diff options
Diffstat (limited to 'manifests/base')
-rw-r--r-- | manifests/base/appliance.pp | 7 | ||||
-rw-r--r-- | manifests/base/desktop.pp | 7 | ||||
-rw-r--r-- | manifests/base/host.pp | 55 | ||||
-rw-r--r-- | manifests/base/kvm.pp | 5 | ||||
-rw-r--r-- | manifests/base/laptop.pp | 33 | ||||
-rw-r--r-- | manifests/base/personal.pp | 37 | ||||
-rw-r--r-- | manifests/base/physical.pp | 21 | ||||
-rw-r--r-- | manifests/base/plug.pp | 21 | ||||
-rw-r--r-- | manifests/base/removable.pp | 9 | ||||
-rw-r--r-- | manifests/base/server.pp | 5 | ||||
-rw-r--r-- | manifests/base/vserver.pp | 38 |
11 files changed, 238 insertions, 0 deletions
diff --git a/manifests/base/appliance.pp b/manifests/base/appliance.pp new file mode 100644 index 0000000..73d95f5 --- /dev/null +++ b/manifests/base/appliance.pp @@ -0,0 +1,7 @@ +class nodo::base::appliance inherits nodo::base::physical { + class { 'sysctl::appliance': } + + class { [ 'nodo::subsystem::fstab', 'nodo::subsystem::crypttab' ]: + type => 'appliance', + } +} diff --git a/manifests/base/desktop.pp b/manifests/base/desktop.pp new file mode 100644 index 0000000..bf9d2fe --- /dev/null +++ b/manifests/base/desktop.pp @@ -0,0 +1,7 @@ +class nodo::base::desktop inherits nodo::base::personal { + include nodo::utils::desktop + + class { [ 'nodo::subsystem::fstab', 'nodo::subsystem::crypttab' ]: + type => 'desktop', + } +} diff --git a/manifests/base/host.pp b/manifests/base/host.pp new file mode 100644 index 0000000..f57aeb4 --- /dev/null +++ b/manifests/base/host.pp @@ -0,0 +1,55 @@ +# Fully capable node able to host other nodes +class nodo::base::host { + include nodo::subsystem::initramfs + include nodo::subsystem::modprobe + include nodo::subsystem::firewire + include nodo::subsystem::sysctl + include nodo::subsystem::resolver + include nodo::utils::physical + class { 'syslog-ng': } + + monkeysphere_host { "${::hostname}": } + + # Firewall + class { 'firewall': } + + # Vserver + if $::lsbdistcodename == 'squeeze' { + $vserver = hiera('nodo::host::use_vserver', True) + + if $vserver == true { + class { 'vserver::host': + vdirbase => "/var/vservers", + } + } + } + + # Time + $ntpdate = hiera('nodo::host::ntpdate', True) + case $ntpdate { + false: { class { 'timezone': } } + default: { class { 'ntpdate': } } + } + + # Backup + backupninja::sys { "sys": + ensure => present, + } + + # Monitoring + if !defined(Class['nodo::subsystem::monitor']) { + class { 'nodo::subsystem::monitor': + type => 'host', + use_nagios => hiera('nodo::host::use_nagios', True), + } + } + + # Munin configuration + $munin = hiera('nodo::host::use_munin', True) + if $munin == true { + munin_node { "$hostname": + port => '4900', + } + } + +} diff --git a/manifests/base/kvm.pp b/manifests/base/kvm.pp new file mode 100644 index 0000000..06a7d10 --- /dev/null +++ b/manifests/base/kvm.pp @@ -0,0 +1,5 @@ +class nodo::base::kvm inherits nodo::base::host { + class { [ 'nodo::subsystem::fstab', 'nodo::subsystem::crypttab' ]: + type => 'kvm', + } +} diff --git a/manifests/base/laptop.pp b/manifests/base/laptop.pp new file mode 100644 index 0000000..dbafda7 --- /dev/null +++ b/manifests/base/laptop.pp @@ -0,0 +1,33 @@ +class nodo::base::laptop inherits nodo::base::personal { + include nodo::utils::laptop + include nodo::subsystem::dhclient + include firewall::wifi + include firewall::openvpn + include firewall::ppp + + class { 'nodo::subsystem::fstab': + type => 'laptop', + } + + $hibernate = hiera('nodo::laptop::hibernate', false) + + class { 'nodo::subsystem::crypttab': + type => $hibernate ? { + false => "laptop", + default => "laptop.hibernate", + }, + } + + # Hibernation + file { "/etc/initramfs-tools/conf.d/resume": + owner => "root", + group => "root", + mode => 0644, + content => "RESUME=/dev/mapper/cswap\n", + notify => Exec['update-initramfs'], + ensure => $hibernate ? { + false => absent, + default => present, + }, + } +} diff --git a/manifests/base/personal.pp b/manifests/base/personal.pp new file mode 100644 index 0000000..5aa28ad --- /dev/null +++ b/manifests/base/personal.pp @@ -0,0 +1,37 @@ +# Personal computer +class nodo::base::personal { + include nodo::physical + include nodo::utils::personal + include autossh + + class { 'nodo::subsystem::pam': } + class { 'nodo::subsystem::xorg': } + + if $::lsbdistcodename == 'squeeze' { + include nodo::subsystem::gdm + } + else { + include nodo::subsystem::gdm3 + } + + # Media folders and groups + class { [ 'nodo::subsystem::media::folders', 'nodo::subsystem::media::groups' ]: } + + # Mountpoint for encrypted home folders + file { [ '/mnt/crypt/', '/mnt/crypt/home' ]: + ensure => directory, + } + + # Misc user data + file { [ "/var/data/code", "/var/data/crypt", "/var/data/crypt/home", "/var/data/load" ]: + ensure => directory, + mode => 0755, + require => File['/var/cache/media'], + } + + # Development + file { [ "/var/cache/vagrant", "/var/cache/virtualbox" ]: + ensure => directory, + mode => 0755, + } +} diff --git a/manifests/base/physical.pp b/manifests/base/physical.pp new file mode 100644 index 0000000..e01bfb2 --- /dev/null +++ b/manifests/base/physical.pp @@ -0,0 +1,21 @@ +class nodo::base::physical inherits nodo::base::host { + class { [ 'nodo::subsystem::ups', 'smartmontools' ]: } + + # SMART monitoring + $munin = hiera('nodo::host::use_munin', True) + if $munin == true { + include munin::plugins::smart + munin::plugin { 'smart_sda': + ensure => 'smart_', + config => "user root\ngroup disk", + } + } + + # Entropy key + $ekey_masterkey = hiera('nodo::physical::ekey_masterkey', '') + if $ekey_masterkey != '' { + class { "ekeyd": + ekeyd_masterkey => $ekey_masterkey, + } + } +} diff --git a/manifests/base/plug.pp b/manifests/base/plug.pp new file mode 100644 index 0000000..17ce366 --- /dev/null +++ b/manifests/base/plug.pp @@ -0,0 +1,21 @@ +class nodo::base::plug { + include syslog-ng + include nodo::utils::plug + include nodo::utils::physical + include nodo::utils::storage::archive + include nodo::subsystem::sysctl + include nodo::subsystem::resolver + + monkeysphere_host { "${::hostname}": } + + class { [ 'ntpdate', 'firewall' ]: } + + backupninja::sys { "sys": + ensure => present, + } + + # Munin configuration + munin_node { "${::hostname}": + port => '4900', + } +} diff --git a/manifests/base/removable.pp b/manifests/base/removable.pp new file mode 100644 index 0000000..d13b5ee --- /dev/null +++ b/manifests/base/removable.pp @@ -0,0 +1,9 @@ +class nodo::base::removable inherits nodo::base::desktop { + File["/etc/fstab"] { + source => "puppet:///modules/nodo/etc/fstab/removable", + } + + File["/etc/crypttab"] { + source => "puppet:///modules/nodo/etc/crypttab/removable", + } +} diff --git a/manifests/base/server.pp b/manifests/base/server.pp new file mode 100644 index 0000000..93cce4c --- /dev/null +++ b/manifests/base/server.pp @@ -0,0 +1,5 @@ +class nodo::base::server inherits nodo::base::physical { + class { [ 'nodo::subsystem::fstab', 'nodo::subsystem::crypttab' ]: + type => 'server', + } +} diff --git a/manifests/base/vserver.pp b/manifests/base/vserver.pp new file mode 100644 index 0000000..433be5a --- /dev/null +++ b/manifests/base/vserver.pp @@ -0,0 +1,38 @@ +class nodo::base::vserver { + class { 'timezone': } + class { 'syslog-ng::vserver': } + + backupninja::sys { "sys": + ensure => present, + partitions => false, + hardware => false, + dosfdisk => false, + dohwinfo => false, + } + + $hosting_type = hiera('nodo::vserver::hosting_type', 'direct') + + case $hosting_type { + "direct": { + # Apply munin and monkeysphere configuration for + # for directly hosted nodes. + Munin_node <<| title == $::hostname |>> + Monkeysphere_host <<| title == $::hostname |>> + } + "third-party": { + # Apply munin and monkeysphere configuration for + # nodes hosted by third-parties. + munin_node { "${::hostname}": } + monkeysphere_host { "${::hostname}": + port => hiera('nodo::vserver::ssh_port', '22'), + } + + # Nagios configuration + class { 'nodo::subsystem::monitor': + type => 'vserver', + use_nagios => hiera('nodo::vserver::use_nagios', false), + } + } + } + +} |