aboutsummaryrefslogtreecommitdiff
path: root/manifests/base
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/base')
-rw-r--r--manifests/base/appliance.pp7
-rw-r--r--manifests/base/desktop.pp7
-rw-r--r--manifests/base/host.pp55
-rw-r--r--manifests/base/kvm.pp5
-rw-r--r--manifests/base/laptop.pp33
-rw-r--r--manifests/base/personal.pp37
-rw-r--r--manifests/base/physical.pp21
-rw-r--r--manifests/base/plug.pp21
-rw-r--r--manifests/base/removable.pp9
-rw-r--r--manifests/base/server.pp5
-rw-r--r--manifests/base/vserver.pp38
11 files changed, 238 insertions, 0 deletions
diff --git a/manifests/base/appliance.pp b/manifests/base/appliance.pp
new file mode 100644
index 0000000..73d95f5
--- /dev/null
+++ b/manifests/base/appliance.pp
@@ -0,0 +1,7 @@
+class nodo::base::appliance inherits nodo::base::physical {
+ class { 'sysctl::appliance': }
+
+ class { [ 'nodo::subsystem::fstab', 'nodo::subsystem::crypttab' ]:
+ type => 'appliance',
+ }
+}
diff --git a/manifests/base/desktop.pp b/manifests/base/desktop.pp
new file mode 100644
index 0000000..bf9d2fe
--- /dev/null
+++ b/manifests/base/desktop.pp
@@ -0,0 +1,7 @@
+class nodo::base::desktop inherits nodo::base::personal {
+ include nodo::utils::desktop
+
+ class { [ 'nodo::subsystem::fstab', 'nodo::subsystem::crypttab' ]:
+ type => 'desktop',
+ }
+}
diff --git a/manifests/base/host.pp b/manifests/base/host.pp
new file mode 100644
index 0000000..f57aeb4
--- /dev/null
+++ b/manifests/base/host.pp
@@ -0,0 +1,55 @@
+# Fully capable node able to host other nodes
+class nodo::base::host {
+ include nodo::subsystem::initramfs
+ include nodo::subsystem::modprobe
+ include nodo::subsystem::firewire
+ include nodo::subsystem::sysctl
+ include nodo::subsystem::resolver
+ include nodo::utils::physical
+ class { 'syslog-ng': }
+
+ monkeysphere_host { "${::hostname}": }
+
+ # Firewall
+ class { 'firewall': }
+
+ # Vserver
+ if $::lsbdistcodename == 'squeeze' {
+ $vserver = hiera('nodo::host::use_vserver', True)
+
+ if $vserver == true {
+ class { 'vserver::host':
+ vdirbase => "/var/vservers",
+ }
+ }
+ }
+
+ # Time
+ $ntpdate = hiera('nodo::host::ntpdate', True)
+ case $ntpdate {
+ false: { class { 'timezone': } }
+ default: { class { 'ntpdate': } }
+ }
+
+ # Backup
+ backupninja::sys { "sys":
+ ensure => present,
+ }
+
+ # Monitoring
+ if !defined(Class['nodo::subsystem::monitor']) {
+ class { 'nodo::subsystem::monitor':
+ type => 'host',
+ use_nagios => hiera('nodo::host::use_nagios', True),
+ }
+ }
+
+ # Munin configuration
+ $munin = hiera('nodo::host::use_munin', True)
+ if $munin == true {
+ munin_node { "$hostname":
+ port => '4900',
+ }
+ }
+
+}
diff --git a/manifests/base/kvm.pp b/manifests/base/kvm.pp
new file mode 100644
index 0000000..06a7d10
--- /dev/null
+++ b/manifests/base/kvm.pp
@@ -0,0 +1,5 @@
+class nodo::base::kvm inherits nodo::base::host {
+ class { [ 'nodo::subsystem::fstab', 'nodo::subsystem::crypttab' ]:
+ type => 'kvm',
+ }
+}
diff --git a/manifests/base/laptop.pp b/manifests/base/laptop.pp
new file mode 100644
index 0000000..dbafda7
--- /dev/null
+++ b/manifests/base/laptop.pp
@@ -0,0 +1,33 @@
+class nodo::base::laptop inherits nodo::base::personal {
+ include nodo::utils::laptop
+ include nodo::subsystem::dhclient
+ include firewall::wifi
+ include firewall::openvpn
+ include firewall::ppp
+
+ class { 'nodo::subsystem::fstab':
+ type => 'laptop',
+ }
+
+ $hibernate = hiera('nodo::laptop::hibernate', false)
+
+ class { 'nodo::subsystem::crypttab':
+ type => $hibernate ? {
+ false => "laptop",
+ default => "laptop.hibernate",
+ },
+ }
+
+ # Hibernation
+ file { "/etc/initramfs-tools/conf.d/resume":
+ owner => "root",
+ group => "root",
+ mode => 0644,
+ content => "RESUME=/dev/mapper/cswap\n",
+ notify => Exec['update-initramfs'],
+ ensure => $hibernate ? {
+ false => absent,
+ default => present,
+ },
+ }
+}
diff --git a/manifests/base/personal.pp b/manifests/base/personal.pp
new file mode 100644
index 0000000..5aa28ad
--- /dev/null
+++ b/manifests/base/personal.pp
@@ -0,0 +1,37 @@
+# Personal computer
+class nodo::base::personal {
+ include nodo::physical
+ include nodo::utils::personal
+ include autossh
+
+ class { 'nodo::subsystem::pam': }
+ class { 'nodo::subsystem::xorg': }
+
+ if $::lsbdistcodename == 'squeeze' {
+ include nodo::subsystem::gdm
+ }
+ else {
+ include nodo::subsystem::gdm3
+ }
+
+ # Media folders and groups
+ class { [ 'nodo::subsystem::media::folders', 'nodo::subsystem::media::groups' ]: }
+
+ # Mountpoint for encrypted home folders
+ file { [ '/mnt/crypt/', '/mnt/crypt/home' ]:
+ ensure => directory,
+ }
+
+ # Misc user data
+ file { [ "/var/data/code", "/var/data/crypt", "/var/data/crypt/home", "/var/data/load" ]:
+ ensure => directory,
+ mode => 0755,
+ require => File['/var/cache/media'],
+ }
+
+ # Development
+ file { [ "/var/cache/vagrant", "/var/cache/virtualbox" ]:
+ ensure => directory,
+ mode => 0755,
+ }
+}
diff --git a/manifests/base/physical.pp b/manifests/base/physical.pp
new file mode 100644
index 0000000..e01bfb2
--- /dev/null
+++ b/manifests/base/physical.pp
@@ -0,0 +1,21 @@
+class nodo::base::physical inherits nodo::base::host {
+ class { [ 'nodo::subsystem::ups', 'smartmontools' ]: }
+
+ # SMART monitoring
+ $munin = hiera('nodo::host::use_munin', True)
+ if $munin == true {
+ include munin::plugins::smart
+ munin::plugin { 'smart_sda':
+ ensure => 'smart_',
+ config => "user root\ngroup disk",
+ }
+ }
+
+ # Entropy key
+ $ekey_masterkey = hiera('nodo::physical::ekey_masterkey', '')
+ if $ekey_masterkey != '' {
+ class { "ekeyd":
+ ekeyd_masterkey => $ekey_masterkey,
+ }
+ }
+}
diff --git a/manifests/base/plug.pp b/manifests/base/plug.pp
new file mode 100644
index 0000000..17ce366
--- /dev/null
+++ b/manifests/base/plug.pp
@@ -0,0 +1,21 @@
+class nodo::base::plug {
+ include syslog-ng
+ include nodo::utils::plug
+ include nodo::utils::physical
+ include nodo::utils::storage::archive
+ include nodo::subsystem::sysctl
+ include nodo::subsystem::resolver
+
+ monkeysphere_host { "${::hostname}": }
+
+ class { [ 'ntpdate', 'firewall' ]: }
+
+ backupninja::sys { "sys":
+ ensure => present,
+ }
+
+ # Munin configuration
+ munin_node { "${::hostname}":
+ port => '4900',
+ }
+}
diff --git a/manifests/base/removable.pp b/manifests/base/removable.pp
new file mode 100644
index 0000000..d13b5ee
--- /dev/null
+++ b/manifests/base/removable.pp
@@ -0,0 +1,9 @@
+class nodo::base::removable inherits nodo::base::desktop {
+ File["/etc/fstab"] {
+ source => "puppet:///modules/nodo/etc/fstab/removable",
+ }
+
+ File["/etc/crypttab"] {
+ source => "puppet:///modules/nodo/etc/crypttab/removable",
+ }
+}
diff --git a/manifests/base/server.pp b/manifests/base/server.pp
new file mode 100644
index 0000000..93cce4c
--- /dev/null
+++ b/manifests/base/server.pp
@@ -0,0 +1,5 @@
+class nodo::base::server inherits nodo::base::physical {
+ class { [ 'nodo::subsystem::fstab', 'nodo::subsystem::crypttab' ]:
+ type => 'server',
+ }
+}
diff --git a/manifests/base/vserver.pp b/manifests/base/vserver.pp
new file mode 100644
index 0000000..433be5a
--- /dev/null
+++ b/manifests/base/vserver.pp
@@ -0,0 +1,38 @@
+class nodo::base::vserver {
+ class { 'timezone': }
+ class { 'syslog-ng::vserver': }
+
+ backupninja::sys { "sys":
+ ensure => present,
+ partitions => false,
+ hardware => false,
+ dosfdisk => false,
+ dohwinfo => false,
+ }
+
+ $hosting_type = hiera('nodo::vserver::hosting_type', 'direct')
+
+ case $hosting_type {
+ "direct": {
+ # Apply munin and monkeysphere configuration for
+ # for directly hosted nodes.
+ Munin_node <<| title == $::hostname |>>
+ Monkeysphere_host <<| title == $::hostname |>>
+ }
+ "third-party": {
+ # Apply munin and monkeysphere configuration for
+ # nodes hosted by third-parties.
+ munin_node { "${::hostname}": }
+ monkeysphere_host { "${::hostname}":
+ port => hiera('nodo::vserver::ssh_port', '22'),
+ }
+
+ # Nagios configuration
+ class { 'nodo::subsystem::monitor':
+ type => 'vserver',
+ use_nagios => hiera('nodo::vserver::use_nagios', false),
+ }
+ }
+ }
+
+}