Merge branch 'master' into develop

2 files changed, 21 insertions, 0 deletions

diff --git a/manifests/subsystem/sysctl.pp b/manifests/subsystem/sysctl.pp
index 03e1683..94fbae0 100644
--- a/manifests/subsystem/sysctl.pp
+++ b/manifests/subsystem/sysctl.pp
@@ -1,4 +1,6 @@
 class nodo::subsystem::sysctl {
+  class { 'nodo::subsystem::sysctl::disable_ipv6': }
+
   # Root exploit fix, see http://wiki.debian.org/mmap_min_addr
   # Maybe this can be remove in the future or included in a sysctl puppet module
   file { "/etc/sysctl.d/mmap_min_addr.conf":
diff --git a/manifests/subsystem/sysctl/disable_ipv6.pp b/manifests/subsystem/sysctl/disable_ipv6.pp
new file mode 100644
index 0000000..a6486a0
--- /dev/null
+++ b/manifests/subsystem/sysctl/disable_ipv6.pp
@@ -0,0 +1,19 @@
+# Do not enable ipv6 by default
+# See https://wiki.debian.org/DebianIPv6
+class nodo::subsystem::sysctl::disable_ipv6(
+  $ensure = hiera('nodo::sysctl::disable_ipv6', 'present'),
+) {
+  file { "/etc/sysctl.d/disable_ipv6.conf":
+    owner   => "root",
+    group   => "root",
+    mode    => 0644,
+    ensure  => $ensure,
+    source  => "puppet:///modules/nodo/etc/sysctl.d/disable_ipv6.conf",
+  }
+
+  exec { "sysctl-disable-ipv6":
+    command     => '/sbin/sysctl -p',
+    subscribe   => File["/etc/sysctl.d/disable_ipv6.conf"],
+    refreshonly => true,
+  }
+}