aboutsummaryrefslogtreecommitdiff
path: root/manifests/subsystem
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/subsystem')
-rw-r--r--manifests/subsystem/crypttab.pp15
-rw-r--r--manifests/subsystem/dhclient.pp17
-rw-r--r--manifests/subsystem/firewire.pp8
-rw-r--r--manifests/subsystem/fstab.pp15
-rw-r--r--manifests/subsystem/gdm.pp66
-rw-r--r--manifests/subsystem/gdm/disabled.pp18
-rw-r--r--manifests/subsystem/gdm3.pp20
-rw-r--r--manifests/subsystem/hosts.pp60
-rw-r--r--manifests/subsystem/initramfs.pp39
-rw-r--r--manifests/subsystem/keyboard.pp22
-rw-r--r--manifests/subsystem/locales.pp28
-rw-r--r--manifests/subsystem/media/folders.pp32
-rw-r--r--manifests/subsystem/media/groups.pp5
-rw-r--r--manifests/subsystem/modprobe.pp28
-rw-r--r--manifests/subsystem/monitor.pp26
-rw-r--r--manifests/subsystem/motd.pp19
-rw-r--r--manifests/subsystem/mount.pp15
-rw-r--r--manifests/subsystem/pam.pp40
-rw-r--r--manifests/subsystem/profile.pp46
-rw-r--r--manifests/subsystem/resolver.pp27
-rw-r--r--manifests/subsystem/ssh_folder.pp11
-rw-r--r--manifests/subsystem/sudo.pp14
-rw-r--r--manifests/subsystem/sysctl.pp55
-rw-r--r--manifests/subsystem/ups.pp26
-rw-r--r--manifests/subsystem/xorg.pp13
25 files changed, 665 insertions, 0 deletions
diff --git a/manifests/subsystem/crypttab.pp b/manifests/subsystem/crypttab.pp
new file mode 100644
index 0000000..749569c
--- /dev/null
+++ b/manifests/subsystem/crypttab.pp
@@ -0,0 +1,15 @@
+class nodo::subsystem::crypttab(
+ $type,
+ $manage = hiera('nodo::crypttab::manage', false)
+) {
+ if $manage == true {
+ file { "/etc/crypttab":
+ source => "puppet:///modules/nodo/etc/crypttab/${type}",
+ owner => "root",
+ group => "root",
+ mode => 0644,
+ ensure => present,
+ notify => Exec['update-initramfs'],
+ }
+ }
+}
diff --git a/manifests/subsystem/dhclient.pp b/manifests/subsystem/dhclient.pp
new file mode 100644
index 0000000..332dc34
--- /dev/null
+++ b/manifests/subsystem/dhclient.pp
@@ -0,0 +1,17 @@
+class nodo::subsystem::dhclient(
+ $ensure = hiera('nodo::subsystem::dhclient::ensure', 'present'),
+ $supersede_domain = hiera('nodo::subsystem::dhclient::supersede_domain', $::domain)
+) {
+ package { 'isc-dhcp-client':
+ ensure => $ensure,
+ }
+
+ file { '/etc/dhcp/dhclient.conf':
+ ensure => $ensure,
+ owner => root,
+ group => root,
+ mode => 0644,
+ require => Package['isc-dhcp-client'],
+ content => template('nodo/dhcp/dhclient.conf.erb'),
+ }
+}
diff --git a/manifests/subsystem/firewire.pp b/manifests/subsystem/firewire.pp
new file mode 100644
index 0000000..104d6e9
--- /dev/null
+++ b/manifests/subsystem/firewire.pp
@@ -0,0 +1,8 @@
+class nodo::subsystem::firewire {
+ # Make sure ohci1394 is not loaded
+ # See http://padrao.sarava.org/trac/wiki/Debian/Firewire and the modprobe class
+ exec { "rmmod ohci1394":
+ unless => "/bin/sh -c 'if `grep -q ^ohci1394 /proc/modules`; then false; else true; fi'",
+ user => "root",
+ }
+}
diff --git a/manifests/subsystem/fstab.pp b/manifests/subsystem/fstab.pp
new file mode 100644
index 0000000..9538f66
--- /dev/null
+++ b/manifests/subsystem/fstab.pp
@@ -0,0 +1,15 @@
+class nodo::subsystem::fstab(
+ $type,
+ $manage = hiera('nodo::subsystem::fstab::manage', false)
+) {
+ if $manage == true {
+ file { "/etc/fstab":
+ source => "puppet:///modules/nodo/etc/fstab/${type}",
+ owner => "root",
+ group => "root",
+ mode => 0644,
+ ensure => present,
+ notify => Exec['update-initramfs'],
+ }
+ }
+}
diff --git a/manifests/subsystem/gdm.pp b/manifests/subsystem/gdm.pp
new file mode 100644
index 0000000..fd36e99
--- /dev/null
+++ b/manifests/subsystem/gdm.pp
@@ -0,0 +1,66 @@
+class nodo::subsystem::gdm {
+ package { 'gdm':
+ ensure => installed,
+ }
+
+ service { 'gdm':
+ ensure => running,
+ require => Package['gdm'],
+ }
+
+ exec { '/usr/sbin/dpkg-reconfigure gdm':
+ subscribe => File['/etc/gdm/gdm.conf'],
+ user => root,
+ group => root,
+ refreshonly => true,
+ require => Service['gdm'],
+ }
+
+ file { '/etc/gdm/gdm.conf':
+ ensure => present,
+ owner => root,
+ group => root,
+ mode => 0644,
+ source => [ "puppet:///modules/site_nodo/etc/gdm/${::domain}/gdm.conf",
+ "puppet:///modules/nodo/etc/gdm/gdm.conf", ]
+ }
+
+ file { '/usr/share/gdm/themes/crunchbang':
+ ensure => directory,
+ recurse => true,
+ purge => true,
+ force => true,
+ owner => "root",
+ group => "root",
+ # This mode will also apply to files from the source directory
+ mode => 0644,
+ # Puppet will automatically set +x for directories
+ source => 'puppet:///modules/nodo/etc/gdm/themes/crunchbang',
+ }
+
+ file { '/usr/share/gdm/themes/Tuxtastic':
+ ensure => directory,
+ recurse => true,
+ purge => true,
+ force => true,
+ owner => "root",
+ group => "root",
+ # This mode will also apply to files from the source directory
+ mode => 0644,
+ # Puppet will automatically set +x for directories
+ source => 'puppet:///modules/nodo/etc/gdm/themes/Tuxtastic',
+ }
+
+ file { '/usr/share/gdm/themes/dasUberMini':
+ ensure => directory,
+ recurse => true,
+ purge => true,
+ force => true,
+ owner => "root",
+ group => "root",
+ # This mode will also apply to files from the source directory
+ mode => 0644,
+ # Puppet will automatically set +x for directories
+ source => 'puppet:///modules/nodo/etc/gdm/themes/dasUberMini',
+ }
+}
diff --git a/manifests/subsystem/gdm/disabled.pp b/manifests/subsystem/gdm/disabled.pp
new file mode 100644
index 0000000..d2565ef
--- /dev/null
+++ b/manifests/subsystem/gdm/disabled.pp
@@ -0,0 +1,18 @@
+class nodo::subsystem::gdm::disabled inherits nodo::subsystem::gdm {
+ File['/usr/share/gdm/themes/dasUberMini', '/usr/share/gdm/themes/Tuxtastic',
+ '/usr/share/gdm/themes/crunchbang', '/etc/gdm/gdm.conf' ] {
+ ensure => absent,
+ }
+
+ Exec['/usr/sbin/dpkg-reconfigure gdm'] {
+ command => '/bin/true',
+ }
+
+ Service['gdm'] {
+ ensure => stopped,
+ }
+
+ Package['gdm'] {
+ ensure => absent,
+ }
+}
diff --git a/manifests/subsystem/gdm3.pp b/manifests/subsystem/gdm3.pp
new file mode 100644
index 0000000..d708f6a
--- /dev/null
+++ b/manifests/subsystem/gdm3.pp
@@ -0,0 +1,20 @@
+class nodo::subsystem::gdm3 {
+ package { 'gdm3':
+ ensure => installed,
+ }
+
+ service { 'gdm3':
+ ensure => running,
+ require => Package['gdm3'],
+ }
+
+ file { '/etc/gdm3/greeter.gsettings':
+ ensure => present,
+ owner => root,
+ group => root,
+ mode => 0644,
+ notify => Service['gdm3'],
+ source => [ "puppet:///modules/site_nodo/etc/gdm3/${::domain}/greeter.gseetings",
+ "puppet:///modules/nodo/etc/gdm3/greeter.gsettings", ]
+ }
+}
diff --git a/manifests/subsystem/hosts.pp b/manifests/subsystem/hosts.pp
new file mode 100644
index 0000000..464bc0c
--- /dev/null
+++ b/manifests/subsystem/hosts.pp
@@ -0,0 +1,60 @@
+class nodo::subsystem::hosts(
+ $custom = hiera('nodo::subsystem::hosts::custom', false)
+) {
+ # Sometimes might be useful to manage the whole
+ # hosts file, see http://projects.puppetlabs.com/issues/10704
+ case $custom {
+ true: {
+ file { '/etc/hosts':
+ ensure => present,
+ owner => root,
+ group => root,
+ mode => 0640,
+ source => "puppet:///modules/site_nodo/hosts/${::fqdn}",
+ }
+ }
+ default: {
+ host { "${::hostname}":
+ ensure => present,
+ ip => "${::ipaddress}",
+ host_aliases => [ "${::fqdn}" ],
+ }
+
+ host { "localhost":
+ ensure => present,
+ ip => "127.0.0.1",
+ }
+
+ host { "ip6-localhost":
+ ensure => present,
+ ip => "::1",
+ host_aliases => [ "ip6-loopback" ],
+ }
+
+ host { "ip6-localnet":
+ ensure => present,
+ ip => "fe00::0",
+ }
+
+ host { "ip6-mcastprefix":
+ ensure => present,
+ ip => "ff00::0",
+ }
+
+ host { "ip6-allnodes":
+ ensure => present,
+ ip => "ff02::1",
+ }
+
+ host { "ip6-allrouters":
+ ensure => present,
+ ip => "ff02::2",
+ }
+
+ host { "ip6-allhosts":
+ ensure => present,
+ ip => "ff02::3",
+ }
+ }
+ }
+}
diff --git a/manifests/subsystem/initramfs.pp b/manifests/subsystem/initramfs.pp
new file mode 100644
index 0000000..acbf1b7
--- /dev/null
+++ b/manifests/subsystem/initramfs.pp
@@ -0,0 +1,39 @@
+class nodo::subsystem::initramfs(
+ $keymap = hiera('nodo::initramfs::keymap', 'absent')
+) {
+ # initramfs config
+ file { "/etc/kernel-img.conf":
+ owner => "root",
+ group => "root",
+ mode => 0644,
+ ensure => present,
+ content => "do_initrd = Yes\n",
+ }
+
+ # initramfs config
+ file { "/etc/initramfs-tools/modules":
+ owner => "root",
+ group => "root",
+ mode => 0644,
+ ensure => present,
+ source => "puppet:///modules/nodo/etc/initramfs-tools/modules",
+ }
+
+ # keymap
+ file { "/etc/initramfs-tools/conf.d/keymap.conf":
+ ensure => $keymap,
+ content => "KEYMAP=Y\n",
+ owner => "root",
+ group => "root",
+ mode => 0644,
+ }
+
+ # update initramfs when needed
+ exec { "update-initramfs -v -t -u":
+ subscribe => [ File["/etc/initramfs-tools/modules"],
+ File["/etc/modprobe.d/blacklist"],
+ File["/etc/initramfs-tools/conf.d/keymap.conf"] ],
+ refreshonly => true,
+ alias => 'update-initramfs',
+ }
+}
diff --git a/manifests/subsystem/keyboard.pp b/manifests/subsystem/keyboard.pp
new file mode 100644
index 0000000..b5241d7
--- /dev/null
+++ b/manifests/subsystem/keyboard.pp
@@ -0,0 +1,22 @@
+class nodo::subsystem::keyboard {
+ # Keyboard, see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=619711
+ file { "/etc/default/keyboard":
+ ensure => present,
+ owner => "root",
+ group => "root",
+ mode => 0644,
+ source => "puppet:///modules/site_nodo/keyboard/${::hostname}"
+ }
+
+ package { 'console-common':
+ ensure => present,
+ }
+
+ file { '/etc/console/boottime.kmap.gz':
+ ensure => present,
+ owner => "root",
+ group => "root",
+ mode => 0644,
+ source => "puppet:///modules/site_nodo/console/boottime.kmap.gz.${::hostname}"
+ }
+}
diff --git a/manifests/subsystem/locales.pp b/manifests/subsystem/locales.pp
new file mode 100644
index 0000000..c3a1f76
--- /dev/null
+++ b/manifests/subsystem/locales.pp
@@ -0,0 +1,28 @@
+class nodo::subsystem::locales {
+ package { "locales":
+ ensure => installed,
+ }
+
+ file { "/etc/default/locale":
+ source => [ "puppet:///modules/site_nodo/etc/default/locale",
+ "puppet:///modules/nodo/etc/default/locale" ],
+ ensure => present,
+ owner => root,
+ group => root,
+ mode => 0644,
+ }
+
+ file { "/etc/locale.gen":
+ source => [ "puppet:///modules/site_nodo/etc/locale.gen",
+ "puppet:///modules/nodo/etc/locale.gen" ],
+ ensure => present,
+ owner => root,
+ group => root,
+ mode => 0644,
+ }
+
+ exec { "locale-gen":
+ refreshonly => true,
+ subscribe => File["/etc/locale.gen"],
+ }
+}
diff --git a/manifests/subsystem/media/folders.pp b/manifests/subsystem/media/folders.pp
new file mode 100644
index 0000000..2fcc637
--- /dev/null
+++ b/manifests/subsystem/media/folders.pp
@@ -0,0 +1,32 @@
+class nodo::subsystem::media::folders(
+ $cache = hiera('nodo::subsystem::media::folders::cache', directory)
+) {
+ # Removable media folder
+ file { [ "/media/usb", "/media/cdrom", "/media/tablet", "/media/phone" ]:
+ ensure => directory,
+ mode => 0755,
+ }
+
+ # Media cache
+ file { "/var/cache/media":
+ ensure => $cache,
+ mode => 0755,
+ }
+
+ # Data folder is a cache
+ file { "/var/data":
+ ensure => "/var/cache/media",
+ }
+
+ # Hostname cache for general use
+ file { "/var/cache/${::hostname}":
+ ensure => directory,
+ mode => 0755,
+ }
+
+ # Link to the media cache, useful to have unique remotes
+ # for git-annex in removable media
+ file { "/var/cache/${::hostname}/media":
+ ensure => "/var/cache/media",
+ }
+}
diff --git a/manifests/subsystem/media/groups.pp b/manifests/subsystem/media/groups.pp
new file mode 100644
index 0000000..098ae67
--- /dev/null
+++ b/manifests/subsystem/media/groups.pp
@@ -0,0 +1,5 @@
+class nodo::subsystem::media::groups {
+ group { 'incoming':
+ ensure => 'present',
+ }
+}
diff --git a/manifests/subsystem/modprobe.pp b/manifests/subsystem/modprobe.pp
new file mode 100644
index 0000000..be6ec42
--- /dev/null
+++ b/manifests/subsystem/modprobe.pp
@@ -0,0 +1,28 @@
+class nodo::subsystem::modprobe {
+ # Keep firewire disabled among other things
+ case $lsbdistcodename {
+ 'lenny': {
+ file { "/etc/modprobe.d/blacklist":
+ owner => "root",
+ group => "root",
+ mode => 0644,
+ ensure => present,
+ source => "puppet:///modules/nodo/etc/modprobe.d/blacklist.conf",
+ }
+ }
+ default: {
+ # Upgrade from lenny
+ file { "/etc/modprobe.d/blacklist":
+ ensure => absent,
+ }
+
+ file { "/etc/modprobe.d/blacklist.conf":
+ owner => "root",
+ group => "root",
+ mode => 0644,
+ ensure => present,
+ source => "puppet:///modules/nodo/etc/modprobe.d/blacklist.conf",
+ }
+ }
+ }
+}
diff --git a/manifests/subsystem/monitor.pp b/manifests/subsystem/monitor.pp
new file mode 100644
index 0000000..d7fa720
--- /dev/null
+++ b/manifests/subsystem/monitor.pp
@@ -0,0 +1,26 @@
+class nodo::subsystem::monitor(
+ $type = 'vserver',
+ $use_nagios = hiera('nodo::subsystem::monitor::use_nagios', True),
+ $use_fqdn = hiera('nodo::subsystem::monitor::use_nagios_fqdn', false)
+) {
+
+ if $use_nagios != false {
+
+ if $type == 'vserver' {
+ include nagios::target::fqdn
+ nagios::service::ping { "${::fqdn}": }
+ }
+
+ if $type == 'host' or $type == 'personal' {
+ if $use_fqdn == true {
+ include nagios::target::fqdn
+ }
+ else {
+ include nagios::target
+ }
+ nagios::service::ping { "${::fqdn}": }
+ }
+
+ }
+
+}
diff --git a/manifests/subsystem/motd.pp b/manifests/subsystem/motd.pp
new file mode 100644
index 0000000..8561b38
--- /dev/null
+++ b/manifests/subsystem/motd.pp
@@ -0,0 +1,19 @@
+class nodo::subsystem::motd(
+ $network_name = hiera('nodo::motd::network_name', 'Nodo')
+) {
+ # http://projects.reductivelabs.com/issues/1915
+ file { "/var/run/motd":
+ owner => "root",
+ group => "root",
+ mode => 0644,
+ ensure => file,
+ content => "This is ${::fqdn} from the ${network_name}.\n",
+ }
+
+ file { "/etc/motd":
+ owner => "root",
+ group => "root",
+ ensure => "/var/run/motd",
+ require => File["/var/run/motd"],
+ }
+}
diff --git a/manifests/subsystem/mount.pp b/manifests/subsystem/mount.pp
new file mode 100644
index 0000000..4bf3d58
--- /dev/null
+++ b/manifests/subsystem/mount.pp
@@ -0,0 +1,15 @@
+class subsystem::mount {
+ class { autofs: }
+
+ file { '/etc/auto.removable':
+ source => [ "puppet:///modules/site_nodo/etc/${::fqdn}/auto.removable",
+ "puppet:///modules/site_nodo/etc/${::domain}/auto.removable",
+ "puppet:///modules/site_nodo/etc/auto.removable",
+ "puppet:///modules/nodo/etc/auto.removable.${::operatingssystem}",
+ "puppet:///modules/nodo/etc/auto.removable" ],
+ notify => Service[autofs],
+ owner => root,
+ group => root,
+ mode => 0644;
+ }
+}
diff --git a/manifests/subsystem/pam.pp b/manifests/subsystem/pam.pp
new file mode 100644
index 0000000..7186d0b
--- /dev/null
+++ b/manifests/subsystem/pam.pp
@@ -0,0 +1,40 @@
+class nodo::subsystem::pam(
+ $enable = hiera('nodo::pam::enable', false)
+) {
+ if $enable != false {
+
+ # Squeeze only
+ if $::lsbdistcodename == 'squeeze' {
+ # pam - login
+ file { "/etc/pam.d/login":
+ source => [ "puppet:///modules/nodo/etc/pam.d/login.${::lsbdistcodename}",
+ "puppet:///modules/nodo/etc/pam.d/login",
+ ],
+ owner => "root",
+ group => "root",
+ mode => 0644,
+ ensure => present,
+ }
+
+ # pam - gdm
+ file { "/etc/pam.d/gdm":
+ source => "puppet:///modules/nodo/etc/pam.d/gdm",
+ owner => "root",
+ group => "root",
+ mode => 0644,
+ ensure => present,
+ }
+ }
+
+ # pam - mountpoints
+ file { "/etc/security/pam_mount.conf.xml":
+ ensure => present,
+ owner => root,
+ group => root,
+ mode => 0644,
+ source => [ "puppet:///modules/site_nodo/security/pam_mount.conf.xml.${::lsbdistcodename}",
+ "puppet:///modules/site_nodo/security/pam_mount.conf.xml",
+ ],
+ }
+ }
+}
diff --git a/manifests/subsystem/profile.pp b/manifests/subsystem/profile.pp
new file mode 100644
index 0000000..b90ac65
--- /dev/null
+++ b/manifests/subsystem/profile.pp
@@ -0,0 +1,46 @@
+# Custom configuration for user profiles
+class nodo::subsystem::profile {
+ file { "/etc/screenrc":
+ source => "puppet:///modules/nodo/etc/screenrc",
+ owner => "root",
+ group => "root",
+ mode => 0644,
+ ensure => present,
+ }
+
+ # As of squeeze, custom configuration can be placed directly at
+ # /etc/profile.d, so in the future this file won't need to be
+ # managed by puppet anymore.
+ file { "/etc/profile":
+ source => [ "puppet:///modules/nodo/etc/profile.${::lsbdistcodename}",
+ "puppet:///modules/nodo/etc/profile",
+ ],
+ owner => "root",
+ group => "root",
+ mode => 0644,
+ ensure => present,
+ require => File['/usr/local/bin/prompt.sh'],
+ }
+
+ file { "/etc/bash.bashrc":
+ source => "puppet:///modules/nodo/etc/bash.bashrc",
+ owner => "root",
+ group => "root",
+ mode => 0644,
+ ensure => present,
+ require => File['/usr/local/bin/prompt.sh'],
+ }
+
+ file { "/usr/local/bin/prompt.sh":
+ source => "puppet:///modules/nodo/bin/prompt.sh",
+ owner => "root",
+ group => "root",
+ mode => 0644,
+ ensure => present,
+ }
+
+ # This is already being sourced by bash.bashrc.
+ file { "/etc/profile.d/prompt.sh":
+ ensure => absent,
+ }
+}
diff --git a/manifests/subsystem/resolver.pp b/manifests/subsystem/resolver.pp
new file mode 100644
index 0000000..46a03c6
--- /dev/null
+++ b/manifests/subsystem/resolver.pp
@@ -0,0 +1,27 @@
+class nodo::subsystem::resolver(
+ $manage = hiera('nodo::subsystem::resolver::manage', false),
+ $nameservers = hiera('nodo::subsystem::resolver::nameservers', ''),
+ $domain = hiera('nodo::subsystem::resolver::domain', $::domain),
+ $search = hiera('nodo::subsystem::resolver::search', $::fqdn)
+) {
+ # DNS resolver
+ case $manage {
+ true: {
+ package { 'resolvconf':
+ ensure => present,
+ }
+
+ file { '/etc/resolv.conf':
+ ensure => '/etc/resolvconf/run/resolv.conf',
+ require => Package['resolvconf'],
+ }
+ }
+ default: {
+ class { 'resolvconf':
+ domain => $domain,
+ search => $search,
+ nameservers => $nameservers,
+ }
+ }
+ }
+}
diff --git a/manifests/subsystem/ssh_folder.pp b/manifests/subsystem/ssh_folder.pp
new file mode 100644
index 0000000..1c6ee49
--- /dev/null
+++ b/manifests/subsystem/ssh_folder.pp
@@ -0,0 +1,11 @@
+# Base class
+class nodo::subsystem::ssh_folder {
+ if !defined(File["${home}/.ssh"]) {
+ file { "${home}/.ssh":
+ ensure => directory,
+ owner => $owner,
+ group => $group,
+ mode => 0700,
+ }
+ }
+}
diff --git a/manifests/subsystem/sudo.pp b/manifests/subsystem/sudo.pp
new file mode 100644
index 0000000..581f8ab
--- /dev/null
+++ b/manifests/subsystem/sudo.pp
@@ -0,0 +1,14 @@
+class nodo::subsystem::sudo {
+ package { "sudo":
+ ensure => "present",
+ }
+
+ file { "/etc/sudoers":
+ source => [ "puppet:///modules/site_nodo/etc/sudoers/${::hostname}",
+ "puppet:///modules/nodo/etc/sudoers" ],
+ owner => "root",
+ group => "root",
+ mode => 440,
+ require => Package["sudo"],
+ }
+}
diff --git a/manifests/subsystem/sysctl.pp b/manifests/subsystem/sysctl.pp
new file mode 100644
index 0000000..1df0348
--- /dev/null
+++ b/manifests/subsystem/sysctl.pp
@@ -0,0 +1,55 @@
+class nodo::subsystem::sysctl {
+ # Root exploit fix, see http://wiki.debian.org/mmap_min_addr
+ # Maybe this can be remove in the future or included in a sysctl puppet module
+ file { "/etc/sysctl.d/mmap_min_addr.conf":
+ owner => "root",
+ group => "root",
+ mode => 0644,
+ ensure => present,
+ content => "vm.mmap_min_addr = 4096\n",
+ }
+
+ # See http://www.linux-vserver.org/Frequently_Asked_Questions
+ file { "/etc/sysctl.d/net.ipv4.conf.all.promote_secondaries.conf":
+ owner => "root",
+ group => "root",
+ mode => 0644,
+ ensure => present,
+ content => "net.ipv4.conf.all.promote_secondaries = 1\n",
+ }
+
+ exec { "/etc/init.d/procps restart":
+ subscribe => File["/etc/sysctl.d/mmap_min_addr.conf", "/etc/sysctl.d/net.ipv4.conf.all.promote_secondaries.conf"],
+ refreshonly => true,
+ }
+
+ $printk_levels = '3 4 1 3'
+
+ file { "/etc/sysctl.d/kernel.printk.conf":
+ owner => "root",
+ group => "root",
+ mode => 0644,
+ ensure => present,
+ content => "kernel.printk = ${printk_levels}\n",
+ }
+
+ exec { "/bin/echo '${printk_levels}' > /proc/sys/kernel/printk":
+ subscribe => File["/etc/sysctl.d/kernel.printk.conf"],
+ refreshonly => true,
+ }
+}
+
+class sysctl::appliance($kernel_panic = hiera('nodo::sysctl::appliance', '20')) {
+ file { "/etc/sysctl.d/kernel.panic.conf":
+ owner => "root",
+ group => "root",
+ mode => 0644,
+ ensure => present,
+ content => "kernel.panic = ${kernel_panic}\n",
+ }
+
+ exec { "/bin/echo '${kernel_panic}' > /proc/sys/kernel/panic":
+ subscribe => File["/etc/sysctl.d/kernel.panic.conf"],
+ refreshonly => true,
+ }
+}
diff --git a/manifests/subsystem/ups.pp b/manifests/subsystem/ups.pp
new file mode 100644
index 0000000..d304418
--- /dev/null
+++ b/manifests/subsystem/ups.pp
@@ -0,0 +1,26 @@
+class nodo::subsystem::ups(
+ $include = hiera('nodo::subsystem::ups::include', false),
+ $type = hiera('nodo::subsystem::ups::type', 'usb'),
+ $cable = hiera('nodo::subsystem::ups::cable', 'usb'),
+ $dev = hiera('nodo::subsystem::ups::dev', '/dev/usb/hiddev0'),
+ $nisip = hiera('nodo::subsystem::ups::nisip', '127.0.0.1'),
+ $polltime = hiera('nodo::subsystem::ups::polltime', '60'),
+ $onbatterydelay = hiera('nodo::subsystem::ups::onbatterydelay', '6'),
+ $batterylevel = hiera('nodo::subsystem::ups::batterylevel', '5'),
+ $minutes = hiera('nodo::subsystem::ups::minutes', '3')
+) {
+ case $include {
+ true: {
+ class { "apcupsd":
+ upstype => $type,
+ cable => $cable,
+ device => $dev,
+ nisip => $nisip,
+ polltime => $polltime,
+ onbatterydelay => $onbatterydelay,
+ batterylevel => $batterylevel,
+ minutes => $minutes,
+ }
+ }
+ }
+}
diff --git a/manifests/subsystem/xorg.pp b/manifests/subsystem/xorg.pp
new file mode 100644
index 0000000..575ec69
--- /dev/null
+++ b/manifests/subsystem/xorg.pp
@@ -0,0 +1,13 @@
+class nodo::subsystem::xorg($enable = hiera('nodo::subsystem::xorg::enable', false)) {
+ if $xorg != false {
+ file { "/etc/X11/xorg.conf":
+ ensure => present,
+ owner => root,
+ group => root,
+ mode => 0644,
+ source => [ "puppet:///modules/site_nodo/X11/xorg.conf/${::hostname}.${::lsbdistcodename}",
+ "puppet:///modules/site_nodo/X11/xorg.conf/${::hostname}",
+ "puppet:///modules/site_nodo/X11/xorg.conf.default" ],
+ }
+ }
+}