diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2013-04-12 17:09:03 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2013-04-12 17:09:03 -0300 |
commit | fe1c86b8f938283e9dd8196a8b11a9648f4b49e6 (patch) | |
tree | c2d999eca03862a3e4af57e0885397adf6bbc6ec | |
parent | ec5c750d12bdc7948bb3c04f0c72817718a0bf47 (diff) | |
download | puppet-nodo-fe1c86b8f938283e9dd8196a8b11a9648f4b49e6.tar.gz puppet-nodo-fe1c86b8f938283e9dd8196a8b11a9648f4b49e6.tar.bz2 |
Major refactor
-rw-r--r-- | README | 4 | ||||
-rwxr-xr-x | files/bin/domain-check | 535 | ||||
-rw-r--r-- | files/etc/schroot/default/fstab | 20 | ||||
-rw-r--r-- | files/htdocs/images/empty | 0 | ||||
-rw-r--r-- | files/htdocs/index.html | 8 | ||||
-rw-r--r-- | files/htdocs/missing.html | 12 | ||||
-rw-r--r-- | manifests/appliance.pp | 6 | ||||
-rw-r--r-- | manifests/defines/monkeysphere_host.pp (renamed from manifests/subsystems/monkeysphere.pp) | 0 | ||||
-rw-r--r-- | manifests/defines/munin_client.pp (renamed from manifests/subsystems/munin.pp) | 0 | ||||
-rw-r--r-- | manifests/defines/ssh_config.pp | 26 | ||||
-rw-r--r-- | manifests/defines/ssh_create_key.pp | 11 | ||||
-rw-r--r-- | manifests/defines/ssh_known_hosts.pp | 50 | ||||
-rw-r--r-- | manifests/desktop.pp | 14 | ||||
-rw-r--r-- | manifests/dns.pp | 3 | ||||
-rw-r--r-- | manifests/host.pp | 16 | ||||
-rw-r--r-- | manifests/init.pp | 106 | ||||
-rw-r--r-- | manifests/kvm.pp | 6 | ||||
-rw-r--r-- | manifests/laptop.pp | 14 | ||||
-rw-r--r-- | manifests/mumble.pp | 3 | ||||
-rw-r--r-- | manifests/nas/share.pp | 2 | ||||
-rw-r--r-- | manifests/nodo.pp | 22 | ||||
-rw-r--r-- | manifests/physical.pp | 3 | ||||
-rw-r--r-- | manifests/plug.pp | 10 | ||||
-rw-r--r-- | manifests/proxy.pp | 3 | ||||
-rw-r--r-- | manifests/role/dns.pp | 3 | ||||
-rw-r--r-- | manifests/role/jabber.pp (renamed from manifests/jabber.pp) | 2 | ||||
-rw-r--r-- | manifests/role/mail.pp (renamed from manifests/mail.pp) | 2 | ||||
-rw-r--r-- | manifests/role/master.pp (renamed from manifests/master.pp) | 8 | ||||
-rw-r--r-- | manifests/role/mumble.pp | 3 | ||||
-rw-r--r-- | manifests/role/nas.pp (renamed from manifests/nas.pp) | 4 | ||||
-rw-r--r-- | manifests/role/personal.pp (renamed from manifests/personal.pp) | 16 | ||||
-rw-r--r-- | manifests/role/proxy.pp | 3 | ||||
-rw-r--r-- | manifests/role/router.pp | 25 | ||||
-rw-r--r-- | manifests/role/storage.pp | 3 | ||||
-rw-r--r-- | manifests/role/test.pp | 3 | ||||
-rw-r--r-- | manifests/role/tor.pp | 4 | ||||
-rw-r--r-- | manifests/role/web.pp (renamed from manifests/web.pp) | 4 | ||||
-rw-r--r-- | manifests/role/webdev.pp | 5 | ||||
-rw-r--r-- | manifests/role/webdev/desktop.pp | 3 | ||||
-rw-r--r-- | manifests/role/webdev/laptop.pp | 3 | ||||
-rw-r--r-- | manifests/role/yacy.pp (renamed from manifests/yacy.pp) | 2 | ||||
-rw-r--r-- | manifests/server.pp | 6 | ||||
-rw-r--r-- | manifests/storage.pp | 3 | ||||
-rw-r--r-- | manifests/subsystem/crypttab.pp (renamed from manifests/subsystems/crypttab.pp) | 2 | ||||
-rw-r--r-- | manifests/subsystem/dhclient.pp (renamed from manifests/subsystems/dhclient.pp) | 6 | ||||
-rw-r--r-- | manifests/subsystem/firewire.pp | 8 | ||||
-rw-r--r-- | manifests/subsystem/fstab.pp (renamed from manifests/subsystems/fstab.pp) | 4 | ||||
-rw-r--r-- | manifests/subsystem/gdm.pp (renamed from manifests/subsystems/gdm.pp) | 21 | ||||
-rw-r--r-- | manifests/subsystem/gdm/disabled.pp | 18 | ||||
-rw-r--r-- | manifests/subsystem/gdm3.pp (renamed from manifests/subsystems/gdm3.pp) | 2 | ||||
-rw-r--r-- | manifests/subsystem/hosts.pp (renamed from manifests/subsystems/hosts.pp) | 4 | ||||
-rw-r--r-- | manifests/subsystem/initramfs.pp (renamed from manifests/subsystems/initramfs.pp) | 2 | ||||
-rw-r--r-- | manifests/subsystem/keyboard.pp (renamed from manifests/subsystems/keyboard.pp) | 2 | ||||
-rw-r--r-- | manifests/subsystem/locales.pp (renamed from manifests/subsystems/locales.pp) | 2 | ||||
-rw-r--r-- | manifests/subsystem/media/folders.pp (renamed from manifests/subsystems/media.pp) | 12 | ||||
-rw-r--r-- | manifests/subsystem/media/groups.pp | 5 | ||||
-rw-r--r-- | manifests/subsystem/modprobe.pp (renamed from manifests/subsystems/modprobe.pp) | 6 | ||||
-rw-r--r-- | manifests/subsystem/monitor.pp (renamed from manifests/subsystems/monitor.pp) | 6 | ||||
-rw-r--r-- | manifests/subsystem/motd.pp (renamed from manifests/subsystems/motd.pp) | 2 | ||||
-rw-r--r-- | manifests/subsystem/mount.pp (renamed from manifests/subsystems/mount.pp) | 2 | ||||
-rw-r--r-- | manifests/subsystem/pam.pp (renamed from manifests/subsystems/pam.pp) | 2 | ||||
-rw-r--r-- | manifests/subsystem/profile.pp (renamed from manifests/subsystems/profile.pp) | 2 | ||||
-rw-r--r-- | manifests/subsystem/resolver.pp (renamed from manifests/subsystems/resolver.pp) | 10 | ||||
-rw-r--r-- | manifests/subsystem/ssh_folder.pp | 11 | ||||
-rw-r--r-- | manifests/subsystem/sudo.pp (renamed from manifests/subsystems/sudo.pp) | 3 | ||||
-rw-r--r-- | manifests/subsystem/sysctl.pp (renamed from manifests/subsystems/sysctl.pp) | 8 | ||||
-rw-r--r-- | manifests/subsystem/ups.pp | 26 | ||||
-rw-r--r-- | manifests/subsystem/xorg.pp (renamed from manifests/subsystems/xorg.pp) | 2 | ||||
-rw-r--r-- | manifests/subsystems/database.pp | 52 | ||||
-rw-r--r-- | manifests/subsystems/domain.pp | 39 | ||||
-rw-r--r-- | manifests/subsystems/firewall.pp | 208 | ||||
-rw-r--r-- | manifests/subsystems/firewall/local.pp | 47 | ||||
-rw-r--r-- | manifests/subsystems/firewall/mpd.pp | 21 | ||||
-rw-r--r-- | manifests/subsystems/firewall/nas.pp | 152 | ||||
-rw-r--r-- | manifests/subsystems/firewall/openvpn.pp | 36 | ||||
-rw-r--r-- | manifests/subsystems/firewall/ppp.pp | 31 | ||||
-rw-r--r-- | manifests/subsystems/firewall/printer.pp | 21 | ||||
-rw-r--r-- | manifests/subsystems/firewall/redirect.pp | 14 | ||||
-rw-r--r-- | manifests/subsystems/firewall/router.pp | 401 | ||||
-rw-r--r-- | manifests/subsystems/firewall/torrent.pp | 21 | ||||
-rw-r--r-- | manifests/subsystems/firewall/ups.pp | 11 | ||||
-rw-r--r-- | manifests/subsystems/firewall/vserver.pp | 524 | ||||
-rw-r--r-- | manifests/subsystems/firewall/wifi.pp | 50 | ||||
-rw-r--r-- | manifests/subsystems/firewire.pp | 9 | ||||
-rw-r--r-- | manifests/subsystems/onion.pp | 54 | ||||
-rw-r--r-- | manifests/subsystems/schroot.pp | 26 | ||||
-rw-r--r-- | manifests/subsystems/ssh.pp | 101 | ||||
-rw-r--r-- | manifests/subsystems/tunnel.pp | 148 | ||||
-rw-r--r-- | manifests/subsystems/ups.pp | 26 | ||||
-rw-r--r-- | manifests/subsystems/utils/firmware.pp | 11 | ||||
-rw-r--r-- | manifests/subsystems/utils/personal.pp | 20 | ||||
-rw-r--r-- | manifests/subsystems/utils/storage.pp | 12 | ||||
-rw-r--r-- | manifests/subsystems/websites.pp | 151 | ||||
-rw-r--r-- | manifests/test.pp | 3 | ||||
-rw-r--r-- | manifests/tor.pp | 4 | ||||
-rw-r--r-- | manifests/utils.pp (renamed from manifests/subsystems/utils.pp) | 2 | ||||
-rw-r--r-- | manifests/utils/desktop.pp (renamed from manifests/subsystems/utils/desktop.pp) | 2 | ||||
-rw-r--r-- | manifests/utils/development.pp (renamed from manifests/subsystems/utils/development.pp) | 17 | ||||
-rw-r--r-- | manifests/utils/development/virtual.pp | 12 | ||||
-rw-r--r-- | manifests/utils/dns.pp (renamed from manifests/subsystems/utils/dns.pp) | 2 | ||||
-rw-r--r-- | manifests/utils/firmware.pp | 5 | ||||
-rw-r--r-- | manifests/utils/firmware/iwlwifi.pp | 6 | ||||
-rw-r--r-- | manifests/utils/firmware/realtek.pp | 5 | ||||
-rw-r--r-- | manifests/utils/grub.pp | 5 | ||||
-rw-r--r-- | manifests/utils/hamradio.pp (renamed from manifests/subsystems/utils/hamradio.pp) | 2 | ||||
-rw-r--r-- | manifests/utils/interface.pp (renamed from manifests/subsystems/utils/interface.pp) | 2 | ||||
-rw-r--r-- | manifests/utils/java.pp (renamed from manifests/subsystems/utils/java.pp) | 2 | ||||
-rw-r--r-- | manifests/utils/laptop.pp | 9 | ||||
-rw-r--r-- | manifests/utils/laptop/debian.pp (renamed from manifests/subsystems/utils/laptop.pp) | 12 | ||||
-rw-r--r-- | manifests/utils/microcode/intel.pp | 8 | ||||
-rw-r--r-- | manifests/utils/multimedia.pp (renamed from manifests/subsystems/utils/multimedia.pp) | 21 | ||||
-rw-r--r-- | manifests/utils/multimedia/mediacenter.pp | 5 | ||||
-rw-r--r-- | manifests/utils/multimedia/ripper.pp | 6 | ||||
-rw-r--r-- | manifests/utils/multimedia/studio.pp | 5 | ||||
-rw-r--r-- | manifests/utils/network.pp (renamed from manifests/subsystems/utils/network.pp) | 68 | ||||
-rw-r--r-- | manifests/utils/network/analyzer.pp | 5 | ||||
-rw-r--r-- | manifests/utils/network/irssi.pp | 23 | ||||
-rw-r--r-- | manifests/utils/network/minimal.pp | 17 | ||||
-rw-r--r-- | manifests/utils/network/nfs.pp | 5 | ||||
-rw-r--r-- | manifests/utils/network/samba.pp | 5 | ||||
-rw-r--r-- | manifests/utils/network/torrent.pp | 5 | ||||
-rw-r--r-- | manifests/utils/office.pp (renamed from manifests/subsystems/utils/office.pp) | 2 | ||||
-rw-r--r-- | manifests/utils/personal.pp | 9 | ||||
-rw-r--r-- | manifests/utils/personal/bundle.pp | 10 | ||||
-rw-r--r-- | manifests/utils/personal/debian.pp (renamed from manifests/subsystems/utils/debian.pp) | 2 | ||||
-rw-r--r-- | manifests/utils/physical.pp (renamed from manifests/subsystems/utils/physical.pp) | 2 | ||||
-rw-r--r-- | manifests/utils/plug.pp (renamed from manifests/subsystems/utils/plug.pp) | 2 | ||||
-rw-r--r-- | manifests/utils/ruby.pp (renamed from manifests/subsystems/utils/ruby.pp) | 2 | ||||
-rw-r--r-- | manifests/utils/security.pp (renamed from manifests/subsystems/utils/security.pp) | 2 | ||||
-rw-r--r-- | manifests/utils/storage.pp | 6 | ||||
-rw-r--r-- | manifests/utils/storage/archive.pp | 5 | ||||
-rw-r--r-- | manifests/utils/thinkpad.pp | 16 | ||||
-rw-r--r-- | manifests/utils/tor.pp (renamed from manifests/subsystems/utils/tor.pp) | 2 | ||||
-rw-r--r-- | manifests/utils/touchpad.pp | 6 | ||||
-rw-r--r-- | manifests/utils/web.pp (renamed from manifests/subsystems/utils/web.pp) | 4 | ||||
-rw-r--r-- | templates/schroot/schroot.conf.erb | 10 |
136 files changed, 519 insertions, 3154 deletions
@@ -4,5 +4,5 @@ Puppet Nodo Module This is a very specific puppet module that defines custom node configurations, be they servers or vservers. -It heavily depends on other puppet modules available mainly on -http://git.sarava.org. Check the code for the full dependency list. +It heavily depends on other puppet modules available on http://git.sarava.org. +Check the code for the full dependency list. diff --git a/files/bin/domain-check b/files/bin/domain-check deleted file mode 100755 index 89a39f8..0000000 --- a/files/bin/domain-check +++ /dev/null @@ -1,535 +0,0 @@ -#!/bin/bash -# -# Program: Domain Expiration Check <domain-check> -# -# Author: Matty < matty91 at gmail dot com > -# -# Current Version: 1.10 -# -# Revision History: -# -# Version 1.11 -# Added support for .is domains -# Fixing mail program path -# Fixing output for .br domains when expiry date is not available -# Fixing awk usage -# -- Silvio Rhatto <rhatto at riseup dot net> -# -# Version 1.10 -# Do not add extra line on quiet mode -- Silvio Rhatto <rhatto at riseup dot net> -# -# Version 1.9 -# Added support for .br domains -- Silvio Rhatto <rhatto at riseup dot net> -# -# Version 1.8 -# Bug fix added $MAIL -- Vivek Gite <vivek@nixcraft.com> -# -# Version 1.7 -# Added support for .jp domain names -- Vivek Gite <vivek@nixcraft.com> -# -# Version 1.6 -# Added support for .uk domain names; fixed a bug detecting tldtype -- Vivek Gite <vivek@nixcraft.com> -# -# Version 1.5 -# Added support for .org, .in, .biz and .info domain names -- Vivek Gite <vivek@nixcraft.com> -# -# Version 1.4 -# Updated the documentation. -# -# Version 1.3 -# Gracefully Handle the case where the expiration data is unavailable -# -# Version 1.2 -# Added "-s" option to allow arbitrary registrars -# -# Version 1.1 -# Fixed issue with 'e' getopt string -- Pedro Alves -# -# Version 1.0 -# Initial Release -# -# Last Updated: 01-Oct-2009 -# -# Purpose: -# domain-check checks to see if a domain has expired. domain-check -# can be run in interactive and batch mode, and provides faciltities -# to alarm if a domain is about to expire. -# -# License: -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. -# -# Notes: -# Since each registrar provides expiration data in a unique format (if -# they provide it at all), domain-check is currently only able to -# processess expiration information for a subset of the available -# registrars. -# -# Requirements: -# Requires whois -# -# Installation: -# Copy the shell script to a suitable location -# -# Tested platforms: -# -- Solaris 9 using /bin/bash -# -- Solaris 10 using /bin/bash -# -- OS X 10.4.2 using /bin/sh -# -- OpenBSD using /bin/sh -# -- FreeBSD using /bin/sh -# -- Redhat advanced server 3.0MU3 using /bin/sh -# -# Usage: -# Refer to the usage() sub-routine, or invoke domain-check -# with the "-h" option. -# -# Example: -# -# The first example will print the expiration date and registrar for prefetch.net: -# -# $ domain-check.sh -d prefetch.net -# -# Domain Registrar Status Expires Days Left -# ----------------------------------- ----------------- -------- ----------- --------- -# prefetch.net INTERCOSMOS MEDIA Valid 13-feb-2006 64 -# -# The second example prints the expiration date and registrar for the domains -# listed in the file "domains": -# -# $ domain-check.sh -f domains -# -# Domain Registrar Status Expires Days Left -# ----------------------------------- ----------------- -------- ----------- --------- -# sun.com NETWORK SOLUTIONS Valid 20-mar-2010 1560 -# google.com EMARKMONITOR INC. Valid 14-sep-2011 2103 -# ack.com NETWORK SOLUTIONS Valid 09-may-2008 880 -# prefetch.net INTERCOSMOS MEDIA Valid 13-feb-2006 64 -# spotch.com GANDI Valid 03-dec-2006 357 -# -# The third example will e-mail the address admin@prefetch.net with the domains that -# will expire in 60-days or less: -# -# $ domain-check -a -f domains -q -x 60 -e admin@prefetch.net -# - -PATH=/bin:/usr/bin:/usr/local/bin:/usr/local/ssl/bin:/usr/sfw/bin ; export PATH - -# Who to page when an expired domain is detected (cmdline: -e) -ADMIN="root" - -# Number of days in the warning threshhold (cmdline: -x) -WARNDAYS=30 - -# If QUIET is set to TRUE, don't print anything on the console (cmdline: -q) -QUIET="FALSE" - -# Don't send emails by default (cmdline: -a) -ALARM="FALSE" - -# Whois server to use (cmdline: -s) -WHOIS_SERVER="whois.internic.org" - -# Location of system binaries -AWK="/usr/bin/awk" -WHOIS="/usr/bin/whois" -DATE="/bin/date" -CUT="/usr/bin/cut" -MAIL="/usr/bin/mail" -# Place to stash temporary files -WHOIS_TMP="/var/tmp/whois.$$" - -############################################################################# -# Purpose: Convert a date from MONTH-DAY-YEAR to Julian format -# Acknowledgements: Code was adapted from examples in the book -# "Shell Scripting Recipes: A Problem-Solution Approach" -# ( ISBN 1590594711 ) -# Arguments: -# $1 -> Month (e.g., 06) -# $2 -> Day (e.g., 08) -# $3 -> Year (e.g., 2006) -############################################################################# -date2julian() -{ - if [ "${1} != "" ] && [ "${2} != "" ] && [ "${3}" != "" ] - then - ## Since leap years add aday at the end of February, - ## calculations are done from 1 March 0000 (a fictional year) - d2j_tmpmonth=$((12 * ${3} + ${1} - 3)) - - ## If it is not yet March, the year is changed to the previous year - d2j_tmpyear=$(( ${d2j_tmpmonth} / 12)) - - ## The number of days from 1 March 0000 is calculated - ## and the number of days from 1 Jan. 4713BC is added - echo $(( (734 * ${d2j_tmpmonth} + 15) / 24 - 2 * ${d2j_tmpyear} + ${d2j_tmpyear}/4 - - ${d2j_tmpyear}/100 + ${d2j_tmpyear}/400 + $2 + 1721119 )) - else - echo 0 - fi -} - -############################################################################# -# Purpose: Convert a string month into an integer representation -# Arguments: -# $1 -> Month name (e.g., Sep) -############################################################################# -getmonth() -{ - LOWER=`tolower $1` - - case ${LOWER} in - jan) echo 1 ;; - feb) echo 2 ;; - mar) echo 3 ;; - apr) echo 4 ;; - may) echo 5 ;; - jun) echo 6 ;; - jul) echo 7 ;; - aug) echo 8 ;; - sep) echo 9 ;; - oct) echo 10 ;; - nov) echo 11 ;; - dec) echo 12 ;; - *) echo 0 ;; - esac -} - -############################################################################# -# Purpose: Calculate the number of seconds between two dates -# Arguments: -# $1 -> Date #1 -# $2 -> Date #2 -############################################################################# -date_diff() -{ - if [ "${1}" != "" ] && [ "${2}" != "" ] - then - echo $(expr ${2} - ${1}) - else - echo 0 - fi -} - -################################################################## -# Purpose: Converts a string to lower case -# Arguments: -# $1 -> String to convert to lower case -################################################################## -tolower() -{ - LOWER=`echo ${1} | tr [A-Z] [a-z]` - echo $LOWER -} - -################################################################## -# Purpose: Access whois data to grab the registrar and expiration date -# Arguments: -# $1 -> Domain to check -################################################################## -check_domain_status() -{ - local REGISTRAR="" - # Avoid WHOIS LIMIT EXCEEDED - slowdown our whois client by adding 3 sec - sleep 3 - # Save the domain since set will trip up the ordering - DOMAIN=${1} - TLDTYPE="`echo ${DOMAIN} | cut -d '.' -f3 | tr '[A-Z]' '[a-z]'`" - if [ "${TLDTYPE}" == "" ]; - then - TLDTYPE="`echo ${DOMAIN} | cut -d '.' -f2 | tr '[A-Z]' '[a-z]'`" - fi - - # Invoke whois to find the domain registrar and expiration date - #${WHOIS} -h ${WHOIS_SERVER} "=${1}" > ${WHOIS_TMP} - # Let whois select server - if [ "${TLDTYPE}" == "org" ]; - then - ${WHOIS} -h "whois.pir.org" "${1}" > ${WHOIS_TMP} - elif [ "${TLDTYPE}" == "in" ]; # India - then - ${WHOIS} -h "whois.registry.in" "${1}" > ${WHOIS_TMP} - elif [ "${TLDTYPE}" == "uk" ]; # United Kingdom - then - ${WHOIS} -h "whois.nic.uk" "${1}" > ${WHOIS_TMP} - - elif [ "${TLDTYPE}" == "br" ]; # Brazil - then - ${WHOIS} -h "whois.nic.br" "${1}" > ${WHOIS_TMP} - - elif [ "${TLDTYPE}" == "biz" ]; - then - ${WHOIS} -h "whois.neulevel.biz" "${1}" > ${WHOIS_TMP} - elif [ "${TLDTYPE}" == "info" ]; - then - ${WHOIS} -h "whois.afilias.info" "${1}" > ${WHOIS_TMP} - elif [ "${TLDTYPE}" == "jp" ]; # Japan - then - ${WHOIS} -h "whois.jprs.jp" "${1}" > ${WHOIS_TMP} - - elif [ "${TLDTYPE}" == "com" -o "${TLDTYPE}" == "net" -o "${TLDTYPE}" == "edu" ]; - then - ${WHOIS} -h ${WHOIS_SERVER} "=${1}" > ${WHOIS_TMP} - else - ${WHOIS} "${1}" > ${WHOIS_TMP} - fi - - # Parse out the expiration date and registrar -- uses the last registrar it finds - REGISTRAR=`cat ${WHOIS_TMP} | ${AWK} -F: '/Registrar/ && $2 != "" { REGISTRAR=substr($2,2,17) } END { print REGISTRAR }'` - - if [ "${TLDTYPE}" == "uk" ]; # for .uk domain - then - REGISTRAR=`cat ${WHOIS_TMP} | ${AWK} -F: '/Registrar:/ && $0 != "" { getline; REGISTRAR=substr($0,2,17) } END { print REGISTRAR }'` - elif [ "${TLDTYPE}" == "jp" ]; - then - REGISTRAR=`cat ${WHOIS_TMP} | ${AWK} '/Registrant/ && $2 != "" { REGISTRAR=substr($2,1,17) } END { print REGISTRAR }'` - elif [ "${TLDTYPE}" == "br" ]; - then - REGISTRAR="registro.br" - elif [ "${TLDTYPE}" == "is" ]; - then - REGISTRAR="`cat ${WHOIS_TMP} | ${AWK} '/source:/ { print $2 }' | uniq`" - fi - - # If the Registrar is NULL, then we didn't get any data - if [ "${REGISTRAR}" = "" ] - then - prints "$DOMAIN" "Unknown" "Unknown" "Unknown" "Unknown" - return - fi - - # The whois Expiration data should resemble the following: "Expiration Date: 09-may-2008" - - # for .in, .info, .org domains - if [ "${TLDTYPE}" == "in" -o "${TLDTYPE}" == "info" -o "${TLDTYPE}" == "org" ]; - then - DOMAINDATE=`cat ${WHOIS_TMP} | ${AWK} '/Expiration Date:/ { print $2 }' | cut -d':' -f2` - elif [ "${TLDTYPE}" == "biz" ]; # for .biz domain - then - DOMAINDATE=`cat ${WHOIS_TMP} | ${AWK} '/Domain Expiration Date:/ { print $6"-"$5"-"$9 }'` - elif [ "${TLDTYPE}" == "uk" ]; # for .uk domain - then - DOMAINDATE=`cat ${WHOIS_TMP} | ${AWK} '/Renewal date:/ { print $3 }'` - elif [ "${TLDTYPE}" == "br" ]; # for .br domain - then - DOMAINDATE=`cat ${WHOIS_TMP} | ${AWK} '/expires:/ { print $2 }'` - elif [ "${TLDTYPE}" == "is" ]; # for .is domain - then - DOMAINDATE=`cat ${WHOIS_TMP} | ${AWK} '/expires:/ { print $3"-"$2"-"$4 }'` - elif [ "${TLDTYPE}" == "jp" ]; # for .jp 2010/04/30 - then - tdomdate=`cat ${WHOIS_TMP} | awk '/Expires on/ { print $3 }'` - tyear=`echo ${tdomdate} | cut -d'/' -f1` - tmon=`echo ${tdomdate} | cut -d'/' -f2` - case ${tmon} in - 1|01) tmonth=jan ;; - 2|02) tmonth=feb ;; - 3|03) tmonth=mar ;; - 4|04) tmonth=apr ;; - 5|05) tmonth=may ;; - 6|06) tmonth=jun ;; - 7|07) tmonth=jul ;; - 8|08) tmonth=aug ;; - 9|09) tmonth=sep ;; - 10)tmonth=oct ;; - 11) tmonth=nov ;; - 12) tmonth=dec ;; - *) tmonth=0 ;; - esac - tday=`echo ${tdomdate} | cut -d'/' -f3` - DOMAINDATE=`echo $tday-$tmonth-$tyear` - else # .com, .edu, .net and may work with others - DOMAINDATE=`cat ${WHOIS_TMP} | ${AWK} '/Expiration/ { print $NF }'` - fi - - #echo $DOMAINDATE # debug - if [ "${TLDTYPE}" == "br" ]; # for .br domain - then - # If registro.br outputs in reduced mode when query limits are - # reached, the whois server does not output expiry information. - if [ ! -z "${DOMAINDATE}" ]; - then - # Convert the date to seconds - DOMAINJULIAN=`$DATE -d ${DOMAINDATE} "+%-m %-d %-Y"` - DOMAINJULIAN=`date2julian ${DOMAINJULIAN}` - fi - else - # Whois data should be in the following format: "13-feb-2006" - IFS="-" - set -- ${DOMAINDATE} - MONTH=$(getmonth ${2}) - IFS="" - - # Convert the date to seconds - DOMAINJULIAN=$(date2julian ${MONTH} ${1#0} ${3}) - fi - - # Get the diff between NOW and the expiration date - if [ ! -z "${DOMAINJULIAN}" ]; - then - DOMAINDIFF=$(date_diff ${NOWJULIAN} ${DOMAINJULIAN}) - else - # We have no information - DOMAINDIFF="Unknown" - fi - - if [ "${TLDTYPE}" == "br" ] && [ ! -z "${DOMAINDATE}" ]; # for .br domain - then - # Fix domain date for displaying - DOMAINDATE=`$DATE -d ${DOMAINDATE} +"%m-%b-%Y"` - fi - - if [ ${DOMAINDIFF} == 'Unknown' ]; - then - prints ${DOMAIN} "Unknown" "Unknown" "Unknown" ${REGISTRAR} - elif [ ${DOMAINDIFF} -lt 0 ] - then - if [ "${ALARM}" = "TRUE" ] - then - echo "The domain ${DOMAIN} has expired!" \ - | ${MAIL} -s "Domain ${DOMAIN} has expired!" ${ADMIN} - fi - - prints ${DOMAIN} "Expired" "${DOMAINDATE}" "${DOMAINDIFF}" ${REGISTRAR} - - elif [ ${DOMAINDIFF} -lt ${WARNDAYS} ] - then - if [ "${ALARM}" = "TRUE" ] - then - echo "The domain ${DOMAIN} will expire on ${DOMAINDATE}" \ - | ${MAIL} -s "Domain ${DOMAIN} will expire in ${WARNDAYS}-days or less" ${ADMIN} - fi - prints ${DOMAIN} "Expiring" "${DOMAINDATE}" "${DOMAINDIFF}" "${REGISTRAR}" - else - prints ${DOMAIN} "Valid" "${DOMAINDATE}" "${DOMAINDIFF}" "${REGISTRAR}" - fi -} - -#################################################### -# Purpose: Print a heading with the relevant columns -# Arguments: -# None -#################################################### -print_heading() -{ - if [ "${QUIET}" != "TRUE" ] - then - printf "\n%-35s %-17s %-8s %-11s %-5s\n" "Domain" "Registrar" "Status" "Expires" "Days Left" - echo "----------------------------------- ----------------- -------- ----------- ---------" - fi -} - -##################################################################### -# Purpose: Print a line with the expiraton interval -# Arguments: -# $1 -> Domain -# $2 -> Status of domain (e.g., expired or valid) -# $3 -> Date when domain will expire -# $4 -> Days left until the domain will expire -# $5 -> Domain registrar -##################################################################### -prints() -{ - if [ "${QUIET}" != "TRUE" ] - then - MIN_DATE=$(echo $3 | ${AWK} '{ print $1, $2, $4 }') - printf "%-35s %-17s %-8s %-11s %-5s\n" "$1" "$5" "$2" "$MIN_DATE" "$4" - fi -} - -########################################## -# Purpose: Describe how the script works -# Arguments: -# None -########################################## -usage() -{ - echo "Usage: $0 [ -e email ] [ -x expir_days ] [ -q ] [ -a ] [ -h ]" - echo " {[ -d domain_namee ]} || { -f domainfile}" - echo "" - echo " -a : Send a warning message through email " - echo " -d domain : Domain to analyze (interactive mode)" - echo " -e email address : Email address to send expiration notices" - echo " -f domain file : File with a list of domains" - echo " -h : Print this screen" - echo " -s whois server : Whois sever to query for information" - echo " -q : Don't print anything on the console" - echo " -x days : Domain expiration interval (eg. if domain_date < days)" - echo "" -} - -### Evaluate the options passed on the command line -while getopts ae:f:hd:s:qx: option -do - case "${option}" - in - a) ALARM="TRUE";; - e) ADMIN=${OPTARG};; - d) DOMAIN=${OPTARG};; - f) SERVERFILE=$OPTARG;; - s) WHOIS_SERVER=$OPTARG;; - q) QUIET="TRUE";; - x) WARNDAYS=$OPTARG;; - \?) usage - exit 1;; - esac -done - -### Check to see if the whois binary exists -if [ ! -f ${WHOIS} ] -then - echo "ERROR: The whois binary does not exist in ${WHOIS} ." - echo " FIX: Please modify the \$WHOIS variable in the program header." - exit 1 -fi - -### Check to make sure a date utility is available -if [ ! -f ${DATE} ] -then - echo "ERROR: The date binary does not exist in ${DATE} ." - echo " FIX: Please modify the \$DATE variable in the program header." - exit 1 -fi - -### Baseline the dates so we have something to compare to -MONTH=$(${DATE} "+%m") -DAY=$(${DATE} "+%d") -YEAR=$(${DATE} "+%Y") -NOWJULIAN=$(date2julian ${MONTH#0} ${DAY#0} ${YEAR}) - -### Touch the files prior to using them -touch ${WHOIS_TMP} - -### If a HOST and PORT were passed on the cmdline, use those values -if [ "${DOMAIN}" != "" ] -then - print_heading - check_domain_status "${DOMAIN}" -### If a file and a "-a" are passed on the command line, check all -### of the domains in the file to see if they are about to expire -elif [ -f "${SERVERFILE}" ] -then - print_heading - while read DOMAIN - do - check_domain_status "${DOMAIN}" - - done < ${SERVERFILE} - -### There was an error, so print a detailed usage message and exit -else - usage - exit 1 -fi - -# Add an extra newline -if [ "${QUIET}" != "TRUE" ]; then - echo -fi - -### Remove the temporary files -rm -f ${WHOIS_TMP} - -### Exit with a success indicator -exit 0 - diff --git a/files/etc/schroot/default/fstab b/files/etc/schroot/default/fstab deleted file mode 100644 index 1866df3..0000000 --- a/files/etc/schroot/default/fstab +++ /dev/null @@ -1,20 +0,0 @@ -# fstab: static file system information for chroots. -# Note that the mount point will be prefixed by the chroot path -# (CHROOT_PATH) -# -# <file system> <mount point> <type> <options> <dump> <pass> -/proc /proc none rw,rbind 0 0 -/sys /sys none rw,rbind 0 0 -/dev /dev none rw,rbind 0 0 -#/home /home none rw,bind 0 0 -/tmp /tmp none rw,bind 0 0 - -# It may be desirable to have access to /run, especially if you wish -# to run additional services in the chroot. However, note that this -# may potentially cause undesirable behaviour on upgrades, such as -# killing services on the host. -/run /run none rw,bind 0 0 -/run/lock /run/lock none rw,bind 0 0 -/dev/shm /dev/shm none rw,bind 0 0 -/run/shm /run/shm none rw,bind 0 0 -#/dev/pts /dev/pts none rw,bind 0 0 diff --git a/files/htdocs/images/empty b/files/htdocs/images/empty deleted file mode 100644 index e69de29..0000000 --- a/files/htdocs/images/empty +++ /dev/null diff --git a/files/htdocs/index.html b/files/htdocs/index.html deleted file mode 100644 index a355b8f..0000000 --- a/files/htdocs/index.html +++ /dev/null @@ -1,8 +0,0 @@ -<html><head> -<title>Nodo Network</title></head><body> - -<center> - <p><code>Welcome to our network!</code></p> -</center> - -</body></html> diff --git a/files/htdocs/missing.html b/files/htdocs/missing.html deleted file mode 100644 index 0fbf1af..0000000 --- a/files/htdocs/missing.html +++ /dev/null @@ -1,12 +0,0 @@ -<html> -<head> -<title>404 - Not Found</title> -</head> -<body> - <center> - <pre> - File not found :( - </pre> - </center> -</body> -</html> diff --git a/manifests/appliance.pp b/manifests/appliance.pp index 41a3660..dea7625 100644 --- a/manifests/appliance.pp +++ b/manifests/appliance.pp @@ -1,11 +1,7 @@ class nodo::appliance inherits nodo::physical { class { 'sysctl::appliance': } - class { 'fstab': - type => 'appliance', - } - - class { 'crypttab': + class { [ 'nodo::subsystem::fstab', 'nodo::subsystem::crypttab' ]: type => 'appliance', } } diff --git a/manifests/subsystems/monkeysphere.pp b/manifests/defines/monkeysphere_host.pp index b4b21e0..b4b21e0 100644 --- a/manifests/subsystems/monkeysphere.pp +++ b/manifests/defines/monkeysphere_host.pp diff --git a/manifests/subsystems/munin.pp b/manifests/defines/munin_client.pp index 770d551..770d551 100644 --- a/manifests/subsystems/munin.pp +++ b/manifests/defines/munin_client.pp diff --git a/manifests/defines/ssh_config.pp b/manifests/defines/ssh_config.pp new file mode 100644 index 0000000..62e1d66 --- /dev/null +++ b/manifests/defines/ssh_config.pp @@ -0,0 +1,26 @@ +# Manage ssh config for a particular user +define ssh_config($owner, $home = '/home/$owner', $ssh_localhost_auth = false) { + include nodo::subsystem::ssh_folder + + file { "${home}/.ssh/config": + ensure => present, + owner => $owner, + group => $group, + mode => 0600, + require => File["${home}/.ssh"], + } + + # The NoHostAuthenticationForLocalhost ssh option might be useful + # for automated deployment environments so your ikiwiki user doesn't + # get stuck with the fingerprint confirmation prompt when pushing + # content via ssh in the first time it runs. + line { 'NoHostAuthenticationForLocalhost-${owner}': + file => "${home}/.ssh/config", + line => "NoHostAuthenticationForLocalhost yes", + ensure => $ssh_localhost_auth ? { + 'auto' => present, + 'fingerprint' => absent, + default => absent, + }, + } +} diff --git a/manifests/defines/ssh_create_key.pp b/manifests/defines/ssh_create_key.pp new file mode 100644 index 0000000..e380b18 --- /dev/null +++ b/manifests/defines/ssh_create_key.pp @@ -0,0 +1,11 @@ +define ssh_create_key($owner, $group, $keyfile = 'id_rsa', $home = '/home/$owner') { + include nodo::subsystem::ssh_folder + + exec { "ssh-keygen-${owner}": + command => "ssh-keygen -t rsa -P '' -f ${home}/.ssh/${keyfile}", + creates => "${home}/.ssh/${keyfile}", + user => $owner, + group => $group, + require => File["${home}/.ssh"], + } +} diff --git a/manifests/defines/ssh_known_hosts.pp b/manifests/defines/ssh_known_hosts.pp new file mode 100644 index 0000000..50ae87e --- /dev/null +++ b/manifests/defines/ssh_known_hosts.pp @@ -0,0 +1,50 @@ +# Manage known_hosts for a particular user +define ssh_known_host($owner, $home = '/home/$owner', $ssh_localhost_auth = false) { + include nodo::subsystem::ssh_folder + + file { "${home}/.ssh/known_hosts": + ensure => present, + owner => $owner, + group => $group, + mode => 0600, + require => File["${home}/.ssh"], + } + + # You can choose to include the host's fingeprints + # directly into the known_hosts file. + if $::sshrsakey != '' { + line { 'known_hosts-localhost-rsa-${owner}': + file => "${home}/.ssh/known_hosts", + line => "localhost ssh-rsa ${::sshrsakey}", + ensure => $ssh_localhost_auth ? { + 'fingerprint' => present, + 'auto' => undef, + default => undef, + }, + } + } + + if $::sshdsakey != '' { + line { 'known_hosts-localhost-dsa-${owner}': + file => "${home}/.ssh/known_hosts", + line => "localhost ssh-dss ${::sshdsakey}", + ensure => $ssh_localhost_auth ? { + 'fingerprint' => present, + 'auto' => undef, + default => undef, + }, + } + } + + if $::sshecdsakey != '' { + line { 'known_hosts-localhost-ecdsa-${owner}': + file => "${home}/.ssh/known_hosts", + line => "localhost ecdsa-sha2-nistp256 ${::sshedsakey}", + ensure => $ssh_localhost_auth ? { + 'fingerprint' => present, + 'auto' => undef, + default => undef, + }, + } + } +} diff --git a/manifests/desktop.pp b/manifests/desktop.pp index 50524d6..7e83732 100644 --- a/manifests/desktop.pp +++ b/manifests/desktop.pp @@ -1,17 +1,7 @@ class nodo::desktop inherits nodo::personal { - include utils::desktop + include nodo::utils::desktop - class { 'fstab': + class { [ 'nodo::subsystem::fstab', 'nodo::subsystem::crypttab' ]: type => 'desktop', } - - class { 'crypttab': - type => 'desktop', - } -} - -class nodo::desktop::webdev inherits nodo::desktop { - include websites::dev - include database - include utils::web } diff --git a/manifests/dns.pp b/manifests/dns.pp deleted file mode 100644 index 1f4a1e1..0000000 --- a/manifests/dns.pp +++ /dev/null @@ -1,3 +0,0 @@ -class nodo::dns inherits nodo::vserver { - include bind -} diff --git a/manifests/host.pp b/manifests/host.pp index aefbb92..19d8f2a 100644 --- a/manifests/host.pp +++ b/manifests/host.pp @@ -1,11 +1,11 @@ # Fully capable node able to host other nodes class nodo::host inherits nodo { - include initramfs - include modprobe - include firewire - include sysctl - include utils::physical - include resolver + include nodo::subsystem::initramfs + include nodo::subsystem::modprobe + include nodo::subsystem::firewire + include nodo::subsystem::sysctl + include nodo::subsystem::resolver + include nodo::utils::physical class { 'syslog-ng': } monkeysphere_host { "${::hostname}": } @@ -37,8 +37,8 @@ class nodo::host inherits nodo { } # Monitoring - if !defined('monitor') { - class { 'monitor': + if !defined('nodo::subsystem::monitor') { + class { 'nodo::subsystem::monitor': type => 'host', use_nagios => hiera('nodo::host::use_nagios', True), } diff --git a/manifests/init.pp b/manifests/init.pp index c17a739..60470da 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -76,94 +76,24 @@ import "pureftpd" import "avahi" import "daap_server" import "infinoted" +import "database" +import "domain_check" +import "firewall" +import "schroot" +import "onion" +import "tunnel" +import "pyroscope" +import "websites" + +# Nodo class +import "nodo.pp" + +# Definitions +import "defines/monkeysphere_host.pp" +import "defines/munin_node.pp" +import "defines/ssh_config.pp" +import "defines/ssh_create_key.pp" +import "defines/ssh_known_hosts.pp" # Import subsystems -import "subsystems/firewire.pp" -import "subsystems/initramfs.pp" -import "subsystems/motd.pp" -import "subsystems/sudo.pp" -import "subsystems/sysctl.pp" -import "subsystems/ups.pp" -import "subsystems/database.pp" -import "subsystems/websites.pp" -import "subsystems/munin.pp" -import "subsystems/pam.pp" -import "subsystems/xorg.pp" -import "subsystems/gdm.pp" -import "subsystems/gdm3.pp" -import "subsystems/modprobe.pp" -import "subsystems/hosts.pp" -import "subsystems/locales.pp" -import "subsystems/onion.pp" -import "subsystems/tunnel.pp" -import "subsystems/media.pp" -import "subsystems/monkeysphere.pp" -import "subsystems/keyboard.pp" -import "subsystems/profile.pp" -import "subsystems/schroot.pp" -import "subsystems/resolver.pp" -import "subsystems/domain.pp" -import "subsystems/dhclient.pp" -import "subsystems/mount.pp" -import "subsystems/monitor.pp" -import "subsystems/fstab.pp" -import "subsystems/crypttab.pp" import "subsystems/ssh.pp" -import "subsystems/utils.pp" -import "subsystems/utils/debian.pp" -import "subsystems/utils/desktop.pp" -import "subsystems/utils/development.pp" -import "subsystems/utils/dns.pp" -import "subsystems/utils/firmware.pp" -import "subsystems/utils/hamradio.pp" -import "subsystems/utils/interface.pp" -import "subsystems/utils/java.pp" -import "subsystems/utils/laptop.pp" -import "subsystems/utils/multimedia.pp" -import "subsystems/utils/network.pp" -import "subsystems/utils/office.pp" -import "subsystems/utils/personal.pp" -import "subsystems/utils/physical.pp" -import "subsystems/utils/plug.pp" -import "subsystems/utils/ruby.pp" -import "subsystems/utils/security.pp" -import "subsystems/utils/storage.pp" -import "subsystems/utils/web.pp" -import "subsystems/utils/tor.pp" -import "subsystems/firewall.pp" -import "subsystems/firewall/printer.pp" -import "subsystems/firewall/router.pp" -import "subsystems/firewall/vserver.pp" -import "subsystems/firewall/torrent.pp" -import "subsystems/firewall/ups.pp" -import "subsystems/firewall/wifi.pp" -import "subsystems/firewall/local.pp" -import "subsystems/firewall/openvpn.pp" -import "subsystems/firewall/ppp.pp" -import "subsystems/firewall/nas.pp" -import "subsystems/firewall/redirect.pp" -import "subsystems/firewall/mpd.pp" - -# Import nodo classes -import "nodo.pp" -import "physical.pp" -import "server.pp" -import "personal.pp" -import "desktop.pp" -import "vserver.pp" -import "web.pp" -import "master.pp" -import "proxy.pp" -import "storage.pp" -import "test.pp" -import "removable.pp" -import "laptop.pp" -import "plug.pp" -import "appliance.pp" -import "dns.pp" -import "tor.pp" -import "kvm.pp" -import "jabber.pp" -import "mumble.pp" -import "yacy.pp" -import "nas.pp" diff --git a/manifests/kvm.pp b/manifests/kvm.pp index 7b3b313..11f3dde 100644 --- a/manifests/kvm.pp +++ b/manifests/kvm.pp @@ -1,9 +1,5 @@ class nodo::kvm inherits nodo::host { - class { 'fstab': - type => 'kvm', - } - - class { 'crypttab': + class { [ 'nodo::subsystem::fstab', 'nodo::subsystem::crypttab' ]: type => 'kvm', } } diff --git a/manifests/laptop.pp b/manifests/laptop.pp index a2420f9..1ed77b7 100644 --- a/manifests/laptop.pp +++ b/manifests/laptop.pp @@ -1,17 +1,17 @@ class nodo::laptop inherits nodo::personal { - include utils::laptop + include nodo::utils::laptop + include nodo::subsystem::dhclient include firewall::wifi include firewall::openvpn include firewall::ppp - include dhclient - class { 'fstab': + class { 'nodo::subsystem::fstab': type => 'laptop', } $hibernate = hiera('nodo::laptop::hibernate', false) - class { 'crypttab': + class { 'nodo::subsystem::crypttab': type => $hibernate ? { false => "laptop", default => "laptop.hibernate", @@ -31,9 +31,3 @@ class nodo::laptop inherits nodo::personal { }, } } - -class nodo::laptop::webdev inherits nodo::laptop { - include websites::dev - include database - include utils::web -} diff --git a/manifests/mumble.pp b/manifests/mumble.pp deleted file mode 100644 index 5a9b050..0000000 --- a/manifests/mumble.pp +++ /dev/null @@ -1,3 +0,0 @@ -class nodo::mumble inherits nodo::vserver { - include mumble::ssl -} diff --git a/manifests/nas/share.pp b/manifests/nas/share.pp index f50cebd..57a14cb 100644 --- a/manifests/nas/share.pp +++ b/manifests/nas/share.pp @@ -76,7 +76,7 @@ define nodo::nas::share( } # Make sure basic media exist, no matter which disk is attached - $cache = hiera('nodo::media::folders', '') + $cache = hiera('nodo::subsystem::media::folders::cache', '') if $cache != '' { file { [ "${cache}/${name}" ]: diff --git a/manifests/nodo.pp b/manifests/nodo.pp index 5fe4ee1..97ef044 100644 --- a/manifests/nodo.pp +++ b/manifests/nodo.pp @@ -1,19 +1,19 @@ class nodo { include lsb - include sudo + include nodo::subsystem::sudo + include nodo::subsystem::motd + include nodo::subsystem::locales + include nodo::subsystem::profile + include nodo::utils + include tunnel::autossh + include domain_check include users::admin - include motd - include utils - include cron - include locales - include tunnel - include profile - include domain include concat::setup + include cron - class { 'hosts': } + class { 'nodo::subsystem::hosts': } - # then include puppet class + # Include if not defined by nodo::master if !defined('puppet::daemon') { class { 'puppet::daemon': } } @@ -51,7 +51,7 @@ class nodo { case $mail_delivery { 'tunnel': { $mail_hostname = hiera('nodo::mail_hostname') - tunnel::mail { "$mail_hostname": + tunnel::autossh::mail { "$mail_hostname": sshport => hiera('nodo::mail_ssh_port'), } } diff --git a/manifests/physical.pp b/manifests/physical.pp index 887eb8d..b883e76 100644 --- a/manifests/physical.pp +++ b/manifests/physical.pp @@ -1,6 +1,5 @@ class nodo::physical inherits nodo::host { - include ups - include smartmontools + class { [ 'nodo::subsystem::ups', smartmontools': } # SMART monitoring $munin = hiera('nodo::host::use_munin', True) diff --git a/manifests/plug.pp b/manifests/plug.pp index 577ad35..f9e787b 100644 --- a/manifests/plug.pp +++ b/manifests/plug.pp @@ -1,10 +1,10 @@ class nodo::plug inherits nodo { include syslog-ng - include utils::plug - include utils::physical - include utils::storage::archive - include sysctl - include resolver + include nodo::utils::plug + include nodo::utils::physical + include nodo::utils::storage::archive + include nodo::subsystem::sysctl + include nodo::subsystem::resolver monkeysphere_host { "${::hostname}": } diff --git a/manifests/proxy.pp b/manifests/proxy.pp deleted file mode 100644 index 51dac33..0000000 --- a/manifests/proxy.pp +++ /dev/null @@ -1,3 +0,0 @@ -class nodo::proxy inherits nodo::vserver { - include nginx -} diff --git a/manifests/role/dns.pp b/manifests/role/dns.pp new file mode 100644 index 0000000..2faa69b --- /dev/null +++ b/manifests/role/dns.pp @@ -0,0 +1,3 @@ +class nodo::role::dns inherits nodo::vserver { + include bind +} diff --git a/manifests/jabber.pp b/manifests/role/jabber.pp index 775987d..b510ccd 100644 --- a/manifests/jabber.pp +++ b/manifests/role/jabber.pp @@ -1,4 +1,4 @@ -class nodo::jabber inherits nodo::vserver { +class nodo::role::jabber inherits nodo::vserver { include ssl include ejabberd diff --git a/manifests/mail.pp b/manifests/role/mail.pp index 9a124c9..4c33ed4 100644 --- a/manifests/mail.pp +++ b/manifests/role/mail.pp @@ -1,3 +1,3 @@ -class nodo::mail { +class nodo::role::mail { class { [ 'nodo::vserver', 'mail::system' ]: } } diff --git a/manifests/master.pp b/manifests/role/master.pp index 819ce43..2adb8a5 100644 --- a/manifests/master.pp +++ b/manifests/role/master.pp @@ -1,6 +1,6 @@ -class nodo::master { - $main = hiera('nodo::master::main', false) - $db_password = hiera('nodo::master::db_password', '') +class nodo::role::master { + $main = hiera('nodo::role::master::main', false) + $db_password = hiera('nodo::role::master::db_password', '') case $db_password { '': { fail("Please set nodo::master::db_password in your config") } @@ -56,5 +56,5 @@ class nodo::master { } # Check domain registration - domain::check { $::domain: } + domain_check::instance { $::domain: } } diff --git a/manifests/role/mumble.pp b/manifests/role/mumble.pp new file mode 100644 index 0000000..764c0d8 --- /dev/null +++ b/manifests/role/mumble.pp @@ -0,0 +1,3 @@ +class nodo::role::mumble inherits nodo::vserver { + include mumble::ssl +} diff --git a/manifests/nas.pp b/manifests/role/nas.pp index ed596a1..134216e 100644 --- a/manifests/nas.pp +++ b/manifests/role/nas.pp @@ -1,4 +1,4 @@ -class nodo::nas { +class nodo::role::nas { # Firewall rules include firewall::nas @@ -220,7 +220,7 @@ class nodo::nas { # # Main classes - class { [ 'media::folders', 'media::groups' ]: } + class { [ 'nodo::subsystem::media::folders', 'nodo::subsystem::media::groups' ]: } # Make sure basic media exist, no matter if there is an external disk attached $cache = hiera('nodo::media::folders', '') diff --git a/manifests/personal.pp b/manifests/role/personal.pp index 3718cb5..f7afdc0 100644 --- a/manifests/personal.pp +++ b/manifests/role/personal.pp @@ -1,17 +1,17 @@ -# personal computer -class nodo::personal { +# Personal computer +class nodo::role::personal { include nodo::physical - include utils::personal + include nodo::utils::personal include autossh - class { 'pam': } - class { 'xorg': } + class { 'nodo::subsystem::pam': } + class { 'nodo::subsystem::xorg': } if $::lsbdistcodename == 'squeeze' { - include gdm + include nodo::subsystem::gdm } else { - include gdm3 + include nodo::subsystem::gdm3 } # Monitoring @@ -21,7 +21,7 @@ class nodo::personal { } # Media folders and groups - class { [ 'media::folders', 'media::groups' ]: } + class { [ 'nodo::subsystem::media::folders', 'nodo::subsystem::media::groups' ]: } # Mountpoint for encrypted home folders file { [ '/mnt/crypt/', '/mnt/crypt/home' ]: diff --git a/manifests/role/proxy.pp b/manifests/role/proxy.pp new file mode 100644 index 0000000..821e975 --- /dev/null +++ b/manifests/role/proxy.pp @@ -0,0 +1,3 @@ +class nodo::role::proxy inherits nodo::vserver { + include nginx +} diff --git a/manifests/role/router.pp b/manifests/role/router.pp new file mode 100644 index 0000000..068837d --- /dev/null +++ b/manifests/role/router.pp @@ -0,0 +1,25 @@ +class nodo::role::router inherits nodo::appliance { + # We use monitor class on the router as the DNS server might by + # inside a vserver and thus cannot access the network devices directly + include nodo::utils::dns + + # Network auditing + include nodo::utils::network::analyzer + + # Enable IP forwarding + augeas { 'enable_ip_forwarding': + changes => 'set /files/etc/shorewall/shorewall.conf/IP_FORWARDING On', + lens => 'Shellvars.lns', + incl => '/etc/shorewall/shorewall.conf', + notify => Service[shorewall]; + } + + # Make sure shorewall is reloaded after dhcp renew + file { '/etc/dhcp/dhclient-exit-hooks.d/shorewall': + ensure => present, + owner => root, + group => root, + mode => 0644, + source => 'puppet:///modules/site_nodo/dhclient-exit-hooks.d/shorewall' + } +} diff --git a/manifests/role/storage.pp b/manifests/role/storage.pp new file mode 100644 index 0000000..0cf7f60 --- /dev/null +++ b/manifests/role/storage.pp @@ -0,0 +1,3 @@ +class nodo::role::storage inherits nodo::vserver { + include nodo::utils::storage +} diff --git a/manifests/role/test.pp b/manifests/role/test.pp new file mode 100644 index 0000000..330a5ee --- /dev/null +++ b/manifests/role/test.pp @@ -0,0 +1,3 @@ +class nodo::role::test inherits nodo::web { + # Class for test nodes +} diff --git a/manifests/role/tor.pp b/manifests/role/tor.pp new file mode 100644 index 0000000..2d5ff58 --- /dev/null +++ b/manifests/role/tor.pp @@ -0,0 +1,4 @@ +class nodo::role::tor inherits nodo::vserver { + include tor::daemon + include nodo::utils::tor +} diff --git a/manifests/web.pp b/manifests/role/web.pp index 24318cc..7cdd93f 100644 --- a/manifests/web.pp +++ b/manifests/role/web.pp @@ -1,4 +1,4 @@ -class nodo::web inherits nodo::vserver { +class nodo::role::web inherits nodo::vserver { # Hidden services $hidden = hiera('apache::site::hidden', false) if $hidden == true { @@ -9,7 +9,7 @@ class nodo::web inherits nodo::vserver { include websites include database include users::virtual - include utils::web + include nodo::utils::web # Reprepro configuration $reprepro = hiera('nodo::web::reprepro', false) diff --git a/manifests/role/webdev.pp b/manifests/role/webdev.pp new file mode 100644 index 0000000..6154cc0 --- /dev/null +++ b/manifests/role/webdev.pp @@ -0,0 +1,5 @@ +class nodo::role::webdev { + include websites::dev + include database + include utils::web +} diff --git a/manifests/role/webdev/desktop.pp b/manifests/role/webdev/desktop.pp new file mode 100644 index 0000000..063140a --- /dev/null +++ b/manifests/role/webdev/desktop.pp @@ -0,0 +1,3 @@ +class nodo::role::webdev::desktop inherits nodo::desktop { + include nodo::role::webdev +} diff --git a/manifests/role/webdev/laptop.pp b/manifests/role/webdev/laptop.pp new file mode 100644 index 0000000..e9c1aab --- /dev/null +++ b/manifests/role/webdev/laptop.pp @@ -0,0 +1,3 @@ +class nodo::role::webdev::laptop inherits nodo::laptop { + include nodo::role::webdev +} diff --git a/manifests/yacy.pp b/manifests/role/yacy.pp index 76aff1c..379297c 100644 --- a/manifests/yacy.pp +++ b/manifests/role/yacy.pp @@ -1,4 +1,4 @@ -class nodo::yacy inherits nodo::vserver { +class nodo::role::yacy inherits nodo::vserver { class { 'onion': } package { 'yacy': diff --git a/manifests/server.pp b/manifests/server.pp index 90bb2ae..6606a49 100644 --- a/manifests/server.pp +++ b/manifests/server.pp @@ -1,9 +1,5 @@ class nodo::server inherits nodo::physical { - class { 'fstab': - type => 'server', - } - - class { 'crypttab': + class { [ 'nodo::subsystem::fstab', 'nodo::subsystem::crypttab' ]: type => 'server', } } diff --git a/manifests/storage.pp b/manifests/storage.pp deleted file mode 100644 index 13cbdab..0000000 --- a/manifests/storage.pp +++ /dev/null @@ -1,3 +0,0 @@ -class nodo::storage inherits nodo::vserver { - include utils::storage -} diff --git a/manifests/subsystems/crypttab.pp b/manifests/subsystem/crypttab.pp index 0a9a4d1..749569c 100644 --- a/manifests/subsystems/crypttab.pp +++ b/manifests/subsystem/crypttab.pp @@ -1,4 +1,4 @@ -class crypttab( +class nodo::subsystem::crypttab( $type, $manage = hiera('nodo::crypttab::manage', false) ) { diff --git a/manifests/subsystems/dhclient.pp b/manifests/subsystem/dhclient.pp index 13e636e..332dc34 100644 --- a/manifests/subsystems/dhclient.pp +++ b/manifests/subsystem/dhclient.pp @@ -1,6 +1,6 @@ -class dhclient( - $ensure = hiera('nodo::dhclient::manage', 'present'), - $supersede_domain = hiera('nodo::dhclient::supersede_domain', $::domain) +class nodo::subsystem::dhclient( + $ensure = hiera('nodo::subsystem::dhclient::ensure', 'present'), + $supersede_domain = hiera('nodo::subsystem::dhclient::supersede_domain', $::domain) ) { package { 'isc-dhcp-client': ensure => $ensure, diff --git a/manifests/subsystem/firewire.pp b/manifests/subsystem/firewire.pp new file mode 100644 index 0000000..104d6e9 --- /dev/null +++ b/manifests/subsystem/firewire.pp @@ -0,0 +1,8 @@ +class nodo::subsystem::firewire { + # Make sure ohci1394 is not loaded + # See http://padrao.sarava.org/trac/wiki/Debian/Firewire and the modprobe class + exec { "rmmod ohci1394": + unless => "/bin/sh -c 'if `grep -q ^ohci1394 /proc/modules`; then false; else true; fi'", + user => "root", + } +} diff --git a/manifests/subsystems/fstab.pp b/manifests/subsystem/fstab.pp index c6f2ecd..9538f66 100644 --- a/manifests/subsystems/fstab.pp +++ b/manifests/subsystem/fstab.pp @@ -1,6 +1,6 @@ -class fstab( +class nodo::subsystem::fstab( $type, - $manage = hiera('nodo::fstab::manage', false) + $manage = hiera('nodo::subsystem::fstab::manage', false) ) { if $manage == true { file { "/etc/fstab": diff --git a/manifests/subsystems/gdm.pp b/manifests/subsystem/gdm.pp index 8e7cefc..fd36e99 100644 --- a/manifests/subsystems/gdm.pp +++ b/manifests/subsystem/gdm.pp @@ -1,4 +1,4 @@ -class gdm { +class nodo::subsystem::gdm { package { 'gdm': ensure => installed, } @@ -64,22 +64,3 @@ class gdm { source => 'puppet:///modules/nodo/etc/gdm/themes/dasUberMini', } } - -class gdm::disabled inherits gdm { - File['/usr/share/gdm/themes/dasUberMini', '/usr/share/gdm/themes/Tuxtastic', - '/usr/share/gdm/themes/crunchbang', '/etc/gdm/gdm.conf' ] { - ensure => absent, - } - - Exec['/usr/sbin/dpkg-reconfigure gdm'] { - command => '/bin/true', - } - - Service['gdm'] { - ensure => stopped, - } - - Package['gdm'] { - ensure => absent, - } -} diff --git a/manifests/subsystem/gdm/disabled.pp b/manifests/subsystem/gdm/disabled.pp new file mode 100644 index 0000000..d2565ef --- /dev/null +++ b/manifests/subsystem/gdm/disabled.pp @@ -0,0 +1,18 @@ +class nodo::subsystem::gdm::disabled inherits nodo::subsystem::gdm { + File['/usr/share/gdm/themes/dasUberMini', '/usr/share/gdm/themes/Tuxtastic', + '/usr/share/gdm/themes/crunchbang', '/etc/gdm/gdm.conf' ] { + ensure => absent, + } + + Exec['/usr/sbin/dpkg-reconfigure gdm'] { + command => '/bin/true', + } + + Service['gdm'] { + ensure => stopped, + } + + Package['gdm'] { + ensure => absent, + } +} diff --git a/manifests/subsystems/gdm3.pp b/manifests/subsystem/gdm3.pp index 0dfda11..d708f6a 100644 --- a/manifests/subsystems/gdm3.pp +++ b/manifests/subsystem/gdm3.pp @@ -1,4 +1,4 @@ -class gdm3 { +class nodo::subsystem::gdm3 { package { 'gdm3': ensure => installed, } diff --git a/manifests/subsystems/hosts.pp b/manifests/subsystem/hosts.pp index 9453853..464bc0c 100644 --- a/manifests/subsystems/hosts.pp +++ b/manifests/subsystem/hosts.pp @@ -1,5 +1,5 @@ -class hosts( - $custom = hiera('nodo::hosts::custom', false) +class nodo::subsystem::hosts( + $custom = hiera('nodo::subsystem::hosts::custom', false) ) { # Sometimes might be useful to manage the whole # hosts file, see http://projects.puppetlabs.com/issues/10704 diff --git a/manifests/subsystems/initramfs.pp b/manifests/subsystem/initramfs.pp index 17296a2..acbf1b7 100644 --- a/manifests/subsystems/initramfs.pp +++ b/manifests/subsystem/initramfs.pp @@ -1,4 +1,4 @@ -class initramfs( +class nodo::subsystem::initramfs( $keymap = hiera('nodo::initramfs::keymap', 'absent') ) { # initramfs config diff --git a/manifests/subsystems/keyboard.pp b/manifests/subsystem/keyboard.pp index 440f552..b5241d7 100644 --- a/manifests/subsystems/keyboard.pp +++ b/manifests/subsystem/keyboard.pp @@ -1,4 +1,4 @@ -class keyboard { +class nodo::subsystem::keyboard { # Keyboard, see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=619711 file { "/etc/default/keyboard": ensure => present, diff --git a/manifests/subsystems/locales.pp b/manifests/subsystem/locales.pp index f52f100..c3a1f76 100644 --- a/manifests/subsystems/locales.pp +++ b/manifests/subsystem/locales.pp @@ -1,4 +1,4 @@ -class locales { +class nodo::subsystem::locales { package { "locales": ensure => installed, } diff --git a/manifests/subsystems/media.pp b/manifests/subsystem/media/folders.pp index cbe89b9..2fcc637 100644 --- a/manifests/subsystems/media.pp +++ b/manifests/subsystem/media/folders.pp @@ -1,5 +1,5 @@ -class media::folders( - $ensure_cache = hiera('nodo::media::folders', directory) +class nodo::subsystem::media::folders( + $cache = hiera('nodo::subsystem::media::folders::cache', directory) ) { # Removable media folder file { [ "/media/usb", "/media/cdrom", "/media/tablet", "/media/phone" ]: @@ -9,7 +9,7 @@ class media::folders( # Media cache file { "/var/cache/media": - ensure => $ensure_cache, + ensure => $cache, mode => 0755, } @@ -30,9 +30,3 @@ class media::folders( ensure => "/var/cache/media", } } - -class media::groups { - group { 'incoming': - ensure => 'present', - } -} diff --git a/manifests/subsystem/media/groups.pp b/manifests/subsystem/media/groups.pp new file mode 100644 index 0000000..098ae67 --- /dev/null +++ b/manifests/subsystem/media/groups.pp @@ -0,0 +1,5 @@ +class nodo::subsystem::media::groups { + group { 'incoming': + ensure => 'present', + } +} diff --git a/manifests/subsystems/modprobe.pp b/manifests/subsystem/modprobe.pp index 99f7879..be6ec42 100644 --- a/manifests/subsystems/modprobe.pp +++ b/manifests/subsystem/modprobe.pp @@ -1,5 +1,5 @@ -class modprobe { - # keep firewire disabled among other things +class nodo::subsystem::modprobe { + # Keep firewire disabled among other things case $lsbdistcodename { 'lenny': { file { "/etc/modprobe.d/blacklist": @@ -11,7 +11,7 @@ class modprobe { } } default: { - # upgrade from lenny + # Upgrade from lenny file { "/etc/modprobe.d/blacklist": ensure => absent, } diff --git a/manifests/subsystems/monitor.pp b/manifests/subsystem/monitor.pp index 45608a9..d7fa720 100644 --- a/manifests/subsystems/monitor.pp +++ b/manifests/subsystem/monitor.pp @@ -1,7 +1,7 @@ -class monitor( +class nodo::subsystem::monitor( $type = 'vserver', - $use_nagios = hiera('nodo::monitor::use_nagios', True), - $use_fqdn = hiera('nodo::monitor::use_nagios_fqdn', false) + $use_nagios = hiera('nodo::subsystem::monitor::use_nagios', True), + $use_fqdn = hiera('nodo::subsystem::monitor::use_nagios_fqdn', false) ) { if $use_nagios != false { diff --git a/manifests/subsystems/motd.pp b/manifests/subsystem/motd.pp index f9ece2d..8561b38 100644 --- a/manifests/subsystems/motd.pp +++ b/manifests/subsystem/motd.pp @@ -1,4 +1,4 @@ -class motd( +class nodo::subsystem::motd( $network_name = hiera('nodo::motd::network_name', 'Nodo') ) { # http://projects.reductivelabs.com/issues/1915 diff --git a/manifests/subsystems/mount.pp b/manifests/subsystem/mount.pp index 3fcee58..4bf3d58 100644 --- a/manifests/subsystems/mount.pp +++ b/manifests/subsystem/mount.pp @@ -1,4 +1,4 @@ -class mount { +class subsystem::mount { class { autofs: } file { '/etc/auto.removable': diff --git a/manifests/subsystems/pam.pp b/manifests/subsystem/pam.pp index 206a5c3..7186d0b 100644 --- a/manifests/subsystems/pam.pp +++ b/manifests/subsystem/pam.pp @@ -1,4 +1,4 @@ -class pam( +class nodo::subsystem::pam( $enable = hiera('nodo::pam::enable', false) ) { if $enable != false { diff --git a/manifests/subsystems/profile.pp b/manifests/subsystem/profile.pp index cc84ae0..b90ac65 100644 --- a/manifests/subsystems/profile.pp +++ b/manifests/subsystem/profile.pp @@ -1,5 +1,5 @@ # Custom configuration for user profiles -class profile { +class nodo::subsystem::profile { file { "/etc/screenrc": source => "puppet:///modules/nodo/etc/screenrc", owner => "root", diff --git a/manifests/subsystems/resolver.pp b/manifests/subsystem/resolver.pp index 94c9cb9..46a03c6 100644 --- a/manifests/subsystems/resolver.pp +++ b/manifests/subsystem/resolver.pp @@ -1,8 +1,8 @@ -class resolver( - $manage = hiera('nodo::resolver::manage', false), - $nameservers = hiera('nodo::resolver::nameservers', ''), - $domain = hiera('nodo::resolver::domain', $::domain), - $search = hiera('nodo::resolver::search', $::fqdn) +class nodo::subsystem::resolver( + $manage = hiera('nodo::subsystem::resolver::manage', false), + $nameservers = hiera('nodo::subsystem::resolver::nameservers', ''), + $domain = hiera('nodo::subsystem::resolver::domain', $::domain), + $search = hiera('nodo::subsystem::resolver::search', $::fqdn) ) { # DNS resolver case $manage { diff --git a/manifests/subsystem/ssh_folder.pp b/manifests/subsystem/ssh_folder.pp new file mode 100644 index 0000000..1c6ee49 --- /dev/null +++ b/manifests/subsystem/ssh_folder.pp @@ -0,0 +1,11 @@ +# Base class +class nodo::subsystem::ssh_folder { + if !defined(File["${home}/.ssh"]) { + file { "${home}/.ssh": + ensure => directory, + owner => $owner, + group => $group, + mode => 0700, + } + } +} diff --git a/manifests/subsystems/sudo.pp b/manifests/subsystem/sudo.pp index 4ec615c..581f8ab 100644 --- a/manifests/subsystems/sudo.pp +++ b/manifests/subsystem/sudo.pp @@ -1,5 +1,4 @@ -class sudo { - +class nodo::subsystem::sudo { package { "sudo": ensure => "present", } diff --git a/manifests/subsystems/sysctl.pp b/manifests/subsystem/sysctl.pp index e434008..1df0348 100644 --- a/manifests/subsystems/sysctl.pp +++ b/manifests/subsystem/sysctl.pp @@ -1,6 +1,6 @@ -class sysctl { - # root exploit fix, see http://wiki.debian.org/mmap_min_addr - # TODO: remove in the future or use a sysctl puppet module +class nodo::subsystem::sysctl { + # Root exploit fix, see http://wiki.debian.org/mmap_min_addr + # Maybe this can be remove in the future or included in a sysctl puppet module file { "/etc/sysctl.d/mmap_min_addr.conf": owner => "root", group => "root", @@ -9,7 +9,7 @@ class sysctl { content => "vm.mmap_min_addr = 4096\n", } - # see http://www.linux-vserver.org/Frequently_Asked_Questions + # See http://www.linux-vserver.org/Frequently_Asked_Questions file { "/etc/sysctl.d/net.ipv4.conf.all.promote_secondaries.conf": owner => "root", group => "root", diff --git a/manifests/subsystem/ups.pp b/manifests/subsystem/ups.pp new file mode 100644 index 0000000..d304418 --- /dev/null +++ b/manifests/subsystem/ups.pp @@ -0,0 +1,26 @@ +class nodo::subsystem::ups( + $include = hiera('nodo::subsystem::ups::include', false), + $type = hiera('nodo::subsystem::ups::type', 'usb'), + $cable = hiera('nodo::subsystem::ups::cable', 'usb'), + $dev = hiera('nodo::subsystem::ups::dev', '/dev/usb/hiddev0'), + $nisip = hiera('nodo::subsystem::ups::nisip', '127.0.0.1'), + $polltime = hiera('nodo::subsystem::ups::polltime', '60'), + $onbatterydelay = hiera('nodo::subsystem::ups::onbatterydelay', '6'), + $batterylevel = hiera('nodo::subsystem::ups::batterylevel', '5'), + $minutes = hiera('nodo::subsystem::ups::minutes', '3') +) { + case $include { + true: { + class { "apcupsd": + upstype => $type, + cable => $cable, + device => $dev, + nisip => $nisip, + polltime => $polltime, + onbatterydelay => $onbatterydelay, + batterylevel => $batterylevel, + minutes => $minutes, + } + } + } +} diff --git a/manifests/subsystems/xorg.pp b/manifests/subsystem/xorg.pp index 7009707..575ec69 100644 --- a/manifests/subsystems/xorg.pp +++ b/manifests/subsystem/xorg.pp @@ -1,4 +1,4 @@ -class xorg($enable = hiera('nodo::xorg::enable', false)) { +class nodo::subsystem::xorg($enable = hiera('nodo::subsystem::xorg::enable', false)) { if $xorg != false { file { "/etc/X11/xorg.conf": ensure => present, diff --git a/manifests/subsystems/database.pp b/manifests/subsystems/database.pp deleted file mode 100644 index beedfa6..0000000 --- a/manifests/subsystems/database.pp +++ /dev/null @@ -1,52 +0,0 @@ -class database { - class { 'mysql::server': } - - # See http://www.smilecouple.org/2011/03/01/fix-out-of-resource-problem-with-mysql - file { '/etc/security/limits.d/mysql.conf': - ensure => absent, - owner => root, - group => root, - mode => 0644, - content => "mysql soft nofile 24000\nmysql hard nofile 32000\n", - } - - # Avoid Errcode: 24 - file { '/etc/mysql/conf.d/mysqld_open_files_limit.cnf': - ensure => present, - owner => root, - group => root, - mode => 0644, - content => "[mysqld]\nopen-files-limit = 500000\n", - notify => Service['mysql'], - } - - backupninja::mysql { "all_databases": - backupdir => '/var/backups/mysql', - compress => true, - sqldump => true, - sqldumpoptions => '--lock-tables --complete-insert --add-drop-table --quick --quote-names --single-transaction', - } - - # Database definitions - define instance($password, $ensure = 'present', $privileges = "all") { - include mysql::server - - mysql_database { "${name}": - ensure => $ensure, - require => Service['mysql'], - } - - mysql_user { "${name}@%": - ensure => $ensure, - password_hash => mysql_password($password), - require => Mysql_database["${name}"], - } - - if $ensure == 'present' { - mysql_grant { "${name}@%/${name}": - privileges => $privileges, - require => Mysql_user["${name}@%"], - } - } - } -} diff --git a/manifests/subsystems/domain.pp b/manifests/subsystems/domain.pp deleted file mode 100644 index eb3551f..0000000 --- a/manifests/subsystems/domain.pp +++ /dev/null @@ -1,39 +0,0 @@ -# See -# http://prefetch.net/code/domain-check -# http://www.cyberciti.biz/tips/howto-monitor-domain-expiration-renew-date.html -# http://www.cyberciti.biz/tips/domain-check-script.html -class domain { - file { "/usr/local/bin/domain-check": - ensure => present, - owner => "root", - group => "root", - mode => 755, - source => "puppet://$server/modules/nodo/bin/domain-check", - } - - define check($interval = '60', $email = 'root', $hour = '0', - $minute = '0', $weekday = '0', - $file = false, $ensure = present) { - - $cert_check = "/usr/local/bin/domain-check -a -q -x ${interval} -e ${email}" - - case $file { - true: { - $command = "$cert_check -f ${file}" - } - false, default: { - $command = "$cert_check -d ${name}" - } - } - - cron { "domain-check-${name}": - command => "$command >/dev/null 2>&1", - user => root, - hour => $hour, - minute => $minute, - weekday => $weekday, - ensure => $ensure, - require => File["/usr/local/bin/domain-check"], - } - } -} diff --git a/manifests/subsystems/firewall.pp b/manifests/subsystems/firewall.pp deleted file mode 100644 index 221f281..0000000 --- a/manifests/subsystems/firewall.pp +++ /dev/null @@ -1,208 +0,0 @@ -# firewall definitions for physical servers -class firewall( - $local_net = hiera('nodo::firewall::local_net', false), - $in_bandwidth = hiera('nodo::firewall::in_bandwidth', '2mbit'), - $out_bandwidth = hiera('nodo::firewall::out_bandwidth', '2mbit'), - $eth0_options = hiera('nodo::firewall::eth0_options', 'tcpflags,blacklist,routefilter,nosmurfs,logmartians') -) { - class { 'shorewall': } - - $rfc1918 = $local_net ? { - true => true, - false => false, - default => false, - } - - # - # Interfaces - # - shorewall::interface { 'eth0': - zone => '-', - rfc1918 => $rfc1918, - options => $eth0_options, - } - - # - # Policy - # - shorewall::policy { 'vm-net': - sourcezone => 'vm', - destinationzone => 'net', - policy => 'ACCEPT', - order => 1, - } - - shorewall::policy { 'fw-net': - sourcezone => '$FW', - destinationzone => 'net', - policy => 'ACCEPT', - order => 2, - } - - shorewall::policy { 'fw-vm': - sourcezone => '$FW', - destinationzone => 'vm', - policy => 'ACCEPT', - order => 3, - } - - shorewall::policy { 'net-all': - sourcezone => 'net', - destinationzone => 'all', - policy => 'DROP', - order => 4, - } - - shorewall::policy { 'all-all': - sourcezone => 'all', - destinationzone => 'all', - policy => 'REJECT', - order => 90, - } - - # - # Hosts - # - shorewall::host { "eth0-subnet": - name => 'eth0:192.168.0.0/24', - zone => 'vm', - options => '', - order => '1', - } - - shorewall::host { "eth0": - name => 'eth0:0.0.0.0/0', - zone => 'net', - options => '', - order => '2', - } - - shorewall::masq { "eth0": - interface => 'eth0:!192.168.0.0/24', - source => '192.168.0.0/24', - order => '1', - } - - # - # Rules - # - shorewall::rule { 'ssh': - action => 'SSH/ACCEPT', - source => 'net', - destination => '$FW', - proto => '-', - destinationport => '-', - ratelimit => '-', - order => 100, - } - - shorewall::rule { 'ping': - action => 'Ping/ACCEPT', - source => 'net', - destination => '$FW', - proto => '-', - destinationport => '-', - ratelimit => '-', - order => 101, - } - - shorewall::rule { 'http': - action => 'HTTP/ACCEPT', - source => 'net', - destination => '$FW', - proto => '-', - destinationport => '-', - ratelimit => '-', - order => 102, - } - - # SSL computational DoS mitigation - # See http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html - shorewall::rule { 'https': - action => 'HTTPS/ACCEPT', - source => 'net', - destination => '$FW', - proto => '-', - destinationport => '-', - ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'), - order => 103, - } - - $munin_port = $node_munin_port ? { - '' => "4900", - default => "$node_munin_port", - } - - shorewall::rule { "munin": - action => 'ACCEPT', - source => 'net', - destination => '$FW', - proto => 'tcp', - destinationport => "$munin_port", - ratelimit => '-', - order => 104, - } - - # - # Zones - # - shorewall::zone { 'vm': - type => 'ipv4', - order => '2', - } - - shorewall::zone { 'net': - type => 'ipv4', - order => '3', - } - - shorewall::zone { 'loc': - type => 'ipv4', - order => 4, - } - - # - # Traffic shapping - # - shorewall::tcdevices { "eth0": - in_bandwidth => "$in_bandwidth", - out_bandwidth => "$out_bandwidth", - } - - shorewall::tcrules { "ssh-tcp": - order => "1", - source => "0.0.0.0/0", - destination => "0.0.0.0/0", - protocol => "tcp", - ports => "22", - } - - shorewall::tcrules { "ssh-udp": - order => "1", - source => "0.0.0.0/0", - destination => "0.0.0.0/0", - protocol => "udp", - ports => "22", - } - - shorewall::tcclasses { "ssh": - order => "1", - interface => "eth0", - rate => "4*full/100", - ceil => "full", - priority => "1", - } - - shorewall::tcclasses { "default": - order => "2", - interface => "eth0", - rate => "6*full/100", - ceil => "full", - priority => "2", - options => "default", - } - - if $local_net == true { - class { "firewall::local": } - } -} diff --git a/manifests/subsystems/firewall/local.pp b/manifests/subsystems/firewall/local.pp deleted file mode 100644 index f17680e..0000000 --- a/manifests/subsystems/firewall/local.pp +++ /dev/null @@ -1,47 +0,0 @@ -class firewall::local( - $network = hiera('nodo::firewall::local::network', '192.168.1.0/24'), - $interface = hiera('nodo::firewall::local::interface', 'eth0'), - $manage_host = hiera('nodo::firewall::local::manage_host', True), - $manage_interface = hiera('nodo::firewall::local::manage_iface', false) -) { - - if $manage_host { - shorewall::host { "$interface-loc": - name => "$interface:$network", - zone => 'loc', - options => '', - order => 3, - } - } - - if $manage_interface { - shorewall::interface { "$interface": - zone => 'loc', - rfc1918 => true, - dhcp => true, - options => 'routeback', - } - } - - shorewall::policy { 'loc-all': - sourcezone => 'loc', - destinationzone => 'all', - policy => 'ACCEPT', - order => 5, - } - - shorewall::policy { 'vm-loc': - sourcezone => 'vm', - destinationzone => 'loc', - policy => 'ACCEPT', - order => 6, - } - - shorewall::policy { 'fw-loc': - sourcezone => '$FW', - destinationzone => 'loc', - policy => 'ACCEPT', - order => 7, - } - -} diff --git a/manifests/subsystems/firewall/mpd.pp b/manifests/subsystems/firewall/mpd.pp deleted file mode 100644 index 5724952..0000000 --- a/manifests/subsystems/firewall/mpd.pp +++ /dev/null @@ -1,21 +0,0 @@ -class firewall::mpd { - # MPD http stream - shorewall::rule { 'mpd-http-stream': - source => 'net', - destination => '$FW', - proto => 'tcp', - destinationport => '8000', - order => 200, - action => 'ACCEPT'; - } - - # MPD client access - shorewall::rule { 'mpd-daemon': - source => 'net', - destination => '$FW', - proto => 'tcp', - destinationport => '6600', - order => 200, - action => 'ACCEPT'; - } -} diff --git a/manifests/subsystems/firewall/nas.pp b/manifests/subsystems/firewall/nas.pp deleted file mode 100644 index c6eaf72..0000000 --- a/manifests/subsystems/firewall/nas.pp +++ /dev/null @@ -1,152 +0,0 @@ -class firewall::nas { - # Basic firewall rules - include shorewall::rules::ftp - include shorewall::rules::tftp - include shorewall::rules::http - include shorewall::rules::nfsd - include shorewall::rules::rsync - include firewall::printer - include firewall::torrent - include firewall::mpd - - # Additional ports needed by NFS - # Got using rpcinfo -p and netstat -ap - shorewall::rule { 'nfs-1': - action => 'ACCEPT', - source => 'net', - destination => '$FW', - proto => 'tcp', - destinationport => '35150,43902,46661,46661,46661,50340,54814,57170,58403,59780', - ratelimit => '-', - order => 100, - } - - shorewall::rule { 'nfs-2': - action => 'ACCEPT', - source => 'net', - destination => '$FW', - proto => 'udp', - destinationport => '938,38511,43195,53081,53081,53081,38521,45238,52664,52400,60331', - ratelimit => '-', - order => 100, - } - - # See http://www.shorewall.net/samba.htm - shorewall::rule { 'samba': - action => 'SMB/ACCEPT', - source => 'net', - destination => '$FW', - proto => '-', - destinationport => '-', - ratelimit => '-', - order => 100, - } - - shorewall::rule { 'netbios-1': - action => 'ACCEPT', - source => 'net', - destination => '$FW', - proto => 'tcp', - destinationport => '137,138,139', - ratelimit => '-', - order => 100, - } - - shorewall::rule { 'netbios-2': - action => 'ACCEPT', - source => 'net', - destination => '$FW', - proto => 'udp', - destinationport => '137,138,139', - ratelimit => '-', - order => 100, - } - - # DLNA - # - # https://wiki.archlinux.org/index.php/MiniDLNA - # http://netpatia.blogspot.co.uk/2011/03/setup-your-own-dlna-server.html - # http://wiki.alpinelinux.org/wiki/IPTV_How_To - # http://mediatomb.cc/dokuwiki/faq:faq - # http://packages.debian.org/wheezy/djmount - # http://packages.debian.org/wheezy/gupnp-tools - # - # Optional: - # - # http://www.shorewall.net/UPnP.html - # - # linux-igd package - # /etc/default/linux-igd - # /etc/upnpd.conf - - shorewall::rule { "dlna-1": - action => 'ACCEPT', - source => 'net', - destination => '$FW', - proto => 'tcp,udp', - destinationport => "1900", - ratelimit => '-', - order => 102, - } - - shorewall::rule { "dlna-2": - action => 'ACCEPT', - source => 'net', - destination => '$FW', - proto => 'tcp,udp', - destinationport => "8200", - ratelimit => '-', - order => 103, - } - - shorewall::rule { "dlna-3": - action => 'allowinUPnP', - source => 'net', - destination => '$FW', - order => 104, - } - - shorewall::rule { "dlna-4": - action => 'forwardUPnP', - source => 'net', - destination => '$FW', - order => 105, - } - - # Enable multicast - augeas { 'enable_multicast': - changes => 'set /files/etc/shorewall/shorewall.conf/MULTICAST Yes', - lens => 'Shellvars.lns', - incl => '/etc/shorewall/shorewall.conf', - notify => Service[shorewall]; - } - - # DAAP - shorewall::rule { 'daap-1': - source => 'net', - destination => '$FW', - proto => 'tcp', - destinationport => '3689', - order => 300, - action => 'ACCEPT'; - } - - shorewall::rule { 'daap-2': - source => 'net', - destination => '$FW', - proto => 'udp', - destinationport => '3689', - order => 301, - action => 'ACCEPT'; - } - - # Avahi/mDNS - shorewall::rule { 'mdns': - source => 'net', - destination => '$FW', - proto => 'udp', - destinationport => '5353', - order => 400, - action => 'ACCEPT'; - } -} diff --git a/manifests/subsystems/firewall/openvpn.pp b/manifests/subsystems/firewall/openvpn.pp deleted file mode 100644 index 2d3e6d1..0000000 --- a/manifests/subsystems/firewall/openvpn.pp +++ /dev/null @@ -1,36 +0,0 @@ -class firewall::openvpn { - shorewall::zone { 'vpn': - type => 'ipv4', - order => 4, - } - - shorewall::interface { 'tun0': - zone => 'vpn', - } - - shorewall::policy { 'loc-vpn': - sourcezone => 'loc', - destinationzone => 'vpn', - policy => 'ACCEPT', - order => 20, - } - - shorewall::policy { 'vpn-loc': - sourcezone => 'vpn', - destinationzone => 'loc', - policy => 'ACCEPT', - order => 21, - } - - shorewall::policy { 'fw-vpn': - sourcezone => '$FW', - destinationzone => 'vpn', - policy => 'ACCEPT', - order => 22, - } - - shorewall::tunnel { 'openvpn': - tunnel_type => 'openvpnclient', - zone => 'net', - } -} diff --git a/manifests/subsystems/firewall/ppp.pp b/manifests/subsystems/firewall/ppp.pp deleted file mode 100644 index 3082e92..0000000 --- a/manifests/subsystems/firewall/ppp.pp +++ /dev/null @@ -1,31 +0,0 @@ -class firewall::ppp { - shorewall::zone { 'ppp': - type => 'ipv4', - order => 4, - } - - shorewall::interface { 'ppp0': - zone => 'ppp', - } - - shorewall::policy { 'loc-ppp': - sourcezone => 'loc', - destinationzone => 'ppp', - policy => 'ACCEPT', - order => 30, - } - - shorewall::policy { 'ppp-loc': - sourcezone => 'ppp', - destinationzone => 'loc', - policy => 'ACCEPT', - order => 31, - } - - shorewall::policy { 'fw-ppp': - sourcezone => '$FW', - destinationzone => 'ppp', - policy => 'ACCEPT', - order => 32, - } -} diff --git a/manifests/subsystems/firewall/printer.pp b/manifests/subsystems/firewall/printer.pp deleted file mode 100644 index b44f65a..0000000 --- a/manifests/subsystems/firewall/printer.pp +++ /dev/null @@ -1,21 +0,0 @@ -class firewall::printer { - shorewall::rule { "cups-tcp": - action => 'ACCEPT', - source => 'net', - destination => '$FW', - proto => 'tcp', - destinationport => "631", - ratelimit => '-', - order => 200, - } - - shorewall::rule { "cups-udp": - action => 'ACCEPT', - source => 'net', - destination => '$FW', - proto => 'udp', - destinationport => "631", - ratelimit => '-', - order => 201, - } -} diff --git a/manifests/subsystems/firewall/redirect.pp b/manifests/subsystems/firewall/redirect.pp deleted file mode 100644 index 7a9734a..0000000 --- a/manifests/subsystems/firewall/redirect.pp +++ /dev/null @@ -1,14 +0,0 @@ -class firewall::redirect::ssh($destinationport) { - # When the box is in an internal network and we want to provide - # and external access through a shared real IP, we have to - # redirect requests coming from another port to port 22. - shorewall::rule { "ssh-redirect-1": - action => 'DNAT', - source => 'net', - destination => "fw:$ipaddress:22", - proto => 'tcp', - destinationport => $destinationport, - ratelimit => '-', - order => $destinationport, - } -} diff --git a/manifests/subsystems/firewall/router.pp b/manifests/subsystems/firewall/router.pp deleted file mode 100644 index 7fa2db3..0000000 --- a/manifests/subsystems/firewall/router.pp +++ /dev/null @@ -1,401 +0,0 @@ -class firewall::router::http($destination, $zone = 'loc', $originaldest = $ipaddress) { - shorewall::rule { 'http-route-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:80", - proto => 'tcp', - destinationport => '80', - ratelimit => '-', - order => 600, - } - - shorewall::rule { 'http-route-2': - action => 'DNAT', - source => '$FW', - destination => "fw:$destination:80", - proto => 'tcp', - destinationport => '80', - originaldest => "$originaldest", - ratelimit => '-', - order => 601, - } -} - -class firewall::router::https($destination, $zone = 'loc', $originaldest = $ipaddress) { - shorewall::rule { 'https-route-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:443", - proto => 'tcp', - destinationport => '443', - ratelimit => '-', - order => 602, - } - - shorewall::rule { 'https-route-2': - action => 'DNAT', - source => '$FW', - destination => "fw:$destination:443", - proto => 'tcp', - destinationport => '443', - originaldest => "$originaldest", - ratelimit => '-', - order => 602, - } -} - -class firewall::router::puppetmaster($destination, $puppetmaster_port = '8140', - $puppetmaster_nonssl_port = '8141', $zone = 'loc', - $originaldest = $ipaddress) { - shorewall::rule { 'puppetmaster-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:$puppetmaster_port", - proto => 'tcp', - destinationport => "$puppetmaster_port", - ratelimit => '-', - order => 700, - } - - shorewall::rule { 'puppetmaster-2': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:$puppetmaster_port", - proto => 'udp', - destinationport => "$puppetmaster_port", - ratelimit => '-', - order => 701, - } - - shorewall::rule { 'puppetmaster-3': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:$puppetmaster_port", - proto => 'tcp', - destinationport => "$puppetmaster_port", - originaldest => "$originaldest", - ratelimit => '-', - order => 702, - } - - shorewall::rule { 'puppetmaster-4': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:$puppetmaster_port", - proto => 'udp', - destinationport => "$puppetmaster_port", - originaldest => "$originaldest", - ratelimit => '-', - order => 703, - } - - shorewall::rule { 'puppetmaster-5': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:$puppetmaster_nonssl_port", - proto => 'tcp', - destinationport => "$puppetmaster_nonssl_port", - ratelimit => '-', - order => 704, - } - - shorewall::rule { 'puppetmaster-6': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:$puppetmaster_nonssl_port", - proto => 'udp', - destinationport => "$puppetmaster_nonssl_port", - ratelimit => '-', - order => 705, - } - - shorewall::rule { 'puppetmaster-7': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:$puppetmaster_nonssl_port", - proto => 'tcp', - destinationport => "$puppetmaster_nonssl_port", - originaldest => "$originaldest", - ratelimit => '-', - order => 706, - } - - shorewall::rule { 'puppetmaster-8': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:$puppetmaster_nonssl_port", - proto => 'udp', - destinationport => "$puppetmaster_nonssl_port", - originaldest => "$originaldest", - ratelimit => '-', - order => 707, - } -} - -class firewall::router::gitd($destination, $zone = 'loc', $originaldest = $ipaddress) { - shorewall::rule { 'git-daemon-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:9418", - proto => 'tcp', - destinationport => '9418', - ratelimit => '-', - order => 800, - } - - shorewall::rule { 'git-daemon-2': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:9418", - proto => 'tcp', - destinationport => '9418', - originaldest => "$originaldest", - ratelimit => '-', - order => 801, - } -} - -class firewall::router::icecast($destination, $zone = 'loc', $originaldest = $ipaddress) { - shorewall::rule { 'icecast-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:8000", - proto => 'tcp', - destinationport => '8000', - ratelimit => '-', - order => 900, - } - - shorewall::rule { 'icecast-2': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:8000", - proto => 'tcp', - destinationport => '8000', - originaldest => "$originaldest", - ratelimit => '-', - order => 901, - } -} - -class firewall::router::mail($destination, $zone = 'loc', $originaldest = $ipaddress) { - shorewall::rule { 'mail-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:25", - proto => 'tcp', - destinationport => '25', - ratelimit => '-', - order => 1000, - } - - shorewall::rule { 'mail-2': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:25", - proto => 'tcp', - destinationport => '25', - originaldest => "$originaldest", - ratelimit => '-', - order => 1001, - } - - shorewall::rule { 'mail-3': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:993", - proto => 'tcp', - destinationport => '993', - ratelimit => '-', - order => 1002, - } - - shorewall::rule { 'mail-4': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:993", - proto => 'tcp', - destinationport => '993', - originaldest => "$originaldest", - ratelimit => '-', - order => 1003, - } - - shorewall::rule { 'mail-5': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:587", - proto => 'tcp', - destinationport => '587', - ratelimit => '-', - order => 1004, - } - - shorewall::rule { 'mail-6': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:587", - proto => 'tcp', - destinationport => '587', - originaldest => "$originaldest", - ratelimit => '-', - order => 1005, - } -} - -define firewall::router::ssh($destination, $port_orig = '22', $port_dest = '', $zone = 'loc', - $originaldest = $ipaddress) { - shorewall::rule { "ssh-$name-1": - action => 'DNAT', - source => 'net', - destination => $port_dest ? { - '' => "$zone:$destination", - default => "$zone:$destination:$port_dest", - }, - proto => 'tcp', - destinationport => "$port_orig", - ratelimit => '-', - order => "2$port_orig", - } - - shorewall::rule { "ssh-$name-2": - action => 'DNAT', - source => '$FW', - destination => $port_dest ? { - '' => "$zone:$destination", - default => "$zone:$destination:$port_dest", - }, - proto => 'tcp', - destinationport => "$port_orig", - originaldest => "$originaldest", - ratelimit => '-', - order => "2$port_orig", - } -} - -define firewall::router::munin($destination, $port_orig, $port_dest = '', $zone = 'loc', - $order = '400', $originaldest = $ipaddress) { - shorewall::rule { "munin-$name-1": - action => 'DNAT', - source => 'net', - destination => $port_dest ? { - '' => "$zone:$destination", - default => "$zone:$destination:$port_dest", - }, - proto => 'tcp', - destinationport => "$port_orig", - ratelimit => '-', - order => $order, - } - - shorewall::rule { "munin-$name-2": - action => 'DNAT', - source => '$FW', - destination => $port_dest ? { - '' => "$zone:$destination", - default => "$zone:$destination:$port_dest", - }, - proto => 'tcp', - destinationport => "$port_orig", - originaldest => "$originaldest", - ratelimit => '-', - order => $order, - } -} - -class firewall::router::torrent($destination, $zone = 'loc', $originaldest = $ipaddress) { - shorewall::rule { "torrent-tcp-1": - action => 'DNAT', - source => 'net', - destination => "$zone:$destination", - proto => 'tcp', - destinationport => "6881:6999", - ratelimit => '-', - order => 200, - } - - shorewall::rule { "torrent-tcp-2": - action => 'DNAT', - source => 'all', - destination => "$zone:$destination", - proto => 'tcp', - destinationport => "6881:6999", - originaldest => "$originaldest", - ratelimit => '-', - order => 200, - } - - shorewall::rule { "torrent-udp-1": - action => 'DNAT', - source => 'net', - destination => "$zone:$destination", - proto => 'udp', - destinationport => "6881:6999", - ratelimit => '-', - order => 201, - } - - shorewall::rule { "torrent-udp-2": - action => 'DNAT', - source => 'all', - destination => "$zone:$destination", - proto => 'udp', - destinationport => "6881:6999", - originaldest => "$originaldest", - ratelimit => '-', - order => 201, - } -} - -class firewall::router::gobby($destination, $zone = 'loc', $originaldest = $ipaddress) { - shorewall::rule { 'gobby-route-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:6523", - proto => 'tcp', - destinationport => '6523', - ratelimit => '-', - order => 600, - } - - shorewall::rule { 'gobby-route-2': - action => 'DNAT', - source => '$FW', - destination => "fw:$destination:6523", - proto => 'tcp', - destinationport => '6523', - originaldest => "$originaldest", - ratelimit => '-', - order => 601, - } -} - -# See http://www.shorewall.net/FAQ.htm#faq2 -define firewall::router::hairpinning($order = '5000', $proto = 'tcp', $port = 'www', - $external_ip = '$ETH0_IP', $interface = 'eth1', - $destination = '192.168.1.100', $source = 'eth1', - $source_zone = 'loc', $dest_zone = 'loc', - $port_dest = '') { - shorewall::masq { "routeback-$name": - interface => "$interface:$destination", - source => $source, - address => $external_ip, - proto => $proto, - port => $port, - order => $order, - } - - shorewall::rule { "routeback-$name": - action => 'DNAT', - source => $source_zone, - destination => $port_dest ? { - '' => "$dest_zone:$destination", - default => "$dest_zone:$destination:$port_dest", - }, - proto => $proto, - destinationport => $port, - ratelimit => '-', - order => $order, - originaldest => $external_ip, - } -} diff --git a/manifests/subsystems/firewall/torrent.pp b/manifests/subsystems/firewall/torrent.pp deleted file mode 100644 index 2dc8451..0000000 --- a/manifests/subsystems/firewall/torrent.pp +++ /dev/null @@ -1,21 +0,0 @@ -class firewall::torrent { - shorewall::rule { "torrent-tcp": - action => 'ACCEPT', - source => 'net', - destination => '$FW', - proto => 'tcp', - destinationport => "6881:6999", - ratelimit => '-', - order => 200, - } - - shorewall::rule { "torrent-udp": - action => 'ACCEPT', - source => 'net', - destination => '$FW', - proto => 'udp', - destinationport => "6881:6999", - ratelimit => '-', - order => 201, - } -} diff --git a/manifests/subsystems/firewall/ups.pp b/manifests/subsystems/firewall/ups.pp deleted file mode 100644 index 042fcdc..0000000 --- a/manifests/subsystems/firewall/ups.pp +++ /dev/null @@ -1,11 +0,0 @@ -class firewall::ups { - shorewall::rule { "ups": - action => 'ACCEPT', - source => 'net', - destination => '$FW', - proto => 'tcp', - destinationport => "3551", - ratelimit => '-', - order => 200, - } -} diff --git a/manifests/subsystems/firewall/vserver.pp b/manifests/subsystems/firewall/vserver.pp deleted file mode 100644 index 702acc9..0000000 --- a/manifests/subsystems/firewall/vserver.pp +++ /dev/null @@ -1,524 +0,0 @@ -class firewall::vserver::http($destination, $zone = 'vm') { - shorewall::rule { 'http-route-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:80", - proto => 'tcp', - destinationport => '80', - ratelimit => '-', - order => 600, - } - - shorewall::rule { 'http-route-2': - action => 'DNAT', - source => '$FW', - destination => "fw:$destination:80", - proto => 'tcp', - destinationport => '80', - originaldest => "$ipaddress", - ratelimit => '-', - order => 601, - } -} - -class firewall::vserver::https($destination, $zone = 'vm') { - shorewall::rule { 'https-route-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:443", - proto => 'tcp', - destinationport => '443', - ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'), - order => 602, - } - - shorewall::rule { 'https-route-2': - action => 'DNAT', - source => '$FW', - destination => "fw:$destination:443", - proto => 'tcp', - destinationport => '443', - originaldest => "$ipaddress", - ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'), - order => 602, - } -} - -class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140', $puppetmaster_nonssl_port = '8141', $zone = 'fw') { - shorewall::rule { 'puppetmaster-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:$puppetmaster_port", - proto => 'tcp', - destinationport => "$puppetmaster_port", - ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'), - order => 700, - } - - shorewall::rule { 'puppetmaster-2': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:$puppetmaster_port", - proto => 'udp', - destinationport => "$puppetmaster_port", - ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'), - order => 701, - } - - shorewall::rule { 'puppetmaster-3': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:$puppetmaster_port", - proto => 'tcp', - destinationport => "$puppetmaster_port", - originaldest => "$ipaddress", - ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'), - order => 702, - } - - shorewall::rule { 'puppetmaster-4': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:$puppetmaster_port", - proto => 'udp', - destinationport => "$puppetmaster_port", - originaldest => "$ipaddress", - ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'), - order => 703, - } - - shorewall::rule { 'puppetmaster-5': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:$puppetmaster_nonssl_port", - proto => 'tcp', - destinationport => "$puppetmaster_nonssl_port", - ratelimit => '-', - order => 704, - } - - shorewall::rule { 'puppetmaster-6': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:$puppetmaster_nonssl_port", - proto => 'udp', - destinationport => "$puppetmaster_nonssl_port", - ratelimit => '-', - order => 705, - } - - shorewall::rule { 'puppetmaster-7': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:$puppetmaster_nonssl_port", - proto => 'tcp', - destinationport => "$puppetmaster_nonssl_port", - originaldest => "$ipaddress", - ratelimit => '-', - order => 706, - } - - shorewall::rule { 'puppetmaster-8': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:$puppetmaster_nonssl_port", - proto => 'udp', - destinationport => "$puppetmaster_nonssl_port", - originaldest => "$ipaddress", - ratelimit => '-', - order => 707, - } -} - -class firewall::vserver::gitd($destination, $zone = 'fw') { - shorewall::rule { 'git-daemon-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:9418", - proto => 'tcp', - destinationport => '9418', - ratelimit => '-', - order => 800, - } - - shorewall::rule { 'git-daemon-2': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:9418", - proto => 'tcp', - destinationport => '9418', - originaldest => "$ipaddress", - ratelimit => '-', - order => 801, - } -} - -class firewall::vserver::icecast($destination, $zone = 'fw') { - shorewall::rule { 'icecast-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:8000", - proto => 'tcp', - destinationport => '8000', - ratelimit => '-', - order => 900, - } - - shorewall::rule { 'icecast-2': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:8000", - proto => 'tcp', - destinationport => '8000', - originaldest => "$ipaddress", - ratelimit => '-', - order => 901, - } -} - -class firewall::vserver::mail($destination, $zone = 'fw') { - shorewall::rule { 'mail-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:25", - proto => 'tcp', - destinationport => '25', - ratelimit => '-', - order => 1000, - } - - shorewall::rule { 'mail-2': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:25", - proto => 'tcp', - destinationport => '25', - originaldest => "$ipaddress", - ratelimit => '-', - order => 1001, - } - - shorewall::rule { 'mail-3': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:993", - proto => 'tcp', - destinationport => '993', - ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'), - order => 1002, - } - - shorewall::rule { 'mail-4': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:993", - proto => 'tcp', - destinationport => '993', - originaldest => "$ipaddress", - ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'), - order => 1003, - } - - shorewall::rule { 'mail-5': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:587", - proto => 'tcp', - destinationport => '587', - ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'), - order => 1004, - } - - shorewall::rule { 'mail-6': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:587", - proto => 'tcp', - destinationport => '587', - originaldest => "$ipaddress", - ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'), - order => 1005, - } -} - -define firewall::vserver::ssh($destination, $port_orig = '22', $port_dest = '', $zone = 'vm') { - shorewall::rule { "ssh-$name-1": - action => 'DNAT', - source => 'net', - destination => $port_dest ? { - '' => "$zone:$destination", - default => "$zone:$destination:$port_dest", - }, - proto => 'tcp', - destinationport => "$port_orig", - ratelimit => '-', - order => "2$port_orig", - } - - shorewall::rule { "ssh-$name-2": - action => 'DNAT', - source => '$FW', - destination => $port_dest ? { - '' => "fw:$destination", - default => "fw:$destination:$port_dest", - }, - proto => 'tcp', - destinationport => "$port_orig", - originaldest => "$ipaddress", - ratelimit => '-', - order => "2$port_orig", - } -} - -define firewall::vserver::munin($destination, $port_orig, $port_dest = '', $order = '400', $zone = 'fw') { - shorewall::rule { "munin-$name-1": - action => 'DNAT', - source => 'net', - destination => $port_dest ? { - '' => "$zone:$destination", - default => "$zone:$destination:$port_dest", - }, - proto => 'tcp', - destinationport => "$port_orig", - ratelimit => '-', - order => $order, - } - - shorewall::rule { "munin-$name-2": - action => 'DNAT', - source => '$FW', - destination => $port_dest ? { - '' => "$zone:$destination", - default => "$zone:$destination:$port_dest", - }, - proto => 'tcp', - destinationport => "$port_orig", - originaldest => "$ipaddress", - ratelimit => '-', - order => $order, - } -} - -class firewall::vserver::dns($destination, $zone = 'vm') { - shorewall::rule { 'dns-route-0': - action => 'DNS/ACCEPT', - source => 'net', - destination => '$FW', - proto => '-', - destinationport => '-', - ratelimit => '-', - order => 2000, - } - - shorewall::rule { 'dns-route-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:53", - proto => 'tcp', - destinationport => '53', - ratelimit => '-', - order => 2001, - } - - shorewall::rule { 'dns-route-2': - action => 'DNAT', - source => '$FW', - destination => "fw:$destination:53", - proto => 'tcp', - destinationport => '53', - originaldest => "$ipaddress", - ratelimit => '-', - order => 2002, - } - - shorewall::rule { 'dns-route-3': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:53", - proto => 'udp', - destinationport => '53', - ratelimit => '-', - order => 2003, - } - - shorewall::rule { 'dns-route-4': - action => 'DNAT', - source => '$FW', - destination => "fw:$destination:53", - proto => 'udp', - destinationport => '53', - originaldest => "$ipaddress", - ratelimit => '-', - order => 2004, - } -} - -class firewall::vserver::tor($destination, $zone = 'fw') { - shorewall::rule { 'tor-0': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:9001", - proto => 'tcp', - destinationport => '9001', - ratelimit => '-', - order => 2100, - } - - shorewall::rule { 'tor-1': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:9001", - proto => 'tcp', - destinationport => '9001', - originaldest => "$ipaddress", - ratelimit => '-', - order => 2101, - } - - shorewall::rule { 'tor-2': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:9030", - proto => 'tcp', - destinationport => '9030', - ratelimit => '-', - order => 2102, - } - - shorewall::rule { 'tor-3': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:9030", - proto => 'tcp', - destinationport => '9030', - originaldest => "$ipaddress", - ratelimit => '-', - order => 2103, - } -} - -class firewall::vserver::jabber($destination, $zone = 'fw') { - shorewall::rule { 'jabber-0': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:5222", - proto => 'tcp', - destinationport => '5222', - ratelimit => '-', - order => 2200, - } - - shorewall::rule { 'jabber-1': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:5223", - proto => 'tcp', - destinationport => '5223', - originaldest => "$ipaddress", - ratelimit => '-', - order => 2201, - } - - shorewall::rule { 'jabber-2': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:5269", - proto => 'tcp', - destinationport => '5269', - ratelimit => '-', - order => 2202, - } - - shorewall::rule { 'jabber-3': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:4369", - proto => 'tcp', - destinationport => '4369', - originaldest => "$ipaddress", - ratelimit => '-', - order => 2203, - } - - shorewall::rule { 'jabber-4': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:4370", - proto => 'tcp', - destinationport => '4370:4375', - originaldest => "$ipaddress", - ratelimit => '-', - order => 2204, - } -} - -class firewall::vserver::mumble($destination, $zone = 'fw') { - shorewall::rule { 'mumble-0': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:64738", - proto => 'tcp', - destinationport => '64738', - ratelimit => '-', - order => 2300, - } - - shorewall::rule { 'mumble-1': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:64738", - proto => 'udp', - destinationport => '64738', - originaldest => "$ipaddress", - ratelimit => '-', - order => 2301, - } -} - -class firewall::vserver::gobby($destination, $zone = 'fw') { - shorewall::rule { 'gobby-0': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:6523", - proto => 'tcp', - destinationport => '6523', - ratelimit => '-', - order => 2400, - } -} - -class firewall::vserver::yacy($destination, $zone = 'fw') { - shorewall::rule { 'yacy-0': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:8090", - proto => 'tcp', - destinationport => '8090', - ratelimit => '-', - order => 2500, - } -} - -class firewall::vserver::rsync($destination, $zone = 'fw') { - shorewall::rule { 'rsync-0': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:873", - proto => 'tcp', - destinationport => '873', - ratelimit => '-', - order => 2600, - } -} - -class firewall::vserver::mdns($destination, $zone = 'fw') { - shorewall::rule { 'mdns-0': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:5353", - proto => 'tcp', - destinationport => '5353', - ratelimit => '-', - order => 2700, - } -} diff --git a/manifests/subsystems/firewall/wifi.pp b/manifests/subsystems/firewall/wifi.pp deleted file mode 100644 index 161d402..0000000 --- a/manifests/subsystems/firewall/wifi.pp +++ /dev/null @@ -1,50 +0,0 @@ -class firewall::wifi { - $rfc1918 = $shorewall_local_net ? { - true => true, - false => false, - default => false, - } - - # Default device depends if madwifi or - # built-in kernel driver is being used - $wifi_default_device = $lsbdistcodename ? { - 'lenny' => 'ath0', - default => 'wlan0', - } - - $wifi_dev = $wifi_device ? { - '' => $wifi_default_device, - default => $wifi_device, - } - - # - # Interfaces - # - shorewall::interface { "$wifi_dev": - zone => '-', - rfc1918 => $rfc1918, - } - - # - # Hosts - # - shorewall::host { "$wifi_dev-subnet": - name => "$wifi_dev:192.168.0.0/24", - zone => 'vm', - options => '', - order => 1, - } - - shorewall::host { "$wifi_dev": - name => "$wifi_dev:0.0.0.0/0", - zone => 'net', - options => '', - order => 2, - } - - shorewall::masq { "$wifi_dev": - interface => "$wifi_dev:!192.168.0.0/24", - source => '192.168.0.0/24', - order => 1, - } -} diff --git a/manifests/subsystems/firewire.pp b/manifests/subsystems/firewire.pp deleted file mode 100644 index 088e194..0000000 --- a/manifests/subsystems/firewire.pp +++ /dev/null @@ -1,9 +0,0 @@ -class firewire { - # make sure ohci1394 is not loaded - # see http://padrao.sarava.org/trac/wiki/Debian/Firewire - # see also the modprobe class - exec { "rmmod ohci1394": - unless => "/bin/sh -c 'if `grep -q ^ohci1394 /proc/modules`; then false; else true; fi'", - user => "root", - } -} diff --git a/manifests/subsystems/onion.pp b/manifests/subsystems/onion.pp deleted file mode 100644 index 64a41f8..0000000 --- a/manifests/subsystems/onion.pp +++ /dev/null @@ -1,54 +0,0 @@ -class onion { - class { 'tor::daemon': } - - # It's important to use a subdir from the tor datadir - # to ease backup/restore procedures as we don't mix - # hidden service data with other tor files. - file { "${tor::daemon::data_dir}/hidden": - ensure => directory, - owner => 'debian-tor', - group => 'debian-tor', - mode => 0700, - } -} - -class onion::socks inherits onion { - # Default tor daemon configuration - tor::daemon::socks { 'socks': - port => 9050, - listen_addresses => [ '127.0.0.1' ], - } -} - -class onion::freenode inherits onion::socks { - # Freenode via Tor - # http://freenode.net/irc_servers.shtml - # http://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/ - # http://freenode.net/sasl/sasl-irssi.shtml - # https://wiki.archlinux.org/index.php/Tor - tor::daemon::map_address { 'freenode': - address => '10.40.40.40', - newaddress => 'p4fsi4ockecnea7l.onion', - } -} - -class onion::ssh { - tor::daemon::hidden_service { 'ssh': - ports => [ "22 127.0.0.1:22" ], - data_dir => "${tor::daemon::data_dir}/hidden", - ensure => present, - } -} - -class onion::full inherits onion::freenode { - include onion::ssh - - # Currently tor management just works for debian - case $::operatingsystem { - debian: { - include tor::polipo - } - default: { } - } - -} diff --git a/manifests/subsystems/schroot.pp b/manifests/subsystems/schroot.pp deleted file mode 100644 index 58d6dee..0000000 --- a/manifests/subsystems/schroot.pp +++ /dev/null @@ -1,26 +0,0 @@ -class schroot { - package { 'schroot': - ensure => installed, - } - - file { '/etc/schroot/default/fstab': - ensure => present, - owner => root, - group => root, - mode => 0644, - require => Package['schroot'], - source => [ "puppet:///modules/site_nodo/etc/schroot/default/${::fqdn}/fstab", - "puppet:///modules/nodo/etc/schroot/default/fstab" ] - } - - define instance($instance_type = 'plain', $description, $directory, $users, $groups, $aliases, $ensure = present) { - file { "/etc/schroot/chroot.d/${name}": - ensure => $ensure, - owner => root, - group => root, - mode => 0644, - require => Package['schroot'], - content => template('nodo/schroot/schroot.conf.erb'), - } - } -} diff --git a/manifests/subsystems/ssh.pp b/manifests/subsystems/ssh.pp deleted file mode 100644 index f15931d..0000000 --- a/manifests/subsystems/ssh.pp +++ /dev/null @@ -1,101 +0,0 @@ -# Base class -class ssh_folder { - if !defined(File["${home}/.ssh"]) { - file { "${home}/.ssh": - ensure => directory, - owner => $owner, - group => $group, - mode => 0700, - } - } -} - -# Manage ssh config for a particular user -define ssh_config($owner, $home = '/home/$owner', $ssh_localhost_auth = false) { - include ssh_folder - - file { "${home}/.ssh/config": - ensure => present, - owner => $owner, - group => $group, - mode => 0600, - require => File["${home}/.ssh"], - } - - # The NoHostAuthenticationForLocalhost ssh option might be useful - # for automated deployment environments so your ikiwiki user doesn't - # get stuck with the fingerprint confirmation prompt when pushing - # content via ssh in the first time it runs. - line { 'NoHostAuthenticationForLocalhost-${owner}': - file => "${home}/.ssh/config", - line => "NoHostAuthenticationForLocalhost yes", - ensure => $ssh_localhost_auth ? { - 'auto' => present, - 'fingerprint' => absent, - default => absent, - }, - } -} - -# Manage known_hosts for a particular user -define ssh_known_host($owner, $home = '/home/$owner', $ssh_localhost_auth = false) { - include ssh_folder - - file { "${home}/.ssh/known_hosts": - ensure => present, - owner => $owner, - group => $group, - mode => 0600, - require => File["${home}/.ssh"], - } - - # You can choose to include the host's fingeprints - # directly into the known_hosts file. - if $::sshrsakey != '' { - line { 'known_hosts-localhost-rsa-${owner}': - file => "${home}/.ssh/known_hosts", - line => "localhost ssh-rsa ${::sshrsakey}", - ensure => $ssh_localhost_auth ? { - 'fingerprint' => present, - 'auto' => undef, - default => undef, - }, - } - } - - if $::sshdsakey != '' { - line { 'known_hosts-localhost-dsa-${owner}': - file => "${home}/.ssh/known_hosts", - line => "localhost ssh-dss ${::sshdsakey}", - ensure => $ssh_localhost_auth ? { - 'fingerprint' => present, - 'auto' => undef, - default => undef, - }, - } - } - - if $::sshecdsakey != '' { - line { 'known_hosts-localhost-ecdsa-${owner}': - file => "${home}/.ssh/known_hosts", - line => "localhost ecdsa-sha2-nistp256 ${::sshedsakey}", - ensure => $ssh_localhost_auth ? { - 'fingerprint' => present, - 'auto' => undef, - default => undef, - }, - } - } -} - -define ssh_create_key($owner, $group, $keyfile = 'id_rsa', $home = '/home/$owner') { - include ssh_folder - - exec { "ssh-keygen-${owner}": - command => "ssh-keygen -t rsa -P '' -f ${home}/.ssh/${keyfile}", - creates => "${home}/.ssh/${keyfile}", - user => $owner, - group => $group, - require => File["${home}/.ssh"], - } -} diff --git a/manifests/subsystems/tunnel.pp b/manifests/subsystems/tunnel.pp deleted file mode 100644 index 47384df..0000000 --- a/manifests/subsystems/tunnel.pp +++ /dev/null @@ -1,148 +0,0 @@ -# autossh tunnel interface -# -# TODO: User handling should be put somewhere. Here we are duplicating -# code from backupninja module. Further developments should consider -# have an unified user handling, maybe at puppet-user. -# -# For now, it's important to preserve the 'backupninja-' like tag -# otherwise the behavior of this code will conflict with backupninja -# and we'll see strange things like exported resources not being -# realized. - -# this define realizes all needed resources for a hosted tunnel -define tunnel_server_realize($host) { - User <<| tag == "backupninja-${host}" |>> - File <<| tag == "backupninja-${host}" |>> - Ssh_authorized_key <<| tag == "backupninja-${host}" |>> -} - -class tunnel { - - # collect all resources from hosted tunnels - Tunnel_server_realize <<| tag == "${::fqdn}" |>> - - define setup($ensure = present, $user = $hostname, $host, $localport, $hostport, $sshport = '22', $keytype = 'rsa', $root_mail_recipient = hiera('mail::root_mail_recipient', 'nobody')) { - $dir = "/var/backups/remote/${user}.${::domain}" - $tag = "backupninja-${::fqdn}" - $ssh_dir = "${dir}/.ssh" - - autossh::tunnel { $name: - ensure => $ensure, - user => 'root', - remote_user => $user, - port => $localport, - hostport => $hostport, - host => $host, - remote_host => $host, - sshport => $sshport, - } - - if !defined(Tunnel_server_realize["${::hostname}@${host}"]) { - # this defines just maps that $host host an user environment for $fdqn - @@tunnel_server_realize { "${::hostname}@${host}": - host => $::fqdn, - tag => $host, - } - } - - if !defined(File["${dir}"]) { - @@file { "${dir}": - ensure => directory, - mode => 0750, - owner => $user, - group => 0, - tag => "${tag}", - } - } - - if !defined(File["${ssh_dir}"]) { - @@file { "${ssh_dir}": - ensure => directory, - mode => 0700, - owner => $user, - group => 0, - require => [User[$user], File["${dir}"]], - tag => "${tag}", - } - } - - if !defined(File["${ssh_dir}/authorized_keys"]) { - @@file { "${ssh_dir}/authorized_keys": - ensure => present, - mode => 0644, - owner => 0, - group => 0, - source => "puppet:///modules/site_keys/${user}_id_${keytype}.pub", - require => File["${ssh_dir}"], - tag => "${tag}", - } - } - - if !defined(User["{$user}"]) { - @@user { "${user}": - ensure => "present", - comment => "${user} backup sandbox", - home => "${dir}", - gid => "backupninjas", - managehome => true, - shell => "/bin/sh", - password => '*', - require => Group['backupninjas'], - tag => "${tag}" - } - } - } - - define mail ($sshport = '22') { - package { "nullmailer": - ensure => installed, - } - - service { "nullmailer": - ensure => 'running', - require => Package['nullmailer'], - } - - file { "/etc/mailname": - ensure => present, - owner => root, - group => root, - mode => 0644, - content => "${::fqdn}\n", - notify => Service["nullmailer"], - } - - file { "/etc/nullmailer": - ensure => directory, - owner => root, - group => root, - mode => 0755, - } - - file { "/etc/nullmailer/remotes": - ensure => present, - owner => root, - group => root, - mode => 0644, - content => "localhost smtp --port=2525\n", - notify => Service["nullmailer"], - require => File["/etc/nullmailer"], - } - - file { "/etc/nullmailer/adminaddr": - ensure => present, - owner => root, - group => root, - mode => 0644, - content => "$root_mail_recipient\n", - require => File["/etc/nullmailer"], - } - - tunnel::setup { "smtp": - host => "${name}.${::domain}", - sshport => "${sshport}", - localport => '2525', - hostport => '25', - } - } -} diff --git a/manifests/subsystems/ups.pp b/manifests/subsystems/ups.pp deleted file mode 100644 index 184be46..0000000 --- a/manifests/subsystems/ups.pp +++ /dev/null @@ -1,26 +0,0 @@ -class ups( - $include = hiera('nodo::ups::include', false), - $type = hiera('nodo::ups::type', 'usb'), - $cable = hiera('nodo::ups::cable', 'usb'), - $dev = hiera('nodo::ups::dev', '/dev/usb/hiddev0'), - $nisip = hiera('nodo::ups::nisip', '127.0.0.1'), - $polltime = hiera('nodo::ups::polltime', '60'), - $onbatterydelay = hiera('nodo::ups::onbatterydelay', '6'), - $batterylevel = hiera('nodo::ups::batterylevel', '5'), - $minutes = hiera('nodo::ups::minutes', '3') -) { - case $include { - true: { - class { "apcupsd": - upstype => $type, - cable => $cable, - device => $dev, - nisip => $nisip, - polltime => $polltime, - onbatterydelay => $onbatterydelay, - batterylevel => $batterylevel, - minutes => $minutes, - } - } - } -} diff --git a/manifests/subsystems/utils/firmware.pp b/manifests/subsystems/utils/firmware.pp deleted file mode 100644 index b0bf9ca..0000000 --- a/manifests/subsystems/utils/firmware.pp +++ /dev/null @@ -1,11 +0,0 @@ -class utils::firmware { - package { 'firmware-linux': - ensure => installed, - } -} - -class utils::firmware::realtek { - package { 'firmware-realtek': - ensure => installed, - } -} diff --git a/manifests/subsystems/utils/personal.pp b/manifests/subsystems/utils/personal.pp deleted file mode 100644 index fe6fb89..0000000 --- a/manifests/subsystems/utils/personal.pp +++ /dev/null @@ -1,20 +0,0 @@ -# Common utilities for personal -class utils::personal { - case $::operatingsystem { - debian: { - include utils::personal::debian - } - default: { } - } -} - -class utils::personal::bundle { - include utils::office - include utils::interface - include utils::network - include utils::development - include utils::security - include utils::multimedia - include utils::ruby - include utils::java -} diff --git a/manifests/subsystems/utils/storage.pp b/manifests/subsystems/utils/storage.pp deleted file mode 100644 index 6a52e16..0000000 --- a/manifests/subsystems/utils/storage.pp +++ /dev/null @@ -1,12 +0,0 @@ -# Common utilities for storage -class utils::storage { - package { 'clamav': - ensure => installed, - } -} - -class utils::storage::archive { - package { 'git-annex': - ensure => installed, - } -} diff --git a/manifests/subsystems/websites.pp b/manifests/subsystems/websites.pp deleted file mode 100644 index 6fa764b..0000000 --- a/manifests/subsystems/websites.pp +++ /dev/null @@ -1,151 +0,0 @@ -class websites::setup { - # Third-party hosted nodes generally aren't behind an https proxy - $hosting_type = hiera('nodo::vserver::hosting_type', 'direct') - - # Include apache - class { 'apache': - https_proxy => $hosting_type ? { - 'direct' => 'yes', - default => false, - }, - } - - # The needed apache modules - apache::module { "alias": - ensure => present, - } - - # Images folder - file { "${apache::www_folder}/images": - ensure => directory, - recurse => true, - purge => true, - force => true, - owner => "root", - group => "root", - # This mode will also apply to files from the source directory - mode => 0644, - # Puppet will automatically set +x for directories - source => [ "puppet:///modules/site_apache/htdocs/${::domain}/images", - "puppet:///modules/nodo/htdocs/images", ] - } - - # Web index - file { "${apache::www_folder}/index.html": - ensure => present, - owner => "root", - group => "root", - mode => 0644, - source => [ "puppet:///modules/site_apache/htdocs/${::domain}/index.html", - "puppet:///modules/nodo/htdocs/index.html", ] - } - - # Missing page - file { "${apache::www_folder}/missing.html": - ensure => present, - owner => "root", - group => "root", - mode => 0644, - source => [ "puppet:///modules/site_apache/htdocs/${::domain}/missing.html", - "puppet:///modules/nodo/htdocs/missing.html", ] - } - - # Make sure that a top level index exists - file { "/var/www/index.html": - ensure => present, - } - - # Default vhost: can just be applied on the defining host - apache::site { "${apache::server_name}": - server_alias => "${::domain}", - docroot => "${apache::www_folder}", - mpm => false, - tag => 'all', - } - - # We have to use 'zzz-error' so it will be the last matched vhost - apache::site { "error": - template => 'apache/error.erb', - docroot => "${apache::error_folder}", - filename => 'zzz-error', - mpm => false, - tag => 'all', - } - - # Index page for error - file { "${apache::error_folder}/index.html": - ensure => "${apache::www_folder}/index.html", - owner => "root", - group => "root", - force => true, - require => File["${apache::error_folder}"], - } - - # Images folder for error - file { "${apache::error_folder}/images": - ensure => "${apache::www_folder}/images", - owner => "root", - group => "root", - force => true, - require => File["${apache::error_folder}", "${apache::www_folder}/images"], - } - -} - -class websites::hosting inherits websites::setup { - # Include the needed classes for website hosting - include php - include trac - include websvn - include moin - include apache::rails - - # Declare the needed classes for website hosting - class { [ 'drupal', 'ikiwiki', 'pmwiki', 'hotglue', 'wordpress' ]: } - class { - 'viewvc': - root_parents => "/var/svn : svn"; - } - - $git_daemon = hiera('nodo::web::git_daemon', True) - - if $git_daemon != false { - class { 'gitweb': } - } - - apache::site { "images": - docroot => "${apache::www_folder}/images", - mpm => false, - tag => 'all', - } - - # Remove untagged site instances - Apache::Site <| tag != $::hostname and tag != 'all' |> { - ensure => absent, - } - - # Remove untagged database instances - Database::Instance <| tag != $::hostname and tag != 'all' |> { - ensure => absent, - } - - # Remove untagged ikiwiki instances - Ikiwiki::Instance <| tag != $::hostname and tag != 'all' |> { - ensure => absent, - } -} - -class websites::hosting::admin inherits websites::setup { - # Include the needed classes for admin interfaces - include trac - include gitweb -} - -class websites::dev::setup inherits websites::setup { - # Include the needed classes for website development - include php - include apache::rails - - # Declare the needed classes for website development - class { 'drupal': } -} diff --git a/manifests/test.pp b/manifests/test.pp deleted file mode 100644 index 7195fc2..0000000 --- a/manifests/test.pp +++ /dev/null @@ -1,3 +0,0 @@ -class nodo::test inherits nodo::web { - # Class for test nodes -} diff --git a/manifests/tor.pp b/manifests/tor.pp deleted file mode 100644 index 11ba480..0000000 --- a/manifests/tor.pp +++ /dev/null @@ -1,4 +0,0 @@ -class nodo::tor inherits nodo::vserver { - include tor::daemon - include utils::tor -} diff --git a/manifests/subsystems/utils.pp b/manifests/utils.pp index 09487bd..9f499af 100644 --- a/manifests/subsystems/utils.pp +++ b/manifests/utils.pp @@ -1,5 +1,5 @@ # Common utilities -class utils { +class nodo::utils { package { [ 'screen', 'less', 'bzip2', 'openssl', 'lynx', 'wget', 'unzip', 'nmap', 'telnet', 'tree', 'whois', 'dosfstools', 'dnsutils', 'logcheck-database', 'bc', 'lsof', 'wipe', 'vrms', 'nsca-client', 'logcheck', 'vim-nox' ]: diff --git a/manifests/subsystems/utils/desktop.pp b/manifests/utils/desktop.pp index 22dd2ed..9001b59 100644 --- a/manifests/subsystems/utils/desktop.pp +++ b/manifests/utils/desktop.pp @@ -1,5 +1,5 @@ # Common utilities for desktop -class utils::desktop { +class nodo::utils::desktop { package { 'cups': ensure => installed, } diff --git a/manifests/subsystems/utils/development.pp b/manifests/utils/development.pp index 7d1e19a..6c85bef 100644 --- a/manifests/subsystems/utils/development.pp +++ b/manifests/utils/development.pp @@ -1,4 +1,4 @@ -class utils::development { +class nodo::utils::development { # Development package { [ 'debhelper', 'gitk', 'git-gui', 'subversion', 'python-stdeb', 'fakeroot', 'dupload', 'autotools-dev', 'dh-make', 'doxygen', @@ -11,18 +11,5 @@ class utils::development { ensure => installed, } - include utils::storage::archive -} - -class utils::development::virtual { - package { 'vagrant': - ensure => $::lsbdistcodename ? { - 'squeeze' => absent, - default => present, - } - } - - package { [ 'virtualbox-guest-additions-iso', 'virtualbox-fuse', 'qemu', 'qemu-kvm' ]: - ensure => present, - } + include nodo::utils::storage::archive } diff --git a/manifests/utils/development/virtual.pp b/manifests/utils/development/virtual.pp new file mode 100644 index 0000000..011253e --- /dev/null +++ b/manifests/utils/development/virtual.pp @@ -0,0 +1,12 @@ +class nodo::utils::development::virtual { + package { 'vagrant': + ensure => $::lsbdistcodename ? { + 'squeeze' => absent, + default => present, + } + } + + package { [ 'virtualbox-guest-additions-iso', 'virtualbox-fuse', 'qemu', 'qemu-kvm' ]: + ensure => present, + } +} diff --git a/manifests/subsystems/utils/dns.pp b/manifests/utils/dns.pp index 3c7c422..57bb992 100644 --- a/manifests/subsystems/utils/dns.pp +++ b/manifests/utils/dns.pp @@ -1,4 +1,4 @@ -class utils::dns { +class nodo::utils::dns { package { 'dnstop': ensure => installed, } diff --git a/manifests/utils/firmware.pp b/manifests/utils/firmware.pp new file mode 100644 index 0000000..ccdae37 --- /dev/null +++ b/manifests/utils/firmware.pp @@ -0,0 +1,5 @@ +class nodo::utils::firmware { + package { 'firmware-linux': + ensure => installed, + } +} diff --git a/manifests/utils/firmware/iwlwifi.pp b/manifests/utils/firmware/iwlwifi.pp new file mode 100644 index 0000000..0dd761a --- /dev/null +++ b/manifests/utils/firmware/iwlwifi.pp @@ -0,0 +1,6 @@ +# Wireless support +class nodo::utils::firmware::iwlwifi { + package { 'firmware-iwlwifi': + ensure => present, + } +} diff --git a/manifests/utils/firmware/realtek.pp b/manifests/utils/firmware/realtek.pp new file mode 100644 index 0000000..77d916a --- /dev/null +++ b/manifests/utils/firmware/realtek.pp @@ -0,0 +1,5 @@ +class nodo::utils::firmware::realtek { + package { 'firmware-realtek': + ensure => installed, + } +} diff --git a/manifests/utils/grub.pp b/manifests/utils/grub.pp new file mode 100644 index 0000000..1d24458 --- /dev/null +++ b/manifests/utils/grub.pp @@ -0,0 +1,5 @@ +class nodo::utils::grub { + package { 'grub2': + ensure => installed, + } +} diff --git a/manifests/subsystems/utils/hamradio.pp b/manifests/utils/hamradio.pp index e4ded0a..6915650 100644 --- a/manifests/subsystems/utils/hamradio.pp +++ b/manifests/utils/hamradio.pp @@ -1,4 +1,4 @@ -class utils::hamradio { +class nodo::utils::hamradio { package { 'aldo': ensure => present, } diff --git a/manifests/subsystems/utils/interface.pp b/manifests/utils/interface.pp index b19456d..c43bad7 100644 --- a/manifests/subsystems/utils/interface.pp +++ b/manifests/utils/interface.pp @@ -1,4 +1,4 @@ -class utils::interface { +class nodo::utils::interface { # Interface package { [ 'awesome', 'eterm', 'weather-util', 'gnome-terminal', 'conky', 'xterm', 'bash-completion', 'tmux', 'xscreensaver', 'thunar', diff --git a/manifests/subsystems/utils/java.pp b/manifests/utils/java.pp index 15668c3..a14635f 100644 --- a/manifests/subsystems/utils/java.pp +++ b/manifests/utils/java.pp @@ -1,4 +1,4 @@ -class utils::java { +class nodo::utils::java { # Java package { [ 'sun-java6-jre' ]: ensure => absent, diff --git a/manifests/utils/laptop.pp b/manifests/utils/laptop.pp new file mode 100644 index 0000000..9a1e42c --- /dev/null +++ b/manifests/utils/laptop.pp @@ -0,0 +1,9 @@ +# Common utilities for laptop +class nodo::utils::laptop { + case $::operatingsystem { + debian: { + include utils::laptop::debian + } + default: { } + } +} diff --git a/manifests/subsystems/utils/laptop.pp b/manifests/utils/laptop/debian.pp index 1f962d3..e4c769c 100644 --- a/manifests/subsystems/utils/laptop.pp +++ b/manifests/utils/laptop/debian.pp @@ -1,15 +1,5 @@ -# Common utilities for laptop -class utils::laptop { - case $::operatingsystem { - debian: { - include utils::laptop::debian - } - default: { } - } -} - # Common utilities for debian laptops -class utils::laptop::debian { +class nodo::utils::laptop::debian { package { [ 'cpufrequtils', 'module-assistant', 'wireless-tools', 'wpasupplicant', 'ekiga', 'mumble', 'revelation', 'arp-scan', 'usb-modeswitch', diff --git a/manifests/utils/microcode/intel.pp b/manifests/utils/microcode/intel.pp new file mode 100644 index 0000000..b4d12bc --- /dev/null +++ b/manifests/utils/microcode/intel.pp @@ -0,0 +1,8 @@ +class nodo::utils::microcode::intel { + # Microcode + # See https://wiki.archlinux.org/index.php/Microcode + # http://en.gentoo-wiki.com/wiki/Intel_Microcode + package { 'intel-microcode': + ensure => present, + } +} diff --git a/manifests/subsystems/utils/multimedia.pp b/manifests/utils/multimedia.pp index 83bd70e..d1a498f 100644 --- a/manifests/subsystems/utils/multimedia.pp +++ b/manifests/utils/multimedia.pp @@ -1,18 +1,5 @@ # Multimedia utilities -class utils::multimedia::studio { - package { [ 'ardour', 'hydrogen', ]: - ensure => installed, - } -} - -class utils::multimedia::ripper { - # CD writers and extractors - package { [ 'ripit', 'asunder', 'wodim', 'genisoimage', 'dvd+rw-tools' ]: - ensure => installed, - } -} - -class utils::multimedia { +class nodo::utils::multimedia { # Multimedia package { [ 'alsa-tools-gui', 'mp3blaster', 'alsa-utils', 'netpbm', 'gqview', 'mpg123', 'audacious', 'qjackctl', @@ -59,9 +46,3 @@ class utils::multimedia { require => Package['flashplugin-nonfree'], } } - -class utils::multimedia::mediacenter { - package { [ 'xbmc', 'upnp-inspector', 'gupnp-tools' ]: - ensure => present, - } -} diff --git a/manifests/utils/multimedia/mediacenter.pp b/manifests/utils/multimedia/mediacenter.pp new file mode 100644 index 0000000..3d8f241 --- /dev/null +++ b/manifests/utils/multimedia/mediacenter.pp @@ -0,0 +1,5 @@ +class nodo::utils::multimedia::mediacenter { + package { [ 'xbmc', 'upnp-inspector', 'gupnp-tools' ]: + ensure => present, + } +} diff --git a/manifests/utils/multimedia/ripper.pp b/manifests/utils/multimedia/ripper.pp new file mode 100644 index 0000000..83d7029 --- /dev/null +++ b/manifests/utils/multimedia/ripper.pp @@ -0,0 +1,6 @@ +class nodo::utils::multimedia::ripper { + # CD writers and extractors + package { [ 'ripit', 'asunder', 'wodim', 'genisoimage', 'dvd+rw-tools' ]: + ensure => installed, + } +} diff --git a/manifests/utils/multimedia/studio.pp b/manifests/utils/multimedia/studio.pp new file mode 100644 index 0000000..3d9966d --- /dev/null +++ b/manifests/utils/multimedia/studio.pp @@ -0,0 +1,5 @@ +class nodo::utils::multimedia::studio { + package { [ 'ardour', 'hydrogen', ]: + ensure => installed, + } +} diff --git a/manifests/subsystems/utils/network.pp b/manifests/utils/network.pp index 9c60341..196038a 100644 --- a/manifests/subsystems/utils/network.pp +++ b/manifests/utils/network.pp @@ -1,52 +1,4 @@ -class utils::network::irssi { - package { [ 'irssi', 'bitlbee', 'irssi-scripts' ]: - ensure => installed, - } - - # See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695150 - #package { 'irssi-plugin-otr': - # ensure => installed, - #} - - # These are needed by the cap_sasl.pl irssi plugin - package { [ 'libcrypt-blowfish-perl', 'libcrypt-dh-perl', 'libcrypt-openssl-bignum-perl' ]: - ensure => installed, - } - - # Not on wheezy - package { 'irssi-plugin-silc': - ensure => $::lsbdistcodename ? { - 'wheezy' => absent, - default => present, - } - } -} - -class utils::network::torrent { - package { [ 'rtorrent' ]: - ensure => installed, - } -} - -class utils::network::minimal { - include utils::network::irssi - include utils::network::torrent - - package { 'unison': - ensure => installed, - } - - # For backwards compatibility - # See addversionno unison config parameter - package { 'unison2.32.52': - ensure => $::lsbdistcodename ? { - 'wheezy' => present, - default => absent, - } - } -} - -class utils::network inherits utils::network::minimal { +class nodo::utils::network inherits nodo::utils::network::minimal { # Network package { [ 'mutt', 'offlineimap', 'newsbeuter', 'nicotine', 'sshfs', @@ -126,21 +78,3 @@ class utils::network inherits utils::network::minimal { require => Package['iceweasel'], } } - -class utils::network::analyzer { - package { [ 'tshark' ]: - ensure => installed, - } -} - -class utils::network::samba { - package { [ 'smbclient', 'cifs-utils' ]: - ensure => installed, - } -} - -class utils::network::nfs { - package { 'nfs-common': - ensure => installed, - } -} diff --git a/manifests/utils/network/analyzer.pp b/manifests/utils/network/analyzer.pp new file mode 100644 index 0000000..64ed803 --- /dev/null +++ b/manifests/utils/network/analyzer.pp @@ -0,0 +1,5 @@ +class nodo::utils::network::analyzer { + package { [ 'tshark' ]: + ensure => installed, + } +} diff --git a/manifests/utils/network/irssi.pp b/manifests/utils/network/irssi.pp new file mode 100644 index 0000000..e476a0d --- /dev/null +++ b/manifests/utils/network/irssi.pp @@ -0,0 +1,23 @@ +class nodo::utils::network::irssi { + package { [ 'irssi', 'bitlbee', 'irssi-scripts' ]: + ensure => installed, + } + + # See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695150 + #package { 'irssi-plugin-otr': + # ensure => installed, + #} + + # These are needed by the cap_sasl.pl irssi plugin + package { [ 'libcrypt-blowfish-perl', 'libcrypt-dh-perl', 'libcrypt-openssl-bignum-perl' ]: + ensure => installed, + } + + # Not on wheezy + package { 'irssi-plugin-silc': + ensure => $::lsbdistcodename ? { + 'wheezy' => absent, + default => present, + } + } +} diff --git a/manifests/utils/network/minimal.pp b/manifests/utils/network/minimal.pp new file mode 100644 index 0000000..51c4efe --- /dev/null +++ b/manifests/utils/network/minimal.pp @@ -0,0 +1,17 @@ +class nodo::utils::network::minimal { + include nodo::utils::network::irssi + include nodo::utils::network::torrent + + package { 'unison': + ensure => installed, + } + + # For backwards compatibility + # See addversionno unison config parameter + package { 'unison2.32.52': + ensure => $::lsbdistcodename ? { + 'wheezy' => present, + default => absent, + } + } +} diff --git a/manifests/utils/network/nfs.pp b/manifests/utils/network/nfs.pp new file mode 100644 index 0000000..9abe38e --- /dev/null +++ b/manifests/utils/network/nfs.pp @@ -0,0 +1,5 @@ +class nodo::utils::network::nfs { + package { 'nfs-common': + ensure => installed, + } +} diff --git a/manifests/utils/network/samba.pp b/manifests/utils/network/samba.pp new file mode 100644 index 0000000..c53e5e5 --- /dev/null +++ b/manifests/utils/network/samba.pp @@ -0,0 +1,5 @@ +class nodo::utils::network::samba { + package { [ 'smbclient', 'cifs-utils' ]: + ensure => installed, + } +} diff --git a/manifests/utils/network/torrent.pp b/manifests/utils/network/torrent.pp new file mode 100644 index 0000000..154b24c --- /dev/null +++ b/manifests/utils/network/torrent.pp @@ -0,0 +1,5 @@ +class nodo::utils::network::torrent { + package { [ 'rtorrent' ]: + ensure => installed, + } +} diff --git a/manifests/subsystems/utils/office.pp b/manifests/utils/office.pp index 0b4ca19..4c96670 100644 --- a/manifests/subsystems/utils/office.pp +++ b/manifests/utils/office.pp @@ -1,4 +1,4 @@ -class utils::office { +class nodo::utils::office { # Office package { [ 'wyrd', 'vim-gtk', 'gobby', 'sc', 'antiword', 'dia', diff --git a/manifests/utils/personal.pp b/manifests/utils/personal.pp new file mode 100644 index 0000000..5202216 --- /dev/null +++ b/manifests/utils/personal.pp @@ -0,0 +1,9 @@ +# Common utilities for personal +class nodo::utils::personal { + case $::operatingsystem { + debian: { + include nodo::utils::personal::debian + } + default: { } + } +} diff --git a/manifests/utils/personal/bundle.pp b/manifests/utils/personal/bundle.pp new file mode 100644 index 0000000..e8cf4b9 --- /dev/null +++ b/manifests/utils/personal/bundle.pp @@ -0,0 +1,10 @@ +class nodo::utils::personal::bundle { + include nodo::utils::office + include nodo::utils::interface + include nodo::utils::network + include nodo::utils::development + include nodo::utils::security + include nodo::utils::multimedia + include nodo::utils::ruby + include nodo::utils::java +} diff --git a/manifests/subsystems/utils/debian.pp b/manifests/utils/personal/debian.pp index be4b4ad..592ed3e 100644 --- a/manifests/subsystems/utils/debian.pp +++ b/manifests/utils/personal/debian.pp @@ -1,4 +1,4 @@ -class utils::personal::debian { +class nodo::utils::personal::debian { # System package { [ 'libpam-mount', 'ecryptfs-utils', 'gawk', 'laptop-detect', 'syslinux', 'ack-grep', 'mtp-tools' ]: diff --git a/manifests/subsystems/utils/physical.pp b/manifests/utils/physical.pp index 3fbd28c..78ff767 100644 --- a/manifests/subsystems/utils/physical.pp +++ b/manifests/utils/physical.pp @@ -1,5 +1,5 @@ # Common utilities for physical -class utils::physical { +class nodo::utils::physical { package { [ 'nload', 'acpid', 'slurm', 'ethtool', 'parted', 'iftop', 'iptraf', 'htop', 'sdparm' ]: ensure => installed, } diff --git a/manifests/subsystems/utils/plug.pp b/manifests/utils/plug.pp index e018f10..861c346 100644 --- a/manifests/subsystems/utils/plug.pp +++ b/manifests/utils/plug.pp @@ -1,5 +1,5 @@ # Common utilities for plug computers -class utils::plug { +class nodo::utils::plug { package { [ 'mtd-utils', 'cryptsetup', 'u-boot', 'smartmontools' ]: ensure => installed, } diff --git a/manifests/subsystems/utils/ruby.pp b/manifests/utils/ruby.pp index 8923ff0..14c770d 100644 --- a/manifests/subsystems/utils/ruby.pp +++ b/manifests/utils/ruby.pp @@ -1,4 +1,4 @@ -class utils::ruby { +class nodo::utils::ruby { # Gem packages package { 'capistrano': ensure => installed, diff --git a/manifests/subsystems/utils/security.pp b/manifests/utils/security.pp index 9e4f362..0f26688 100644 --- a/manifests/subsystems/utils/security.pp +++ b/manifests/utils/security.pp @@ -1,4 +1,4 @@ -class utils::security { +class nodo::utils::security { # Security package { [ 'apg', 'gnupg-agent', 'makepasswd', 'pwgen', 'fpm2', 'encfs', 'signing-party', 'libnss3-tools', 'ssss', 'libgfshare-bin' ]: diff --git a/manifests/utils/storage.pp b/manifests/utils/storage.pp new file mode 100644 index 0000000..d4a40e6 --- /dev/null +++ b/manifests/utils/storage.pp @@ -0,0 +1,6 @@ +# Common utilities for storage +class nodo::utils::storage { + package { 'clamav': + ensure => installed, + } +} diff --git a/manifests/utils/storage/archive.pp b/manifests/utils/storage/archive.pp new file mode 100644 index 0000000..e310bf5 --- /dev/null +++ b/manifests/utils/storage/archive.pp @@ -0,0 +1,5 @@ +class nodo::utils::storage::archive { + package { 'git-annex': + ensure => installed, + } +} diff --git a/manifests/utils/thinkpad.pp b/manifests/utils/thinkpad.pp new file mode 100644 index 0000000..d595dbc --- /dev/null +++ b/manifests/utils/thinkpad.pp @@ -0,0 +1,16 @@ +class nodo::utils::thinkpad { + # Keyboard + package { 'tpb': + ensure => installed, + } + + # Thinkfan + package { 'thinkfan': + ensure => installed + } + + # HDAPS + package { 'hdapsd': + ensure => installed, + } +} diff --git a/manifests/subsystems/utils/tor.pp b/manifests/utils/tor.pp index 1a696c4..f9475a3 100644 --- a/manifests/subsystems/utils/tor.pp +++ b/manifests/utils/tor.pp @@ -1,4 +1,4 @@ -class utils::tor { +class nodo::utils::tor { package { 'tor-arm': ensure => installed, } diff --git a/manifests/utils/touchpad.pp b/manifests/utils/touchpad.pp new file mode 100644 index 0000000..a5390dd --- /dev/null +++ b/manifests/utils/touchpad.pp @@ -0,0 +1,6 @@ +class nodo::utils::touchpad { + # Touchpad + package { 'gpointing-device-settings': + ensure => present, + } +} diff --git a/manifests/subsystems/utils/web.pp b/manifests/utils/web.pp index 8b0eba9..9c2cd71 100644 --- a/manifests/subsystems/utils/web.pp +++ b/manifests/utils/web.pp @@ -1,10 +1,10 @@ # Common utilities for web -class utils::web { +class nodo::utils::web { package { [ 'ffmpeg', 'flvtool2', 'curl', 'rake', 'libxml2', 'libxml2-dev', 'libxslt1-dev', 'libmysqlclient-dev', 'g++', 'libcurl4-openssl-dev', 'apache2-prefork-dev' ]: ensure => installed, } - include utils::storage::archive + include nodo::utils::storage::archive } diff --git a/templates/schroot/schroot.conf.erb b/templates/schroot/schroot.conf.erb deleted file mode 100644 index 4210644..0000000 --- a/templates/schroot/schroot.conf.erb +++ /dev/null @@ -1,10 +0,0 @@ -# -# Managed by puppet -# -[<%= name %>] -type=<%= instance_type %> -description=<%= description %> -directory=<%= directory %> -users=<%= users %> -groups=<%= groups %> -aliases=<%= aliases %> |