aboutsummaryrefslogtreecommitdiff
path: root/manifests
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2013-04-12 17:09:03 -0300
committerSilvio Rhatto <rhatto@riseup.net>2013-04-12 17:09:03 -0300
commitfe1c86b8f938283e9dd8196a8b11a9648f4b49e6 (patch)
treec2d999eca03862a3e4af57e0885397adf6bbc6ec /manifests
parentec5c750d12bdc7948bb3c04f0c72817718a0bf47 (diff)
downloadpuppet-nodo-fe1c86b8f938283e9dd8196a8b11a9648f4b49e6.tar.gz
puppet-nodo-fe1c86b8f938283e9dd8196a8b11a9648f4b49e6.tar.bz2
Major refactor
Diffstat (limited to 'manifests')
-rw-r--r--manifests/appliance.pp6
-rw-r--r--manifests/defines/monkeysphere_host.pp (renamed from manifests/subsystems/monkeysphere.pp)0
-rw-r--r--manifests/defines/munin_client.pp (renamed from manifests/subsystems/munin.pp)0
-rw-r--r--manifests/defines/ssh_config.pp26
-rw-r--r--manifests/defines/ssh_create_key.pp11
-rw-r--r--manifests/defines/ssh_known_hosts.pp50
-rw-r--r--manifests/desktop.pp14
-rw-r--r--manifests/dns.pp3
-rw-r--r--manifests/host.pp16
-rw-r--r--manifests/init.pp106
-rw-r--r--manifests/kvm.pp6
-rw-r--r--manifests/laptop.pp14
-rw-r--r--manifests/mumble.pp3
-rw-r--r--manifests/nas/share.pp2
-rw-r--r--manifests/nodo.pp22
-rw-r--r--manifests/physical.pp3
-rw-r--r--manifests/plug.pp10
-rw-r--r--manifests/proxy.pp3
-rw-r--r--manifests/role/dns.pp3
-rw-r--r--manifests/role/jabber.pp (renamed from manifests/jabber.pp)2
-rw-r--r--manifests/role/mail.pp (renamed from manifests/mail.pp)2
-rw-r--r--manifests/role/master.pp (renamed from manifests/master.pp)8
-rw-r--r--manifests/role/mumble.pp3
-rw-r--r--manifests/role/nas.pp (renamed from manifests/nas.pp)4
-rw-r--r--manifests/role/personal.pp (renamed from manifests/personal.pp)16
-rw-r--r--manifests/role/proxy.pp3
-rw-r--r--manifests/role/router.pp25
-rw-r--r--manifests/role/storage.pp3
-rw-r--r--manifests/role/test.pp3
-rw-r--r--manifests/role/tor.pp4
-rw-r--r--manifests/role/web.pp (renamed from manifests/web.pp)4
-rw-r--r--manifests/role/webdev.pp5
-rw-r--r--manifests/role/webdev/desktop.pp3
-rw-r--r--manifests/role/webdev/laptop.pp3
-rw-r--r--manifests/role/yacy.pp (renamed from manifests/yacy.pp)2
-rw-r--r--manifests/server.pp6
-rw-r--r--manifests/storage.pp3
-rw-r--r--manifests/subsystem/crypttab.pp (renamed from manifests/subsystems/crypttab.pp)2
-rw-r--r--manifests/subsystem/dhclient.pp (renamed from manifests/subsystems/dhclient.pp)6
-rw-r--r--manifests/subsystem/firewire.pp8
-rw-r--r--manifests/subsystem/fstab.pp (renamed from manifests/subsystems/fstab.pp)4
-rw-r--r--manifests/subsystem/gdm.pp (renamed from manifests/subsystems/gdm.pp)21
-rw-r--r--manifests/subsystem/gdm/disabled.pp18
-rw-r--r--manifests/subsystem/gdm3.pp (renamed from manifests/subsystems/gdm3.pp)2
-rw-r--r--manifests/subsystem/hosts.pp (renamed from manifests/subsystems/hosts.pp)4
-rw-r--r--manifests/subsystem/initramfs.pp (renamed from manifests/subsystems/initramfs.pp)2
-rw-r--r--manifests/subsystem/keyboard.pp (renamed from manifests/subsystems/keyboard.pp)2
-rw-r--r--manifests/subsystem/locales.pp (renamed from manifests/subsystems/locales.pp)2
-rw-r--r--manifests/subsystem/media/folders.pp (renamed from manifests/subsystems/media.pp)12
-rw-r--r--manifests/subsystem/media/groups.pp5
-rw-r--r--manifests/subsystem/modprobe.pp (renamed from manifests/subsystems/modprobe.pp)6
-rw-r--r--manifests/subsystem/monitor.pp (renamed from manifests/subsystems/monitor.pp)6
-rw-r--r--manifests/subsystem/motd.pp (renamed from manifests/subsystems/motd.pp)2
-rw-r--r--manifests/subsystem/mount.pp (renamed from manifests/subsystems/mount.pp)2
-rw-r--r--manifests/subsystem/pam.pp (renamed from manifests/subsystems/pam.pp)2
-rw-r--r--manifests/subsystem/profile.pp (renamed from manifests/subsystems/profile.pp)2
-rw-r--r--manifests/subsystem/resolver.pp (renamed from manifests/subsystems/resolver.pp)10
-rw-r--r--manifests/subsystem/ssh_folder.pp11
-rw-r--r--manifests/subsystem/sudo.pp (renamed from manifests/subsystems/sudo.pp)3
-rw-r--r--manifests/subsystem/sysctl.pp (renamed from manifests/subsystems/sysctl.pp)8
-rw-r--r--manifests/subsystem/ups.pp26
-rw-r--r--manifests/subsystem/xorg.pp (renamed from manifests/subsystems/xorg.pp)2
-rw-r--r--manifests/subsystems/database.pp52
-rw-r--r--manifests/subsystems/domain.pp39
-rw-r--r--manifests/subsystems/firewall.pp208
-rw-r--r--manifests/subsystems/firewall/local.pp47
-rw-r--r--manifests/subsystems/firewall/mpd.pp21
-rw-r--r--manifests/subsystems/firewall/nas.pp152
-rw-r--r--manifests/subsystems/firewall/openvpn.pp36
-rw-r--r--manifests/subsystems/firewall/ppp.pp31
-rw-r--r--manifests/subsystems/firewall/printer.pp21
-rw-r--r--manifests/subsystems/firewall/redirect.pp14
-rw-r--r--manifests/subsystems/firewall/router.pp401
-rw-r--r--manifests/subsystems/firewall/torrent.pp21
-rw-r--r--manifests/subsystems/firewall/ups.pp11
-rw-r--r--manifests/subsystems/firewall/vserver.pp524
-rw-r--r--manifests/subsystems/firewall/wifi.pp50
-rw-r--r--manifests/subsystems/firewire.pp9
-rw-r--r--manifests/subsystems/onion.pp54
-rw-r--r--manifests/subsystems/schroot.pp26
-rw-r--r--manifests/subsystems/ssh.pp101
-rw-r--r--manifests/subsystems/tunnel.pp148
-rw-r--r--manifests/subsystems/ups.pp26
-rw-r--r--manifests/subsystems/utils/firmware.pp11
-rw-r--r--manifests/subsystems/utils/personal.pp20
-rw-r--r--manifests/subsystems/utils/storage.pp12
-rw-r--r--manifests/subsystems/websites.pp151
-rw-r--r--manifests/test.pp3
-rw-r--r--manifests/tor.pp4
-rw-r--r--manifests/utils.pp (renamed from manifests/subsystems/utils.pp)2
-rw-r--r--manifests/utils/desktop.pp (renamed from manifests/subsystems/utils/desktop.pp)2
-rw-r--r--manifests/utils/development.pp (renamed from manifests/subsystems/utils/development.pp)17
-rw-r--r--manifests/utils/development/virtual.pp12
-rw-r--r--manifests/utils/dns.pp (renamed from manifests/subsystems/utils/dns.pp)2
-rw-r--r--manifests/utils/firmware.pp5
-rw-r--r--manifests/utils/firmware/iwlwifi.pp6
-rw-r--r--manifests/utils/firmware/realtek.pp5
-rw-r--r--manifests/utils/grub.pp5
-rw-r--r--manifests/utils/hamradio.pp (renamed from manifests/subsystems/utils/hamradio.pp)2
-rw-r--r--manifests/utils/interface.pp (renamed from manifests/subsystems/utils/interface.pp)2
-rw-r--r--manifests/utils/java.pp (renamed from manifests/subsystems/utils/java.pp)2
-rw-r--r--manifests/utils/laptop.pp9
-rw-r--r--manifests/utils/laptop/debian.pp (renamed from manifests/subsystems/utils/laptop.pp)12
-rw-r--r--manifests/utils/microcode/intel.pp8
-rw-r--r--manifests/utils/multimedia.pp (renamed from manifests/subsystems/utils/multimedia.pp)21
-rw-r--r--manifests/utils/multimedia/mediacenter.pp5
-rw-r--r--manifests/utils/multimedia/ripper.pp6
-rw-r--r--manifests/utils/multimedia/studio.pp5
-rw-r--r--manifests/utils/network.pp (renamed from manifests/subsystems/utils/network.pp)68
-rw-r--r--manifests/utils/network/analyzer.pp5
-rw-r--r--manifests/utils/network/irssi.pp23
-rw-r--r--manifests/utils/network/minimal.pp17
-rw-r--r--manifests/utils/network/nfs.pp5
-rw-r--r--manifests/utils/network/samba.pp5
-rw-r--r--manifests/utils/network/torrent.pp5
-rw-r--r--manifests/utils/office.pp (renamed from manifests/subsystems/utils/office.pp)2
-rw-r--r--manifests/utils/personal.pp9
-rw-r--r--manifests/utils/personal/bundle.pp10
-rw-r--r--manifests/utils/personal/debian.pp (renamed from manifests/subsystems/utils/debian.pp)2
-rw-r--r--manifests/utils/physical.pp (renamed from manifests/subsystems/utils/physical.pp)2
-rw-r--r--manifests/utils/plug.pp (renamed from manifests/subsystems/utils/plug.pp)2
-rw-r--r--manifests/utils/ruby.pp (renamed from manifests/subsystems/utils/ruby.pp)2
-rw-r--r--manifests/utils/security.pp (renamed from manifests/subsystems/utils/security.pp)2
-rw-r--r--manifests/utils/storage.pp6
-rw-r--r--manifests/utils/storage/archive.pp5
-rw-r--r--manifests/utils/thinkpad.pp16
-rw-r--r--manifests/utils/tor.pp (renamed from manifests/subsystems/utils/tor.pp)2
-rw-r--r--manifests/utils/touchpad.pp6
-rw-r--r--manifests/utils/web.pp (renamed from manifests/subsystems/utils/web.pp)4
129 files changed, 517 insertions, 2567 deletions
diff --git a/manifests/appliance.pp b/manifests/appliance.pp
index 41a3660..dea7625 100644
--- a/manifests/appliance.pp
+++ b/manifests/appliance.pp
@@ -1,11 +1,7 @@
class nodo::appliance inherits nodo::physical {
class { 'sysctl::appliance': }
- class { 'fstab':
- type => 'appliance',
- }
-
- class { 'crypttab':
+ class { [ 'nodo::subsystem::fstab', 'nodo::subsystem::crypttab' ]:
type => 'appliance',
}
}
diff --git a/manifests/subsystems/monkeysphere.pp b/manifests/defines/monkeysphere_host.pp
index b4b21e0..b4b21e0 100644
--- a/manifests/subsystems/monkeysphere.pp
+++ b/manifests/defines/monkeysphere_host.pp
diff --git a/manifests/subsystems/munin.pp b/manifests/defines/munin_client.pp
index 770d551..770d551 100644
--- a/manifests/subsystems/munin.pp
+++ b/manifests/defines/munin_client.pp
diff --git a/manifests/defines/ssh_config.pp b/manifests/defines/ssh_config.pp
new file mode 100644
index 0000000..62e1d66
--- /dev/null
+++ b/manifests/defines/ssh_config.pp
@@ -0,0 +1,26 @@
+# Manage ssh config for a particular user
+define ssh_config($owner, $home = '/home/$owner', $ssh_localhost_auth = false) {
+ include nodo::subsystem::ssh_folder
+
+ file { "${home}/.ssh/config":
+ ensure => present,
+ owner => $owner,
+ group => $group,
+ mode => 0600,
+ require => File["${home}/.ssh"],
+ }
+
+ # The NoHostAuthenticationForLocalhost ssh option might be useful
+ # for automated deployment environments so your ikiwiki user doesn't
+ # get stuck with the fingerprint confirmation prompt when pushing
+ # content via ssh in the first time it runs.
+ line { 'NoHostAuthenticationForLocalhost-${owner}':
+ file => "${home}/.ssh/config",
+ line => "NoHostAuthenticationForLocalhost yes",
+ ensure => $ssh_localhost_auth ? {
+ 'auto' => present,
+ 'fingerprint' => absent,
+ default => absent,
+ },
+ }
+}
diff --git a/manifests/defines/ssh_create_key.pp b/manifests/defines/ssh_create_key.pp
new file mode 100644
index 0000000..e380b18
--- /dev/null
+++ b/manifests/defines/ssh_create_key.pp
@@ -0,0 +1,11 @@
+define ssh_create_key($owner, $group, $keyfile = 'id_rsa', $home = '/home/$owner') {
+ include nodo::subsystem::ssh_folder
+
+ exec { "ssh-keygen-${owner}":
+ command => "ssh-keygen -t rsa -P '' -f ${home}/.ssh/${keyfile}",
+ creates => "${home}/.ssh/${keyfile}",
+ user => $owner,
+ group => $group,
+ require => File["${home}/.ssh"],
+ }
+}
diff --git a/manifests/defines/ssh_known_hosts.pp b/manifests/defines/ssh_known_hosts.pp
new file mode 100644
index 0000000..50ae87e
--- /dev/null
+++ b/manifests/defines/ssh_known_hosts.pp
@@ -0,0 +1,50 @@
+# Manage known_hosts for a particular user
+define ssh_known_host($owner, $home = '/home/$owner', $ssh_localhost_auth = false) {
+ include nodo::subsystem::ssh_folder
+
+ file { "${home}/.ssh/known_hosts":
+ ensure => present,
+ owner => $owner,
+ group => $group,
+ mode => 0600,
+ require => File["${home}/.ssh"],
+ }
+
+ # You can choose to include the host's fingeprints
+ # directly into the known_hosts file.
+ if $::sshrsakey != '' {
+ line { 'known_hosts-localhost-rsa-${owner}':
+ file => "${home}/.ssh/known_hosts",
+ line => "localhost ssh-rsa ${::sshrsakey}",
+ ensure => $ssh_localhost_auth ? {
+ 'fingerprint' => present,
+ 'auto' => undef,
+ default => undef,
+ },
+ }
+ }
+
+ if $::sshdsakey != '' {
+ line { 'known_hosts-localhost-dsa-${owner}':
+ file => "${home}/.ssh/known_hosts",
+ line => "localhost ssh-dss ${::sshdsakey}",
+ ensure => $ssh_localhost_auth ? {
+ 'fingerprint' => present,
+ 'auto' => undef,
+ default => undef,
+ },
+ }
+ }
+
+ if $::sshecdsakey != '' {
+ line { 'known_hosts-localhost-ecdsa-${owner}':
+ file => "${home}/.ssh/known_hosts",
+ line => "localhost ecdsa-sha2-nistp256 ${::sshedsakey}",
+ ensure => $ssh_localhost_auth ? {
+ 'fingerprint' => present,
+ 'auto' => undef,
+ default => undef,
+ },
+ }
+ }
+}
diff --git a/manifests/desktop.pp b/manifests/desktop.pp
index 50524d6..7e83732 100644
--- a/manifests/desktop.pp
+++ b/manifests/desktop.pp
@@ -1,17 +1,7 @@
class nodo::desktop inherits nodo::personal {
- include utils::desktop
+ include nodo::utils::desktop
- class { 'fstab':
+ class { [ 'nodo::subsystem::fstab', 'nodo::subsystem::crypttab' ]:
type => 'desktop',
}
-
- class { 'crypttab':
- type => 'desktop',
- }
-}
-
-class nodo::desktop::webdev inherits nodo::desktop {
- include websites::dev
- include database
- include utils::web
}
diff --git a/manifests/dns.pp b/manifests/dns.pp
deleted file mode 100644
index 1f4a1e1..0000000
--- a/manifests/dns.pp
+++ /dev/null
@@ -1,3 +0,0 @@
-class nodo::dns inherits nodo::vserver {
- include bind
-}
diff --git a/manifests/host.pp b/manifests/host.pp
index aefbb92..19d8f2a 100644
--- a/manifests/host.pp
+++ b/manifests/host.pp
@@ -1,11 +1,11 @@
# Fully capable node able to host other nodes
class nodo::host inherits nodo {
- include initramfs
- include modprobe
- include firewire
- include sysctl
- include utils::physical
- include resolver
+ include nodo::subsystem::initramfs
+ include nodo::subsystem::modprobe
+ include nodo::subsystem::firewire
+ include nodo::subsystem::sysctl
+ include nodo::subsystem::resolver
+ include nodo::utils::physical
class { 'syslog-ng': }
monkeysphere_host { "${::hostname}": }
@@ -37,8 +37,8 @@ class nodo::host inherits nodo {
}
# Monitoring
- if !defined('monitor') {
- class { 'monitor':
+ if !defined('nodo::subsystem::monitor') {
+ class { 'nodo::subsystem::monitor':
type => 'host',
use_nagios => hiera('nodo::host::use_nagios', True),
}
diff --git a/manifests/init.pp b/manifests/init.pp
index c17a739..60470da 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -76,94 +76,24 @@ import "pureftpd"
import "avahi"
import "daap_server"
import "infinoted"
+import "database"
+import "domain_check"
+import "firewall"
+import "schroot"
+import "onion"
+import "tunnel"
+import "pyroscope"
+import "websites"
+
+# Nodo class
+import "nodo.pp"
+
+# Definitions
+import "defines/monkeysphere_host.pp"
+import "defines/munin_node.pp"
+import "defines/ssh_config.pp"
+import "defines/ssh_create_key.pp"
+import "defines/ssh_known_hosts.pp"
# Import subsystems
-import "subsystems/firewire.pp"
-import "subsystems/initramfs.pp"
-import "subsystems/motd.pp"
-import "subsystems/sudo.pp"
-import "subsystems/sysctl.pp"
-import "subsystems/ups.pp"
-import "subsystems/database.pp"
-import "subsystems/websites.pp"
-import "subsystems/munin.pp"
-import "subsystems/pam.pp"
-import "subsystems/xorg.pp"
-import "subsystems/gdm.pp"
-import "subsystems/gdm3.pp"
-import "subsystems/modprobe.pp"
-import "subsystems/hosts.pp"
-import "subsystems/locales.pp"
-import "subsystems/onion.pp"
-import "subsystems/tunnel.pp"
-import "subsystems/media.pp"
-import "subsystems/monkeysphere.pp"
-import "subsystems/keyboard.pp"
-import "subsystems/profile.pp"
-import "subsystems/schroot.pp"
-import "subsystems/resolver.pp"
-import "subsystems/domain.pp"
-import "subsystems/dhclient.pp"
-import "subsystems/mount.pp"
-import "subsystems/monitor.pp"
-import "subsystems/fstab.pp"
-import "subsystems/crypttab.pp"
import "subsystems/ssh.pp"
-import "subsystems/utils.pp"
-import "subsystems/utils/debian.pp"
-import "subsystems/utils/desktop.pp"
-import "subsystems/utils/development.pp"
-import "subsystems/utils/dns.pp"
-import "subsystems/utils/firmware.pp"
-import "subsystems/utils/hamradio.pp"
-import "subsystems/utils/interface.pp"
-import "subsystems/utils/java.pp"
-import "subsystems/utils/laptop.pp"
-import "subsystems/utils/multimedia.pp"
-import "subsystems/utils/network.pp"
-import "subsystems/utils/office.pp"
-import "subsystems/utils/personal.pp"
-import "subsystems/utils/physical.pp"
-import "subsystems/utils/plug.pp"
-import "subsystems/utils/ruby.pp"
-import "subsystems/utils/security.pp"
-import "subsystems/utils/storage.pp"
-import "subsystems/utils/web.pp"
-import "subsystems/utils/tor.pp"
-import "subsystems/firewall.pp"
-import "subsystems/firewall/printer.pp"
-import "subsystems/firewall/router.pp"
-import "subsystems/firewall/vserver.pp"
-import "subsystems/firewall/torrent.pp"
-import "subsystems/firewall/ups.pp"
-import "subsystems/firewall/wifi.pp"
-import "subsystems/firewall/local.pp"
-import "subsystems/firewall/openvpn.pp"
-import "subsystems/firewall/ppp.pp"
-import "subsystems/firewall/nas.pp"
-import "subsystems/firewall/redirect.pp"
-import "subsystems/firewall/mpd.pp"
-
-# Import nodo classes
-import "nodo.pp"
-import "physical.pp"
-import "server.pp"
-import "personal.pp"
-import "desktop.pp"
-import "vserver.pp"
-import "web.pp"
-import "master.pp"
-import "proxy.pp"
-import "storage.pp"
-import "test.pp"
-import "removable.pp"
-import "laptop.pp"
-import "plug.pp"
-import "appliance.pp"
-import "dns.pp"
-import "tor.pp"
-import "kvm.pp"
-import "jabber.pp"
-import "mumble.pp"
-import "yacy.pp"
-import "nas.pp"
diff --git a/manifests/kvm.pp b/manifests/kvm.pp
index 7b3b313..11f3dde 100644
--- a/manifests/kvm.pp
+++ b/manifests/kvm.pp
@@ -1,9 +1,5 @@
class nodo::kvm inherits nodo::host {
- class { 'fstab':
- type => 'kvm',
- }
-
- class { 'crypttab':
+ class { [ 'nodo::subsystem::fstab', 'nodo::subsystem::crypttab' ]:
type => 'kvm',
}
}
diff --git a/manifests/laptop.pp b/manifests/laptop.pp
index a2420f9..1ed77b7 100644
--- a/manifests/laptop.pp
+++ b/manifests/laptop.pp
@@ -1,17 +1,17 @@
class nodo::laptop inherits nodo::personal {
- include utils::laptop
+ include nodo::utils::laptop
+ include nodo::subsystem::dhclient
include firewall::wifi
include firewall::openvpn
include firewall::ppp
- include dhclient
- class { 'fstab':
+ class { 'nodo::subsystem::fstab':
type => 'laptop',
}
$hibernate = hiera('nodo::laptop::hibernate', false)
- class { 'crypttab':
+ class { 'nodo::subsystem::crypttab':
type => $hibernate ? {
false => "laptop",
default => "laptop.hibernate",
@@ -31,9 +31,3 @@ class nodo::laptop inherits nodo::personal {
},
}
}
-
-class nodo::laptop::webdev inherits nodo::laptop {
- include websites::dev
- include database
- include utils::web
-}
diff --git a/manifests/mumble.pp b/manifests/mumble.pp
deleted file mode 100644
index 5a9b050..0000000
--- a/manifests/mumble.pp
+++ /dev/null
@@ -1,3 +0,0 @@
-class nodo::mumble inherits nodo::vserver {
- include mumble::ssl
-}
diff --git a/manifests/nas/share.pp b/manifests/nas/share.pp
index f50cebd..57a14cb 100644
--- a/manifests/nas/share.pp
+++ b/manifests/nas/share.pp
@@ -76,7 +76,7 @@ define nodo::nas::share(
}
# Make sure basic media exist, no matter which disk is attached
- $cache = hiera('nodo::media::folders', '')
+ $cache = hiera('nodo::subsystem::media::folders::cache', '')
if $cache != '' {
file { [ "${cache}/${name}" ]:
diff --git a/manifests/nodo.pp b/manifests/nodo.pp
index 5fe4ee1..97ef044 100644
--- a/manifests/nodo.pp
+++ b/manifests/nodo.pp
@@ -1,19 +1,19 @@
class nodo {
include lsb
- include sudo
+ include nodo::subsystem::sudo
+ include nodo::subsystem::motd
+ include nodo::subsystem::locales
+ include nodo::subsystem::profile
+ include nodo::utils
+ include tunnel::autossh
+ include domain_check
include users::admin
- include motd
- include utils
- include cron
- include locales
- include tunnel
- include profile
- include domain
include concat::setup
+ include cron
- class { 'hosts': }
+ class { 'nodo::subsystem::hosts': }
- # then include puppet class
+ # Include if not defined by nodo::master
if !defined('puppet::daemon') {
class { 'puppet::daemon': }
}
@@ -51,7 +51,7 @@ class nodo {
case $mail_delivery {
'tunnel': {
$mail_hostname = hiera('nodo::mail_hostname')
- tunnel::mail { "$mail_hostname":
+ tunnel::autossh::mail { "$mail_hostname":
sshport => hiera('nodo::mail_ssh_port'),
}
}
diff --git a/manifests/physical.pp b/manifests/physical.pp
index 887eb8d..b883e76 100644
--- a/manifests/physical.pp
+++ b/manifests/physical.pp
@@ -1,6 +1,5 @@
class nodo::physical inherits nodo::host {
- include ups
- include smartmontools
+ class { [ 'nodo::subsystem::ups', smartmontools': }
# SMART monitoring
$munin = hiera('nodo::host::use_munin', True)
diff --git a/manifests/plug.pp b/manifests/plug.pp
index 577ad35..f9e787b 100644
--- a/manifests/plug.pp
+++ b/manifests/plug.pp
@@ -1,10 +1,10 @@
class nodo::plug inherits nodo {
include syslog-ng
- include utils::plug
- include utils::physical
- include utils::storage::archive
- include sysctl
- include resolver
+ include nodo::utils::plug
+ include nodo::utils::physical
+ include nodo::utils::storage::archive
+ include nodo::subsystem::sysctl
+ include nodo::subsystem::resolver
monkeysphere_host { "${::hostname}": }
diff --git a/manifests/proxy.pp b/manifests/proxy.pp
deleted file mode 100644
index 51dac33..0000000
--- a/manifests/proxy.pp
+++ /dev/null
@@ -1,3 +0,0 @@
-class nodo::proxy inherits nodo::vserver {
- include nginx
-}
diff --git a/manifests/role/dns.pp b/manifests/role/dns.pp
new file mode 100644
index 0000000..2faa69b
--- /dev/null
+++ b/manifests/role/dns.pp
@@ -0,0 +1,3 @@
+class nodo::role::dns inherits nodo::vserver {
+ include bind
+}
diff --git a/manifests/jabber.pp b/manifests/role/jabber.pp
index 775987d..b510ccd 100644
--- a/manifests/jabber.pp
+++ b/manifests/role/jabber.pp
@@ -1,4 +1,4 @@
-class nodo::jabber inherits nodo::vserver {
+class nodo::role::jabber inherits nodo::vserver {
include ssl
include ejabberd
diff --git a/manifests/mail.pp b/manifests/role/mail.pp
index 9a124c9..4c33ed4 100644
--- a/manifests/mail.pp
+++ b/manifests/role/mail.pp
@@ -1,3 +1,3 @@
-class nodo::mail {
+class nodo::role::mail {
class { [ 'nodo::vserver', 'mail::system' ]: }
}
diff --git a/manifests/master.pp b/manifests/role/master.pp
index 819ce43..2adb8a5 100644
--- a/manifests/master.pp
+++ b/manifests/role/master.pp
@@ -1,6 +1,6 @@
-class nodo::master {
- $main = hiera('nodo::master::main', false)
- $db_password = hiera('nodo::master::db_password', '')
+class nodo::role::master {
+ $main = hiera('nodo::role::master::main', false)
+ $db_password = hiera('nodo::role::master::db_password', '')
case $db_password {
'': { fail("Please set nodo::master::db_password in your config") }
@@ -56,5 +56,5 @@ class nodo::master {
}
# Check domain registration
- domain::check { $::domain: }
+ domain_check::instance { $::domain: }
}
diff --git a/manifests/role/mumble.pp b/manifests/role/mumble.pp
new file mode 100644
index 0000000..764c0d8
--- /dev/null
+++ b/manifests/role/mumble.pp
@@ -0,0 +1,3 @@
+class nodo::role::mumble inherits nodo::vserver {
+ include mumble::ssl
+}
diff --git a/manifests/nas.pp b/manifests/role/nas.pp
index ed596a1..134216e 100644
--- a/manifests/nas.pp
+++ b/manifests/role/nas.pp
@@ -1,4 +1,4 @@
-class nodo::nas {
+class nodo::role::nas {
# Firewall rules
include firewall::nas
@@ -220,7 +220,7 @@ class nodo::nas {
#
# Main classes
- class { [ 'media::folders', 'media::groups' ]: }
+ class { [ 'nodo::subsystem::media::folders', 'nodo::subsystem::media::groups' ]: }
# Make sure basic media exist, no matter if there is an external disk attached
$cache = hiera('nodo::media::folders', '')
diff --git a/manifests/personal.pp b/manifests/role/personal.pp
index 3718cb5..f7afdc0 100644
--- a/manifests/personal.pp
+++ b/manifests/role/personal.pp
@@ -1,17 +1,17 @@
-# personal computer
-class nodo::personal {
+# Personal computer
+class nodo::role::personal {
include nodo::physical
- include utils::personal
+ include nodo::utils::personal
include autossh
- class { 'pam': }
- class { 'xorg': }
+ class { 'nodo::subsystem::pam': }
+ class { 'nodo::subsystem::xorg': }
if $::lsbdistcodename == 'squeeze' {
- include gdm
+ include nodo::subsystem::gdm
}
else {
- include gdm3
+ include nodo::subsystem::gdm3
}
# Monitoring
@@ -21,7 +21,7 @@ class nodo::personal {
}
# Media folders and groups
- class { [ 'media::folders', 'media::groups' ]: }
+ class { [ 'nodo::subsystem::media::folders', 'nodo::subsystem::media::groups' ]: }
# Mountpoint for encrypted home folders
file { [ '/mnt/crypt/', '/mnt/crypt/home' ]:
diff --git a/manifests/role/proxy.pp b/manifests/role/proxy.pp
new file mode 100644
index 0000000..821e975
--- /dev/null
+++ b/manifests/role/proxy.pp
@@ -0,0 +1,3 @@
+class nodo::role::proxy inherits nodo::vserver {
+ include nginx
+}
diff --git a/manifests/role/router.pp b/manifests/role/router.pp
new file mode 100644
index 0000000..068837d
--- /dev/null
+++ b/manifests/role/router.pp
@@ -0,0 +1,25 @@
+class nodo::role::router inherits nodo::appliance {
+ # We use monitor class on the router as the DNS server might by
+ # inside a vserver and thus cannot access the network devices directly
+ include nodo::utils::dns
+
+ # Network auditing
+ include nodo::utils::network::analyzer
+
+ # Enable IP forwarding
+ augeas { 'enable_ip_forwarding':
+ changes => 'set /files/etc/shorewall/shorewall.conf/IP_FORWARDING On',
+ lens => 'Shellvars.lns',
+ incl => '/etc/shorewall/shorewall.conf',
+ notify => Service[shorewall];
+ }
+
+ # Make sure shorewall is reloaded after dhcp renew
+ file { '/etc/dhcp/dhclient-exit-hooks.d/shorewall':
+ ensure => present,
+ owner => root,
+ group => root,
+ mode => 0644,
+ source => 'puppet:///modules/site_nodo/dhclient-exit-hooks.d/shorewall'
+ }
+}
diff --git a/manifests/role/storage.pp b/manifests/role/storage.pp
new file mode 100644
index 0000000..0cf7f60
--- /dev/null
+++ b/manifests/role/storage.pp
@@ -0,0 +1,3 @@
+class nodo::role::storage inherits nodo::vserver {
+ include nodo::utils::storage
+}
diff --git a/manifests/role/test.pp b/manifests/role/test.pp
new file mode 100644
index 0000000..330a5ee
--- /dev/null
+++ b/manifests/role/test.pp
@@ -0,0 +1,3 @@
+class nodo::role::test inherits nodo::web {
+ # Class for test nodes
+}
diff --git a/manifests/role/tor.pp b/manifests/role/tor.pp
new file mode 100644
index 0000000..2d5ff58
--- /dev/null
+++ b/manifests/role/tor.pp
@@ -0,0 +1,4 @@
+class nodo::role::tor inherits nodo::vserver {
+ include tor::daemon
+ include nodo::utils::tor
+}
diff --git a/manifests/web.pp b/manifests/role/web.pp
index 24318cc..7cdd93f 100644
--- a/manifests/web.pp
+++ b/manifests/role/web.pp
@@ -1,4 +1,4 @@
-class nodo::web inherits nodo::vserver {
+class nodo::role::web inherits nodo::vserver {
# Hidden services
$hidden = hiera('apache::site::hidden', false)
if $hidden == true {
@@ -9,7 +9,7 @@ class nodo::web inherits nodo::vserver {
include websites
include database
include users::virtual
- include utils::web
+ include nodo::utils::web
# Reprepro configuration
$reprepro = hiera('nodo::web::reprepro', false)
diff --git a/manifests/role/webdev.pp b/manifests/role/webdev.pp
new file mode 100644
index 0000000..6154cc0
--- /dev/null
+++ b/manifests/role/webdev.pp
@@ -0,0 +1,5 @@
+class nodo::role::webdev {
+ include websites::dev
+ include database
+ include utils::web
+}
diff --git a/manifests/role/webdev/desktop.pp b/manifests/role/webdev/desktop.pp
new file mode 100644
index 0000000..063140a
--- /dev/null
+++ b/manifests/role/webdev/desktop.pp
@@ -0,0 +1,3 @@
+class nodo::role::webdev::desktop inherits nodo::desktop {
+ include nodo::role::webdev
+}
diff --git a/manifests/role/webdev/laptop.pp b/manifests/role/webdev/laptop.pp
new file mode 100644
index 0000000..e9c1aab
--- /dev/null
+++ b/manifests/role/webdev/laptop.pp
@@ -0,0 +1,3 @@
+class nodo::role::webdev::laptop inherits nodo::laptop {
+ include nodo::role::webdev
+}
diff --git a/manifests/yacy.pp b/manifests/role/yacy.pp
index 76aff1c..379297c 100644
--- a/manifests/yacy.pp
+++ b/manifests/role/yacy.pp
@@ -1,4 +1,4 @@
-class nodo::yacy inherits nodo::vserver {
+class nodo::role::yacy inherits nodo::vserver {
class { 'onion': }
package { 'yacy':
diff --git a/manifests/server.pp b/manifests/server.pp
index 90bb2ae..6606a49 100644
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -1,9 +1,5 @@
class nodo::server inherits nodo::physical {
- class { 'fstab':
- type => 'server',
- }
-
- class { 'crypttab':
+ class { [ 'nodo::subsystem::fstab', 'nodo::subsystem::crypttab' ]:
type => 'server',
}
}
diff --git a/manifests/storage.pp b/manifests/storage.pp
deleted file mode 100644
index 13cbdab..0000000
--- a/manifests/storage.pp
+++ /dev/null
@@ -1,3 +0,0 @@
-class nodo::storage inherits nodo::vserver {
- include utils::storage
-}
diff --git a/manifests/subsystems/crypttab.pp b/manifests/subsystem/crypttab.pp
index 0a9a4d1..749569c 100644
--- a/manifests/subsystems/crypttab.pp
+++ b/manifests/subsystem/crypttab.pp
@@ -1,4 +1,4 @@
-class crypttab(
+class nodo::subsystem::crypttab(
$type,
$manage = hiera('nodo::crypttab::manage', false)
) {
diff --git a/manifests/subsystems/dhclient.pp b/manifests/subsystem/dhclient.pp
index 13e636e..332dc34 100644
--- a/manifests/subsystems/dhclient.pp
+++ b/manifests/subsystem/dhclient.pp
@@ -1,6 +1,6 @@
-class dhclient(
- $ensure = hiera('nodo::dhclient::manage', 'present'),
- $supersede_domain = hiera('nodo::dhclient::supersede_domain', $::domain)
+class nodo::subsystem::dhclient(
+ $ensure = hiera('nodo::subsystem::dhclient::ensure', 'present'),
+ $supersede_domain = hiera('nodo::subsystem::dhclient::supersede_domain', $::domain)
) {
package { 'isc-dhcp-client':
ensure => $ensure,
diff --git a/manifests/subsystem/firewire.pp b/manifests/subsystem/firewire.pp
new file mode 100644
index 0000000..104d6e9
--- /dev/null
+++ b/manifests/subsystem/firewire.pp
@@ -0,0 +1,8 @@
+class nodo::subsystem::firewire {
+ # Make sure ohci1394 is not loaded
+ # See http://padrao.sarava.org/trac/wiki/Debian/Firewire and the modprobe class
+ exec { "rmmod ohci1394":
+ unless => "/bin/sh -c 'if `grep -q ^ohci1394 /proc/modules`; then false; else true; fi'",
+ user => "root",
+ }
+}
diff --git a/manifests/subsystems/fstab.pp b/manifests/subsystem/fstab.pp
index c6f2ecd..9538f66 100644
--- a/manifests/subsystems/fstab.pp
+++ b/manifests/subsystem/fstab.pp
@@ -1,6 +1,6 @@
-class fstab(
+class nodo::subsystem::fstab(
$type,
- $manage = hiera('nodo::fstab::manage', false)
+ $manage = hiera('nodo::subsystem::fstab::manage', false)
) {
if $manage == true {
file { "/etc/fstab":
diff --git a/manifests/subsystems/gdm.pp b/manifests/subsystem/gdm.pp
index 8e7cefc..fd36e99 100644
--- a/manifests/subsystems/gdm.pp
+++ b/manifests/subsystem/gdm.pp
@@ -1,4 +1,4 @@
-class gdm {
+class nodo::subsystem::gdm {
package { 'gdm':
ensure => installed,
}
@@ -64,22 +64,3 @@ class gdm {
source => 'puppet:///modules/nodo/etc/gdm/themes/dasUberMini',
}
}
-
-class gdm::disabled inherits gdm {
- File['/usr/share/gdm/themes/dasUberMini', '/usr/share/gdm/themes/Tuxtastic',
- '/usr/share/gdm/themes/crunchbang', '/etc/gdm/gdm.conf' ] {
- ensure => absent,
- }
-
- Exec['/usr/sbin/dpkg-reconfigure gdm'] {
- command => '/bin/true',
- }
-
- Service['gdm'] {
- ensure => stopped,
- }
-
- Package['gdm'] {
- ensure => absent,
- }
-}
diff --git a/manifests/subsystem/gdm/disabled.pp b/manifests/subsystem/gdm/disabled.pp
new file mode 100644
index 0000000..d2565ef
--- /dev/null
+++ b/manifests/subsystem/gdm/disabled.pp
@@ -0,0 +1,18 @@
+class nodo::subsystem::gdm::disabled inherits nodo::subsystem::gdm {
+ File['/usr/share/gdm/themes/dasUberMini', '/usr/share/gdm/themes/Tuxtastic',
+ '/usr/share/gdm/themes/crunchbang', '/etc/gdm/gdm.conf' ] {
+ ensure => absent,
+ }
+
+ Exec['/usr/sbin/dpkg-reconfigure gdm'] {
+ command => '/bin/true',
+ }
+
+ Service['gdm'] {
+ ensure => stopped,
+ }
+
+ Package['gdm'] {
+ ensure => absent,
+ }
+}
diff --git a/manifests/subsystems/gdm3.pp b/manifests/subsystem/gdm3.pp
index 0dfda11..d708f6a 100644
--- a/manifests/subsystems/gdm3.pp
+++ b/manifests/subsystem/gdm3.pp
@@ -1,4 +1,4 @@
-class gdm3 {
+class nodo::subsystem::gdm3 {
package { 'gdm3':
ensure => installed,
}
diff --git a/manifests/subsystems/hosts.pp b/manifests/subsystem/hosts.pp
index 9453853..464bc0c 100644
--- a/manifests/subsystems/hosts.pp
+++ b/manifests/subsystem/hosts.pp
@@ -1,5 +1,5 @@
-class hosts(
- $custom = hiera('nodo::hosts::custom', false)
+class nodo::subsystem::hosts(
+ $custom = hiera('nodo::subsystem::hosts::custom', false)
) {
# Sometimes might be useful to manage the whole
# hosts file, see http://projects.puppetlabs.com/issues/10704
diff --git a/manifests/subsystems/initramfs.pp b/manifests/subsystem/initramfs.pp
index 17296a2..acbf1b7 100644
--- a/manifests/subsystems/initramfs.pp
+++ b/manifests/subsystem/initramfs.pp
@@ -1,4 +1,4 @@
-class initramfs(
+class nodo::subsystem::initramfs(
$keymap = hiera('nodo::initramfs::keymap', 'absent')
) {
# initramfs config
diff --git a/manifests/subsystems/keyboard.pp b/manifests/subsystem/keyboard.pp
index 440f552..b5241d7 100644
--- a/manifests/subsystems/keyboard.pp
+++ b/manifests/subsystem/keyboard.pp
@@ -1,4 +1,4 @@
-class keyboard {
+class nodo::subsystem::keyboard {
# Keyboard, see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=619711
file { "/etc/default/keyboard":
ensure => present,
diff --git a/manifests/subsystems/locales.pp b/manifests/subsystem/locales.pp
index f52f100..c3a1f76 100644
--- a/manifests/subsystems/locales.pp
+++ b/manifests/subsystem/locales.pp
@@ -1,4 +1,4 @@
-class locales {
+class nodo::subsystem::locales {
package { "locales":
ensure => installed,
}
diff --git a/manifests/subsystems/media.pp b/manifests/subsystem/media/folders.pp
index cbe89b9..2fcc637 100644
--- a/manifests/subsystems/media.pp
+++ b/manifests/subsystem/media/folders.pp
@@ -1,5 +1,5 @@
-class media::folders(
- $ensure_cache = hiera('nodo::media::folders', directory)
+class nodo::subsystem::media::folders(
+ $cache = hiera('nodo::subsystem::media::folders::cache', directory)
) {
# Removable media folder
file { [ "/media/usb", "/media/cdrom", "/media/tablet", "/media/phone" ]:
@@ -9,7 +9,7 @@ class media::folders(
# Media cache
file { "/var/cache/media":
- ensure => $ensure_cache,
+ ensure => $cache,
mode => 0755,
}
@@ -30,9 +30,3 @@ class media::folders(
ensure => "/var/cache/media",
}
}
-
-class media::groups {
- group { 'incoming':
- ensure => 'present',
- }
-}
diff --git a/manifests/subsystem/media/groups.pp b/manifests/subsystem/media/groups.pp
new file mode 100644
index 0000000..098ae67
--- /dev/null
+++ b/manifests/subsystem/media/groups.pp
@@ -0,0 +1,5 @@
+class nodo::subsystem::media::groups {
+ group { 'incoming':
+ ensure => 'present',
+ }
+}
diff --git a/manifests/subsystems/modprobe.pp b/manifests/subsystem/modprobe.pp
index 99f7879..be6ec42 100644
--- a/manifests/subsystems/modprobe.pp
+++ b/manifests/subsystem/modprobe.pp
@@ -1,5 +1,5 @@
-class modprobe {
- # keep firewire disabled among other things
+class nodo::subsystem::modprobe {
+ # Keep firewire disabled among other things
case $lsbdistcodename {
'lenny': {
file { "/etc/modprobe.d/blacklist":
@@ -11,7 +11,7 @@ class modprobe {
}
}
default: {
- # upgrade from lenny
+ # Upgrade from lenny
file { "/etc/modprobe.d/blacklist":
ensure => absent,
}
diff --git a/manifests/subsystems/monitor.pp b/manifests/subsystem/monitor.pp
index 45608a9..d7fa720 100644
--- a/manifests/subsystems/monitor.pp
+++ b/manifests/subsystem/monitor.pp
@@ -1,7 +1,7 @@
-class monitor(
+class nodo::subsystem::monitor(
$type = 'vserver',
- $use_nagios = hiera('nodo::monitor::use_nagios', True),
- $use_fqdn = hiera('nodo::monitor::use_nagios_fqdn', false)
+ $use_nagios = hiera('nodo::subsystem::monitor::use_nagios', True),
+ $use_fqdn = hiera('nodo::subsystem::monitor::use_nagios_fqdn', false)
) {
if $use_nagios != false {
diff --git a/manifests/subsystems/motd.pp b/manifests/subsystem/motd.pp
index f9ece2d..8561b38 100644
--- a/manifests/subsystems/motd.pp
+++ b/manifests/subsystem/motd.pp
@@ -1,4 +1,4 @@
-class motd(
+class nodo::subsystem::motd(
$network_name = hiera('nodo::motd::network_name', 'Nodo')
) {
# http://projects.reductivelabs.com/issues/1915
diff --git a/manifests/subsystems/mount.pp b/manifests/subsystem/mount.pp
index 3fcee58..4bf3d58 100644
--- a/manifests/subsystems/mount.pp
+++ b/manifests/subsystem/mount.pp
@@ -1,4 +1,4 @@
-class mount {
+class subsystem::mount {
class { autofs: }
file { '/etc/auto.removable':
diff --git a/manifests/subsystems/pam.pp b/manifests/subsystem/pam.pp
index 206a5c3..7186d0b 100644
--- a/manifests/subsystems/pam.pp
+++ b/manifests/subsystem/pam.pp
@@ -1,4 +1,4 @@
-class pam(
+class nodo::subsystem::pam(
$enable = hiera('nodo::pam::enable', false)
) {
if $enable != false {
diff --git a/manifests/subsystems/profile.pp b/manifests/subsystem/profile.pp
index cc84ae0..b90ac65 100644
--- a/manifests/subsystems/profile.pp
+++ b/manifests/subsystem/profile.pp
@@ -1,5 +1,5 @@
# Custom configuration for user profiles
-class profile {
+class nodo::subsystem::profile {
file { "/etc/screenrc":
source => "puppet:///modules/nodo/etc/screenrc",
owner => "root",
diff --git a/manifests/subsystems/resolver.pp b/manifests/subsystem/resolver.pp
index 94c9cb9..46a03c6 100644
--- a/manifests/subsystems/resolver.pp
+++ b/manifests/subsystem/resolver.pp
@@ -1,8 +1,8 @@
-class resolver(
- $manage = hiera('nodo::resolver::manage', false),
- $nameservers = hiera('nodo::resolver::nameservers', ''),
- $domain = hiera('nodo::resolver::domain', $::domain),
- $search = hiera('nodo::resolver::search', $::fqdn)
+class nodo::subsystem::resolver(
+ $manage = hiera('nodo::subsystem::resolver::manage', false),
+ $nameservers = hiera('nodo::subsystem::resolver::nameservers', ''),
+ $domain = hiera('nodo::subsystem::resolver::domain', $::domain),
+ $search = hiera('nodo::subsystem::resolver::search', $::fqdn)
) {
# DNS resolver
case $manage {
diff --git a/manifests/subsystem/ssh_folder.pp b/manifests/subsystem/ssh_folder.pp
new file mode 100644
index 0000000..1c6ee49
--- /dev/null
+++ b/manifests/subsystem/ssh_folder.pp
@@ -0,0 +1,11 @@
+# Base class
+class nodo::subsystem::ssh_folder {
+ if !defined(File["${home}/.ssh"]) {
+ file { "${home}/.ssh":
+ ensure => directory,
+ owner => $owner,
+ group => $group,
+ mode => 0700,
+ }
+ }
+}
diff --git a/manifests/subsystems/sudo.pp b/manifests/subsystem/sudo.pp
index 4ec615c..581f8ab 100644
--- a/manifests/subsystems/sudo.pp
+++ b/manifests/subsystem/sudo.pp
@@ -1,5 +1,4 @@
-class sudo {
-
+class nodo::subsystem::sudo {
package { "sudo":
ensure => "present",
}
diff --git a/manifests/subsystems/sysctl.pp b/manifests/subsystem/sysctl.pp
index e434008..1df0348 100644
--- a/manifests/subsystems/sysctl.pp
+++ b/manifests/subsystem/sysctl.pp
@@ -1,6 +1,6 @@
-class sysctl {
- # root exploit fix, see http://wiki.debian.org/mmap_min_addr
- # TODO: remove in the future or use a sysctl puppet module
+class nodo::subsystem::sysctl {
+ # Root exploit fix, see http://wiki.debian.org/mmap_min_addr
+ # Maybe this can be remove in the future or included in a sysctl puppet module
file { "/etc/sysctl.d/mmap_min_addr.conf":
owner => "root",
group => "root",
@@ -9,7 +9,7 @@ class sysctl {
content => "vm.mmap_min_addr = 4096\n",
}
- # see http://www.linux-vserver.org/Frequently_Asked_Questions
+ # See http://www.linux-vserver.org/Frequently_Asked_Questions
file { "/etc/sysctl.d/net.ipv4.conf.all.promote_secondaries.conf":
owner => "root",
group => "root",
diff --git a/manifests/subsystem/ups.pp b/manifests/subsystem/ups.pp
new file mode 100644
index 0000000..d304418
--- /dev/null
+++ b/manifests/subsystem/ups.pp
@@ -0,0 +1,26 @@
+class nodo::subsystem::ups(
+ $include = hiera('nodo::subsystem::ups::include', false),
+ $type = hiera('nodo::subsystem::ups::type', 'usb'),
+ $cable = hiera('nodo::subsystem::ups::cable', 'usb'),
+ $dev = hiera('nodo::subsystem::ups::dev', '/dev/usb/hiddev0'),
+ $nisip = hiera('nodo::subsystem::ups::nisip', '127.0.0.1'),
+ $polltime = hiera('nodo::subsystem::ups::polltime', '60'),
+ $onbatterydelay = hiera('nodo::subsystem::ups::onbatterydelay', '6'),
+ $batterylevel = hiera('nodo::subsystem::ups::batterylevel', '5'),
+ $minutes = hiera('nodo::subsystem::ups::minutes', '3')
+) {
+ case $include {
+ true: {
+ class { "apcupsd":
+ upstype => $type,
+ cable => $cable,
+ device => $dev,
+ nisip => $nisip,
+ polltime => $polltime,
+ onbatterydelay => $onbatterydelay,
+ batterylevel => $batterylevel,
+ minutes => $minutes,
+ }
+ }
+ }
+}
diff --git a/manifests/subsystems/xorg.pp b/manifests/subsystem/xorg.pp
index 7009707..575ec69 100644
--- a/manifests/subsystems/xorg.pp
+++ b/manifests/subsystem/xorg.pp
@@ -1,4 +1,4 @@
-class xorg($enable = hiera('nodo::xorg::enable', false)) {
+class nodo::subsystem::xorg($enable = hiera('nodo::subsystem::xorg::enable', false)) {
if $xorg != false {
file { "/etc/X11/xorg.conf":
ensure => present,
diff --git a/manifests/subsystems/database.pp b/manifests/subsystems/database.pp
deleted file mode 100644
index beedfa6..0000000
--- a/manifests/subsystems/database.pp
+++ /dev/null
@@ -1,52 +0,0 @@
-class database {
- class { 'mysql::server': }
-
- # See http://www.smilecouple.org/2011/03/01/fix-out-of-resource-problem-with-mysql
- file { '/etc/security/limits.d/mysql.conf':
- ensure => absent,
- owner => root,
- group => root,
- mode => 0644,
- content => "mysql soft nofile 24000\nmysql hard nofile 32000\n",
- }
-
- # Avoid Errcode: 24
- file { '/etc/mysql/conf.d/mysqld_open_files_limit.cnf':
- ensure => present,
- owner => root,
- group => root,
- mode => 0644,
- content => "[mysqld]\nopen-files-limit = 500000\n",
- notify => Service['mysql'],
- }
-
- backupninja::mysql { "all_databases":
- backupdir => '/var/backups/mysql',
- compress => true,
- sqldump => true,
- sqldumpoptions => '--lock-tables --complete-insert --add-drop-table --quick --quote-names --single-transaction',
- }
-
- # Database definitions
- define instance($password, $ensure = 'present', $privileges = "all") {
- include mysql::server
-
- mysql_database { "${name}":
- ensure => $ensure,
- require => Service['mysql'],
- }
-
- mysql_user { "${name}@%":
- ensure => $ensure,
- password_hash => mysql_password($password),
- require => Mysql_database["${name}"],
- }
-
- if $ensure == 'present' {
- mysql_grant { "${name}@%/${name}":
- privileges => $privileges,
- require => Mysql_user["${name}@%"],
- }
- }
- }
-}
diff --git a/manifests/subsystems/domain.pp b/manifests/subsystems/domain.pp
deleted file mode 100644
index eb3551f..0000000
--- a/manifests/subsystems/domain.pp
+++ /dev/null
@@ -1,39 +0,0 @@
-# See
-# http://prefetch.net/code/domain-check
-# http://www.cyberciti.biz/tips/howto-monitor-domain-expiration-renew-date.html
-# http://www.cyberciti.biz/tips/domain-check-script.html
-class domain {
- file { "/usr/local/bin/domain-check":
- ensure => present,
- owner => "root",
- group => "root",
- mode => 755,
- source => "puppet://$server/modules/nodo/bin/domain-check",
- }
-
- define check($interval = '60', $email = 'root', $hour = '0',
- $minute = '0', $weekday = '0',
- $file = false, $ensure = present) {
-
- $cert_check = "/usr/local/bin/domain-check -a -q -x ${interval} -e ${email}"
-
- case $file {
- true: {
- $command = "$cert_check -f ${file}"
- }
- false, default: {
- $command = "$cert_check -d ${name}"
- }
- }
-
- cron { "domain-check-${name}":
- command => "$command >/dev/null 2>&1",
- user => root,
- hour => $hour,
- minute => $minute,
- weekday => $weekday,
- ensure => $ensure,
- require => File["/usr/local/bin/domain-check"],
- }
- }
-}
diff --git a/manifests/subsystems/firewall.pp b/manifests/subsystems/firewall.pp
deleted file mode 100644
index 221f281..0000000
--- a/manifests/subsystems/firewall.pp
+++ /dev/null
@@ -1,208 +0,0 @@
-# firewall definitions for physical servers
-class firewall(
- $local_net = hiera('nodo::firewall::local_net', false),
- $in_bandwidth = hiera('nodo::firewall::in_bandwidth', '2mbit'),
- $out_bandwidth = hiera('nodo::firewall::out_bandwidth', '2mbit'),
- $eth0_options = hiera('nodo::firewall::eth0_options', 'tcpflags,blacklist,routefilter,nosmurfs,logmartians')
-) {
- class { 'shorewall': }
-
- $rfc1918 = $local_net ? {
- true => true,
- false => false,
- default => false,
- }
-
- #
- # Interfaces
- #
- shorewall::interface { 'eth0':
- zone => '-',
- rfc1918 => $rfc1918,
- options => $eth0_options,
- }
-
- #
- # Policy
- #
- shorewall::policy { 'vm-net':
- sourcezone => 'vm',
- destinationzone => 'net',
- policy => 'ACCEPT',
- order => 1,
- }
-
- shorewall::policy { 'fw-net':
- sourcezone => '$FW',
- destinationzone => 'net',
- policy => 'ACCEPT',
- order => 2,
- }
-
- shorewall::policy { 'fw-vm':
- sourcezone => '$FW',
- destinationzone => 'vm',
- policy => 'ACCEPT',
- order => 3,
- }
-
- shorewall::policy { 'net-all':
- sourcezone => 'net',
- destinationzone => 'all',
- policy => 'DROP',
- order => 4,
- }
-
- shorewall::policy { 'all-all':
- sourcezone => 'all',
- destinationzone => 'all',
- policy => 'REJECT',
- order => 90,
- }
-
- #
- # Hosts
- #
- shorewall::host { "eth0-subnet":
- name => 'eth0:192.168.0.0/24',
- zone => 'vm',
- options => '',
- order => '1',
- }
-
- shorewall::host { "eth0":
- name => 'eth0:0.0.0.0/0',
- zone => 'net',
- options => '',
- order => '2',
- }
-
- shorewall::masq { "eth0":
- interface => 'eth0:!192.168.0.0/24',
- source => '192.168.0.0/24',
- order => '1',
- }
-
- #
- # Rules
- #
- shorewall::rule { 'ssh':
- action => 'SSH/ACCEPT',
- source => 'net',
- destination => '$FW',
- proto => '-',
- destinationport => '-',
- ratelimit => '-',
- order => 100,
- }
-
- shorewall::rule { 'ping':
- action => 'Ping/ACCEPT',
- source => 'net',
- destination => '$FW',
- proto => '-',
- destinationport => '-',
- ratelimit => '-',
- order => 101,
- }
-
- shorewall::rule { 'http':
- action => 'HTTP/ACCEPT',
- source => 'net',
- destination => '$FW',
- proto => '-',
- destinationport => '-',
- ratelimit => '-',
- order => 102,
- }
-
- # SSL computational DoS mitigation
- # See http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html
- shorewall::rule { 'https':
- action => 'HTTPS/ACCEPT',
- source => 'net',
- destination => '$FW',
- proto => '-',
- destinationport => '-',
- ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'),
- order => 103,
- }
-
- $munin_port = $node_munin_port ? {
- '' => "4900",
- default => "$node_munin_port",
- }
-
- shorewall::rule { "munin":
- action => 'ACCEPT',
- source => 'net',
- destination => '$FW',
- proto => 'tcp',
- destinationport => "$munin_port",
- ratelimit => '-',
- order => 104,
- }
-
- #
- # Zones
- #
- shorewall::zone { 'vm':
- type => 'ipv4',
- order => '2',
- }
-
- shorewall::zone { 'net':
- type => 'ipv4',
- order => '3',
- }
-
- shorewall::zone { 'loc':
- type => 'ipv4',
- order => 4,
- }
-
- #
- # Traffic shapping
- #
- shorewall::tcdevices { "eth0":
- in_bandwidth => "$in_bandwidth",
- out_bandwidth => "$out_bandwidth",
- }
-
- shorewall::tcrules { "ssh-tcp":
- order => "1",
- source => "0.0.0.0/0",
- destination => "0.0.0.0/0",
- protocol => "tcp",
- ports => "22",
- }
-
- shorewall::tcrules { "ssh-udp":
- order => "1",
- source => "0.0.0.0/0",
- destination => "0.0.0.0/0",
- protocol => "udp",
- ports => "22",
- }
-
- shorewall::tcclasses { "ssh":
- order => "1",
- interface => "eth0",
- rate => "4*full/100",
- ceil => "full",
- priority => "1",
- }
-
- shorewall::tcclasses { "default":
- order => "2",
- interface => "eth0",
- rate => "6*full/100",
- ceil => "full",
- priority => "2",
- options => "default",
- }
-
- if $local_net == true {
- class { "firewall::local": }
- }
-}
diff --git a/manifests/subsystems/firewall/local.pp b/manifests/subsystems/firewall/local.pp
deleted file mode 100644
index f17680e..0000000
--- a/manifests/subsystems/firewall/local.pp
+++ /dev/null
@@ -1,47 +0,0 @@
-class firewall::local(
- $network = hiera('nodo::firewall::local::network', '192.168.1.0/24'),
- $interface = hiera('nodo::firewall::local::interface', 'eth0'),
- $manage_host = hiera('nodo::firewall::local::manage_host', True),
- $manage_interface = hiera('nodo::firewall::local::manage_iface', false)
-) {
-
- if $manage_host {
- shorewall::host { "$interface-loc":
- name => "$interface:$network",
- zone => 'loc',
- options => '',
- order => 3,
- }
- }
-
- if $manage_interface {
- shorewall::interface { "$interface":
- zone => 'loc',
- rfc1918 => true,
- dhcp => true,
- options => 'routeback',
- }
- }
-
- shorewall::policy { 'loc-all':
- sourcezone => 'loc',
- destinationzone => 'all',
- policy => 'ACCEPT',
- order => 5,
- }
-
- shorewall::policy { 'vm-loc':
- sourcezone => 'vm',
- destinationzone => 'loc',
- policy => 'ACCEPT',
- order => 6,
- }
-
- shorewall::policy { 'fw-loc':
- sourcezone => '$FW',
- destinationzone => 'loc',
- policy => 'ACCEPT',
- order => 7,
- }
-
-}
diff --git a/manifests/subsystems/firewall/mpd.pp b/manifests/subsystems/firewall/mpd.pp
deleted file mode 100644
index 5724952..0000000
--- a/manifests/subsystems/firewall/mpd.pp
+++ /dev/null
@@ -1,21 +0,0 @@
-class firewall::mpd {
- # MPD http stream
- shorewall::rule { 'mpd-http-stream':
- source => 'net',
- destination => '$FW',
- proto => 'tcp',
- destinationport => '8000',
- order => 200,
- action => 'ACCEPT';
- }
-
- # MPD client access
- shorewall::rule { 'mpd-daemon':
- source => 'net',
- destination => '$FW',
- proto => 'tcp',
- destinationport => '6600',
- order => 200,
- action => 'ACCEPT';
- }
-}
diff --git a/manifests/subsystems/firewall/nas.pp b/manifests/subsystems/firewall/nas.pp
deleted file mode 100644
index c6eaf72..0000000
--- a/manifests/subsystems/firewall/nas.pp
+++ /dev/null
@@ -1,152 +0,0 @@
-class firewall::nas {
- # Basic firewall rules
- include shorewall::rules::ftp
- include shorewall::rules::tftp
- include shorewall::rules::http
- include shorewall::rules::nfsd
- include shorewall::rules::rsync
- include firewall::printer
- include firewall::torrent
- include firewall::mpd
-
- # Additional ports needed by NFS
- # Got using rpcinfo -p and netstat -ap
- shorewall::rule { 'nfs-1':
- action => 'ACCEPT',
- source => 'net',
- destination => '$FW',
- proto => 'tcp',
- destinationport => '35150,43902,46661,46661,46661,50340,54814,57170,58403,59780',
- ratelimit => '-',
- order => 100,
- }
-
- shorewall::rule { 'nfs-2':
- action => 'ACCEPT',
- source => 'net',
- destination => '$FW',
- proto => 'udp',
- destinationport => '938,38511,43195,53081,53081,53081,38521,45238,52664,52400,60331',
- ratelimit => '-',
- order => 100,
- }
-
- # See http://www.shorewall.net/samba.htm
- shorewall::rule { 'samba':
- action => 'SMB/ACCEPT',
- source => 'net',
- destination => '$FW',
- proto => '-',
- destinationport => '-',
- ratelimit => '-',
- order => 100,
- }
-
- shorewall::rule { 'netbios-1':
- action => 'ACCEPT',
- source => 'net',
- destination => '$FW',
- proto => 'tcp',
- destinationport => '137,138,139',
- ratelimit => '-',
- order => 100,
- }
-
- shorewall::rule { 'netbios-2':
- action => 'ACCEPT',
- source => 'net',
- destination => '$FW',
- proto => 'udp',
- destinationport => '137,138,139',
- ratelimit => '-',
- order => 100,
- }
-
- # DLNA
- #
- # https://wiki.archlinux.org/index.php/MiniDLNA
- # http://netpatia.blogspot.co.uk/2011/03/setup-your-own-dlna-server.html
- # http://wiki.alpinelinux.org/wiki/IPTV_How_To
- # http://mediatomb.cc/dokuwiki/faq:faq
- # http://packages.debian.org/wheezy/djmount
- # http://packages.debian.org/wheezy/gupnp-tools
- #
- # Optional:
- #
- # http://www.shorewall.net/UPnP.html
- #
- # linux-igd package
- # /etc/default/linux-igd
- # /etc/upnpd.conf
-
- shorewall::rule { "dlna-1":
- action => 'ACCEPT',
- source => 'net',
- destination => '$FW',
- proto => 'tcp,udp',
- destinationport => "1900",
- ratelimit => '-',
- order => 102,
- }
-
- shorewall::rule { "dlna-2":
- action => 'ACCEPT',
- source => 'net',
- destination => '$FW',
- proto => 'tcp,udp',
- destinationport => "8200",
- ratelimit => '-',
- order => 103,
- }
-
- shorewall::rule { "dlna-3":
- action => 'allowinUPnP',
- source => 'net',
- destination => '$FW',
- order => 104,
- }
-
- shorewall::rule { "dlna-4":
- action => 'forwardUPnP',
- source => 'net',
- destination => '$FW',
- order => 105,
- }
-
- # Enable multicast
- augeas { 'enable_multicast':
- changes => 'set /files/etc/shorewall/shorewall.conf/MULTICAST Yes',
- lens => 'Shellvars.lns',
- incl => '/etc/shorewall/shorewall.conf',
- notify => Service[shorewall];
- }
-
- # DAAP
- shorewall::rule { 'daap-1':
- source => 'net',
- destination => '$FW',
- proto => 'tcp',
- destinationport => '3689',
- order => 300,
- action => 'ACCEPT';
- }
-
- shorewall::rule { 'daap-2':
- source => 'net',
- destination => '$FW',
- proto => 'udp',
- destinationport => '3689',
- order => 301,
- action => 'ACCEPT';
- }
-
- # Avahi/mDNS
- shorewall::rule { 'mdns':
- source => 'net',
- destination => '$FW',
- proto => 'udp',
- destinationport => '5353',
- order => 400,
- action => 'ACCEPT';
- }
-}
diff --git a/manifests/subsystems/firewall/openvpn.pp b/manifests/subsystems/firewall/openvpn.pp
deleted file mode 100644
index 2d3e6d1..0000000
--- a/manifests/subsystems/firewall/openvpn.pp
+++ /dev/null
@@ -1,36 +0,0 @@
-class firewall::openvpn {
- shorewall::zone { 'vpn':
- type => 'ipv4',
- order => 4,
- }
-
- shorewall::interface { 'tun0':
- zone => 'vpn',
- }
-
- shorewall::policy { 'loc-vpn':
- sourcezone => 'loc',
- destinationzone => 'vpn',
- policy => 'ACCEPT',
- order => 20,
- }
-
- shorewall::policy { 'vpn-loc':
- sourcezone => 'vpn',
- destinationzone => 'loc',
- policy => 'ACCEPT',
- order => 21,
- }
-
- shorewall::policy { 'fw-vpn':
- sourcezone => '$FW',
- destinationzone => 'vpn',
- policy => 'ACCEPT',
- order => 22,
- }
-
- shorewall::tunnel { 'openvpn':
- tunnel_type => 'openvpnclient',
- zone => 'net',
- }
-}
diff --git a/manifests/subsystems/firewall/ppp.pp b/manifests/subsystems/firewall/ppp.pp
deleted file mode 100644
index 3082e92..0000000
--- a/manifests/subsystems/firewall/ppp.pp
+++ /dev/null
@@ -1,31 +0,0 @@
-class firewall::ppp {
- shorewall::zone { 'ppp':
- type => 'ipv4',
- order => 4,
- }
-
- shorewall::interface { 'ppp0':
- zone => 'ppp',
- }
-
- shorewall::policy { 'loc-ppp':
- sourcezone => 'loc',
- destinationzone => 'ppp',
- policy => 'ACCEPT',
- order => 30,
- }
-
- shorewall::policy { 'ppp-loc':
- sourcezone => 'ppp',
- destinationzone => 'loc',
- policy => 'ACCEPT',
- order => 31,
- }
-
- shorewall::policy { 'fw-ppp':
- sourcezone => '$FW',
- destinationzone => 'ppp',
- policy => 'ACCEPT',
- order => 32,
- }
-}
diff --git a/manifests/subsystems/firewall/printer.pp b/manifests/subsystems/firewall/printer.pp
deleted file mode 100644
index b44f65a..0000000
--- a/manifests/subsystems/firewall/printer.pp
+++ /dev/null
@@ -1,21 +0,0 @@
-class firewall::printer {
- shorewall::rule { "cups-tcp":
- action => 'ACCEPT',
- source => 'net',
- destination => '$FW',
- proto => 'tcp',
- destinationport => "631",
- ratelimit => '-',
- order => 200,
- }
-
- shorewall::rule { "cups-udp":
- action => 'ACCEPT',
- source => 'net',
- destination => '$FW',
- proto => 'udp',
- destinationport => "631",
- ratelimit => '-',
- order => 201,
- }
-}
diff --git a/manifests/subsystems/firewall/redirect.pp b/manifests/subsystems/firewall/redirect.pp
deleted file mode 100644
index 7a9734a..0000000
--- a/manifests/subsystems/firewall/redirect.pp
+++ /dev/null
@@ -1,14 +0,0 @@
-class firewall::redirect::ssh($destinationport) {
- # When the box is in an internal network and we want to provide
- # and external access through a shared real IP, we have to
- # redirect requests coming from another port to port 22.
- shorewall::rule { "ssh-redirect-1":
- action => 'DNAT',
- source => 'net',
- destination => "fw:$ipaddress:22",
- proto => 'tcp',
- destinationport => $destinationport,
- ratelimit => '-',
- order => $destinationport,
- }
-}
diff --git a/manifests/subsystems/firewall/router.pp b/manifests/subsystems/firewall/router.pp
deleted file mode 100644
index 7fa2db3..0000000
--- a/manifests/subsystems/firewall/router.pp
+++ /dev/null
@@ -1,401 +0,0 @@
-class firewall::router::http($destination, $zone = 'loc', $originaldest = $ipaddress) {
- shorewall::rule { 'http-route-1':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:80",
- proto => 'tcp',
- destinationport => '80',
- ratelimit => '-',
- order => 600,
- }
-
- shorewall::rule { 'http-route-2':
- action => 'DNAT',
- source => '$FW',
- destination => "fw:$destination:80",
- proto => 'tcp',
- destinationport => '80',
- originaldest => "$originaldest",
- ratelimit => '-',
- order => 601,
- }
-}
-
-class firewall::router::https($destination, $zone = 'loc', $originaldest = $ipaddress) {
- shorewall::rule { 'https-route-1':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:443",
- proto => 'tcp',
- destinationport => '443',
- ratelimit => '-',
- order => 602,
- }
-
- shorewall::rule { 'https-route-2':
- action => 'DNAT',
- source => '$FW',
- destination => "fw:$destination:443",
- proto => 'tcp',
- destinationport => '443',
- originaldest => "$originaldest",
- ratelimit => '-',
- order => 602,
- }
-}
-
-class firewall::router::puppetmaster($destination, $puppetmaster_port = '8140',
- $puppetmaster_nonssl_port = '8141', $zone = 'loc',
- $originaldest = $ipaddress) {
- shorewall::rule { 'puppetmaster-1':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:$puppetmaster_port",
- proto => 'tcp',
- destinationport => "$puppetmaster_port",
- ratelimit => '-',
- order => 700,
- }
-
- shorewall::rule { 'puppetmaster-2':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:$puppetmaster_port",
- proto => 'udp',
- destinationport => "$puppetmaster_port",
- ratelimit => '-',
- order => 701,
- }
-
- shorewall::rule { 'puppetmaster-3':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:$puppetmaster_port",
- proto => 'tcp',
- destinationport => "$puppetmaster_port",
- originaldest => "$originaldest",
- ratelimit => '-',
- order => 702,
- }
-
- shorewall::rule { 'puppetmaster-4':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:$puppetmaster_port",
- proto => 'udp',
- destinationport => "$puppetmaster_port",
- originaldest => "$originaldest",
- ratelimit => '-',
- order => 703,
- }
-
- shorewall::rule { 'puppetmaster-5':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:$puppetmaster_nonssl_port",
- proto => 'tcp',
- destinationport => "$puppetmaster_nonssl_port",
- ratelimit => '-',
- order => 704,
- }
-
- shorewall::rule { 'puppetmaster-6':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:$puppetmaster_nonssl_port",
- proto => 'udp',
- destinationport => "$puppetmaster_nonssl_port",
- ratelimit => '-',
- order => 705,
- }
-
- shorewall::rule { 'puppetmaster-7':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:$puppetmaster_nonssl_port",
- proto => 'tcp',
- destinationport => "$puppetmaster_nonssl_port",
- originaldest => "$originaldest",
- ratelimit => '-',
- order => 706,
- }
-
- shorewall::rule { 'puppetmaster-8':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:$puppetmaster_nonssl_port",
- proto => 'udp',
- destinationport => "$puppetmaster_nonssl_port",
- originaldest => "$originaldest",
- ratelimit => '-',
- order => 707,
- }
-}
-
-class firewall::router::gitd($destination, $zone = 'loc', $originaldest = $ipaddress) {
- shorewall::rule { 'git-daemon-1':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:9418",
- proto => 'tcp',
- destinationport => '9418',
- ratelimit => '-',
- order => 800,
- }
-
- shorewall::rule { 'git-daemon-2':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:9418",
- proto => 'tcp',
- destinationport => '9418',
- originaldest => "$originaldest",
- ratelimit => '-',
- order => 801,
- }
-}
-
-class firewall::router::icecast($destination, $zone = 'loc', $originaldest = $ipaddress) {
- shorewall::rule { 'icecast-1':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:8000",
- proto => 'tcp',
- destinationport => '8000',
- ratelimit => '-',
- order => 900,
- }
-
- shorewall::rule { 'icecast-2':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:8000",
- proto => 'tcp',
- destinationport => '8000',
- originaldest => "$originaldest",
- ratelimit => '-',
- order => 901,
- }
-}
-
-class firewall::router::mail($destination, $zone = 'loc', $originaldest = $ipaddress) {
- shorewall::rule { 'mail-1':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:25",
- proto => 'tcp',
- destinationport => '25',
- ratelimit => '-',
- order => 1000,
- }
-
- shorewall::rule { 'mail-2':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:25",
- proto => 'tcp',
- destinationport => '25',
- originaldest => "$originaldest",
- ratelimit => '-',
- order => 1001,
- }
-
- shorewall::rule { 'mail-3':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:993",
- proto => 'tcp',
- destinationport => '993',
- ratelimit => '-',
- order => 1002,
- }
-
- shorewall::rule { 'mail-4':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:993",
- proto => 'tcp',
- destinationport => '993',
- originaldest => "$originaldest",
- ratelimit => '-',
- order => 1003,
- }
-
- shorewall::rule { 'mail-5':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:587",
- proto => 'tcp',
- destinationport => '587',
- ratelimit => '-',
- order => 1004,
- }
-
- shorewall::rule { 'mail-6':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:587",
- proto => 'tcp',
- destinationport => '587',
- originaldest => "$originaldest",
- ratelimit => '-',
- order => 1005,
- }
-}
-
-define firewall::router::ssh($destination, $port_orig = '22', $port_dest = '', $zone = 'loc',
- $originaldest = $ipaddress) {
- shorewall::rule { "ssh-$name-1":
- action => 'DNAT',
- source => 'net',
- destination => $port_dest ? {
- '' => "$zone:$destination",
- default => "$zone:$destination:$port_dest",
- },
- proto => 'tcp',
- destinationport => "$port_orig",
- ratelimit => '-',
- order => "2$port_orig",
- }
-
- shorewall::rule { "ssh-$name-2":
- action => 'DNAT',
- source => '$FW',
- destination => $port_dest ? {
- '' => "$zone:$destination",
- default => "$zone:$destination:$port_dest",
- },
- proto => 'tcp',
- destinationport => "$port_orig",
- originaldest => "$originaldest",
- ratelimit => '-',
- order => "2$port_orig",
- }
-}
-
-define firewall::router::munin($destination, $port_orig, $port_dest = '', $zone = 'loc',
- $order = '400', $originaldest = $ipaddress) {
- shorewall::rule { "munin-$name-1":
- action => 'DNAT',
- source => 'net',
- destination => $port_dest ? {
- '' => "$zone:$destination",
- default => "$zone:$destination:$port_dest",
- },
- proto => 'tcp',
- destinationport => "$port_orig",
- ratelimit => '-',
- order => $order,
- }
-
- shorewall::rule { "munin-$name-2":
- action => 'DNAT',
- source => '$FW',
- destination => $port_dest ? {
- '' => "$zone:$destination",
- default => "$zone:$destination:$port_dest",
- },
- proto => 'tcp',
- destinationport => "$port_orig",
- originaldest => "$originaldest",
- ratelimit => '-',
- order => $order,
- }
-}
-
-class firewall::router::torrent($destination, $zone = 'loc', $originaldest = $ipaddress) {
- shorewall::rule { "torrent-tcp-1":
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination",
- proto => 'tcp',
- destinationport => "6881:6999",
- ratelimit => '-',
- order => 200,
- }
-
- shorewall::rule { "torrent-tcp-2":
- action => 'DNAT',
- source => 'all',
- destination => "$zone:$destination",
- proto => 'tcp',
- destinationport => "6881:6999",
- originaldest => "$originaldest",
- ratelimit => '-',
- order => 200,
- }
-
- shorewall::rule { "torrent-udp-1":
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination",
- proto => 'udp',
- destinationport => "6881:6999",
- ratelimit => '-',
- order => 201,
- }
-
- shorewall::rule { "torrent-udp-2":
- action => 'DNAT',
- source => 'all',
- destination => "$zone:$destination",
- proto => 'udp',
- destinationport => "6881:6999",
- originaldest => "$originaldest",
- ratelimit => '-',
- order => 201,
- }
-}
-
-class firewall::router::gobby($destination, $zone = 'loc', $originaldest = $ipaddress) {
- shorewall::rule { 'gobby-route-1':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:6523",
- proto => 'tcp',
- destinationport => '6523',
- ratelimit => '-',
- order => 600,
- }
-
- shorewall::rule { 'gobby-route-2':
- action => 'DNAT',
- source => '$FW',
- destination => "fw:$destination:6523",
- proto => 'tcp',
- destinationport => '6523',
- originaldest => "$originaldest",
- ratelimit => '-',
- order => 601,
- }
-}
-
-# See http://www.shorewall.net/FAQ.htm#faq2
-define firewall::router::hairpinning($order = '5000', $proto = 'tcp', $port = 'www',
- $external_ip = '$ETH0_IP', $interface = 'eth1',
- $destination = '192.168.1.100', $source = 'eth1',
- $source_zone = 'loc', $dest_zone = 'loc',
- $port_dest = '') {
- shorewall::masq { "routeback-$name":
- interface => "$interface:$destination",
- source => $source,
- address => $external_ip,
- proto => $proto,
- port => $port,
- order => $order,
- }
-
- shorewall::rule { "routeback-$name":
- action => 'DNAT',
- source => $source_zone,
- destination => $port_dest ? {
- '' => "$dest_zone:$destination",
- default => "$dest_zone:$destination:$port_dest",
- },
- proto => $proto,
- destinationport => $port,
- ratelimit => '-',
- order => $order,
- originaldest => $external_ip,
- }
-}
diff --git a/manifests/subsystems/firewall/torrent.pp b/manifests/subsystems/firewall/torrent.pp
deleted file mode 100644
index 2dc8451..0000000
--- a/manifests/subsystems/firewall/torrent.pp
+++ /dev/null
@@ -1,21 +0,0 @@
-class firewall::torrent {
- shorewall::rule { "torrent-tcp":
- action => 'ACCEPT',
- source => 'net',
- destination => '$FW',
- proto => 'tcp',
- destinationport => "6881:6999",
- ratelimit => '-',
- order => 200,
- }
-
- shorewall::rule { "torrent-udp":
- action => 'ACCEPT',
- source => 'net',
- destination => '$FW',
- proto => 'udp',
- destinationport => "6881:6999",
- ratelimit => '-',
- order => 201,
- }
-}
diff --git a/manifests/subsystems/firewall/ups.pp b/manifests/subsystems/firewall/ups.pp
deleted file mode 100644
index 042fcdc..0000000
--- a/manifests/subsystems/firewall/ups.pp
+++ /dev/null
@@ -1,11 +0,0 @@
-class firewall::ups {
- shorewall::rule { "ups":
- action => 'ACCEPT',
- source => 'net',
- destination => '$FW',
- proto => 'tcp',
- destinationport => "3551",
- ratelimit => '-',
- order => 200,
- }
-}
diff --git a/manifests/subsystems/firewall/vserver.pp b/manifests/subsystems/firewall/vserver.pp
deleted file mode 100644
index 702acc9..0000000
--- a/manifests/subsystems/firewall/vserver.pp
+++ /dev/null
@@ -1,524 +0,0 @@
-class firewall::vserver::http($destination, $zone = 'vm') {
- shorewall::rule { 'http-route-1':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:80",
- proto => 'tcp',
- destinationport => '80',
- ratelimit => '-',
- order => 600,
- }
-
- shorewall::rule { 'http-route-2':
- action => 'DNAT',
- source => '$FW',
- destination => "fw:$destination:80",
- proto => 'tcp',
- destinationport => '80',
- originaldest => "$ipaddress",
- ratelimit => '-',
- order => 601,
- }
-}
-
-class firewall::vserver::https($destination, $zone = 'vm') {
- shorewall::rule { 'https-route-1':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:443",
- proto => 'tcp',
- destinationport => '443',
- ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'),
- order => 602,
- }
-
- shorewall::rule { 'https-route-2':
- action => 'DNAT',
- source => '$FW',
- destination => "fw:$destination:443",
- proto => 'tcp',
- destinationport => '443',
- originaldest => "$ipaddress",
- ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'),
- order => 602,
- }
-}
-
-class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140', $puppetmaster_nonssl_port = '8141', $zone = 'fw') {
- shorewall::rule { 'puppetmaster-1':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:$puppetmaster_port",
- proto => 'tcp',
- destinationport => "$puppetmaster_port",
- ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'),
- order => 700,
- }
-
- shorewall::rule { 'puppetmaster-2':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:$puppetmaster_port",
- proto => 'udp',
- destinationport => "$puppetmaster_port",
- ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'),
- order => 701,
- }
-
- shorewall::rule { 'puppetmaster-3':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:$puppetmaster_port",
- proto => 'tcp',
- destinationport => "$puppetmaster_port",
- originaldest => "$ipaddress",
- ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'),
- order => 702,
- }
-
- shorewall::rule { 'puppetmaster-4':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:$puppetmaster_port",
- proto => 'udp',
- destinationport => "$puppetmaster_port",
- originaldest => "$ipaddress",
- ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'),
- order => 703,
- }
-
- shorewall::rule { 'puppetmaster-5':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:$puppetmaster_nonssl_port",
- proto => 'tcp',
- destinationport => "$puppetmaster_nonssl_port",
- ratelimit => '-',
- order => 704,
- }
-
- shorewall::rule { 'puppetmaster-6':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:$puppetmaster_nonssl_port",
- proto => 'udp',
- destinationport => "$puppetmaster_nonssl_port",
- ratelimit => '-',
- order => 705,
- }
-
- shorewall::rule { 'puppetmaster-7':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:$puppetmaster_nonssl_port",
- proto => 'tcp',
- destinationport => "$puppetmaster_nonssl_port",
- originaldest => "$ipaddress",
- ratelimit => '-',
- order => 706,
- }
-
- shorewall::rule { 'puppetmaster-8':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:$puppetmaster_nonssl_port",
- proto => 'udp',
- destinationport => "$puppetmaster_nonssl_port",
- originaldest => "$ipaddress",
- ratelimit => '-',
- order => 707,
- }
-}
-
-class firewall::vserver::gitd($destination, $zone = 'fw') {
- shorewall::rule { 'git-daemon-1':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:9418",
- proto => 'tcp',
- destinationport => '9418',
- ratelimit => '-',
- order => 800,
- }
-
- shorewall::rule { 'git-daemon-2':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:9418",
- proto => 'tcp',
- destinationport => '9418',
- originaldest => "$ipaddress",
- ratelimit => '-',
- order => 801,
- }
-}
-
-class firewall::vserver::icecast($destination, $zone = 'fw') {
- shorewall::rule { 'icecast-1':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:8000",
- proto => 'tcp',
- destinationport => '8000',
- ratelimit => '-',
- order => 900,
- }
-
- shorewall::rule { 'icecast-2':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:8000",
- proto => 'tcp',
- destinationport => '8000',
- originaldest => "$ipaddress",
- ratelimit => '-',
- order => 901,
- }
-}
-
-class firewall::vserver::mail($destination, $zone = 'fw') {
- shorewall::rule { 'mail-1':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:25",
- proto => 'tcp',
- destinationport => '25',
- ratelimit => '-',
- order => 1000,
- }
-
- shorewall::rule { 'mail-2':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:25",
- proto => 'tcp',
- destinationport => '25',
- originaldest => "$ipaddress",
- ratelimit => '-',
- order => 1001,
- }
-
- shorewall::rule { 'mail-3':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:993",
- proto => 'tcp',
- destinationport => '993',
- ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'),
- order => 1002,
- }
-
- shorewall::rule { 'mail-4':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:993",
- proto => 'tcp',
- destinationport => '993',
- originaldest => "$ipaddress",
- ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'),
- order => 1003,
- }
-
- shorewall::rule { 'mail-5':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:587",
- proto => 'tcp',
- destinationport => '587',
- ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'),
- order => 1004,
- }
-
- shorewall::rule { 'mail-6':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:587",
- proto => 'tcp',
- destinationport => '587',
- originaldest => "$ipaddress",
- ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'),
- order => 1005,
- }
-}
-
-define firewall::vserver::ssh($destination, $port_orig = '22', $port_dest = '', $zone = 'vm') {
- shorewall::rule { "ssh-$name-1":
- action => 'DNAT',
- source => 'net',
- destination => $port_dest ? {
- '' => "$zone:$destination",
- default => "$zone:$destination:$port_dest",
- },
- proto => 'tcp',
- destinationport => "$port_orig",
- ratelimit => '-',
- order => "2$port_orig",
- }
-
- shorewall::rule { "ssh-$name-2":
- action => 'DNAT',
- source => '$FW',
- destination => $port_dest ? {
- '' => "fw:$destination",
- default => "fw:$destination:$port_dest",
- },
- proto => 'tcp',
- destinationport => "$port_orig",
- originaldest => "$ipaddress",
- ratelimit => '-',
- order => "2$port_orig",
- }
-}
-
-define firewall::vserver::munin($destination, $port_orig, $port_dest = '', $order = '400', $zone = 'fw') {
- shorewall::rule { "munin-$name-1":
- action => 'DNAT',
- source => 'net',
- destination => $port_dest ? {
- '' => "$zone:$destination",
- default => "$zone:$destination:$port_dest",
- },
- proto => 'tcp',
- destinationport => "$port_orig",
- ratelimit => '-',
- order => $order,
- }
-
- shorewall::rule { "munin-$name-2":
- action => 'DNAT',
- source => '$FW',
- destination => $port_dest ? {
- '' => "$zone:$destination",
- default => "$zone:$destination:$port_dest",
- },
- proto => 'tcp',
- destinationport => "$port_orig",
- originaldest => "$ipaddress",
- ratelimit => '-',
- order => $order,
- }
-}
-
-class firewall::vserver::dns($destination, $zone = 'vm') {
- shorewall::rule { 'dns-route-0':
- action => 'DNS/ACCEPT',
- source => 'net',
- destination => '$FW',
- proto => '-',
- destinationport => '-',
- ratelimit => '-',
- order => 2000,
- }
-
- shorewall::rule { 'dns-route-1':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:53",
- proto => 'tcp',
- destinationport => '53',
- ratelimit => '-',
- order => 2001,
- }
-
- shorewall::rule { 'dns-route-2':
- action => 'DNAT',
- source => '$FW',
- destination => "fw:$destination:53",
- proto => 'tcp',
- destinationport => '53',
- originaldest => "$ipaddress",
- ratelimit => '-',
- order => 2002,
- }
-
- shorewall::rule { 'dns-route-3':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:53",
- proto => 'udp',
- destinationport => '53',
- ratelimit => '-',
- order => 2003,
- }
-
- shorewall::rule { 'dns-route-4':
- action => 'DNAT',
- source => '$FW',
- destination => "fw:$destination:53",
- proto => 'udp',
- destinationport => '53',
- originaldest => "$ipaddress",
- ratelimit => '-',
- order => 2004,
- }
-}
-
-class firewall::vserver::tor($destination, $zone = 'fw') {
- shorewall::rule { 'tor-0':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:9001",
- proto => 'tcp',
- destinationport => '9001',
- ratelimit => '-',
- order => 2100,
- }
-
- shorewall::rule { 'tor-1':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:9001",
- proto => 'tcp',
- destinationport => '9001',
- originaldest => "$ipaddress",
- ratelimit => '-',
- order => 2101,
- }
-
- shorewall::rule { 'tor-2':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:9030",
- proto => 'tcp',
- destinationport => '9030',
- ratelimit => '-',
- order => 2102,
- }
-
- shorewall::rule { 'tor-3':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:9030",
- proto => 'tcp',
- destinationport => '9030',
- originaldest => "$ipaddress",
- ratelimit => '-',
- order => 2103,
- }
-}
-
-class firewall::vserver::jabber($destination, $zone = 'fw') {
- shorewall::rule { 'jabber-0':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:5222",
- proto => 'tcp',
- destinationport => '5222',
- ratelimit => '-',
- order => 2200,
- }
-
- shorewall::rule { 'jabber-1':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:5223",
- proto => 'tcp',
- destinationport => '5223',
- originaldest => "$ipaddress",
- ratelimit => '-',
- order => 2201,
- }
-
- shorewall::rule { 'jabber-2':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:5269",
- proto => 'tcp',
- destinationport => '5269',
- ratelimit => '-',
- order => 2202,
- }
-
- shorewall::rule { 'jabber-3':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:4369",
- proto => 'tcp',
- destinationport => '4369',
- originaldest => "$ipaddress",
- ratelimit => '-',
- order => 2203,
- }
-
- shorewall::rule { 'jabber-4':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:4370",
- proto => 'tcp',
- destinationport => '4370:4375',
- originaldest => "$ipaddress",
- ratelimit => '-',
- order => 2204,
- }
-}
-
-class firewall::vserver::mumble($destination, $zone = 'fw') {
- shorewall::rule { 'mumble-0':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:64738",
- proto => 'tcp',
- destinationport => '64738',
- ratelimit => '-',
- order => 2300,
- }
-
- shorewall::rule { 'mumble-1':
- action => 'DNAT',
- source => '$FW',
- destination => "$zone:$destination:64738",
- proto => 'udp',
- destinationport => '64738',
- originaldest => "$ipaddress",
- ratelimit => '-',
- order => 2301,
- }
-}
-
-class firewall::vserver::gobby($destination, $zone = 'fw') {
- shorewall::rule { 'gobby-0':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:6523",
- proto => 'tcp',
- destinationport => '6523',
- ratelimit => '-',
- order => 2400,
- }
-}
-
-class firewall::vserver::yacy($destination, $zone = 'fw') {
- shorewall::rule { 'yacy-0':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:8090",
- proto => 'tcp',
- destinationport => '8090',
- ratelimit => '-',
- order => 2500,
- }
-}
-
-class firewall::vserver::rsync($destination, $zone = 'fw') {
- shorewall::rule { 'rsync-0':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:873",
- proto => 'tcp',
- destinationport => '873',
- ratelimit => '-',
- order => 2600,
- }
-}
-
-class firewall::vserver::mdns($destination, $zone = 'fw') {
- shorewall::rule { 'mdns-0':
- action => 'DNAT',
- source => 'net',
- destination => "$zone:$destination:5353",
- proto => 'tcp',
- destinationport => '5353',
- ratelimit => '-',
- order => 2700,
- }
-}
diff --git a/manifests/subsystems/firewall/wifi.pp b/manifests/subsystems/firewall/wifi.pp
deleted file mode 100644
index 161d402..0000000
--- a/manifests/subsystems/firewall/wifi.pp
+++ /dev/null
@@ -1,50 +0,0 @@
-class firewall::wifi {
- $rfc1918 = $shorewall_local_net ? {
- true => true,
- false => false,
- default => false,
- }
-
- # Default device depends if madwifi or
- # built-in kernel driver is being used
- $wifi_default_device = $lsbdistcodename ? {
- 'lenny' => 'ath0',
- default => 'wlan0',
- }
-
- $wifi_dev = $wifi_device ? {
- '' => $wifi_default_device,
- default => $wifi_device,
- }
-
- #
- # Interfaces
- #
- shorewall::interface { "$wifi_dev":
- zone => '-',
- rfc1918 => $rfc1918,
- }
-
- #
- # Hosts
- #
- shorewall::host { "$wifi_dev-subnet":
- name => "$wifi_dev:192.168.0.0/24",
- zone => 'vm',
- options => '',
- order => 1,
- }
-
- shorewall::host { "$wifi_dev":
- name => "$wifi_dev:0.0.0.0/0",
- zone => 'net',
- options => '',
- order => 2,
- }
-
- shorewall::masq { "$wifi_dev":
- interface => "$wifi_dev:!192.168.0.0/24",
- source => '192.168.0.0/24',
- order => 1,
- }
-}
diff --git a/manifests/subsystems/firewire.pp b/manifests/subsystems/firewire.pp
deleted file mode 100644
index 088e194..0000000
--- a/manifests/subsystems/firewire.pp
+++ /dev/null
@@ -1,9 +0,0 @@
-class firewire {
- # make sure ohci1394 is not loaded
- # see http://padrao.sarava.org/trac/wiki/Debian/Firewire
- # see also the modprobe class
- exec { "rmmod ohci1394":
- unless => "/bin/sh -c 'if `grep -q ^ohci1394 /proc/modules`; then false; else true; fi'",
- user => "root",
- }
-}
diff --git a/manifests/subsystems/onion.pp b/manifests/subsystems/onion.pp
deleted file mode 100644
index 64a41f8..0000000
--- a/manifests/subsystems/onion.pp
+++ /dev/null
@@ -1,54 +0,0 @@
-class onion {
- class { 'tor::daemon': }
-
- # It's important to use a subdir from the tor datadir
- # to ease backup/restore procedures as we don't mix
- # hidden service data with other tor files.
- file { "${tor::daemon::data_dir}/hidden":
- ensure => directory,
- owner => 'debian-tor',
- group => 'debian-tor',
- mode => 0700,
- }
-}
-
-class onion::socks inherits onion {
- # Default tor daemon configuration
- tor::daemon::socks { 'socks':
- port => 9050,
- listen_addresses => [ '127.0.0.1' ],
- }
-}
-
-class onion::freenode inherits onion::socks {
- # Freenode via Tor
- # http://freenode.net/irc_servers.shtml
- # http://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/
- # http://freenode.net/sasl/sasl-irssi.shtml
- # https://wiki.archlinux.org/index.php/Tor
- tor::daemon::map_address { 'freenode':
- address => '10.40.40.40',
- newaddress => 'p4fsi4ockecnea7l.onion',
- }
-}
-
-class onion::ssh {
- tor::daemon::hidden_service { 'ssh':
- ports => [ "22 127.0.0.1:22" ],
- data_dir => "${tor::daemon::data_dir}/hidden",
- ensure => present,
- }
-}
-
-class onion::full inherits onion::freenode {
- include onion::ssh
-
- # Currently tor management just works for debian
- case $::operatingsystem {
- debian: {
- include tor::polipo
- }
- default: { }
- }
-
-}
diff --git a/manifests/subsystems/schroot.pp b/manifests/subsystems/schroot.pp
deleted file mode 100644
index 58d6dee..0000000
--- a/manifests/subsystems/schroot.pp
+++ /dev/null
@@ -1,26 +0,0 @@
-class schroot {
- package { 'schroot':
- ensure => installed,
- }
-
- file { '/etc/schroot/default/fstab':
- ensure => present,
- owner => root,
- group => root,
- mode => 0644,
- require => Package['schroot'],
- source => [ "puppet:///modules/site_nodo/etc/schroot/default/${::fqdn}/fstab",
- "puppet:///modules/nodo/etc/schroot/default/fstab" ]
- }
-
- define instance($instance_type = 'plain', $description, $directory, $users, $groups, $aliases, $ensure = present) {
- file { "/etc/schroot/chroot.d/${name}":
- ensure => $ensure,
- owner => root,
- group => root,
- mode => 0644,
- require => Package['schroot'],
- content => template('nodo/schroot/schroot.conf.erb'),
- }
- }
-}
diff --git a/manifests/subsystems/ssh.pp b/manifests/subsystems/ssh.pp
deleted file mode 100644
index f15931d..0000000
--- a/manifests/subsystems/ssh.pp
+++ /dev/null
@@ -1,101 +0,0 @@
-# Base class
-class ssh_folder {
- if !defined(File["${home}/.ssh"]) {
- file { "${home}/.ssh":
- ensure => directory,
- owner => $owner,
- group => $group,
- mode => 0700,
- }
- }
-}
-
-# Manage ssh config for a particular user
-define ssh_config($owner, $home = '/home/$owner', $ssh_localhost_auth = false) {
- include ssh_folder
-
- file { "${home}/.ssh/config":
- ensure => present,
- owner => $owner,
- group => $group,
- mode => 0600,
- require => File["${home}/.ssh"],
- }
-
- # The NoHostAuthenticationForLocalhost ssh option might be useful
- # for automated deployment environments so your ikiwiki user doesn't
- # get stuck with the fingerprint confirmation prompt when pushing
- # content via ssh in the first time it runs.
- line { 'NoHostAuthenticationForLocalhost-${owner}':
- file => "${home}/.ssh/config",
- line => "NoHostAuthenticationForLocalhost yes",
- ensure => $ssh_localhost_auth ? {
- 'auto' => present,
- 'fingerprint' => absent,
- default => absent,
- },
- }
-}
-
-# Manage known_hosts for a particular user
-define ssh_known_host($owner, $home = '/home/$owner', $ssh_localhost_auth = false) {
- include ssh_folder
-
- file { "${home}/.ssh/known_hosts":
- ensure => present,
- owner => $owner,
- group => $group,
- mode => 0600,
- require => File["${home}/.ssh"],
- }
-
- # You can choose to include the host's fingeprints
- # directly into the known_hosts file.
- if $::sshrsakey != '' {
- line { 'known_hosts-localhost-rsa-${owner}':
- file => "${home}/.ssh/known_hosts",
- line => "localhost ssh-rsa ${::sshrsakey}",
- ensure => $ssh_localhost_auth ? {
- 'fingerprint' => present,
- 'auto' => undef,
- default => undef,
- },
- }
- }
-
- if $::sshdsakey != '' {
- line { 'known_hosts-localhost-dsa-${owner}':
- file => "${home}/.ssh/known_hosts",
- line => "localhost ssh-dss ${::sshdsakey}",
- ensure => $ssh_localhost_auth ? {
- 'fingerprint' => present,
- 'auto' => undef,
- default => undef,
- },
- }
- }
-
- if $::sshecdsakey != '' {
- line { 'known_hosts-localhost-ecdsa-${owner}':
- file => "${home}/.ssh/known_hosts",
- line => "localhost ecdsa-sha2-nistp256 ${::sshedsakey}",
- ensure => $ssh_localhost_auth ? {
- 'fingerprint' => present,
- 'auto' => undef,
- default => undef,
- },
- }
- }
-}
-
-define ssh_create_key($owner, $group, $keyfile = 'id_rsa', $home = '/home/$owner') {
- include ssh_folder
-
- exec { "ssh-keygen-${owner}":
- command => "ssh-keygen -t rsa -P '' -f ${home}/.ssh/${keyfile}",
- creates => "${home}/.ssh/${keyfile}",
- user => $owner,
- group => $group,
- require => File["${home}/.ssh"],
- }
-}
diff --git a/manifests/subsystems/tunnel.pp b/manifests/subsystems/tunnel.pp
deleted file mode 100644
index 47384df..0000000
--- a/manifests/subsystems/tunnel.pp
+++ /dev/null
@@ -1,148 +0,0 @@
-# autossh tunnel interface
-#
-# TODO: User handling should be put somewhere. Here we are duplicating
-# code from backupninja module. Further developments should consider
-# have an unified user handling, maybe at puppet-user.
-#
-# For now, it's important to preserve the 'backupninja-' like tag
-# otherwise the behavior of this code will conflict with backupninja
-# and we'll see strange things like exported resources not being
-# realized.
-
-# this define realizes all needed resources for a hosted tunnel
-define tunnel_server_realize($host) {
- User <<| tag == "backupninja-${host}" |>>
- File <<| tag == "backupninja-${host}" |>>
- Ssh_authorized_key <<| tag == "backupninja-${host}" |>>
-}
-
-class tunnel {
-
- # collect all resources from hosted tunnels
- Tunnel_server_realize <<| tag == "${::fqdn}" |>>
-
- define setup($ensure = present, $user = $hostname, $host, $localport, $hostport, $sshport = '22', $keytype = 'rsa', $root_mail_recipient = hiera('mail::root_mail_recipient', 'nobody')) {
- $dir = "/var/backups/remote/${user}.${::domain}"
- $tag = "backupninja-${::fqdn}"
- $ssh_dir = "${dir}/.ssh"
-
- autossh::tunnel { $name:
- ensure => $ensure,
- user => 'root',
- remote_user => $user,
- port => $localport,
- hostport => $hostport,
- host => $host,
- remote_host => $host,
- sshport => $sshport,
- }
-
- if !defined(Tunnel_server_realize["${::hostname}@${host}"]) {
- # this defines just maps that $host host an user environment for $fdqn
- @@tunnel_server_realize { "${::hostname}@${host}":
- host => $::fqdn,
- tag => $host,
- }
- }
-
- if !defined(File["${dir}"]) {
- @@file { "${dir}":
- ensure => directory,
- mode => 0750,
- owner => $user,
- group => 0,
- tag => "${tag}",
- }
- }
-
- if !defined(File["${ssh_dir}"]) {
- @@file { "${ssh_dir}":
- ensure => directory,
- mode => 0700,
- owner => $user,
- group => 0,
- require => [User[$user], File["${dir}"]],
- tag => "${tag}",
- }
- }
-
- if !defined(File["${ssh_dir}/authorized_keys"]) {
- @@file { "${ssh_dir}/authorized_keys":
- ensure => present,
- mode => 0644,
- owner => 0,
- group => 0,
- source => "puppet:///modules/site_keys/${user}_id_${keytype}.pub",
- require => File["${ssh_dir}"],
- tag => "${tag}",
- }
- }
-
- if !defined(User["{$user}"]) {
- @@user { "${user}":
- ensure => "present",
- comment => "${user} backup sandbox",
- home => "${dir}",
- gid => "backupninjas",
- managehome => true,
- shell => "/bin/sh",
- password => '*',
- require => Group['backupninjas'],
- tag => "${tag}"
- }
- }
- }
-
- define mail ($sshport = '22') {
- package { "nullmailer":
- ensure => installed,
- }
-
- service { "nullmailer":
- ensure => 'running',
- require => Package['nullmailer'],
- }
-
- file { "/etc/mailname":
- ensure => present,
- owner => root,
- group => root,
- mode => 0644,
- content => "${::fqdn}\n",
- notify => Service["nullmailer"],
- }
-
- file { "/etc/nullmailer":
- ensure => directory,
- owner => root,
- group => root,
- mode => 0755,
- }
-
- file { "/etc/nullmailer/remotes":
- ensure => present,
- owner => root,
- group => root,
- mode => 0644,
- content => "localhost smtp --port=2525\n",
- notify => Service["nullmailer"],
- require => File["/etc/nullmailer"],
- }
-
- file { "/etc/nullmailer/adminaddr":
- ensure => present,
- owner => root,
- group => root,
- mode => 0644,
- content => "$root_mail_recipient\n",
- require => File["/etc/nullmailer"],
- }
-
- tunnel::setup { "smtp":
- host => "${name}.${::domain}",
- sshport => "${sshport}",
- localport => '2525',
- hostport => '25',
- }
- }
-}
diff --git a/manifests/subsystems/ups.pp b/manifests/subsystems/ups.pp
deleted file mode 100644
index 184be46..0000000
--- a/manifests/subsystems/ups.pp
+++ /dev/null
@@ -1,26 +0,0 @@
-class ups(
- $include = hiera('nodo::ups::include', false),
- $type = hiera('nodo::ups::type', 'usb'),
- $cable = hiera('nodo::ups::cable', 'usb'),
- $dev = hiera('nodo::ups::dev', '/dev/usb/hiddev0'),
- $nisip = hiera('nodo::ups::nisip', '127.0.0.1'),
- $polltime = hiera('nodo::ups::polltime', '60'),
- $onbatterydelay = hiera('nodo::ups::onbatterydelay', '6'),
- $batterylevel = hiera('nodo::ups::batterylevel', '5'),
- $minutes = hiera('nodo::ups::minutes', '3')
-) {
- case $include {
- true: {
- class { "apcupsd":
- upstype => $type,
- cable => $cable,
- device => $dev,
- nisip => $nisip,
- polltime => $polltime,
- onbatterydelay => $onbatterydelay,
- batterylevel => $batterylevel,
- minutes => $minutes,
- }
- }
- }
-}
diff --git a/manifests/subsystems/utils/firmware.pp b/manifests/subsystems/utils/firmware.pp
deleted file mode 100644
index b0bf9ca..0000000
--- a/manifests/subsystems/utils/firmware.pp
+++ /dev/null
@@ -1,11 +0,0 @@
-class utils::firmware {
- package { 'firmware-linux':
- ensure => installed,
- }
-}
-
-class utils::firmware::realtek {
- package { 'firmware-realtek':
- ensure => installed,
- }
-}
diff --git a/manifests/subsystems/utils/personal.pp b/manifests/subsystems/utils/personal.pp
deleted file mode 100644
index fe6fb89..0000000
--- a/manifests/subsystems/utils/personal.pp
+++ /dev/null
@@ -1,20 +0,0 @@
-# Common utilities for personal
-class utils::personal {
- case $::operatingsystem {
- debian: {
- include utils::personal::debian
- }
- default: { }
- }
-}
-
-class utils::personal::bundle {
- include utils::office
- include utils::interface
- include utils::network
- include utils::development
- include utils::security
- include utils::multimedia
- include utils::ruby
- include utils::java
-}
diff --git a/manifests/subsystems/utils/storage.pp b/manifests/subsystems/utils/storage.pp
deleted file mode 100644
index 6a52e16..0000000
--- a/manifests/subsystems/utils/storage.pp
+++ /dev/null
@@ -1,12 +0,0 @@
-# Common utilities for storage
-class utils::storage {
- package { 'clamav':
- ensure => installed,
- }
-}
-
-class utils::storage::archive {
- package { 'git-annex':
- ensure => installed,
- }
-}
diff --git a/manifests/subsystems/websites.pp b/manifests/subsystems/websites.pp
deleted file mode 100644
index 6fa764b..0000000
--- a/manifests/subsystems/websites.pp
+++ /dev/null
@@ -1,151 +0,0 @@
-class websites::setup {
- # Third-party hosted nodes generally aren't behind an https proxy
- $hosting_type = hiera('nodo::vserver::hosting_type', 'direct')
-
- # Include apache
- class { 'apache':
- https_proxy => $hosting_type ? {
- 'direct' => 'yes',
- default => false,
- },
- }
-
- # The needed apache modules
- apache::module { "alias":
- ensure => present,
- }
-
- # Images folder
- file { "${apache::www_folder}/images":
- ensure => directory,
- recurse => true,
- purge => true,
- force => true,
- owner => "root",
- group => "root",
- # This mode will also apply to files from the source directory
- mode => 0644,
- # Puppet will automatically set +x for directories
- source => [ "puppet:///modules/site_apache/htdocs/${::domain}/images",
- "puppet:///modules/nodo/htdocs/images", ]
- }
-
- # Web index
- file { "${apache::www_folder}/index.html":
- ensure => present,
- owner => "root",
- group => "root",
- mode => 0644,
- source => [ "puppet:///modules/site_apache/htdocs/${::domain}/index.html",
- "puppet:///modules/nodo/htdocs/index.html", ]
- }
-
- # Missing page
- file { "${apache::www_folder}/missing.html":
- ensure => present,
- owner => "root",
- group => "root",
- mode => 0644,
- source => [ "puppet:///modules/site_apache/htdocs/${::domain}/missing.html",
- "puppet:///modules/nodo/htdocs/missing.html", ]
- }
-
- # Make sure that a top level index exists
- file { "/var/www/index.html":
- ensure => present,
- }
-
- # Default vhost: can just be applied on the defining host
- apache::site { "${apache::server_name}":
- server_alias => "${::domain}",
- docroot => "${apache::www_folder}",
- mpm => false,
- tag => 'all',
- }
-
- # We have to use 'zzz-error' so it will be the last matched vhost
- apache::site { "error":
- template => 'apache/error.erb',
- docroot => "${apache::error_folder}",
- filename => 'zzz-error',
- mpm => false,
- tag => 'all',
- }
-
- # Index page for error
- file { "${apache::error_folder}/index.html":
- ensure => "${apache::www_folder}/index.html",
- owner => "root",
- group => "root",
- force => true,
- require => File["${apache::error_folder}"],
- }
-
- # Images folder for error
- file { "${apache::error_folder}/images":
- ensure => "${apache::www_folder}/images",
- owner => "root",
- group => "root",
- force => true,
- require => File["${apache::error_folder}", "${apache::www_folder}/images"],
- }
-
-}
-
-class websites::hosting inherits websites::setup {
- # Include the needed classes for website hosting
- include php
- include trac
- include websvn
- include moin
- include apache::rails
-
- # Declare the needed classes for website hosting
- class { [ 'drupal', 'ikiwiki', 'pmwiki', 'hotglue', 'wordpress' ]: }
- class {
- 'viewvc':
- root_parents => "/var/svn : svn";
- }
-
- $git_daemon = hiera('nodo::web::git_daemon', True)
-
- if $git_daemon != false {
- class { 'gitweb': }
- }
-
- apache::site { "images":
- docroot => "${apache::www_folder}/images",
- mpm => false,
- tag => 'all',
- }
-
- # Remove untagged site instances
- Apache::Site <| tag != $::hostname and tag != 'all' |> {
- ensure => absent,
- }
-
- # Remove untagged database instances
- Database::Instance <| tag != $::hostname and tag != 'all' |> {
- ensure => absent,
- }
-
- # Remove untagged ikiwiki instances
- Ikiwiki::Instance <| tag != $::hostname and tag != 'all' |> {
- ensure => absent,
- }
-}
-
-class websites::hosting::admin inherits websites::setup {
- # Include the needed classes for admin interfaces
- include trac
- include gitweb
-}
-
-class websites::dev::setup inherits websites::setup {
- # Include the needed classes for website development
- include php
- include apache::rails
-
- # Declare the needed classes for website development
- class { 'drupal': }
-}
diff --git a/manifests/test.pp b/manifests/test.pp
deleted file mode 100644
index 7195fc2..0000000
--- a/manifests/test.pp
+++ /dev/null
@@ -1,3 +0,0 @@
-class nodo::test inherits nodo::web {
- # Class for test nodes
-}
diff --git a/manifests/tor.pp b/manifests/tor.pp
deleted file mode 100644
index 11ba480..0000000
--- a/manifests/tor.pp
+++ /dev/null
@@ -1,4 +0,0 @@
-class nodo::tor inherits nodo::vserver {
- include tor::daemon
- include utils::tor
-}
diff --git a/manifests/subsystems/utils.pp b/manifests/utils.pp
index 09487bd..9f499af 100644
--- a/manifests/subsystems/utils.pp
+++ b/manifests/utils.pp
@@ -1,5 +1,5 @@
# Common utilities
-class utils {
+class nodo::utils {
package { [ 'screen', 'less', 'bzip2', 'openssl', 'lynx', 'wget', 'unzip',
'nmap', 'telnet', 'tree', 'whois', 'dosfstools', 'dnsutils', 'logcheck-database',
'bc', 'lsof', 'wipe', 'vrms', 'nsca-client', 'logcheck', 'vim-nox' ]:
diff --git a/manifests/subsystems/utils/desktop.pp b/manifests/utils/desktop.pp
index 22dd2ed..9001b59 100644
--- a/manifests/subsystems/utils/desktop.pp
+++ b/manifests/utils/desktop.pp
@@ -1,5 +1,5 @@
# Common utilities for desktop
-class utils::desktop {
+class nodo::utils::desktop {
package { 'cups':
ensure => installed,
}
diff --git a/manifests/subsystems/utils/development.pp b/manifests/utils/development.pp
index 7d1e19a..6c85bef 100644
--- a/manifests/subsystems/utils/development.pp
+++ b/manifests/utils/development.pp
@@ -1,4 +1,4 @@
-class utils::development {
+class nodo::utils::development {
# Development
package { [ 'debhelper', 'gitk', 'git-gui', 'subversion', 'python-stdeb',
'fakeroot', 'dupload', 'autotools-dev', 'dh-make', 'doxygen',
@@ -11,18 +11,5 @@ class utils::development {
ensure => installed,
}
- include utils::storage::archive
-}
-
-class utils::development::virtual {
- package { 'vagrant':
- ensure => $::lsbdistcodename ? {
- 'squeeze' => absent,
- default => present,
- }
- }
-
- package { [ 'virtualbox-guest-additions-iso', 'virtualbox-fuse', 'qemu', 'qemu-kvm' ]:
- ensure => present,
- }
+ include nodo::utils::storage::archive
}
diff --git a/manifests/utils/development/virtual.pp b/manifests/utils/development/virtual.pp
new file mode 100644
index 0000000..011253e
--- /dev/null
+++ b/manifests/utils/development/virtual.pp
@@ -0,0 +1,12 @@
+class nodo::utils::development::virtual {
+ package { 'vagrant':
+ ensure => $::lsbdistcodename ? {
+ 'squeeze' => absent,
+ default => present,
+ }
+ }
+
+ package { [ 'virtualbox-guest-additions-iso', 'virtualbox-fuse', 'qemu', 'qemu-kvm' ]:
+ ensure => present,
+ }
+}
diff --git a/manifests/subsystems/utils/dns.pp b/manifests/utils/dns.pp
index 3c7c422..57bb992 100644
--- a/manifests/subsystems/utils/dns.pp
+++ b/manifests/utils/dns.pp
@@ -1,4 +1,4 @@
-class utils::dns {
+class nodo::utils::dns {
package { 'dnstop':
ensure => installed,
}
diff --git a/manifests/utils/firmware.pp b/manifests/utils/firmware.pp
new file mode 100644
index 0000000..ccdae37
--- /dev/null
+++ b/manifests/utils/firmware.pp
@@ -0,0 +1,5 @@
+class nodo::utils::firmware {
+ package { 'firmware-linux':
+ ensure => installed,
+ }
+}
diff --git a/manifests/utils/firmware/iwlwifi.pp b/manifests/utils/firmware/iwlwifi.pp
new file mode 100644
index 0000000..0dd761a
--- /dev/null
+++ b/manifests/utils/firmware/iwlwifi.pp
@@ -0,0 +1,6 @@
+# Wireless support
+class nodo::utils::firmware::iwlwifi {
+ package { 'firmware-iwlwifi':
+ ensure => present,
+ }
+}
diff --git a/manifests/utils/firmware/realtek.pp b/manifests/utils/firmware/realtek.pp
new file mode 100644
index 0000000..77d916a
--- /dev/null
+++ b/manifests/utils/firmware/realtek.pp
@@ -0,0 +1,5 @@
+class nodo::utils::firmware::realtek {
+ package { 'firmware-realtek':
+ ensure => installed,
+ }
+}
diff --git a/manifests/utils/grub.pp b/manifests/utils/grub.pp
new file mode 100644
index 0000000..1d24458
--- /dev/null
+++ b/manifests/utils/grub.pp
@@ -0,0 +1,5 @@
+class nodo::utils::grub {
+ package { 'grub2':
+ ensure => installed,
+ }
+}
diff --git a/manifests/subsystems/utils/hamradio.pp b/manifests/utils/hamradio.pp
index e4ded0a..6915650 100644
--- a/manifests/subsystems/utils/hamradio.pp
+++ b/manifests/utils/hamradio.pp
@@ -1,4 +1,4 @@
-class utils::hamradio {
+class nodo::utils::hamradio {
package { 'aldo':
ensure => present,
}
diff --git a/manifests/subsystems/utils/interface.pp b/manifests/utils/interface.pp
index b19456d..c43bad7 100644
--- a/manifests/subsystems/utils/interface.pp
+++ b/manifests/utils/interface.pp
@@ -1,4 +1,4 @@
-class utils::interface {
+class nodo::utils::interface {
# Interface
package { [ 'awesome', 'eterm', 'weather-util', 'gnome-terminal', 'conky',
'xterm', 'bash-completion', 'tmux', 'xscreensaver', 'thunar',
diff --git a/manifests/subsystems/utils/java.pp b/manifests/utils/java.pp
index 15668c3..a14635f 100644
--- a/manifests/subsystems/utils/java.pp
+++ b/manifests/utils/java.pp
@@ -1,4 +1,4 @@
-class utils::java {
+class nodo::utils::java {
# Java
package { [ 'sun-java6-jre' ]:
ensure => absent,
diff --git a/manifests/utils/laptop.pp b/manifests/utils/laptop.pp
new file mode 100644
index 0000000..9a1e42c
--- /dev/null
+++ b/manifests/utils/laptop.pp
@@ -0,0 +1,9 @@
+# Common utilities for laptop
+class nodo::utils::laptop {
+ case $::operatingsystem {
+ debian: {
+ include utils::laptop::debian
+ }
+ default: { }
+ }
+}
diff --git a/manifests/subsystems/utils/laptop.pp b/manifests/utils/laptop/debian.pp
index 1f962d3..e4c769c 100644
--- a/manifests/subsystems/utils/laptop.pp
+++ b/manifests/utils/laptop/debian.pp
@@ -1,15 +1,5 @@
-# Common utilities for laptop
-class utils::laptop {
- case $::operatingsystem {
- debian: {
- include utils::laptop::debian
- }
- default: { }
- }
-}
-
# Common utilities for debian laptops
-class utils::laptop::debian {
+class nodo::utils::laptop::debian {
package { [ 'cpufrequtils', 'module-assistant', 'wireless-tools',
'wpasupplicant', 'ekiga', 'mumble',
'revelation', 'arp-scan', 'usb-modeswitch',
diff --git a/manifests/utils/microcode/intel.pp b/manifests/utils/microcode/intel.pp
new file mode 100644
index 0000000..b4d12bc
--- /dev/null
+++ b/manifests/utils/microcode/intel.pp
@@ -0,0 +1,8 @@
+class nodo::utils::microcode::intel {
+ # Microcode
+ # See https://wiki.archlinux.org/index.php/Microcode
+ # http://en.gentoo-wiki.com/wiki/Intel_Microcode
+ package { 'intel-microcode':
+ ensure => present,
+ }
+}
diff --git a/manifests/subsystems/utils/multimedia.pp b/manifests/utils/multimedia.pp
index 83bd70e..d1a498f 100644
--- a/manifests/subsystems/utils/multimedia.pp
+++ b/manifests/utils/multimedia.pp
@@ -1,18 +1,5 @@
# Multimedia utilities
-class utils::multimedia::studio {
- package { [ 'ardour', 'hydrogen', ]:
- ensure => installed,
- }
-}
-
-class utils::multimedia::ripper {
- # CD writers and extractors
- package { [ 'ripit', 'asunder', 'wodim', 'genisoimage', 'dvd+rw-tools' ]:
- ensure => installed,
- }
-}
-
-class utils::multimedia {
+class nodo::utils::multimedia {
# Multimedia
package { [ 'alsa-tools-gui', 'mp3blaster', 'alsa-utils', 'netpbm',
'gqview', 'mpg123', 'audacious', 'qjackctl',
@@ -59,9 +46,3 @@ class utils::multimedia {
require => Package['flashplugin-nonfree'],
}
}
-
-class utils::multimedia::mediacenter {
- package { [ 'xbmc', 'upnp-inspector', 'gupnp-tools' ]:
- ensure => present,
- }
-}
diff --git a/manifests/utils/multimedia/mediacenter.pp b/manifests/utils/multimedia/mediacenter.pp
new file mode 100644
index 0000000..3d8f241
--- /dev/null
+++ b/manifests/utils/multimedia/mediacenter.pp
@@ -0,0 +1,5 @@
+class nodo::utils::multimedia::mediacenter {
+ package { [ 'xbmc', 'upnp-inspector', 'gupnp-tools' ]:
+ ensure => present,
+ }
+}
diff --git a/manifests/utils/multimedia/ripper.pp b/manifests/utils/multimedia/ripper.pp
new file mode 100644
index 0000000..83d7029
--- /dev/null
+++ b/manifests/utils/multimedia/ripper.pp
@@ -0,0 +1,6 @@
+class nodo::utils::multimedia::ripper {
+ # CD writers and extractors
+ package { [ 'ripit', 'asunder', 'wodim', 'genisoimage', 'dvd+rw-tools' ]:
+ ensure => installed,
+ }
+}
diff --git a/manifests/utils/multimedia/studio.pp b/manifests/utils/multimedia/studio.pp
new file mode 100644
index 0000000..3d9966d
--- /dev/null
+++ b/manifests/utils/multimedia/studio.pp
@@ -0,0 +1,5 @@
+class nodo::utils::multimedia::studio {
+ package { [ 'ardour', 'hydrogen', ]:
+ ensure => installed,
+ }
+}
diff --git a/manifests/subsystems/utils/network.pp b/manifests/utils/network.pp
index 9c60341..196038a 100644
--- a/manifests/subsystems/utils/network.pp
+++ b/manifests/utils/network.pp
@@ -1,52 +1,4 @@
-class utils::network::irssi {
- package { [ 'irssi', 'bitlbee', 'irssi-scripts' ]:
- ensure => installed,
- }
-
- # See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695150
- #package { 'irssi-plugin-otr':
- # ensure => installed,
- #}
-
- # These are needed by the cap_sasl.pl irssi plugin
- package { [ 'libcrypt-blowfish-perl', 'libcrypt-dh-perl', 'libcrypt-openssl-bignum-perl' ]:
- ensure => installed,
- }
-
- # Not on wheezy
- package { 'irssi-plugin-silc':
- ensure => $::lsbdistcodename ? {
- 'wheezy' => absent,
- default => present,
- }
- }
-}
-
-class utils::network::torrent {
- package { [ 'rtorrent' ]:
- ensure => installed,
- }
-}
-
-class utils::network::minimal {
- include utils::network::irssi
- include utils::network::torrent
-
- package { 'unison':
- ensure => installed,
- }
-
- # For backwards compatibility
- # See addversionno unison config parameter
- package { 'unison2.32.52':
- ensure => $::lsbdistcodename ? {
- 'wheezy' => present,
- default => absent,
- }
- }
-}
-
-class utils::network inherits utils::network::minimal {
+class nodo::utils::network inherits nodo::utils::network::minimal {
# Network
package { [ 'mutt', 'offlineimap',
'newsbeuter', 'nicotine', 'sshfs',
@@ -126,21 +78,3 @@ class utils::network inherits utils::network::minimal {
require => Package['iceweasel'],
}
}
-
-class utils::network::analyzer {
- package { [ 'tshark' ]:
- ensure => installed,
- }
-}
-
-class utils::network::samba {
- package { [ 'smbclient', 'cifs-utils' ]:
- ensure => installed,
- }
-}
-
-class utils::network::nfs {
- package { 'nfs-common':
- ensure => installed,
- }
-}
diff --git a/manifests/utils/network/analyzer.pp b/manifests/utils/network/analyzer.pp
new file mode 100644
index 0000000..64ed803
--- /dev/null
+++ b/manifests/utils/network/analyzer.pp
@@ -0,0 +1,5 @@
+class nodo::utils::network::analyzer {
+ package { [ 'tshark' ]:
+ ensure => installed,
+ }
+}
diff --git a/manifests/utils/network/irssi.pp b/manifests/utils/network/irssi.pp
new file mode 100644
index 0000000..e476a0d
--- /dev/null
+++ b/manifests/utils/network/irssi.pp
@@ -0,0 +1,23 @@
+class nodo::utils::network::irssi {
+ package { [ 'irssi', 'bitlbee', 'irssi-scripts' ]:
+ ensure => installed,
+ }
+
+ # See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695150
+ #package { 'irssi-plugin-otr':
+ # ensure => installed,
+ #}
+
+ # These are needed by the cap_sasl.pl irssi plugin
+ package { [ 'libcrypt-blowfish-perl', 'libcrypt-dh-perl', 'libcrypt-openssl-bignum-perl' ]:
+ ensure => installed,
+ }
+
+ # Not on wheezy
+ package { 'irssi-plugin-silc':
+ ensure => $::lsbdistcodename ? {
+ 'wheezy' => absent,
+ default => present,
+ }
+ }
+}
diff --git a/manifests/utils/network/minimal.pp b/manifests/utils/network/minimal.pp
new file mode 100644
index 0000000..51c4efe
--- /dev/null
+++ b/manifests/utils/network/minimal.pp
@@ -0,0 +1,17 @@
+class nodo::utils::network::minimal {
+ include nodo::utils::network::irssi
+ include nodo::utils::network::torrent
+
+ package { 'unison':
+ ensure => installed,
+ }
+
+ # For backwards compatibility
+ # See addversionno unison config parameter
+ package { 'unison2.32.52':
+ ensure => $::lsbdistcodename ? {
+ 'wheezy' => present,
+ default => absent,
+ }
+ }
+}
diff --git a/manifests/utils/network/nfs.pp b/manifests/utils/network/nfs.pp
new file mode 100644
index 0000000..9abe38e
--- /dev/null
+++ b/manifests/utils/network/nfs.pp
@@ -0,0 +1,5 @@
+class nodo::utils::network::nfs {
+ package { 'nfs-common':
+ ensure => installed,
+ }
+}
diff --git a/manifests/utils/network/samba.pp b/manifests/utils/network/samba.pp
new file mode 100644
index 0000000..c53e5e5
--- /dev/null
+++ b/manifests/utils/network/samba.pp
@@ -0,0 +1,5 @@
+class nodo::utils::network::samba {
+ package { [ 'smbclient', 'cifs-utils' ]:
+ ensure => installed,
+ }
+}
diff --git a/manifests/utils/network/torrent.pp b/manifests/utils/network/torrent.pp
new file mode 100644
index 0000000..154b24c
--- /dev/null
+++ b/manifests/utils/network/torrent.pp
@@ -0,0 +1,5 @@
+class nodo::utils::network::torrent {
+ package { [ 'rtorrent' ]:
+ ensure => installed,
+ }
+}
diff --git a/manifests/subsystems/utils/office.pp b/manifests/utils/office.pp
index 0b4ca19..4c96670 100644
--- a/manifests/subsystems/utils/office.pp
+++ b/manifests/utils/office.pp
@@ -1,4 +1,4 @@
-class utils::office {
+class nodo::utils::office {
# Office
package { [ 'wyrd', 'vim-gtk', 'gobby',
'sc', 'antiword', 'dia',
diff --git a/manifests/utils/personal.pp b/manifests/utils/personal.pp
new file mode 100644
index 0000000..5202216
--- /dev/null
+++ b/manifests/utils/personal.pp
@@ -0,0 +1,9 @@
+# Common utilities for personal
+class nodo::utils::personal {
+ case $::operatingsystem {
+ debian: {
+ include nodo::utils::personal::debian
+ }
+ default: { }
+ }
+}
diff --git a/manifests/utils/personal/bundle.pp b/manifests/utils/personal/bundle.pp
new file mode 100644
index 0000000..e8cf4b9
--- /dev/null
+++ b/manifests/utils/personal/bundle.pp
@@ -0,0 +1,10 @@
+class nodo::utils::personal::bundle {
+ include nodo::utils::office
+ include nodo::utils::interface
+ include nodo::utils::network
+ include nodo::utils::development
+ include nodo::utils::security
+ include nodo::utils::multimedia
+ include nodo::utils::ruby
+ include nodo::utils::java
+}
diff --git a/manifests/subsystems/utils/debian.pp b/manifests/utils/personal/debian.pp
index be4b4ad..592ed3e 100644
--- a/manifests/subsystems/utils/debian.pp
+++ b/manifests/utils/personal/debian.pp
@@ -1,4 +1,4 @@
-class utils::personal::debian {
+class nodo::utils::personal::debian {
# System
package { [ 'libpam-mount', 'ecryptfs-utils', 'gawk',
'laptop-detect', 'syslinux', 'ack-grep', 'mtp-tools' ]:
diff --git a/manifests/subsystems/utils/physical.pp b/manifests/utils/physical.pp
index 3fbd28c..78ff767 100644
--- a/manifests/subsystems/utils/physical.pp
+++ b/manifests/utils/physical.pp
@@ -1,5 +1,5 @@
# Common utilities for physical
-class utils::physical {
+class nodo::utils::physical {
package { [ 'nload', 'acpid', 'slurm', 'ethtool', 'parted', 'iftop', 'iptraf', 'htop', 'sdparm' ]:
ensure => installed,
}
diff --git a/manifests/subsystems/utils/plug.pp b/manifests/utils/plug.pp
index e018f10..861c346 100644
--- a/manifests/subsystems/utils/plug.pp
+++ b/manifests/utils/plug.pp
@@ -1,5 +1,5 @@
# Common utilities for plug computers
-class utils::plug {
+class nodo::utils::plug {
package { [ 'mtd-utils', 'cryptsetup', 'u-boot', 'smartmontools' ]:
ensure => installed,
}
diff --git a/manifests/subsystems/utils/ruby.pp b/manifests/utils/ruby.pp
index 8923ff0..14c770d 100644
--- a/manifests/subsystems/utils/ruby.pp
+++ b/manifests/utils/ruby.pp
@@ -1,4 +1,4 @@
-class utils::ruby {
+class nodo::utils::ruby {
# Gem packages
package { 'capistrano':
ensure => installed,
diff --git a/manifests/subsystems/utils/security.pp b/manifests/utils/security.pp
index 9e4f362..0f26688 100644
--- a/manifests/subsystems/utils/security.pp
+++ b/manifests/utils/security.pp
@@ -1,4 +1,4 @@
-class utils::security {
+class nodo::utils::security {
# Security
package { [ 'apg', 'gnupg-agent', 'makepasswd', 'pwgen', 'fpm2', 'encfs',
'signing-party', 'libnss3-tools', 'ssss', 'libgfshare-bin' ]:
diff --git a/manifests/utils/storage.pp b/manifests/utils/storage.pp
new file mode 100644
index 0000000..d4a40e6
--- /dev/null
+++ b/manifests/utils/storage.pp
@@ -0,0 +1,6 @@
+# Common utilities for storage
+class nodo::utils::storage {
+ package { 'clamav':
+ ensure => installed,
+ }
+}
diff --git a/manifests/utils/storage/archive.pp b/manifests/utils/storage/archive.pp
new file mode 100644
index 0000000..e310bf5
--- /dev/null
+++ b/manifests/utils/storage/archive.pp
@@ -0,0 +1,5 @@
+class nodo::utils::storage::archive {
+ package { 'git-annex':
+ ensure => installed,
+ }
+}
diff --git a/manifests/utils/thinkpad.pp b/manifests/utils/thinkpad.pp
new file mode 100644
index 0000000..d595dbc
--- /dev/null
+++ b/manifests/utils/thinkpad.pp
@@ -0,0 +1,16 @@
+class nodo::utils::thinkpad {
+ # Keyboard
+ package { 'tpb':
+ ensure => installed,
+ }
+
+ # Thinkfan
+ package { 'thinkfan':
+ ensure => installed
+ }
+
+ # HDAPS
+ package { 'hdapsd':
+ ensure => installed,
+ }
+}
diff --git a/manifests/subsystems/utils/tor.pp b/manifests/utils/tor.pp
index 1a696c4..f9475a3 100644
--- a/manifests/subsystems/utils/tor.pp
+++ b/manifests/utils/tor.pp
@@ -1,4 +1,4 @@
-class utils::tor {
+class nodo::utils::tor {
package { 'tor-arm':
ensure => installed,
}
diff --git a/manifests/utils/touchpad.pp b/manifests/utils/touchpad.pp
new file mode 100644
index 0000000..a5390dd
--- /dev/null
+++ b/manifests/utils/touchpad.pp
@@ -0,0 +1,6 @@
+class nodo::utils::touchpad {
+ # Touchpad
+ package { 'gpointing-device-settings':
+ ensure => present,
+ }
+}
diff --git a/manifests/subsystems/utils/web.pp b/manifests/utils/web.pp
index 8b0eba9..9c2cd71 100644
--- a/manifests/subsystems/utils/web.pp
+++ b/manifests/utils/web.pp
@@ -1,10 +1,10 @@
# Common utilities for web
-class utils::web {
+class nodo::utils::web {
package { [ 'ffmpeg', 'flvtool2', 'curl', 'rake',
'libxml2', 'libxml2-dev', 'libxslt1-dev', 'libmysqlclient-dev',
'g++', 'libcurl4-openssl-dev', 'apache2-prefork-dev' ]:
ensure => installed,
}
- include utils::storage::archive
+ include nodo::utils::storage::archive
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-31 18:28:50 +0000