diff options
32 files changed, 54 insertions, 50 deletions
diff --git a/manifests/base/personal.pp b/manifests/base/personal.pp index f1970bc..f4fe3d9 100644 --- a/manifests/base/personal.pp +++ b/manifests/base/personal.pp @@ -18,13 +18,13 @@ class nodo::base::personal { # This is handled by "hydractl sync-media" #file { [ "/var/data/code", "/var/data/crypt", "/var/data/crypt/home", "/var/data/load" ]: # ensure => directory, - # mode => 0755, + # mode => '0755', # require => File['/var/cache/media'], #} # Development file { [ "/var/cache/vagrant", "/var/cache/virtualbox", "/var/cache/qemu" ]: ensure => directory, - mode => 0755, + mode => '0755', } } diff --git a/manifests/role/jabber.pp b/manifests/role/jabber.pp index 59c2c87..c623cab 100644 --- a/manifests/role/jabber.pp +++ b/manifests/role/jabber.pp @@ -21,7 +21,7 @@ class nodo::role::jabber inherits nodo::base::virtual { ensure => directory, owner => "root", group => "ejabberd", - mode => 0750, + mode => '0750', } # We use a concatenated cert file diff --git a/manifests/role/nas.pp b/manifests/role/nas.pp index 492490e..9cdc0e1 100644 --- a/manifests/role/nas.pp +++ b/manifests/role/nas.pp @@ -101,7 +101,7 @@ class nodo::role::nas( ensure => present, owner => root, group => root, - mode => 0644, + mode => '0644', content => "no\n", notify => Service[$pureftpd::params::service_name], } @@ -113,7 +113,7 @@ class nodo::role::nas( }, owner => root, group => root, - mode => 0644, + mode => '0644', source => 'puppet:///modules/site_avahi/services/ftp.service', notify => $avahi ? { true => Service['avahi-daemon'], @@ -175,7 +175,7 @@ class nodo::role::nas( }, owner => root, group => root, - mode => 0644, + mode => '0644', source => 'puppet:///modules/site_avahi/services/samba.service', notify => $avahi ? { true => Service['avahi-daemon'], @@ -202,7 +202,7 @@ class nodo::role::nas( ensure => directory, owner => root, group => root, - mode => 0755, + mode => '0755', } file { '/etc/avahi/services/http.service': @@ -212,7 +212,7 @@ class nodo::role::nas( }, owner => root, group => root, - mode => 0644, + mode => '0644', source => 'puppet:///modules/site_avahi/services/http.service', notify => $avahi ? { true => Service['avahi-daemon'], @@ -251,7 +251,7 @@ class nodo::role::nas( }, owner => root, group => root, - mode => 0644, + mode => '0644', source => 'puppet:///modules/site_avahi/services/rsync.service', notify => $avahi ? { true => Service['avahi-daemon'], diff --git a/manifests/role/router.pp b/manifests/role/router.pp index 9d04813..cd65a1e 100644 --- a/manifests/role/router.pp +++ b/manifests/role/router.pp @@ -19,7 +19,7 @@ class nodo::role::router inherits nodo::base::appliance { ensure => present, owner => root, group => root, - mode => 0644, + mode => '0644', source => 'puppet:///modules/site_nodo/dhclient-exit-hooks.d/shorewall' } } diff --git a/manifests/subsystem/apt.pp b/manifests/subsystem/apt.pp index a93125e..85152d0 100644 --- a/manifests/subsystem/apt.pp +++ b/manifests/subsystem/apt.pp @@ -8,7 +8,7 @@ class nodo::subsystem::apt( ensure => present, owner => root, group => root, - mode => 0644, + mode => '0644', content => $ensure ? { 'present' => template("nodo/apt/${::operatingsystem}.sources.list.erb"), default => undef, diff --git a/manifests/subsystem/dhclient.pp b/manifests/subsystem/dhclient.pp index 2f39076..e67a6e8 100644 --- a/manifests/subsystem/dhclient.pp +++ b/manifests/subsystem/dhclient.pp @@ -11,7 +11,7 @@ class nodo::subsystem::dhclient( ensure => $ensure, owner => root, group => root, - mode => 0644, + mode => '0644', require => Package['isc-dhcp-client'], content => template('nodo/dhcp/dhclient.conf.erb'), } diff --git a/manifests/subsystem/grsec.pp b/manifests/subsystem/grsec.pp index 7b90002..903371e 100644 --- a/manifests/subsystem/grsec.pp +++ b/manifests/subsystem/grsec.pp @@ -1,5 +1,6 @@ class nodo::subsystem::grsec { include nodo::utils::security::grsec + include nodo::subsystem::grsec::group nodo::subsystem::sysctl::entry { 'kernel.grsecurity.grsec_lock': order => 'zz', @@ -17,7 +18,7 @@ class nodo::subsystem::grsec { file { "/etc/sysctl.d/grsec.conf": owner => "root", group => "root", - mode => 0644, + mode => '0644', ensure => $ensure, source => "puppet:///modules/nodo/etc/sysctl.d/grsec.conf", } diff --git a/manifests/subsystem/hibernate.pp b/manifests/subsystem/hibernate.pp index a036519..2efedad 100644 --- a/manifests/subsystem/hibernate.pp +++ b/manifests/subsystem/hibernate.pp @@ -11,7 +11,7 @@ class nodo::subsystem::hibernate( file { "/etc/initramfs-tools/conf.d/resume": owner => "root", group => "root", - mode => 0644, + mode => '0644', content => "RESUME=/dev/mapper/swap\n", notify => Exec['update-initramfs'], ensure => $enable ? { @@ -23,7 +23,7 @@ class nodo::subsystem::hibernate( file { "/etc/uswsusp.conf": owner => "root", group => "root", - mode => 0644, + mode => '0644', source => 'puppet:///modules/nodo/etc/uswsusp.conf', require => Package['uswsusp'], ensure => $enable ? { @@ -35,7 +35,7 @@ class nodo::subsystem::hibernate( file { "/etc/pm/config.d/00sleep_module": owner => "root", group => "root", - mode => 0644, + mode => '0644', content => "SLEEP_MODULE=\"uswsusp\"\n", require => Package['uswsusp'], ensure => $enable ? { diff --git a/manifests/subsystem/hostname.pp b/manifests/subsystem/hostname.pp index 4dedcec..e835f1a 100644 --- a/manifests/subsystem/hostname.pp +++ b/manifests/subsystem/hostname.pp @@ -2,7 +2,7 @@ class nodo::subsystem::hostname { file { "/etc/hostname": owner => "root", group => "root", - mode => 0644, + mode => '0644', ensure => present, content => "${::fqdn}\n", } diff --git a/manifests/subsystem/hosts.pp b/manifests/subsystem/hosts.pp index cd7647e..341a827 100644 --- a/manifests/subsystem/hosts.pp +++ b/manifests/subsystem/hosts.pp @@ -9,7 +9,7 @@ class nodo::subsystem::hosts( ensure => present, owner => root, group => root, - mode => 0640, + mode => '0640', source => "puppet:///modules/site_nodo/hosts/${::fqdn}", } } diff --git a/manifests/subsystem/initramfs.pp b/manifests/subsystem/initramfs.pp index 9abc00e..e6c9cfe 100644 --- a/manifests/subsystem/initramfs.pp +++ b/manifests/subsystem/initramfs.pp @@ -5,7 +5,7 @@ class nodo::subsystem::initramfs( file { "/etc/kernel-img.conf": owner => "root", group => "root", - mode => 0644, + mode => '0644', ensure => present, content => "do_initrd = Yes\n", } @@ -14,7 +14,7 @@ class nodo::subsystem::initramfs( file { "/etc/initramfs-tools/modules": owner => "root", group => "root", - mode => 0644, + mode => '0644', ensure => present, source => "puppet:///modules/nodo/etc/initramfs-tools/modules", } @@ -25,7 +25,7 @@ class nodo::subsystem::initramfs( content => "KEYMAP=Y\n", owner => "root", group => "root", - mode => 0644, + mode => '0644', } # Update initramfs when needed diff --git a/manifests/subsystem/keyboard.pp b/manifests/subsystem/keyboard.pp index b5241d7..64dcf57 100644 --- a/manifests/subsystem/keyboard.pp +++ b/manifests/subsystem/keyboard.pp @@ -4,7 +4,7 @@ class nodo::subsystem::keyboard { ensure => present, owner => "root", group => "root", - mode => 0644, + mode => '0644', source => "puppet:///modules/site_nodo/keyboard/${::hostname}" } @@ -16,7 +16,7 @@ class nodo::subsystem::keyboard { ensure => present, owner => "root", group => "root", - mode => 0644, + mode => '0644', source => "puppet:///modules/site_nodo/console/boottime.kmap.gz.${::hostname}" } } diff --git a/manifests/subsystem/local.pp b/manifests/subsystem/local.pp index 7021646..d6b7587 100644 --- a/manifests/subsystem/local.pp +++ b/manifests/subsystem/local.pp @@ -4,7 +4,7 @@ class nodo::subsystem::local { "puppet:///modules/nodo/etc/rc.local" ], owner => "root", group => "root", - mode => 0755, + mode => '0755', ensure => present, } } diff --git a/manifests/subsystem/locales.pp b/manifests/subsystem/locales.pp index ee428a5..a30544e 100644 --- a/manifests/subsystem/locales.pp +++ b/manifests/subsystem/locales.pp @@ -9,7 +9,7 @@ class nodo::subsystem::locales { ensure => present, owner => root, group => root, - mode => 0644, + mode => '0644', } file { 'locale-gen': @@ -22,7 +22,7 @@ class nodo::subsystem::locales { ensure => present, owner => root, group => root, - mode => 0644, + mode => '0644', } exec { "locale-gen": diff --git a/manifests/subsystem/macchanger/wicd.pp b/manifests/subsystem/macchanger/wicd.pp index 18ee263..414cb78 100644 --- a/manifests/subsystem/macchanger/wicd.pp +++ b/manifests/subsystem/macchanger/wicd.pp @@ -3,7 +3,7 @@ class nodo::subsystem::macchanger::wicd inherits nodo::subsystem::macchanger { ensure => present, owner => root, group => root, - mode => 0755, + mode => '0755', source => 'puppet:///modules/nodo/etc/wicd/macchanger', } } diff --git a/manifests/subsystem/media/folders.pp b/manifests/subsystem/media/folders.pp index 4495bae..a745a54 100644 --- a/manifests/subsystem/media/folders.pp +++ b/manifests/subsystem/media/folders.pp @@ -7,19 +7,19 @@ class nodo::subsystem::media::folders( # Removable media folders file { [ "/media/usb", "/media/cdrom", "/media/tablet", "/media/phone" ]: ensure => directory, - mode => 0755, + mode => '0755', } # Local cache for general use file { "/var/cache/${::hostname}": ensure => directory, - mode => 0755, + mode => '0755', } # Local media cache file { "/var/cache/${::hostname}/media": ensure => $cache, - mode => 0755, + mode => '0755', owner => $owner ? { false => undef, default => $owner, @@ -39,7 +39,7 @@ class nodo::subsystem::media::folders( # Code and load folders file { [ "${base}/code", "${base}/load" ]: ensure => directory, - mode => 0755, + mode => '0755', owner => $owner ? { false => undef, default => $owner, diff --git a/manifests/subsystem/modprobe.pp b/manifests/subsystem/modprobe.pp index e5e5498..90d9289 100644 --- a/manifests/subsystem/modprobe.pp +++ b/manifests/subsystem/modprobe.pp @@ -2,7 +2,7 @@ class nodo::subsystem::modprobe { file { "/etc/modprobe.d/blacklist.conf": owner => "root", group => "root", - mode => 0644, + mode => '0644', ensure => present, source => "puppet:///modules/nodo/etc/modprobe.d/blacklist.conf", } diff --git a/manifests/subsystem/motd.pp b/manifests/subsystem/motd.pp index ae59f9b..df671eb 100644 --- a/manifests/subsystem/motd.pp +++ b/manifests/subsystem/motd.pp @@ -5,11 +5,14 @@ class nodo::subsystem::motd( if $message != '' { $append = "${message}\n" } + else { + $append = '' + } file { "/etc/motd": owner => "root", group => "root", - mode => 0644, + mode => '0644', ensure => file, content => "This is ${::fqdn} from the ${network_name}.\n${append}", } diff --git a/manifests/subsystem/nas/share.pp b/manifests/subsystem/nas/share.pp index e705e8d..94f8194 100644 --- a/manifests/subsystem/nas/share.pp +++ b/manifests/subsystem/nas/share.pp @@ -106,7 +106,7 @@ define nodo::subsystem::nas::share( ensure => present, owner => root, group => root, - mode => 0644, + mode => '0644', source => "puppet:///modules/site_avahi/services/nfs-${name}.service", notify => Service['avahi-daemon'], } diff --git a/manifests/subsystem/pbuilder.pp b/manifests/subsystem/pbuilder.pp index 4fa0fc4..d85cf68 100644 --- a/manifests/subsystem/pbuilder.pp +++ b/manifests/subsystem/pbuilder.pp @@ -3,7 +3,7 @@ class nodo::subsystem::pbuilder { ensure => present, owner => root, group => root, - mode => 0644, + mode => '0644', source => 'puppet:///modules/nodo/etc/pbuilderrc', } } diff --git a/manifests/subsystem/screen.pp b/manifests/subsystem/screen.pp index bcc2450..ba24c67 100644 --- a/manifests/subsystem/screen.pp +++ b/manifests/subsystem/screen.pp @@ -3,7 +3,7 @@ class nodo::subsystem::screen { content => template('nodo/screen/screenrc.erb'), owner => "root", group => "root", - mode => 0644, + mode => '0644', ensure => present, } } diff --git a/manifests/subsystem/screen/startup.pp b/manifests/subsystem/screen/startup.pp index 5ad2e1a..15f9b56 100644 --- a/manifests/subsystem/screen/startup.pp +++ b/manifests/subsystem/screen/startup.pp @@ -8,7 +8,7 @@ class nodo::subsystem::screen::startup( content => template('nodo/screen/screenrc.erb'), owner => "root", group => "root", - mode => 0644, + mode => '0644', ensure => present, } } diff --git a/manifests/subsystem/ssh/config.pp b/manifests/subsystem/ssh/config.pp index d790562..510a656 100644 --- a/manifests/subsystem/ssh/config.pp +++ b/manifests/subsystem/ssh/config.pp @@ -15,7 +15,7 @@ define nodo::subsystem::ssh::config( ensure => present, owner => $owner, group => $group, - mode => 0600, + mode => '0600', require => File["${home}/.ssh"], } diff --git a/manifests/subsystem/ssh/folder.pp b/manifests/subsystem/ssh/folder.pp index 45a9693..d22b9cb 100644 --- a/manifests/subsystem/ssh/folder.pp +++ b/manifests/subsystem/ssh/folder.pp @@ -10,7 +10,7 @@ define nodo::subsystem::ssh::folder( ensure => $ensure, owner => $owner, group => $group, - mode => 0700, + mode => '0700', } } } diff --git a/manifests/subsystem/ssh/known_hosts.pp b/manifests/subsystem/ssh/known_hosts.pp index d49dc7d..0d81254 100644 --- a/manifests/subsystem/ssh/known_hosts.pp +++ b/manifests/subsystem/ssh/known_hosts.pp @@ -14,7 +14,7 @@ define nodo::subsystem::ssh::known_host( ensure => present, owner => $owner, group => $group, - mode => 0600, + mode => '0600', require => File["${home}/.ssh"], } diff --git a/manifests/subsystem/ssh/local_key.pp b/manifests/subsystem/ssh/local_key.pp index f311ea3..717f408 100644 --- a/manifests/subsystem/ssh/local_key.pp +++ b/manifests/subsystem/ssh/local_key.pp @@ -21,7 +21,7 @@ define nodo::subsystem::ssh::local_key( ensure => $ensure, owner => $owner, group => $group, - mode => 0400, + mode => '0400', source => $ensure ? { 'present' => $source, default => undef, @@ -33,7 +33,7 @@ define nodo::subsystem::ssh::local_key( ensure => $ensure, owner => $owner, group => $group, - mode => 0400, + mode => '0400', source => $ensure ? { 'present' => "${source}.pub", default => undef, diff --git a/manifests/subsystem/sudo.pp b/manifests/subsystem/sudo.pp index 2e6b469..6c4efc0 100644 --- a/manifests/subsystem/sudo.pp +++ b/manifests/subsystem/sudo.pp @@ -14,7 +14,7 @@ class nodo::subsystem::sudo { "puppet:///modules/nodo/etc/sudoers" ], owner => "root", group => "root", - mode => 440, + mode => '0440', require => Package["sudo"], } } diff --git a/manifests/subsystem/sysctl.pp b/manifests/subsystem/sysctl.pp index aef4278..4329010 100644 --- a/manifests/subsystem/sysctl.pp +++ b/manifests/subsystem/sysctl.pp @@ -7,7 +7,7 @@ class nodo::subsystem::sysctl { file { "/etc/sysctl.d/mmap_min_addr.conf": owner => "root", group => "root", - mode => 0644, + mode => '0644', ensure => present, content => "vm.mmap_min_addr = 4096\n", } @@ -16,7 +16,7 @@ class nodo::subsystem::sysctl { file { "/etc/sysctl.d/net.ipv4.conf.all.promote_secondaries.conf": owner => "root", group => "root", - mode => 0644, + mode => '0644', ensure => present, content => "net.ipv4.conf.all.promote_secondaries = 1\n", } @@ -31,7 +31,7 @@ class nodo::subsystem::sysctl { file { "/etc/sysctl.d/kernel.printk.conf": owner => "root", group => "root", - mode => 0644, + mode => '0644', ensure => present, content => "kernel.printk = ${printk_levels}\n", } diff --git a/manifests/subsystem/sysctl/appliance.pp b/manifests/subsystem/sysctl/appliance.pp index 83c151c..23b1e96 100644 --- a/manifests/subsystem/sysctl/appliance.pp +++ b/manifests/subsystem/sysctl/appliance.pp @@ -2,7 +2,7 @@ class nodo::subsystem::sysctl::appliance($kernel_panic = hiera('nodo::sysctl::ap file { "/etc/sysctl.d/kernel.panic.conf": owner => "root", group => "root", - mode => 0644, + mode => '0644', ensure => present, content => "kernel.panic = ${kernel_panic}\n", } diff --git a/manifests/subsystem/sysctl/disable_ipv6.pp b/manifests/subsystem/sysctl/disable_ipv6.pp index a6486a0..2404d8f 100644 --- a/manifests/subsystem/sysctl/disable_ipv6.pp +++ b/manifests/subsystem/sysctl/disable_ipv6.pp @@ -6,7 +6,7 @@ class nodo::subsystem::sysctl::disable_ipv6( file { "/etc/sysctl.d/disable_ipv6.conf": owner => "root", group => "root", - mode => 0644, + mode => '0644', ensure => $ensure, source => "puppet:///modules/nodo/etc/sysctl.d/disable_ipv6.conf", } diff --git a/manifests/subsystem/sysctl/entry.pp b/manifests/subsystem/sysctl/entry.pp index 93230d5..2741aba 100644 --- a/manifests/subsystem/sysctl/entry.pp +++ b/manifests/subsystem/sysctl/entry.pp @@ -14,7 +14,7 @@ define nodo::subsystem::sysctl::entry( file { "/etc/sysctl.d/${prefix}${name}.conf": owner => "root", group => "root", - mode => 0644, + mode => '0644', ensure => $ensure, content => "$name = $value\n", } diff --git a/manifests/subsystem/sysctl/tcp_challenge_ack_limit.pp b/manifests/subsystem/sysctl/tcp_challenge_ack_limit.pp index 2f6c753..c1f6650 100644 --- a/manifests/subsystem/sysctl/tcp_challenge_ack_limit.pp +++ b/manifests/subsystem/sysctl/tcp_challenge_ack_limit.pp @@ -8,7 +8,7 @@ class nodo::subsystem::sysctl::tcp_challenge_ack_limit( file { "/etc/sysctl.d/tcp_challenge_ack_limit.conf": owner => "root", group => "root", - mode => 0644, + mode => '0644', ensure => $ensure, content => "net.ipv4.tcp_challenge_ack_limit = 999999999\n", } |