diff options
Diffstat (limited to 'manifests/defines')
-rw-r--r-- | manifests/defines/monkeysphere_host.pp | 20 | ||||
-rw-r--r-- | manifests/defines/munin_node.pp | 27 | ||||
-rw-r--r-- | manifests/defines/ssh_config.pp | 35 | ||||
-rw-r--r-- | manifests/defines/ssh_create_key.pp | 20 | ||||
-rw-r--r-- | manifests/defines/ssh_folder.pp | 16 | ||||
-rw-r--r-- | manifests/defines/ssh_known_hosts.pp | 58 | ||||
-rw-r--r-- | manifests/defines/ssh_local_key.pp | 43 | ||||
-rw-r--r-- | manifests/defines/sysctl.pp | 19 |
8 files changed, 0 insertions, 238 deletions
diff --git a/manifests/defines/monkeysphere_host.pp b/manifests/defines/monkeysphere_host.pp deleted file mode 100644 index b4b21e0..0000000 --- a/manifests/defines/monkeysphere_host.pp +++ /dev/null @@ -1,20 +0,0 @@ -define monkeysphere_host( - $port = hiera('nodo::monkeysphere_host::ssh_port', ''), - $mail_recipient = hiera('mail::root_mail_recipient', 'nobody') -) { - include monkeysphere - - # Ensure the server's ssh key is imported into your monkeysphere key ring - monkeysphere::import_key { "ssh": - port => $port, - } - - # TODO - # Currently we don't have a defined policy regarding whether - # to publish all our node keys to public keyservers, so leave - # automatic publishing disabled for now. - #monkeysphere::publish_server_keys { } - - # Email the server key - monkeysphere::email_server_keys { "$mail_recipient": } -} diff --git a/manifests/defines/munin_node.pp b/manifests/defines/munin_node.pp deleted file mode 100644 index f867fd3..0000000 --- a/manifests/defines/munin_node.pp +++ /dev/null @@ -1,27 +0,0 @@ -# Define a munin node -define munin_node( - $port = hiera('nodo::munin_node::port', '4949'), - $allow = hiera('nodo::munin_node::allow', ''), - $host = hiera('nodo::munin_node::host', $::fqdn), - $listen = hiera('nodo::munin_node::listen', '*'), - $config = hiera('nodo::munin_node::config', [ 'use_node_name yes', 'load.load.warning 5', 'load.load.critical 10' ]) -) { - - case $allow { - '': { fail("Please set nodo::munin_node::allow in your config") } - } - - package { "munin-plugins-extra": - ensure => "present", - } - - class { 'munin::client': - port => $port, - allow => $allow, - host => $host, - listen => $listen, - config => $config, - } - - munin::plugin { apt_all: ensure => present; } -} diff --git a/manifests/defines/ssh_config.pp b/manifests/defines/ssh_config.pp deleted file mode 100644 index 5585520..0000000 --- a/manifests/defines/ssh_config.pp +++ /dev/null @@ -1,35 +0,0 @@ -# Manage ssh config for a particular user -define ssh_config( - $owner, - $group, - $home = '/home/$owner', - $ssh_localhost_auth = false -) { - ssh_folder { "ssh-config-${name}": - home => $home, - owner => $owner, - group => $group, - } - - file { "${home}/.ssh/config": - ensure => present, - owner => $owner, - group => $group, - mode => 0600, - require => File["${home}/.ssh"], - } - - # The NoHostAuthenticationForLocalhost ssh option might be useful - # for automated deployment environments so your ikiwiki user doesn't - # get stuck with the fingerprint confirmation prompt when pushing - # content via ssh in the first time it runs. - line { 'NoHostAuthenticationForLocalhost-${owner}': - file => "${home}/.ssh/config", - line => "NoHostAuthenticationForLocalhost yes", - ensure => $ssh_localhost_auth ? { - 'auto' => present, - 'fingerprint' => absent, - default => absent, - }, - } -} diff --git a/manifests/defines/ssh_create_key.pp b/manifests/defines/ssh_create_key.pp deleted file mode 100644 index 77d1f00..0000000 --- a/manifests/defines/ssh_create_key.pp +++ /dev/null @@ -1,20 +0,0 @@ -define ssh_create_key( - $owner, - $group, - $keyfile = 'id_rsa', - $home = '/home/$owner' -) { - ssh_folder { "ssh_create_key-${name}": - home => $home, - owner => $owner, - group => $group, - } - - exec { "ssh-keygen-${owner}": - command => "ssh-keygen -t rsa -P '' -f ${home}/.ssh/${keyfile}", - creates => "${home}/.ssh/${keyfile}", - user => $owner, - group => $group, - require => File["${home}/.ssh"], - } -} diff --git a/manifests/defines/ssh_folder.pp b/manifests/defines/ssh_folder.pp deleted file mode 100644 index 41b688a..0000000 --- a/manifests/defines/ssh_folder.pp +++ /dev/null @@ -1,16 +0,0 @@ -# Manage a ssh folder -define ssh_folder( - $home, - $owner, - $group, - $ensure = 'directory', -) { - if !defined(File["${home}/.ssh"]) { - file { "${home}/.ssh": - ensure => $ensure, - owner => $owner, - group => $group, - mode => 0700, - } - } -} diff --git a/manifests/defines/ssh_known_hosts.pp b/manifests/defines/ssh_known_hosts.pp deleted file mode 100644 index c0d7157..0000000 --- a/manifests/defines/ssh_known_hosts.pp +++ /dev/null @@ -1,58 +0,0 @@ -# Manage known_hosts for a particular user -define ssh_known_host( - $owner, - $home = '/home/$owner', - $ssh_localhost_auth = false -) { - ssh_folder { "ssh_known_host-${name}": - home => $home, - owner => $owner, - group => $group, - } - - file { "${home}/.ssh/known_hosts": - ensure => present, - owner => $owner, - group => $group, - mode => 0600, - require => File["${home}/.ssh"], - } - - # You can choose to include the host's fingeprints - # directly into the known_hosts file. - if $::sshrsakey != '' { - line { 'known_hosts-localhost-rsa-${owner}': - file => "${home}/.ssh/known_hosts", - line => "localhost ssh-rsa ${::sshrsakey}", - ensure => $ssh_localhost_auth ? { - 'fingerprint' => present, - 'auto' => undef, - default => undef, - }, - } - } - - if $::sshdsakey != '' { - line { 'known_hosts-localhost-dsa-${owner}': - file => "${home}/.ssh/known_hosts", - line => "localhost ssh-dss ${::sshdsakey}", - ensure => $ssh_localhost_auth ? { - 'fingerprint' => present, - 'auto' => undef, - default => undef, - }, - } - } - - if $::sshecdsakey != '' { - line { 'known_hosts-localhost-ecdsa-${owner}': - file => "${home}/.ssh/known_hosts", - line => "localhost ecdsa-sha2-nistp256 ${::sshedsakey}", - ensure => $ssh_localhost_auth ? { - 'fingerprint' => present, - 'auto' => undef, - default => undef, - }, - } - } -} diff --git a/manifests/defines/ssh_local_key.pp b/manifests/defines/ssh_local_key.pp deleted file mode 100644 index 57bb251..0000000 --- a/manifests/defines/ssh_local_key.pp +++ /dev/null @@ -1,43 +0,0 @@ -# Manage local ssh keys -define ssh_local_key( - $owner = $name, - $group = $name, - $home = "/home/${owner}", - $source = "puppet:///ssh/${name}_id_rsa", - $dest = 'id_rsa', - $ensure = 'present', -) { - ssh_folder { "ssh_local_key-${name}": - home => $home, - owner => $owner, - group => $group, - ensure => $ensure ? { - 'present' => 'directory', - default => 'absent', - }, - } - - file { "${home}/.ssh/${dest}": - ensure => $ensure, - owner => $owner, - group => $group, - mode => 0400, - source => $ensure ? { - 'present' => $source, - default => undef, - }, - require => File["${home}/.ssh"], - } - - file { "${home}/.ssh/${dest}.pub": - ensure => $ensure, - owner => $owner, - group => $group, - mode => 0400, - source => $ensure ? { - 'present' => "${source}.pub", - default => undef, - }, - require => File["${home}/.ssh"], - } -} diff --git a/manifests/defines/sysctl.pp b/manifests/defines/sysctl.pp deleted file mode 100644 index 06f6a14..0000000 --- a/manifests/defines/sysctl.pp +++ /dev/null @@ -1,19 +0,0 @@ -# Simple sysctl definition -define sysctl( - $ensure = present, - $value -) { - file { "/etc/sysctl.d/${name}.conf": - owner => "root", - group => "root", - mode => 0644, - ensure => $ensure, - content => "$name = $value\n", - } - - exec { "sysctl ${name}=${value}": - user => root, - subscribe => File["/etc/sysctl.d/${name}.conf"], - refreshonly => true, - } -} |