'apt::proxy_client':
+ proxy => $apt_proxy,
+ port => hiera('nodo::subsystem::apt::proxy_port', ''),
+ }
+ }
+
+ package { 'apt-transport-https':
+ ensure => present,
+ }
+}
diff --git a/manifests/subsystem/backup.pp b/manifests/subsystem/backup.pp
new file mode 100644
index 0000000..eb3dafc
--- /dev/null
+++ b/manifests/subsystem/backup.pp
@@ -0,0 +1,26 @@
+class nodo::subsystem::backup {
+ #
+ # Backup
+ #
+ class { 'backup': }
+
+ $local_backup = hiera('nodo::subsystem::backup::localhost', false)
+
+ # Local encrypted backup
+ case $local_backup {
+ true,enabled,present: {
+ backup::duplicity { "localhost":
+ encryptkey => hiera('nodo::subsystem::backup::encryptkey'),
+ password => hiera('nodo::subsystem::backup::password'),
+ }
+ }
+ absent: {
+ backup::duplicity { "localhost":
+ encryptkey => hiera('nodo::subsystem::backup::encryptkey'),
+ password => hiera('nodo::subsystem::backup::password'),
+ ensure => absent,
+ }
+ }
+ default: { }
+ }
+}
diff --git a/manifests/subsystem/hostname.pp b/manifests/subsystem/hostname.pp
new file mode 100644
index 0000000..4dedcec
--- /dev/null
+++ b/manifests/subsystem/hostname.pp
@@ -0,0 +1,9 @@
+class nodo::subsystem::hostname {
+ file { "/etc/hostname":
+ owner => "root",
+ group => "root",
+ mode => 0644,
+ ensure => present,
+ content => "${::fqdn}\n",
+ }
+}
diff --git a/manifests/subsystem/local.pp b/manifests/subsystem/local.pp
new file mode 100644
index 0000000..be02bbe
--- /dev/null
+++ b/manifests/subsystem/local.pp
@@ -0,0 +1,9 @@
+class nodo::subsystem::local {
+ file { "/etc/rc.local":
+ source => "puppet:///modules/nodo/etc/rc.local",
+ owner => "root",
+ group => "root",
+ mode => 0755,
+ ensure => present,
+ }
+}
diff --git a/manifests/subsystem/mail.pp b/manifests/subsystem/mail.pp
new file mode 100644
index 0000000..12c7e4b
--- /dev/null
+++ b/manifests/subsystem/mail.pp
@@ -0,0 +1,14 @@
+class nodo::subsystem::mail {
+ # Email delivery configuration
+ $mail_delivery = hiera('nodo::subsystem::mail::delivery', 'exim')
+ case $mail_delivery {
+ 'tunnel': {
+ $mail_hostname = hiera('nodo::subsystem::mail::hostname')
+ tunnel::autossh::mail { "$mail_hostname":
+ sshport => hiera('nodo::subsystem::mail::ssh_port'),
+ }
+ }
+ 'postfix': { }
+ '','exim',default: { include exim::tls }
+ }
+}
diff --git a/manifests/subsystem/sshd.pp b/manifests/subsystem/sshd.pp
new file mode 100644
index 0000000..80c6747
--- /dev/null
+++ b/manifests/subsystem/sshd.pp
@@ -0,0 +1,29 @@
+class nodo::subsystem::sshd {
+ # SSH Server
+ #
+ # We need to restrict listen address by default so multiple
+ # instances can live together in the same physical host.
+ #
+ class { 'sshd':
+ manage_nagios => hiera('nodo::subsystem::sshd::manage_nagios', false),
+ listen_address => hiera('nodo::subsystem::sshd::listen_address', [ "${::ipaddress}", '127.0.0.1' ]),
+ password_authentication => hiera('nodo::subsystem::sshd::password_authentication', 'yes'),
+ shared_ip => hiera('nodo::subsystem::sshd::shared_ip', 'yes'),
+ tcp_forwarding => hiera('nodo::subsystem::sshd::tcp_forwarding', 'yes'),
+ hardened_ssl => hiera('nodo::subsystem::sshd::hardened_ssl', 'yes'),
+ print_motd => hiera('nodo::subsystem::sshd::print_motd', 'no'),
+ ports => hiera('nodo::subsystem::sshd::ports', [ 22 ]),
+ use_pam => hiera('nodo::subsystem::sshd::use_pam', 'no'),
+ }
+
+ # Add the localhost ssh key, useful when one needs
+ # to ssh to localhost.
+ sshkey { [ 'localhost', '127.0.0.1' ]:
+ type => ssh-rsa,
+ key => $::sshrsakey,
+ ensure => $::sshrsakey ? {
+ '' => absent,
+ default => present,
+ },
+ }
+}