aboutsummaryrefslogtreecommitdiff
path: root/manifests/subsystems
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/subsystems')
-rw-r--r--manifests/subsystems/firewall.pp2
-rw-r--r--manifests/subsystems/firewall/local.pp8
-rw-r--r--manifests/subsystems/gdm.pp2
-rw-r--r--manifests/subsystems/initramfs.pp2
-rw-r--r--manifests/subsystems/monitor.pp8
-rw-r--r--manifests/subsystems/monkeysphere.pp17
-rw-r--r--manifests/subsystems/motd.pp6
-rw-r--r--manifests/subsystems/munin.pp22
-rw-r--r--manifests/subsystems/onion.pp6
-rw-r--r--manifests/subsystems/pam.pp4
-rw-r--r--manifests/subsystems/profile.pp10
-rw-r--r--manifests/subsystems/resolver.pp8
-rw-r--r--manifests/subsystems/schroot.pp6
-rw-r--r--manifests/subsystems/sudo.pp2
-rw-r--r--manifests/subsystems/sysctl.pp18
-rw-r--r--manifests/subsystems/tunnel.pp50
-rw-r--r--manifests/subsystems/ups.pp62
-rw-r--r--manifests/subsystems/xorg.pp6
18 files changed, 103 insertions, 136 deletions
diff --git a/manifests/subsystems/firewall.pp b/manifests/subsystems/firewall.pp
index 59bc1f1..0bde7ba 100644
--- a/manifests/subsystems/firewall.pp
+++ b/manifests/subsystems/firewall.pp
@@ -1,6 +1,6 @@
# firewall definitions for physical servers
class firewall(
- $local_net = hiera('firewall::local_net', false),
+ $local_net = hiera('nodo::firewall::local_net', false),
) {
class { 'shorewall': }
diff --git a/manifests/subsystems/firewall/local.pp b/manifests/subsystems/firewall/local.pp
index c402e70..ee82563 100644
--- a/manifests/subsystems/firewall/local.pp
+++ b/manifests/subsystems/firewall/local.pp
@@ -1,8 +1,8 @@
class firewall::local(
- $network = hiera('firewall::local::network', '192.168.1.0/24'),
- $interface = hiera('firewall::local::interface', 'eth0'),
- $manage_host = hiera('firewall::local::manage_host', True),
- $manage_interface = hiera('firewall::local::manage_iface', false)
+ $network = hiera('nodo::firewall::local::network', '192.168.1.0/24'),
+ $interface = hiera('nodo::firewall::local::interface', 'eth0'),
+ $manage_host = hiera('nodo::firewall::local::manage_host', True),
+ $manage_interface = hiera('nodo::firewall::local::manage_iface', false)
) {
if $manage_host {
diff --git a/manifests/subsystems/gdm.pp b/manifests/subsystems/gdm.pp
index c7cb0ac..7dbf129 100644
--- a/manifests/subsystems/gdm.pp
+++ b/manifests/subsystems/gdm.pp
@@ -21,7 +21,7 @@ class gdm {
owner => root,
group => root,
mode => 0644,
- source => [ "puppet:///modules/site_nodo/etc/gdm/$domain/gdm.conf",
+ source => [ "puppet:///modules/site_nodo/etc/gdm/${::domain}/gdm.conf",
"puppet:///modules/nodo/etc/gdm/gdm.conf", ]
}
diff --git a/manifests/subsystems/initramfs.pp b/manifests/subsystems/initramfs.pp
index 27029c3..ed92171 100644
--- a/manifests/subsystems/initramfs.pp
+++ b/manifests/subsystems/initramfs.pp
@@ -14,7 +14,7 @@ class initramfs {
group => "root",
mode => 0644,
ensure => present,
- source => "puppet://$server/modules/nodo/etc/initramfs-tools/modules",
+ source => "puppet:///modules/nodo/etc/initramfs-tools/modules",
}
# update initramfs when needed
diff --git a/manifests/subsystems/monitor.pp b/manifests/subsystems/monitor.pp
index 3712e79..45608a9 100644
--- a/manifests/subsystems/monitor.pp
+++ b/manifests/subsystems/monitor.pp
@@ -1,14 +1,14 @@
class monitor(
- $type = 'vserver',
+ $type = 'vserver',
$use_nagios = hiera('nodo::monitor::use_nagios', True),
- $use_fqdn = hiera('nodo::monitor::use_nagios_fqdn', false)
+ $use_fqdn = hiera('nodo::monitor::use_nagios_fqdn', false)
) {
if $use_nagios != false {
if $type == 'vserver' {
include nagios::target::fqdn
- nagios::service::ping { "$fqdn": }
+ nagios::service::ping { "${::fqdn}": }
}
if $type == 'host' or $type == 'personal' {
@@ -18,7 +18,7 @@ class monitor(
else {
include nagios::target
}
- nagios::service::ping { "$fqdn": }
+ nagios::service::ping { "${::fqdn}": }
}
}
diff --git a/manifests/subsystems/monkeysphere.pp b/manifests/subsystems/monkeysphere.pp
index 8c35d13..3b55d6f 100644
--- a/manifests/subsystems/monkeysphere.pp
+++ b/manifests/subsystems/monkeysphere.pp
@@ -1,5 +1,8 @@
# Define a monkeysphere host
-define monkeysphere_host($port = '') {
+define monkeysphere_host(
+ $port = hiera('nodo::monkeysphere_host::ssh_port', ''),
+ $mail_recipient = hiera('nodo::root_mail_recipient', 'nobody')
+) {
include monkeysphere
# Ensure the server's ssh key is imported into your monkeysphere key ring
@@ -14,15 +17,5 @@ define monkeysphere_host($port = '') {
#monkeysphere::publish_server_keys { }
# Email the server key
- monkeysphere::email_server_keys { "$root_mail_recipient": }
-}
-
-class monkeysphere_nodo {
- # Monkeysphere configuration
- monkeysphere_host { "$hostname":
- port => $monkeysphere_ssh_port ? {
- false => '',
- default => $monkeysphere_ssh_port,
- }
- }
+ monkeysphere::email_server_keys { "$mail_recipient": }
}
diff --git a/manifests/subsystems/motd.pp b/manifests/subsystems/motd.pp
index c8029bf..f9ece2d 100644
--- a/manifests/subsystems/motd.pp
+++ b/manifests/subsystems/motd.pp
@@ -1,11 +1,13 @@
-class motd {
+class motd(
+ $network_name = hiera('nodo::motd::network_name', 'Nodo')
+) {
# http://projects.reductivelabs.com/issues/1915
file { "/var/run/motd":
owner => "root",
group => "root",
mode => 0644,
ensure => file,
- content => "This is $fqdn from the $network_name.\n",
+ content => "This is ${::fqdn} from the ${network_name}.\n",
}
file { "/etc/motd":
diff --git a/manifests/subsystems/munin.pp b/manifests/subsystems/munin.pp
index f29afb8..a0a534e 100644
--- a/manifests/subsystems/munin.pp
+++ b/manifests/subsystems/munin.pp
@@ -1,19 +1,17 @@
# Define a munin node
-define munin_node($port = '4949') {
+define munin_node(
+ $port = hiera('nodo::munin_node::port', '4949'),
+ $allow = hiera('nodo::munin_node::allow', ''),
+ $host = hiera('nodo::munin_node::host', '')
+) {
- case $global_munin_allow {
- '': { fail("Please set \$global_munin_allow in your site config") }
+ case $allow {
+ '': { fail("Please set nodo::munin_node::allow in your site config") }
}
- $munin_allow = $node_munin_allow ? {
- '' => "$global_munin_allow",
- default => "$node_munin_allow",
- }
-
- $munin_port = $node_munin_port ? {
- '' => "$port",
- default => "$node_munin_port",
- }
+ $munin_port = $port
+ $munin_allow = $allow
+ $munin_host = $host
include munin::client
munin::plugin { apt_all: ensure => present; }
diff --git a/manifests/subsystems/onion.pp b/manifests/subsystems/onion.pp
index ee4da16..2b03839 100644
--- a/manifests/subsystems/onion.pp
+++ b/manifests/subsystems/onion.pp
@@ -4,8 +4,8 @@ class onion {
# It's important to use a subdir from the tor datadir
# to ease backup/restore procedures as we don't mix
# hidden service data with other tor files.
- if !defined(File["$tor::daemon::data_dir/hidden"]) {
- file { "$tor::daemon::data_dir/hidden":
+ if !defined(File["${tor::daemon::data_dir}/hidden"]) {
+ file { "${tor::daemon::data_dir}/hidden":
ensure => directory,
owner => 'debian-tor',
group => 'debian-tor',
@@ -37,7 +37,7 @@ class onion::freenode inherits onion::socks {
class onion::full inherits onion::freenode {
# Currently tor management just works for debian
- case $operatingsystem {
+ case $::operatingsystem {
debian: {
include tor::polipo
}
diff --git a/manifests/subsystems/pam.pp b/manifests/subsystems/pam.pp
index 2e75ddd..d2e1559 100644
--- a/manifests/subsystems/pam.pp
+++ b/manifests/subsystems/pam.pp
@@ -2,7 +2,7 @@ class pam {
if $pam != false {
# pam - login
file { "/etc/pam.d/login":
- source => [ "puppet:///modules/nodo/etc/pam.d/login.${lsbdistcodename}",
+ source => [ "puppet:///modules/nodo/etc/pam.d/login.${::lsbdistcodename}",
"puppet:///modules/nodo/etc/pam.d/login",
],
owner => "root",
@@ -26,7 +26,7 @@ class pam {
owner => root,
group => root,
mode => 0644,
- source => [ "puppet:///modules/site_nodo/security/pam_mount.conf.xml.$lsbdistcodename",
+ source => [ "puppet:///modules/site_nodo/security/pam_mount.conf.xml.${::lsbdistcodename}",
"puppet:///modules/site_nodo/security/pam_mount.conf.xml",
],
}
diff --git a/manifests/subsystems/profile.pp b/manifests/subsystems/profile.pp
index e49e3b5..cc84ae0 100644
--- a/manifests/subsystems/profile.pp
+++ b/manifests/subsystems/profile.pp
@@ -1,7 +1,7 @@
# Custom configuration for user profiles
class profile {
file { "/etc/screenrc":
- source => "puppet://$server/modules/nodo/etc/screenrc",
+ source => "puppet:///modules/nodo/etc/screenrc",
owner => "root",
group => "root",
mode => 0644,
@@ -12,8 +12,8 @@ class profile {
# /etc/profile.d, so in the future this file won't need to be
# managed by puppet anymore.
file { "/etc/profile":
- source => [ "puppet://$server/modules/nodo/etc/profile.$lsbdistcodename",
- "puppet://$server/modules/nodo/etc/profile",
+ source => [ "puppet:///modules/nodo/etc/profile.${::lsbdistcodename}",
+ "puppet:///modules/nodo/etc/profile",
],
owner => "root",
group => "root",
@@ -23,7 +23,7 @@ class profile {
}
file { "/etc/bash.bashrc":
- source => "puppet://$server/modules/nodo/etc/bash.bashrc",
+ source => "puppet:///modules/nodo/etc/bash.bashrc",
owner => "root",
group => "root",
mode => 0644,
@@ -32,7 +32,7 @@ class profile {
}
file { "/usr/local/bin/prompt.sh":
- source => "puppet://$server/modules/nodo/bin/prompt.sh",
+ source => "puppet:///modules/nodo/bin/prompt.sh",
owner => "root",
group => "root",
mode => 0644,
diff --git a/manifests/subsystems/resolver.pp b/manifests/subsystems/resolver.pp
index 3e5c36b..2ad0cd4 100644
--- a/manifests/subsystems/resolver.pp
+++ b/manifests/subsystems/resolver.pp
@@ -1,20 +1,20 @@
-class resolver {
+class resolver($nameservers = hiera('nodo::resolver::nameservers', '')) {
# DNS resolver
- case $resolvconf_nameservers {
+ case $nameservers {
'': {
package { 'resolvconf':
ensure => present,
}
file { '/etc/resolv.conf':
- ensure => '/etc/resolvconf/run/resolv.conf',
+ ensure => '/etc/resolvconf/run/resolv.conf',
require => Package['resolvconf'],
}
}
default: {
class { 'resolvconf':
search => $::fqdn,
- nameservers => $resolvconf_nameservers,
+ nameservers => $nameservers,
}
}
}
diff --git a/manifests/subsystems/schroot.pp b/manifests/subsystems/schroot.pp
index 950cc88..58d6dee 100644
--- a/manifests/subsystems/schroot.pp
+++ b/manifests/subsystems/schroot.pp
@@ -4,17 +4,17 @@ class schroot {
}
file { '/etc/schroot/default/fstab':
- ensure => $ensure,
+ ensure => present,
owner => root,
group => root,
mode => 0644,
require => Package['schroot'],
- source => [ "puppet:///modules/site_nodo/etc/schroot/default/$fqdn/fstab",
+ source => [ "puppet:///modules/site_nodo/etc/schroot/default/${::fqdn}/fstab",
"puppet:///modules/nodo/etc/schroot/default/fstab" ]
}
define instance($instance_type = 'plain', $description, $directory, $users, $groups, $aliases, $ensure = present) {
- file { "/etc/schroot/chroot.d/$name":
+ file { "/etc/schroot/chroot.d/${name}":
ensure => $ensure,
owner => root,
group => root,
diff --git a/manifests/subsystems/sudo.pp b/manifests/subsystems/sudo.pp
index c3e18e7..4ec615c 100644
--- a/manifests/subsystems/sudo.pp
+++ b/manifests/subsystems/sudo.pp
@@ -5,7 +5,7 @@ class sudo {
}
file { "/etc/sudoers":
- source => [ "puppet:///modules/site_nodo/etc/sudoers/$hostname",
+ source => [ "puppet:///modules/site_nodo/etc/sudoers/${::hostname}",
"puppet:///modules/nodo/etc/sudoers" ],
owner => "root",
group => "root",
diff --git a/manifests/subsystems/sysctl.pp b/manifests/subsystems/sysctl.pp
index 5e6dec7..d78a0f7 100644
--- a/manifests/subsystems/sysctl.pp
+++ b/manifests/subsystems/sysctl.pp
@@ -30,10 +30,10 @@ class sysctl {
group => "root",
mode => 0644,
ensure => present,
- content => "kernel.printk = $printk_levels\n",
+ content => "kernel.printk = ${printk_levels}\n",
}
- exec { "/bin/echo '$printk_levels' > /proc/sys/kernel/printk":
+ exec { "/bin/echo '${printk_levels}' > /proc/sys/kernel/printk":
subscribe => File["/etc/sysctl.d/kernel.printk.conf"],
refreshonly => true,
}
@@ -44,28 +44,24 @@ class sysctl::laptop {
owner => "root",
group => "root",
mode => 0644,
- source => "puppet://$server/modules/nodo/etc/sysctl.d/madwifi.conf",
- ensure => $lsbdistcodename ? {
+ source => "puppet:///modules/nodo/etc/sysctl.d/madwifi.conf",
+ ensure => $::lsbdistcodename ? {
'lenny' => present,
default => absent,
},
}
}
-class sysctl::appliance {
- case $kernel_panic {
- '': { $kernel_panic = "20" }
- }
-
+class sysctl::appliance($kernel_panic = hiera('nodo::sysctl::appliance', '20') {
file { "/etc/sysctl.d/kernel.panic.conf":
owner => "root",
group => "root",
mode => 0644,
ensure => present,
- content => "kernel.panic = $kernel_panic\n",
+ content => "kernel.panic = ${kernel_panic}\n",
}
- exec { "/bin/echo '$kernel_panic' > /proc/sys/kernel/panic":
+ exec { "/bin/echo '${kernel_panic}' > /proc/sys/kernel/panic":
subscribe => File["/etc/sysctl.d/kernel.panic.conf"],
refreshonly => true,
}
diff --git a/manifests/subsystems/tunnel.pp b/manifests/subsystems/tunnel.pp
index 3756df4..763383b 100644
--- a/manifests/subsystems/tunnel.pp
+++ b/manifests/subsystems/tunnel.pp
@@ -11,20 +11,20 @@
# this define realizes all needed resources for a hosted tunnel
define tunnel_server_realize($host) {
- User <<| tag == "backupninja-$host" |>>
- File <<| tag == "backupninja-$host" |>>
- Ssh_authorized_key <<| tag == "backupninja-$host" |>>
+ User <<| tag == "backupninja-${host}" |>>
+ File <<| tag == "backupninja-${host}" |>>
+ Ssh_authorized_key <<| tag == "backupninja-${host}" |>>
}
class tunnel {
# collect all resources from hosted tunnels
- Tunnel_server_realize <<| tag == "$fqdn" |>>
+ Tunnel_server_realize <<| tag == "${::fqdn}" |>>
- define setup($ensure = present, $user = $hostname, $host, $localport, $hostport, $sshport = '22', $keytype = 'rsa') {
- $dir = "/var/backups/remote/$user.$domain"
- $tag = "backupninja-$fqdn"
- $ssh_dir = "$dir/.ssh"
+ define setup($ensure = present, $user = $hostname, $host, $localport, $hostport, $sshport = '22', $keytype = 'rsa', $root_mail_recipient = hiera('nodo::root_mail_recipient', 'nobody')) {
+ $dir = "/var/backups/remote/${user}.${::domain}"
+ $tag = "backupninja-${::fqdn}"
+ $ssh_dir = "${dir}/.ssh"
autossh::tunnel { $name:
ensure => $ensure,
@@ -37,7 +37,7 @@ class tunnel {
sshport => $sshport,
}
- if !defined(Tunnel_server_realize["${fqdn}@${real_host}"]) {
+ if !defined(Tunnel_server_realize["${::fqdn}@${real_host}"]) {
# this defines just maps that $host host an user environment for $fdqn
@@tunnel_server_realize { "${fqdn}@${real_host}":
host => $fqdn,
@@ -45,24 +45,24 @@ class tunnel {
}
}
- if !defined(File["$dir"]) {
- @@file { "$dir":
+ if !defined(File["${dir}"]) {
+ @@file { "${dir}":
ensure => directory,
mode => 0750,
owner => $user,
group => 0,
- tag => "$tag",
+ tag => "${tag}",
}
}
- if !defined(File["$ssh_dir"]) {
- @@file { "$ssh_dir":
+ if !defined(File["${ssh_dir}"]) {
+ @@file { "${ssh_dir}":
ensure => directory,
mode => 0700,
owner => $user,
group => 0,
- require => [User[$user], File["$dir"]],
- tag => "$tag",
+ require => [User[$user], File["${dir}"]],
+ tag => "${tag}",
}
}
@@ -74,21 +74,21 @@ class tunnel {
group => 0,
source => "puppet:///modules/site_keys/${user}_id_${keytype}.pub",
require => File["${ssh_dir}"],
- tag => "$tag",
+ tag => "${tag}",
}
}
- if !defined(User["$user"]) {
- @@user { "$user":
+ if !defined(User["{$user}"]) {
+ @@user { "${user}":
ensure => "present",
- comment => "$user backup sandbox",
- home => "$dir",
+ comment => "${user} backup sandbox",
+ home => "${dir}",
gid => "backupninjas",
managehome => true,
shell => "/bin/sh",
password => '*',
require => Group['backupninjas'],
- tag => "$tag"
+ tag => "${tag}"
}
}
}
@@ -108,7 +108,7 @@ class tunnel {
owner => root,
group => root,
mode => 0644,
- content => "$fqdn\n",
+ content => "${fqdn}\n",
notify => Service["nullmailer"],
}
@@ -139,8 +139,8 @@ class tunnel {
}
tunnel::setup { "smtp":
- host => "$name.$domain",
- sshport => "$sshport",
+ host => "${name}.${domain}",
+ sshport => "${sshport}",
localport => '2525',
hostport => '25',
}
diff --git a/manifests/subsystems/ups.pp b/manifests/subsystems/ups.pp
index cc6677e..47b9f13 100644
--- a/manifests/subsystems/ups.pp
+++ b/manifests/subsystems/ups.pp
@@ -1,47 +1,25 @@
-class ups {
- case $ups_type {
- '': { $ups_type = 'usb' }
- }
-
- case $ups_cable {
- '': { $ups_cable = 'usb' }
- }
-
- case $ups_dev {
- '': { $ups_dev = '/dev/usb/hiddev0' }
- }
-
- case $ups_nisip {
- '': { $ups_nisip = '127.0.0.1' }
- }
-
- case $ups_polltime {
- '': { $ups_polltime = '60' }
- }
-
- case $ups_onbatterydelay {
- '': { $ups_onbatterydelay = '6' }
- }
-
- case $ups_batterylevel {
- '': { $ups_batterylevel = '5' }
- }
-
- case $ups_minutes {
- '': { $ups_minutes = '3' }
- }
-
- case $has_ups {
+class ups(
+ $include = hiera('nodo::ups::include', false),
+ $type = hiera('nodo::ups::type', 'usb'),
+ $cable = hiera('nodo::ups::cable', 'usb'),
+ $dev = hiera('nodo::ups::dev', '/dev/usb/hiddev0'),
+ $nisip = hiera('nodo::ups::nisip', '127.0.0.1'),
+ $polltime = hiera('nodo::ups::polltime', '60'),
+ $onbatterydelay = hiera('nodo::ups::onbatterydelay', '6'),
+ $batterylevel = hiera('nodo::ups::batterylevel', '5'),
+ $minutes = hiera('nodo::ups::minutes', '3'
+) {
+ case $include {
true: {
class { "apcupsd":
- upstype => $ups_type,
- cable => $ups_cable,
- device => $ups_dev,
- nisip => $ups_nisip,
- polltime => $ups_polltime,
- onbatterydelay => $ups_onbatterydelay,
- batterylevel => $ups_batterylevel,
- minutes => $ups_minutes,
+ upstype => $type,
+ cable => $cable,
+ device => $dev,
+ nisip => $nisip,
+ polltime => $polltime,
+ onbatterydelay => $onbatterydelay,
+ batterylevel => $batterylevel,
+ minutes => $minutes,
}
}
}
diff --git a/manifests/subsystems/xorg.pp b/manifests/subsystems/xorg.pp
index 0d92cec..f90feff 100644
--- a/manifests/subsystems/xorg.pp
+++ b/manifests/subsystems/xorg.pp
@@ -1,12 +1,12 @@
-class xorg {
- # xorg
+class xorg($enable = hiera('nodo::xorg::enable', false)) {
if $xorg != false {
file { "/etc/X11/xorg.conf":
ensure => present,
owner => root,
group => root,
mode => 0644,
- source => [ "puppet:///modules/site_nodo/X11/xorg.conf/$hostname",
+ source => [ "puppet:///modules/site_nodo/X11/xorg.conf/${hostname}.${lsbdistcodename}",
+ "puppet:///modules/site_nodo/X11/xorg.conf/${hostname}",
"puppet:///modules/site_nodo/X11/xorg.conf.default" ],
}
}