aboutsummaryrefslogtreecommitdiff
path: root/manifests/defines
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/defines')
-rw-r--r--manifests/defines/monkeysphere_host.pp20
-rw-r--r--manifests/defines/munin_node.pp27
-rw-r--r--manifests/defines/ssh_config.pp35
-rw-r--r--manifests/defines/ssh_create_key.pp20
-rw-r--r--manifests/defines/ssh_folder.pp16
-rw-r--r--manifests/defines/ssh_known_hosts.pp58
-rw-r--r--manifests/defines/ssh_local_key.pp43
-rw-r--r--manifests/defines/sysctl.pp19
8 files changed, 0 insertions, 238 deletions
diff --git a/manifests/defines/monkeysphere_host.pp b/manifests/defines/monkeysphere_host.pp
deleted file mode 100644
index b4b21e0..0000000
--- a/manifests/defines/monkeysphere_host.pp
+++ /dev/null
@@ -1,20 +0,0 @@
-define monkeysphere_host(
- $port = hiera('nodo::monkeysphere_host::ssh_port', ''),
- $mail_recipient = hiera('mail::root_mail_recipient', 'nobody')
-) {
- include monkeysphere
-
- # Ensure the server's ssh key is imported into your monkeysphere key ring
- monkeysphere::import_key { "ssh":
- port => $port,
- }
-
- # TODO
- # Currently we don't have a defined policy regarding whether
- # to publish all our node keys to public keyservers, so leave
- # automatic publishing disabled for now.
- #monkeysphere::publish_server_keys { }
-
- # Email the server key
- monkeysphere::email_server_keys { "$mail_recipient": }
-}
diff --git a/manifests/defines/munin_node.pp b/manifests/defines/munin_node.pp
deleted file mode 100644
index f867fd3..0000000
--- a/manifests/defines/munin_node.pp
+++ /dev/null
@@ -1,27 +0,0 @@
-# Define a munin node
-define munin_node(
- $port = hiera('nodo::munin_node::port', '4949'),
- $allow = hiera('nodo::munin_node::allow', ''),
- $host = hiera('nodo::munin_node::host', $::fqdn),
- $listen = hiera('nodo::munin_node::listen', '*'),
- $config = hiera('nodo::munin_node::config', [ 'use_node_name yes', 'load.load.warning 5', 'load.load.critical 10' ])
-) {
-
- case $allow {
- '': { fail("Please set nodo::munin_node::allow in your config") }
- }
-
- package { "munin-plugins-extra":
- ensure => "present",
- }
-
- class { 'munin::client':
- port => $port,
- allow => $allow,
- host => $host,
- listen => $listen,
- config => $config,
- }
-
- munin::plugin { apt_all: ensure => present; }
-}
diff --git a/manifests/defines/ssh_config.pp b/manifests/defines/ssh_config.pp
deleted file mode 100644
index 5585520..0000000
--- a/manifests/defines/ssh_config.pp
+++ /dev/null
@@ -1,35 +0,0 @@
-# Manage ssh config for a particular user
-define ssh_config(
- $owner,
- $group,
- $home = '/home/$owner',
- $ssh_localhost_auth = false
-) {
- ssh_folder { "ssh-config-${name}":
- home => $home,
- owner => $owner,
- group => $group,
- }
-
- file { "${home}/.ssh/config":
- ensure => present,
- owner => $owner,
- group => $group,
- mode => 0600,
- require => File["${home}/.ssh"],
- }
-
- # The NoHostAuthenticationForLocalhost ssh option might be useful
- # for automated deployment environments so your ikiwiki user doesn't
- # get stuck with the fingerprint confirmation prompt when pushing
- # content via ssh in the first time it runs.
- line { 'NoHostAuthenticationForLocalhost-${owner}':
- file => "${home}/.ssh/config",
- line => "NoHostAuthenticationForLocalhost yes",
- ensure => $ssh_localhost_auth ? {
- 'auto' => present,
- 'fingerprint' => absent,
- default => absent,
- },
- }
-}
diff --git a/manifests/defines/ssh_create_key.pp b/manifests/defines/ssh_create_key.pp
deleted file mode 100644
index 77d1f00..0000000
--- a/manifests/defines/ssh_create_key.pp
+++ /dev/null
@@ -1,20 +0,0 @@
-define ssh_create_key(
- $owner,
- $group,
- $keyfile = 'id_rsa',
- $home = '/home/$owner'
-) {
- ssh_folder { "ssh_create_key-${name}":
- home => $home,
- owner => $owner,
- group => $group,
- }
-
- exec { "ssh-keygen-${owner}":
- command => "ssh-keygen -t rsa -P '' -f ${home}/.ssh/${keyfile}",
- creates => "${home}/.ssh/${keyfile}",
- user => $owner,
- group => $group,
- require => File["${home}/.ssh"],
- }
-}
diff --git a/manifests/defines/ssh_folder.pp b/manifests/defines/ssh_folder.pp
deleted file mode 100644
index 41b688a..0000000
--- a/manifests/defines/ssh_folder.pp
+++ /dev/null
@@ -1,16 +0,0 @@
-# Manage a ssh folder
-define ssh_folder(
- $home,
- $owner,
- $group,
- $ensure = 'directory',
-) {
- if !defined(File["${home}/.ssh"]) {
- file { "${home}/.ssh":
- ensure => $ensure,
- owner => $owner,
- group => $group,
- mode => 0700,
- }
- }
-}
diff --git a/manifests/defines/ssh_known_hosts.pp b/manifests/defines/ssh_known_hosts.pp
deleted file mode 100644
index c0d7157..0000000
--- a/manifests/defines/ssh_known_hosts.pp
+++ /dev/null
@@ -1,58 +0,0 @@
-# Manage known_hosts for a particular user
-define ssh_known_host(
- $owner,
- $home = '/home/$owner',
- $ssh_localhost_auth = false
-) {
- ssh_folder { "ssh_known_host-${name}":
- home => $home,
- owner => $owner,
- group => $group,
- }
-
- file { "${home}/.ssh/known_hosts":
- ensure => present,
- owner => $owner,
- group => $group,
- mode => 0600,
- require => File["${home}/.ssh"],
- }
-
- # You can choose to include the host's fingeprints
- # directly into the known_hosts file.
- if $::sshrsakey != '' {
- line { 'known_hosts-localhost-rsa-${owner}':
- file => "${home}/.ssh/known_hosts",
- line => "localhost ssh-rsa ${::sshrsakey}",
- ensure => $ssh_localhost_auth ? {
- 'fingerprint' => present,
- 'auto' => undef,
- default => undef,
- },
- }
- }
-
- if $::sshdsakey != '' {
- line { 'known_hosts-localhost-dsa-${owner}':
- file => "${home}/.ssh/known_hosts",
- line => "localhost ssh-dss ${::sshdsakey}",
- ensure => $ssh_localhost_auth ? {
- 'fingerprint' => present,
- 'auto' => undef,
- default => undef,
- },
- }
- }
-
- if $::sshecdsakey != '' {
- line { 'known_hosts-localhost-ecdsa-${owner}':
- file => "${home}/.ssh/known_hosts",
- line => "localhost ecdsa-sha2-nistp256 ${::sshedsakey}",
- ensure => $ssh_localhost_auth ? {
- 'fingerprint' => present,
- 'auto' => undef,
- default => undef,
- },
- }
- }
-}
diff --git a/manifests/defines/ssh_local_key.pp b/manifests/defines/ssh_local_key.pp
deleted file mode 100644
index 57bb251..0000000
--- a/manifests/defines/ssh_local_key.pp
+++ /dev/null
@@ -1,43 +0,0 @@
-# Manage local ssh keys
-define ssh_local_key(
- $owner = $name,
- $group = $name,
- $home = "/home/${owner}",
- $source = "puppet:///ssh/${name}_id_rsa",
- $dest = 'id_rsa',
- $ensure = 'present',
-) {
- ssh_folder { "ssh_local_key-${name}":
- home => $home,
- owner => $owner,
- group => $group,
- ensure => $ensure ? {
- 'present' => 'directory',
- default => 'absent',
- },
- }
-
- file { "${home}/.ssh/${dest}":
- ensure => $ensure,
- owner => $owner,
- group => $group,
- mode => 0400,
- source => $ensure ? {
- 'present' => $source,
- default => undef,
- },
- require => File["${home}/.ssh"],
- }
-
- file { "${home}/.ssh/${dest}.pub":
- ensure => $ensure,
- owner => $owner,
- group => $group,
- mode => 0400,
- source => $ensure ? {
- 'present' => "${source}.pub",
- default => undef,
- },
- require => File["${home}/.ssh"],
- }
-}
diff --git a/manifests/defines/sysctl.pp b/manifests/defines/sysctl.pp
deleted file mode 100644
index 06f6a14..0000000
--- a/manifests/defines/sysctl.pp
+++ /dev/null
@@ -1,19 +0,0 @@
-# Simple sysctl definition
-define sysctl(
- $ensure = present,
- $value
-) {
- file { "/etc/sysctl.d/${name}.conf":
- owner => "root",
- group => "root",
- mode => 0644,
- ensure => $ensure,
- content => "$name = $value\n",
- }
-
- exec { "sysctl ${name}=${value}":
- user => root,
- subscribe => File["/etc/sysctl.d/${name}.conf"],
- refreshonly => true,
- }
-}