diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2013-04-12 17:09:03 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2013-04-12 17:09:03 -0300 |
commit | fe1c86b8f938283e9dd8196a8b11a9648f4b49e6 (patch) | |
tree | c2d999eca03862a3e4af57e0885397adf6bbc6ec /manifests/subsystem | |
parent | ec5c750d12bdc7948bb3c04f0c72817718a0bf47 (diff) | |
download | puppet-nodo-fe1c86b8f938283e9dd8196a8b11a9648f4b49e6.tar.gz puppet-nodo-fe1c86b8f938283e9dd8196a8b11a9648f4b49e6.tar.bz2 |
Major refactor
Diffstat (limited to 'manifests/subsystem')
25 files changed, 665 insertions, 0 deletions
diff --git a/manifests/subsystem/crypttab.pp b/manifests/subsystem/crypttab.pp new file mode 100644 index 0000000..749569c --- /dev/null +++ b/manifests/subsystem/crypttab.pp @@ -0,0 +1,15 @@ +class nodo::subsystem::crypttab( + $type, + $manage = hiera('nodo::crypttab::manage', false) +) { + if $manage == true { + file { "/etc/crypttab": + source => "puppet:///modules/nodo/etc/crypttab/${type}", + owner => "root", + group => "root", + mode => 0644, + ensure => present, + notify => Exec['update-initramfs'], + } + } +} diff --git a/manifests/subsystem/dhclient.pp b/manifests/subsystem/dhclient.pp new file mode 100644 index 0000000..332dc34 --- /dev/null +++ b/manifests/subsystem/dhclient.pp @@ -0,0 +1,17 @@ +class nodo::subsystem::dhclient( + $ensure = hiera('nodo::subsystem::dhclient::ensure', 'present'), + $supersede_domain = hiera('nodo::subsystem::dhclient::supersede_domain', $::domain) +) { + package { 'isc-dhcp-client': + ensure => $ensure, + } + + file { '/etc/dhcp/dhclient.conf': + ensure => $ensure, + owner => root, + group => root, + mode => 0644, + require => Package['isc-dhcp-client'], + content => template('nodo/dhcp/dhclient.conf.erb'), + } +} diff --git a/manifests/subsystem/firewire.pp b/manifests/subsystem/firewire.pp new file mode 100644 index 0000000..104d6e9 --- /dev/null +++ b/manifests/subsystem/firewire.pp @@ -0,0 +1,8 @@ +class nodo::subsystem::firewire { + # Make sure ohci1394 is not loaded + # See http://padrao.sarava.org/trac/wiki/Debian/Firewire and the modprobe class + exec { "rmmod ohci1394": + unless => "/bin/sh -c 'if `grep -q ^ohci1394 /proc/modules`; then false; else true; fi'", + user => "root", + } +} diff --git a/manifests/subsystem/fstab.pp b/manifests/subsystem/fstab.pp new file mode 100644 index 0000000..9538f66 --- /dev/null +++ b/manifests/subsystem/fstab.pp @@ -0,0 +1,15 @@ +class nodo::subsystem::fstab( + $type, + $manage = hiera('nodo::subsystem::fstab::manage', false) +) { + if $manage == true { + file { "/etc/fstab": + source => "puppet:///modules/nodo/etc/fstab/${type}", + owner => "root", + group => "root", + mode => 0644, + ensure => present, + notify => Exec['update-initramfs'], + } + } +} diff --git a/manifests/subsystem/gdm.pp b/manifests/subsystem/gdm.pp new file mode 100644 index 0000000..fd36e99 --- /dev/null +++ b/manifests/subsystem/gdm.pp @@ -0,0 +1,66 @@ +class nodo::subsystem::gdm { + package { 'gdm': + ensure => installed, + } + + service { 'gdm': + ensure => running, + require => Package['gdm'], + } + + exec { '/usr/sbin/dpkg-reconfigure gdm': + subscribe => File['/etc/gdm/gdm.conf'], + user => root, + group => root, + refreshonly => true, + require => Service['gdm'], + } + + file { '/etc/gdm/gdm.conf': + ensure => present, + owner => root, + group => root, + mode => 0644, + source => [ "puppet:///modules/site_nodo/etc/gdm/${::domain}/gdm.conf", + "puppet:///modules/nodo/etc/gdm/gdm.conf", ] + } + + file { '/usr/share/gdm/themes/crunchbang': + ensure => directory, + recurse => true, + purge => true, + force => true, + owner => "root", + group => "root", + # This mode will also apply to files from the source directory + mode => 0644, + # Puppet will automatically set +x for directories + source => 'puppet:///modules/nodo/etc/gdm/themes/crunchbang', + } + + file { '/usr/share/gdm/themes/Tuxtastic': + ensure => directory, + recurse => true, + purge => true, + force => true, + owner => "root", + group => "root", + # This mode will also apply to files from the source directory + mode => 0644, + # Puppet will automatically set +x for directories + source => 'puppet:///modules/nodo/etc/gdm/themes/Tuxtastic', + } + + file { '/usr/share/gdm/themes/dasUberMini': + ensure => directory, + recurse => true, + purge => true, + force => true, + owner => "root", + group => "root", + # This mode will also apply to files from the source directory + mode => 0644, + # Puppet will automatically set +x for directories + source => 'puppet:///modules/nodo/etc/gdm/themes/dasUberMini', + } +} diff --git a/manifests/subsystem/gdm/disabled.pp b/manifests/subsystem/gdm/disabled.pp new file mode 100644 index 0000000..d2565ef --- /dev/null +++ b/manifests/subsystem/gdm/disabled.pp @@ -0,0 +1,18 @@ +class nodo::subsystem::gdm::disabled inherits nodo::subsystem::gdm { + File['/usr/share/gdm/themes/dasUberMini', '/usr/share/gdm/themes/Tuxtastic', + '/usr/share/gdm/themes/crunchbang', '/etc/gdm/gdm.conf' ] { + ensure => absent, + } + + Exec['/usr/sbin/dpkg-reconfigure gdm'] { + command => '/bin/true', + } + + Service['gdm'] { + ensure => stopped, + } + + Package['gdm'] { + ensure => absent, + } +} diff --git a/manifests/subsystem/gdm3.pp b/manifests/subsystem/gdm3.pp new file mode 100644 index 0000000..d708f6a --- /dev/null +++ b/manifests/subsystem/gdm3.pp @@ -0,0 +1,20 @@ +class nodo::subsystem::gdm3 { + package { 'gdm3': + ensure => installed, + } + + service { 'gdm3': + ensure => running, + require => Package['gdm3'], + } + + file { '/etc/gdm3/greeter.gsettings': + ensure => present, + owner => root, + group => root, + mode => 0644, + notify => Service['gdm3'], + source => [ "puppet:///modules/site_nodo/etc/gdm3/${::domain}/greeter.gseetings", + "puppet:///modules/nodo/etc/gdm3/greeter.gsettings", ] + } +} diff --git a/manifests/subsystem/hosts.pp b/manifests/subsystem/hosts.pp new file mode 100644 index 0000000..464bc0c --- /dev/null +++ b/manifests/subsystem/hosts.pp @@ -0,0 +1,60 @@ +class nodo::subsystem::hosts( + $custom = hiera('nodo::subsystem::hosts::custom', false) +) { + # Sometimes might be useful to manage the whole + # hosts file, see http://projects.puppetlabs.com/issues/10704 + case $custom { + true: { + file { '/etc/hosts': + ensure => present, + owner => root, + group => root, + mode => 0640, + source => "puppet:///modules/site_nodo/hosts/${::fqdn}", + } + } + default: { + host { "${::hostname}": + ensure => present, + ip => "${::ipaddress}", + host_aliases => [ "${::fqdn}" ], + } + + host { "localhost": + ensure => present, + ip => "127.0.0.1", + } + + host { "ip6-localhost": + ensure => present, + ip => "::1", + host_aliases => [ "ip6-loopback" ], + } + + host { "ip6-localnet": + ensure => present, + ip => "fe00::0", + } + + host { "ip6-mcastprefix": + ensure => present, + ip => "ff00::0", + } + + host { "ip6-allnodes": + ensure => present, + ip => "ff02::1", + } + + host { "ip6-allrouters": + ensure => present, + ip => "ff02::2", + } + + host { "ip6-allhosts": + ensure => present, + ip => "ff02::3", + } + } + } +} diff --git a/manifests/subsystem/initramfs.pp b/manifests/subsystem/initramfs.pp new file mode 100644 index 0000000..acbf1b7 --- /dev/null +++ b/manifests/subsystem/initramfs.pp @@ -0,0 +1,39 @@ +class nodo::subsystem::initramfs( + $keymap = hiera('nodo::initramfs::keymap', 'absent') +) { + # initramfs config + file { "/etc/kernel-img.conf": + owner => "root", + group => "root", + mode => 0644, + ensure => present, + content => "do_initrd = Yes\n", + } + + # initramfs config + file { "/etc/initramfs-tools/modules": + owner => "root", + group => "root", + mode => 0644, + ensure => present, + source => "puppet:///modules/nodo/etc/initramfs-tools/modules", + } + + # keymap + file { "/etc/initramfs-tools/conf.d/keymap.conf": + ensure => $keymap, + content => "KEYMAP=Y\n", + owner => "root", + group => "root", + mode => 0644, + } + + # update initramfs when needed + exec { "update-initramfs -v -t -u": + subscribe => [ File["/etc/initramfs-tools/modules"], + File["/etc/modprobe.d/blacklist"], + File["/etc/initramfs-tools/conf.d/keymap.conf"] ], + refreshonly => true, + alias => 'update-initramfs', + } +} diff --git a/manifests/subsystem/keyboard.pp b/manifests/subsystem/keyboard.pp new file mode 100644 index 0000000..b5241d7 --- /dev/null +++ b/manifests/subsystem/keyboard.pp @@ -0,0 +1,22 @@ +class nodo::subsystem::keyboard { + # Keyboard, see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=619711 + file { "/etc/default/keyboard": + ensure => present, + owner => "root", + group => "root", + mode => 0644, + source => "puppet:///modules/site_nodo/keyboard/${::hostname}" + } + + package { 'console-common': + ensure => present, + } + + file { '/etc/console/boottime.kmap.gz': + ensure => present, + owner => "root", + group => "root", + mode => 0644, + source => "puppet:///modules/site_nodo/console/boottime.kmap.gz.${::hostname}" + } +} diff --git a/manifests/subsystem/locales.pp b/manifests/subsystem/locales.pp new file mode 100644 index 0000000..c3a1f76 --- /dev/null +++ b/manifests/subsystem/locales.pp @@ -0,0 +1,28 @@ +class nodo::subsystem::locales { + package { "locales": + ensure => installed, + } + + file { "/etc/default/locale": + source => [ "puppet:///modules/site_nodo/etc/default/locale", + "puppet:///modules/nodo/etc/default/locale" ], + ensure => present, + owner => root, + group => root, + mode => 0644, + } + + file { "/etc/locale.gen": + source => [ "puppet:///modules/site_nodo/etc/locale.gen", + "puppet:///modules/nodo/etc/locale.gen" ], + ensure => present, + owner => root, + group => root, + mode => 0644, + } + + exec { "locale-gen": + refreshonly => true, + subscribe => File["/etc/locale.gen"], + } +} diff --git a/manifests/subsystem/media/folders.pp b/manifests/subsystem/media/folders.pp new file mode 100644 index 0000000..2fcc637 --- /dev/null +++ b/manifests/subsystem/media/folders.pp @@ -0,0 +1,32 @@ +class nodo::subsystem::media::folders( + $cache = hiera('nodo::subsystem::media::folders::cache', directory) +) { + # Removable media folder + file { [ "/media/usb", "/media/cdrom", "/media/tablet", "/media/phone" ]: + ensure => directory, + mode => 0755, + } + + # Media cache + file { "/var/cache/media": + ensure => $cache, + mode => 0755, + } + + # Data folder is a cache + file { "/var/data": + ensure => "/var/cache/media", + } + + # Hostname cache for general use + file { "/var/cache/${::hostname}": + ensure => directory, + mode => 0755, + } + + # Link to the media cache, useful to have unique remotes + # for git-annex in removable media + file { "/var/cache/${::hostname}/media": + ensure => "/var/cache/media", + } +} diff --git a/manifests/subsystem/media/groups.pp b/manifests/subsystem/media/groups.pp new file mode 100644 index 0000000..098ae67 --- /dev/null +++ b/manifests/subsystem/media/groups.pp @@ -0,0 +1,5 @@ +class nodo::subsystem::media::groups { + group { 'incoming': + ensure => 'present', + } +} diff --git a/manifests/subsystem/modprobe.pp b/manifests/subsystem/modprobe.pp new file mode 100644 index 0000000..be6ec42 --- /dev/null +++ b/manifests/subsystem/modprobe.pp @@ -0,0 +1,28 @@ +class nodo::subsystem::modprobe { + # Keep firewire disabled among other things + case $lsbdistcodename { + 'lenny': { + file { "/etc/modprobe.d/blacklist": + owner => "root", + group => "root", + mode => 0644, + ensure => present, + source => "puppet:///modules/nodo/etc/modprobe.d/blacklist.conf", + } + } + default: { + # Upgrade from lenny + file { "/etc/modprobe.d/blacklist": + ensure => absent, + } + + file { "/etc/modprobe.d/blacklist.conf": + owner => "root", + group => "root", + mode => 0644, + ensure => present, + source => "puppet:///modules/nodo/etc/modprobe.d/blacklist.conf", + } + } + } +} diff --git a/manifests/subsystem/monitor.pp b/manifests/subsystem/monitor.pp new file mode 100644 index 0000000..d7fa720 --- /dev/null +++ b/manifests/subsystem/monitor.pp @@ -0,0 +1,26 @@ +class nodo::subsystem::monitor( + $type = 'vserver', + $use_nagios = hiera('nodo::subsystem::monitor::use_nagios', True), + $use_fqdn = hiera('nodo::subsystem::monitor::use_nagios_fqdn', false) +) { + + if $use_nagios != false { + + if $type == 'vserver' { + include nagios::target::fqdn + nagios::service::ping { "${::fqdn}": } + } + + if $type == 'host' or $type == 'personal' { + if $use_fqdn == true { + include nagios::target::fqdn + } + else { + include nagios::target + } + nagios::service::ping { "${::fqdn}": } + } + + } + +} diff --git a/manifests/subsystem/motd.pp b/manifests/subsystem/motd.pp new file mode 100644 index 0000000..8561b38 --- /dev/null +++ b/manifests/subsystem/motd.pp @@ -0,0 +1,19 @@ +class nodo::subsystem::motd( + $network_name = hiera('nodo::motd::network_name', 'Nodo') +) { + # http://projects.reductivelabs.com/issues/1915 + file { "/var/run/motd": + owner => "root", + group => "root", + mode => 0644, + ensure => file, + content => "This is ${::fqdn} from the ${network_name}.\n", + } + + file { "/etc/motd": + owner => "root", + group => "root", + ensure => "/var/run/motd", + require => File["/var/run/motd"], + } +} diff --git a/manifests/subsystem/mount.pp b/manifests/subsystem/mount.pp new file mode 100644 index 0000000..4bf3d58 --- /dev/null +++ b/manifests/subsystem/mount.pp @@ -0,0 +1,15 @@ +class subsystem::mount { + class { autofs: } + + file { '/etc/auto.removable': + source => [ "puppet:///modules/site_nodo/etc/${::fqdn}/auto.removable", + "puppet:///modules/site_nodo/etc/${::domain}/auto.removable", + "puppet:///modules/site_nodo/etc/auto.removable", + "puppet:///modules/nodo/etc/auto.removable.${::operatingssystem}", + "puppet:///modules/nodo/etc/auto.removable" ], + notify => Service[autofs], + owner => root, + group => root, + mode => 0644; + } +} diff --git a/manifests/subsystem/pam.pp b/manifests/subsystem/pam.pp new file mode 100644 index 0000000..7186d0b --- /dev/null +++ b/manifests/subsystem/pam.pp @@ -0,0 +1,40 @@ +class nodo::subsystem::pam( + $enable = hiera('nodo::pam::enable', false) +) { + if $enable != false { + + # Squeeze only + if $::lsbdistcodename == 'squeeze' { + # pam - login + file { "/etc/pam.d/login": + source => [ "puppet:///modules/nodo/etc/pam.d/login.${::lsbdistcodename}", + "puppet:///modules/nodo/etc/pam.d/login", + ], + owner => "root", + group => "root", + mode => 0644, + ensure => present, + } + + # pam - gdm + file { "/etc/pam.d/gdm": + source => "puppet:///modules/nodo/etc/pam.d/gdm", + owner => "root", + group => "root", + mode => 0644, + ensure => present, + } + } + + # pam - mountpoints + file { "/etc/security/pam_mount.conf.xml": + ensure => present, + owner => root, + group => root, + mode => 0644, + source => [ "puppet:///modules/site_nodo/security/pam_mount.conf.xml.${::lsbdistcodename}", + "puppet:///modules/site_nodo/security/pam_mount.conf.xml", + ], + } + } +} diff --git a/manifests/subsystem/profile.pp b/manifests/subsystem/profile.pp new file mode 100644 index 0000000..b90ac65 --- /dev/null +++ b/manifests/subsystem/profile.pp @@ -0,0 +1,46 @@ +# Custom configuration for user profiles +class nodo::subsystem::profile { + file { "/etc/screenrc": + source => "puppet:///modules/nodo/etc/screenrc", + owner => "root", + group => "root", + mode => 0644, + ensure => present, + } + + # As of squeeze, custom configuration can be placed directly at + # /etc/profile.d, so in the future this file won't need to be + # managed by puppet anymore. + file { "/etc/profile": + source => [ "puppet:///modules/nodo/etc/profile.${::lsbdistcodename}", + "puppet:///modules/nodo/etc/profile", + ], + owner => "root", + group => "root", + mode => 0644, + ensure => present, + require => File['/usr/local/bin/prompt.sh'], + } + + file { "/etc/bash.bashrc": + source => "puppet:///modules/nodo/etc/bash.bashrc", + owner => "root", + group => "root", + mode => 0644, + ensure => present, + require => File['/usr/local/bin/prompt.sh'], + } + + file { "/usr/local/bin/prompt.sh": + source => "puppet:///modules/nodo/bin/prompt.sh", + owner => "root", + group => "root", + mode => 0644, + ensure => present, + } + + # This is already being sourced by bash.bashrc. + file { "/etc/profile.d/prompt.sh": + ensure => absent, + } +} diff --git a/manifests/subsystem/resolver.pp b/manifests/subsystem/resolver.pp new file mode 100644 index 0000000..46a03c6 --- /dev/null +++ b/manifests/subsystem/resolver.pp @@ -0,0 +1,27 @@ +class nodo::subsystem::resolver( + $manage = hiera('nodo::subsystem::resolver::manage', false), + $nameservers = hiera('nodo::subsystem::resolver::nameservers', ''), + $domain = hiera('nodo::subsystem::resolver::domain', $::domain), + $search = hiera('nodo::subsystem::resolver::search', $::fqdn) +) { + # DNS resolver + case $manage { + true: { + package { 'resolvconf': + ensure => present, + } + + file { '/etc/resolv.conf': + ensure => '/etc/resolvconf/run/resolv.conf', + require => Package['resolvconf'], + } + } + default: { + class { 'resolvconf': + domain => $domain, + search => $search, + nameservers => $nameservers, + } + } + } +} diff --git a/manifests/subsystem/ssh_folder.pp b/manifests/subsystem/ssh_folder.pp new file mode 100644 index 0000000..1c6ee49 --- /dev/null +++ b/manifests/subsystem/ssh_folder.pp @@ -0,0 +1,11 @@ +# Base class +class nodo::subsystem::ssh_folder { + if !defined(File["${home}/.ssh"]) { + file { "${home}/.ssh": + ensure => directory, + owner => $owner, + group => $group, + mode => 0700, + } + } +} diff --git a/manifests/subsystem/sudo.pp b/manifests/subsystem/sudo.pp new file mode 100644 index 0000000..581f8ab --- /dev/null +++ b/manifests/subsystem/sudo.pp @@ -0,0 +1,14 @@ +class nodo::subsystem::sudo { + package { "sudo": + ensure => "present", + } + + file { "/etc/sudoers": + source => [ "puppet:///modules/site_nodo/etc/sudoers/${::hostname}", + "puppet:///modules/nodo/etc/sudoers" ], + owner => "root", + group => "root", + mode => 440, + require => Package["sudo"], + } +} diff --git a/manifests/subsystem/sysctl.pp b/manifests/subsystem/sysctl.pp new file mode 100644 index 0000000..1df0348 --- /dev/null +++ b/manifests/subsystem/sysctl.pp @@ -0,0 +1,55 @@ +class nodo::subsystem::sysctl { + # Root exploit fix, see http://wiki.debian.org/mmap_min_addr + # Maybe this can be remove in the future or included in a sysctl puppet module + file { "/etc/sysctl.d/mmap_min_addr.conf": + owner => "root", + group => "root", + mode => 0644, + ensure => present, + content => "vm.mmap_min_addr = 4096\n", + } + + # See http://www.linux-vserver.org/Frequently_Asked_Questions + file { "/etc/sysctl.d/net.ipv4.conf.all.promote_secondaries.conf": + owner => "root", + group => "root", + mode => 0644, + ensure => present, + content => "net.ipv4.conf.all.promote_secondaries = 1\n", + } + + exec { "/etc/init.d/procps restart": + subscribe => File["/etc/sysctl.d/mmap_min_addr.conf", "/etc/sysctl.d/net.ipv4.conf.all.promote_secondaries.conf"], + refreshonly => true, + } + + $printk_levels = '3 4 1 3' + + file { "/etc/sysctl.d/kernel.printk.conf": + owner => "root", + group => "root", + mode => 0644, + ensure => present, + content => "kernel.printk = ${printk_levels}\n", + } + + exec { "/bin/echo '${printk_levels}' > /proc/sys/kernel/printk": + subscribe => File["/etc/sysctl.d/kernel.printk.conf"], + refreshonly => true, + } +} + +class sysctl::appliance($kernel_panic = hiera('nodo::sysctl::appliance', '20')) { + file { "/etc/sysctl.d/kernel.panic.conf": + owner => "root", + group => "root", + mode => 0644, + ensure => present, + content => "kernel.panic = ${kernel_panic}\n", + } + + exec { "/bin/echo '${kernel_panic}' > /proc/sys/kernel/panic": + subscribe => File["/etc/sysctl.d/kernel.panic.conf"], + refreshonly => true, + } +} diff --git a/manifests/subsystem/ups.pp b/manifests/subsystem/ups.pp new file mode 100644 index 0000000..d304418 --- /dev/null +++ b/manifests/subsystem/ups.pp @@ -0,0 +1,26 @@ +class nodo::subsystem::ups( + $include = hiera('nodo::subsystem::ups::include', false), + $type = hiera('nodo::subsystem::ups::type', 'usb'), + $cable = hiera('nodo::subsystem::ups::cable', 'usb'), + $dev = hiera('nodo::subsystem::ups::dev', '/dev/usb/hiddev0'), + $nisip = hiera('nodo::subsystem::ups::nisip', '127.0.0.1'), + $polltime = hiera('nodo::subsystem::ups::polltime', '60'), + $onbatterydelay = hiera('nodo::subsystem::ups::onbatterydelay', '6'), + $batterylevel = hiera('nodo::subsystem::ups::batterylevel', '5'), + $minutes = hiera('nodo::subsystem::ups::minutes', '3') +) { + case $include { + true: { + class { "apcupsd": + upstype => $type, + cable => $cable, + device => $dev, + nisip => $nisip, + polltime => $polltime, + onbatterydelay => $onbatterydelay, + batterylevel => $batterylevel, + minutes => $minutes, + } + } + } +} diff --git a/manifests/subsystem/xorg.pp b/manifests/subsystem/xorg.pp new file mode 100644 index 0000000..575ec69 --- /dev/null +++ b/manifests/subsystem/xorg.pp @@ -0,0 +1,13 @@ +class nodo::subsystem::xorg($enable = hiera('nodo::subsystem::xorg::enable', false)) { + if $xorg != false { + file { "/etc/X11/xorg.conf": + ensure => present, + owner => root, + group => root, + mode => 0644, + source => [ "puppet:///modules/site_nodo/X11/xorg.conf/${::hostname}.${::lsbdistcodename}", + "puppet:///modules/site_nodo/X11/xorg.conf/${::hostname}", + "puppet:///modules/site_nodo/X11/xorg.conf.default" ], + } + } +} |