aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--manifests/base.pp152
-rw-r--r--manifests/nodo.pp152
2 files changed, 154 insertions, 150 deletions
diff --git a/manifests/base.pp b/manifests/base.pp
new file mode 100644
index 0000000..2648bdb
--- /dev/null
+++ b/manifests/base.pp
@@ -0,0 +1,152 @@
+class nodo::base {
+ include lsb
+ include nodo::subsystem::sudo
+ include nodo::subsystem::motd
+ include nodo::subsystem::locales
+ include nodo::subsystem::profile
+ include nodo::utils
+ include tunnel::autossh
+ include domain_check
+ include users::admin
+ include concat::setup
+ include cron
+
+ class { 'nodo::subsystem::hosts': }
+
+ # Include if not defined by nodo::master
+ if !defined(Class['puppet::daemon']) {
+ class { 'puppet::daemon': }
+ }
+
+ #
+ # Backup
+ #
+ class { 'backup': }
+
+ $local_backup = hiera('nodo::backup::localhost', false)
+
+ # Local encrypted backup
+ case $local_backup {
+ true,enabled,present: {
+ backup::duplicity { "localhost":
+ encryptkey => hiera('nodo::backup::encryptkey'),
+ password => hiera('nodo::backup::password'),
+ }
+ }
+ absent: {
+ backup::duplicity { "localhost":
+ encryptkey => hiera('nodo::backup::encryptkey'),
+ password => hiera('nodo::backup::password'),
+ ensure => absent,
+ }
+ }
+ default: { }
+ }
+
+ # Does not work well inside vservers
+ class { 'runit': ensure => absent }
+
+ # Email delivery configuration
+ $mail_delivery = hiera('nodo::mail_delivery', 'exim')
+ case $mail_delivery {
+ 'tunnel': {
+ $mail_hostname = hiera('nodo::mail_hostname')
+ tunnel::autossh::mail { "$mail_hostname":
+ sshport => hiera('nodo::mail_ssh_port'),
+ }
+ }
+ 'postfix': { }
+ '','exim',default: { include exim::tls }
+ }
+
+ #
+ # Apt configuration
+ #
+ class { 'apt':
+ include_src => hiera('nodo::apt_include_src', false),
+ use_next_release => hiera('nodo::apt_use_next_release', false),
+ custom_key_dir => hiera('nodo::apt_custom_key_dir', 'puppet:///modules/site_apt/keys.d')
+ }
+
+ include apt::unattended_upgrades
+
+ $apt_domain_source = hiera('nodo::apt_domain_source', false)
+
+ apt::sources_list { "${::domain}.list":
+ source => [ "puppet:///modules/site_apt/sources.list.d/${::operatingsystem}/${::lsbdistcodename}/${::domain}.list",
+ "puppet:///modules/site_apt/sources.list.d/${::operatingsystem}/${::domain}.list", ],
+ ensure => $apt_domain_source ? {
+ true => present,
+ default => absent,
+ }
+ }
+
+ # Preferences file can't have dots in the filename
+ $apt_domain_preferences = regsubst($::domain, '\.', '-', 'G')
+
+ file { "/etc/apt/preferences.d/${apt_domain_preferences}":
+ source => [ "puppet:///modules/site_apt/preferences.d/${::operatingsystem}/${::domain}",
+ "puppet:///modules/nodo/preferences.d/custom" ],
+ ensure => $apt_domain_source ? {
+ true => present,
+ default => absent,
+ }
+ }
+
+ $apt_proxy = hiera('nodo::apt_proxy', false)
+
+ if $apt_proxy != false {
+ class { 'apt::proxy_client':
+ proxy => $apt_proxy,
+ port => hiera('nodo::apt_proxy_port', ''),
+ }
+ }
+
+ package { 'apt-transport-https':
+ ensure => present,
+ }
+
+ # SSH Server
+ #
+ # We need to restrict listen address by default so multiple
+ # instances can live together in the same physical host.
+ #
+ class { 'sshd':
+ manage_nagios => hiera('nodo::sshd_manage_nagios', false),
+ listen_address => hiera('nodo::sshd_listen_address', [ "${::ipaddress}", '127.0.0.1' ]),
+ password_authentication => hiera('nodo::sshd_password_authentication', 'yes'),
+ shared_ip => hiera('nodo::sshd_shared_ip', 'yes'),
+ tcp_forwarding => hiera('nodo::sshd_tcp_forwarding', 'yes'),
+ hardened_ssl => hiera('nodo::sshd_hardened_ssl', 'yes'),
+ print_motd => hiera('nodo::sshd_print_motd', 'no'),
+ ports => hiera('nodo::sshd_ports', [ 22 ]),
+ use_pam => hiera('nodo::sshd_use_pam', 'no'),
+ }
+
+ # Add the localhost ssh key, useful when one needs
+ # to ssh to localhost.
+ sshkey { [ 'localhost', '127.0.0.1' ]:
+ type => ssh-rsa,
+ key => $::sshrsakey,
+ ensure => $::sshrsakey ? {
+ '' => absent,
+ default => present,
+ },
+ }
+
+ file { "/etc/hostname":
+ owner => "root",
+ group => "root",
+ mode => 0644,
+ ensure => present,
+ content => "${::fqdn}\n",
+ }
+
+ file { "/etc/rc.local":
+ source => "puppet:///modules/nodo/etc/rc.local",
+ owner => "root",
+ group => "root",
+ mode => 0755,
+ ensure => present,
+ }
+}
diff --git a/manifests/nodo.pp b/manifests/nodo.pp
index 3502c23..50b74b8 100644
--- a/manifests/nodo.pp
+++ b/manifests/nodo.pp
@@ -1,154 +1,6 @@
class nodo {
- include lsb
- include nodo::subsystem::sudo
- include nodo::subsystem::motd
- include nodo::subsystem::locales
- include nodo::subsystem::profile
- include nodo::utils
- include tunnel::autossh
- include domain_check
- include users::admin
- include concat::setup
- include cron
-
- class { 'nodo::subsystem::hosts': }
-
- # Include if not defined by nodo::master
- if !defined(Class['puppet::daemon']) {
- class { 'puppet::daemon': }
- }
-
- #
- # Backup
- #
- class { 'backup': }
-
- $local_backup = hiera('nodo::backup::localhost', false)
-
- # Local encrypted backup
- case $local_backup {
- true,enabled,present: {
- backup::duplicity { "localhost":
- encryptkey => hiera('nodo::backup::encryptkey'),
- password => hiera('nodo::backup::password'),
- }
- }
- absent: {
- backup::duplicity { "localhost":
- encryptkey => hiera('nodo::backup::encryptkey'),
- password => hiera('nodo::backup::password'),
- ensure => absent,
- }
- }
- default: { }
- }
-
- # Does not work well inside vservers
- class { 'runit': ensure => absent }
-
- # Email delivery configuration
- $mail_delivery = hiera('nodo::mail_delivery', 'exim')
- case $mail_delivery {
- 'tunnel': {
- $mail_hostname = hiera('nodo::mail_hostname')
- tunnel::autossh::mail { "$mail_hostname":
- sshport => hiera('nodo::mail_ssh_port'),
- }
- }
- 'postfix': { }
- '','exim',default: { include exim::tls }
- }
-
- #
- # Apt configuration
- #
- class { 'apt':
- include_src => hiera('nodo::apt_include_src', false),
- use_next_release => hiera('nodo::apt_use_next_release', false),
- custom_key_dir => hiera('nodo::apt_custom_key_dir', 'puppet:///modules/site_apt/keys.d')
- }
-
- include apt::unattended_upgrades
-
- $apt_domain_source = hiera('nodo::apt_domain_source', false)
-
- apt::sources_list { "${::domain}.list":
- source => [ "puppet:///modules/site_apt/sources.list.d/${::operatingsystem}/${::lsbdistcodename}/${::domain}.list",
- "puppet:///modules/site_apt/sources.list.d/${::operatingsystem}/${::domain}.list", ],
- ensure => $apt_domain_source ? {
- true => present,
- default => absent,
- }
- }
-
- # Preferences file can't have dots in the filename
- $apt_domain_preferences = regsubst($::domain, '\.', '-', 'G')
-
- file { "/etc/apt/preferences.d/${apt_domain_preferences}":
- source => [ "puppet:///modules/site_apt/preferences.d/${::operatingsystem}/${::domain}",
- "puppet:///modules/nodo/preferences.d/custom" ],
- ensure => $apt_domain_source ? {
- true => present,
- default => absent,
- }
- }
-
- $apt_proxy = hiera('nodo::apt_proxy', false)
-
- if $apt_proxy != false {
- class { 'apt::proxy_client':
- proxy => $apt_proxy,
- port => hiera('nodo::apt_proxy_port', ''),
- }
- }
-
- package { 'apt-transport-https':
- ensure => present,
- }
-
- # SSH Server
- #
- # We need to restrict listen address by default so multiple
- # instances can live together in the same physical host.
- #
- class { 'sshd':
- manage_nagios => hiera('nodo::sshd_manage_nagios', false),
- listen_address => hiera('nodo::sshd_listen_address', [ "${::ipaddress}", '127.0.0.1' ]),
- password_authentication => hiera('nodo::sshd_password_authentication', 'yes'),
- shared_ip => hiera('nodo::sshd_shared_ip', 'yes'),
- tcp_forwarding => hiera('nodo::sshd_tcp_forwarding', 'yes'),
- hardened_ssl => hiera('nodo::sshd_hardened_ssl', 'yes'),
- print_motd => hiera('nodo::sshd_print_motd', 'no'),
- ports => hiera('nodo::sshd_ports', [ 22 ]),
- use_pam => hiera('nodo::sshd_use_pam', 'no'),
- }
-
- # Add the localhost ssh key, useful when one needs
- # to ssh to localhost.
- sshkey { [ 'localhost', '127.0.0.1' ]:
- type => ssh-rsa,
- key => $::sshrsakey,
- ensure => $::sshrsakey ? {
- '' => absent,
- default => present,
- },
- }
-
- file { "/etc/hostname":
- owner => "root",
- group => "root",
- mode => 0644,
- ensure => present,
- content => "${::fqdn}\n",
- }
-
- file { "/etc/rc.local":
- source => "puppet:///modules/nodo/etc/rc.local",
- owner => "root",
- group => "root",
- mode => 0755,
- ensure => present,
- }
+ # Include base class
+ include nodo::base
# Include role class
if defined("nodo::role::${::role}") {