diff options
Diffstat (limited to 'manifests/subsystems')
65 files changed, 0 insertions, 3374 deletions
diff --git a/manifests/subsystems/crypttab.pp b/manifests/subsystems/crypttab.pp deleted file mode 100644 index 0a9a4d1..0000000 --- a/manifests/subsystems/crypttab.pp +++ /dev/null @@ -1,15 +0,0 @@ -class crypttab( - $type, - $manage = hiera('nodo::crypttab::manage', false) -) { - if $manage == true { - file { "/etc/crypttab": - source => "puppet:///modules/nodo/etc/crypttab/${type}", - owner => "root", - group => "root", - mode => 0644, - ensure => present, - notify => Exec['update-initramfs'], - } - } -} diff --git a/manifests/subsystems/database.pp b/manifests/subsystems/database.pp deleted file mode 100644 index beedfa6..0000000 --- a/manifests/subsystems/database.pp +++ /dev/null @@ -1,52 +0,0 @@ -class database { - class { 'mysql::server': } - - # See http://www.smilecouple.org/2011/03/01/fix-out-of-resource-problem-with-mysql - file { '/etc/security/limits.d/mysql.conf': - ensure => absent, - owner => root, - group => root, - mode => 0644, - content => "mysql soft nofile 24000\nmysql hard nofile 32000\n", - } - - # Avoid Errcode: 24 - file { '/etc/mysql/conf.d/mysqld_open_files_limit.cnf': - ensure => present, - owner => root, - group => root, - mode => 0644, - content => "[mysqld]\nopen-files-limit = 500000\n", - notify => Service['mysql'], - } - - backupninja::mysql { "all_databases": - backupdir => '/var/backups/mysql', - compress => true, - sqldump => true, - sqldumpoptions => '--lock-tables --complete-insert --add-drop-table --quick --quote-names --single-transaction', - } - - # Database definitions - define instance($password, $ensure = 'present', $privileges = "all") { - include mysql::server - - mysql_database { "${name}": - ensure => $ensure, - require => Service['mysql'], - } - - mysql_user { "${name}@%": - ensure => $ensure, - password_hash => mysql_password($password), - require => Mysql_database["${name}"], - } - - if $ensure == 'present' { - mysql_grant { "${name}@%/${name}": - privileges => $privileges, - require => Mysql_user["${name}@%"], - } - } - } -} diff --git a/manifests/subsystems/dhclient.pp b/manifests/subsystems/dhclient.pp deleted file mode 100644 index 13e636e..0000000 --- a/manifests/subsystems/dhclient.pp +++ /dev/null @@ -1,17 +0,0 @@ -class dhclient( - $ensure = hiera('nodo::dhclient::manage', 'present'), - $supersede_domain = hiera('nodo::dhclient::supersede_domain', $::domain) -) { - package { 'isc-dhcp-client': - ensure => $ensure, - } - - file { '/etc/dhcp/dhclient.conf': - ensure => $ensure, - owner => root, - group => root, - mode => 0644, - require => Package['isc-dhcp-client'], - content => template('nodo/dhcp/dhclient.conf.erb'), - } -} diff --git a/manifests/subsystems/domain.pp b/manifests/subsystems/domain.pp deleted file mode 100644 index eb3551f..0000000 --- a/manifests/subsystems/domain.pp +++ /dev/null @@ -1,39 +0,0 @@ -# See -# http://prefetch.net/code/domain-check -# http://www.cyberciti.biz/tips/howto-monitor-domain-expiration-renew-date.html -# http://www.cyberciti.biz/tips/domain-check-script.html -class domain { - file { "/usr/local/bin/domain-check": - ensure => present, - owner => "root", - group => "root", - mode => 755, - source => "puppet://$server/modules/nodo/bin/domain-check", - } - - define check($interval = '60', $email = 'root', $hour = '0', - $minute = '0', $weekday = '0', - $file = false, $ensure = present) { - - $cert_check = "/usr/local/bin/domain-check -a -q -x ${interval} -e ${email}" - - case $file { - true: { - $command = "$cert_check -f ${file}" - } - false, default: { - $command = "$cert_check -d ${name}" - } - } - - cron { "domain-check-${name}": - command => "$command >/dev/null 2>&1", - user => root, - hour => $hour, - minute => $minute, - weekday => $weekday, - ensure => $ensure, - require => File["/usr/local/bin/domain-check"], - } - } -} diff --git a/manifests/subsystems/firewall.pp b/manifests/subsystems/firewall.pp deleted file mode 100644 index 221f281..0000000 --- a/manifests/subsystems/firewall.pp +++ /dev/null @@ -1,208 +0,0 @@ -# firewall definitions for physical servers -class firewall( - $local_net = hiera('nodo::firewall::local_net', false), - $in_bandwidth = hiera('nodo::firewall::in_bandwidth', '2mbit'), - $out_bandwidth = hiera('nodo::firewall::out_bandwidth', '2mbit'), - $eth0_options = hiera('nodo::firewall::eth0_options', 'tcpflags,blacklist,routefilter,nosmurfs,logmartians') -) { - class { 'shorewall': } - - $rfc1918 = $local_net ? { - true => true, - false => false, - default => false, - } - - # - # Interfaces - # - shorewall::interface { 'eth0': - zone => '-', - rfc1918 => $rfc1918, - options => $eth0_options, - } - - # - # Policy - # - shorewall::policy { 'vm-net': - sourcezone => 'vm', - destinationzone => 'net', - policy => 'ACCEPT', - order => 1, - } - - shorewall::policy { 'fw-net': - sourcezone => '$FW', - destinationzone => 'net', - policy => 'ACCEPT', - order => 2, - } - - shorewall::policy { 'fw-vm': - sourcezone => '$FW', - destinationzone => 'vm', - policy => 'ACCEPT', - order => 3, - } - - shorewall::policy { 'net-all': - sourcezone => 'net', - destinationzone => 'all', - policy => 'DROP', - order => 4, - } - - shorewall::policy { 'all-all': - sourcezone => 'all', - destinationzone => 'all', - policy => 'REJECT', - order => 90, - } - - # - # Hosts - # - shorewall::host { "eth0-subnet": - name => 'eth0:192.168.0.0/24', - zone => 'vm', - options => '', - order => '1', - } - - shorewall::host { "eth0": - name => 'eth0:0.0.0.0/0', - zone => 'net', - options => '', - order => '2', - } - - shorewall::masq { "eth0": - interface => 'eth0:!192.168.0.0/24', - source => '192.168.0.0/24', - order => '1', - } - - # - # Rules - # - shorewall::rule { 'ssh': - action => 'SSH/ACCEPT', - source => 'net', - destination => '$FW', - proto => '-', - destinationport => '-', - ratelimit => '-', - order => 100, - } - - shorewall::rule { 'ping': - action => 'Ping/ACCEPT', - source => 'net', - destination => '$FW', - proto => '-', - destinationport => '-', - ratelimit => '-', - order => 101, - } - - shorewall::rule { 'http': - action => 'HTTP/ACCEPT', - source => 'net', - destination => '$FW', - proto => '-', - destinationport => '-', - ratelimit => '-', - order => 102, - } - - # SSL computational DoS mitigation - # See http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html - shorewall::rule { 'https': - action => 'HTTPS/ACCEPT', - source => 'net', - destination => '$FW', - proto => '-', - destinationport => '-', - ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'), - order => 103, - } - - $munin_port = $node_munin_port ? { - '' => "4900", - default => "$node_munin_port", - } - - shorewall::rule { "munin": - action => 'ACCEPT', - source => 'net', - destination => '$FW', - proto => 'tcp', - destinationport => "$munin_port", - ratelimit => '-', - order => 104, - } - - # - # Zones - # - shorewall::zone { 'vm': - type => 'ipv4', - order => '2', - } - - shorewall::zone { 'net': - type => 'ipv4', - order => '3', - } - - shorewall::zone { 'loc': - type => 'ipv4', - order => 4, - } - - # - # Traffic shapping - # - shorewall::tcdevices { "eth0": - in_bandwidth => "$in_bandwidth", - out_bandwidth => "$out_bandwidth", - } - - shorewall::tcrules { "ssh-tcp": - order => "1", - source => "0.0.0.0/0", - destination => "0.0.0.0/0", - protocol => "tcp", - ports => "22", - } - - shorewall::tcrules { "ssh-udp": - order => "1", - source => "0.0.0.0/0", - destination => "0.0.0.0/0", - protocol => "udp", - ports => "22", - } - - shorewall::tcclasses { "ssh": - order => "1", - interface => "eth0", - rate => "4*full/100", - ceil => "full", - priority => "1", - } - - shorewall::tcclasses { "default": - order => "2", - interface => "eth0", - rate => "6*full/100", - ceil => "full", - priority => "2", - options => "default", - } - - if $local_net == true { - class { "firewall::local": } - } -} diff --git a/manifests/subsystems/firewall/local.pp b/manifests/subsystems/firewall/local.pp deleted file mode 100644 index f17680e..0000000 --- a/manifests/subsystems/firewall/local.pp +++ /dev/null @@ -1,47 +0,0 @@ -class firewall::local( - $network = hiera('nodo::firewall::local::network', '192.168.1.0/24'), - $interface = hiera('nodo::firewall::local::interface', 'eth0'), - $manage_host = hiera('nodo::firewall::local::manage_host', True), - $manage_interface = hiera('nodo::firewall::local::manage_iface', false) -) { - - if $manage_host { - shorewall::host { "$interface-loc": - name => "$interface:$network", - zone => 'loc', - options => '', - order => 3, - } - } - - if $manage_interface { - shorewall::interface { "$interface": - zone => 'loc', - rfc1918 => true, - dhcp => true, - options => 'routeback', - } - } - - shorewall::policy { 'loc-all': - sourcezone => 'loc', - destinationzone => 'all', - policy => 'ACCEPT', - order => 5, - } - - shorewall::policy { 'vm-loc': - sourcezone => 'vm', - destinationzone => 'loc', - policy => 'ACCEPT', - order => 6, - } - - shorewall::policy { 'fw-loc': - sourcezone => '$FW', - destinationzone => 'loc', - policy => 'ACCEPT', - order => 7, - } - -} diff --git a/manifests/subsystems/firewall/mpd.pp b/manifests/subsystems/firewall/mpd.pp deleted file mode 100644 index 5724952..0000000 --- a/manifests/subsystems/firewall/mpd.pp +++ /dev/null @@ -1,21 +0,0 @@ -class firewall::mpd { - # MPD http stream - shorewall::rule { 'mpd-http-stream': - source => 'net', - destination => '$FW', - proto => 'tcp', - destinationport => '8000', - order => 200, - action => 'ACCEPT'; - } - - # MPD client access - shorewall::rule { 'mpd-daemon': - source => 'net', - destination => '$FW', - proto => 'tcp', - destinationport => '6600', - order => 200, - action => 'ACCEPT'; - } -} diff --git a/manifests/subsystems/firewall/nas.pp b/manifests/subsystems/firewall/nas.pp deleted file mode 100644 index c6eaf72..0000000 --- a/manifests/subsystems/firewall/nas.pp +++ /dev/null @@ -1,152 +0,0 @@ -class firewall::nas { - # Basic firewall rules - include shorewall::rules::ftp - include shorewall::rules::tftp - include shorewall::rules::http - include shorewall::rules::nfsd - include shorewall::rules::rsync - include firewall::printer - include firewall::torrent - include firewall::mpd - - # Additional ports needed by NFS - # Got using rpcinfo -p and netstat -ap - shorewall::rule { 'nfs-1': - action => 'ACCEPT', - source => 'net', - destination => '$FW', - proto => 'tcp', - destinationport => '35150,43902,46661,46661,46661,50340,54814,57170,58403,59780', - ratelimit => '-', - order => 100, - } - - shorewall::rule { 'nfs-2': - action => 'ACCEPT', - source => 'net', - destination => '$FW', - proto => 'udp', - destinationport => '938,38511,43195,53081,53081,53081,38521,45238,52664,52400,60331', - ratelimit => '-', - order => 100, - } - - # See http://www.shorewall.net/samba.htm - shorewall::rule { 'samba': - action => 'SMB/ACCEPT', - source => 'net', - destination => '$FW', - proto => '-', - destinationport => '-', - ratelimit => '-', - order => 100, - } - - shorewall::rule { 'netbios-1': - action => 'ACCEPT', - source => 'net', - destination => '$FW', - proto => 'tcp', - destinationport => '137,138,139', - ratelimit => '-', - order => 100, - } - - shorewall::rule { 'netbios-2': - action => 'ACCEPT', - source => 'net', - destination => '$FW', - proto => 'udp', - destinationport => '137,138,139', - ratelimit => '-', - order => 100, - } - - # DLNA - # - # https://wiki.archlinux.org/index.php/MiniDLNA - # http://netpatia.blogspot.co.uk/2011/03/setup-your-own-dlna-server.html - # http://wiki.alpinelinux.org/wiki/IPTV_How_To - # http://mediatomb.cc/dokuwiki/faq:faq - # http://packages.debian.org/wheezy/djmount - # http://packages.debian.org/wheezy/gupnp-tools - # - # Optional: - # - # http://www.shorewall.net/UPnP.html - # - # linux-igd package - # /etc/default/linux-igd - # /etc/upnpd.conf - - shorewall::rule { "dlna-1": - action => 'ACCEPT', - source => 'net', - destination => '$FW', - proto => 'tcp,udp', - destinationport => "1900", - ratelimit => '-', - order => 102, - } - - shorewall::rule { "dlna-2": - action => 'ACCEPT', - source => 'net', - destination => '$FW', - proto => 'tcp,udp', - destinationport => "8200", - ratelimit => '-', - order => 103, - } - - shorewall::rule { "dlna-3": - action => 'allowinUPnP', - source => 'net', - destination => '$FW', - order => 104, - } - - shorewall::rule { "dlna-4": - action => 'forwardUPnP', - source => 'net', - destination => '$FW', - order => 105, - } - - # Enable multicast - augeas { 'enable_multicast': - changes => 'set /files/etc/shorewall/shorewall.conf/MULTICAST Yes', - lens => 'Shellvars.lns', - incl => '/etc/shorewall/shorewall.conf', - notify => Service[shorewall]; - } - - # DAAP - shorewall::rule { 'daap-1': - source => 'net', - destination => '$FW', - proto => 'tcp', - destinationport => '3689', - order => 300, - action => 'ACCEPT'; - } - - shorewall::rule { 'daap-2': - source => 'net', - destination => '$FW', - proto => 'udp', - destinationport => '3689', - order => 301, - action => 'ACCEPT'; - } - - # Avahi/mDNS - shorewall::rule { 'mdns': - source => 'net', - destination => '$FW', - proto => 'udp', - destinationport => '5353', - order => 400, - action => 'ACCEPT'; - } -} diff --git a/manifests/subsystems/firewall/openvpn.pp b/manifests/subsystems/firewall/openvpn.pp deleted file mode 100644 index 2d3e6d1..0000000 --- a/manifests/subsystems/firewall/openvpn.pp +++ /dev/null @@ -1,36 +0,0 @@ -class firewall::openvpn { - shorewall::zone { 'vpn': - type => 'ipv4', - order => 4, - } - - shorewall::interface { 'tun0': - zone => 'vpn', - } - - shorewall::policy { 'loc-vpn': - sourcezone => 'loc', - destinationzone => 'vpn', - policy => 'ACCEPT', - order => 20, - } - - shorewall::policy { 'vpn-loc': - sourcezone => 'vpn', - destinationzone => 'loc', - policy => 'ACCEPT', - order => 21, - } - - shorewall::policy { 'fw-vpn': - sourcezone => '$FW', - destinationzone => 'vpn', - policy => 'ACCEPT', - order => 22, - } - - shorewall::tunnel { 'openvpn': - tunnel_type => 'openvpnclient', - zone => 'net', - } -} diff --git a/manifests/subsystems/firewall/ppp.pp b/manifests/subsystems/firewall/ppp.pp deleted file mode 100644 index 3082e92..0000000 --- a/manifests/subsystems/firewall/ppp.pp +++ /dev/null @@ -1,31 +0,0 @@ -class firewall::ppp { - shorewall::zone { 'ppp': - type => 'ipv4', - order => 4, - } - - shorewall::interface { 'ppp0': - zone => 'ppp', - } - - shorewall::policy { 'loc-ppp': - sourcezone => 'loc', - destinationzone => 'ppp', - policy => 'ACCEPT', - order => 30, - } - - shorewall::policy { 'ppp-loc': - sourcezone => 'ppp', - destinationzone => 'loc', - policy => 'ACCEPT', - order => 31, - } - - shorewall::policy { 'fw-ppp': - sourcezone => '$FW', - destinationzone => 'ppp', - policy => 'ACCEPT', - order => 32, - } -} diff --git a/manifests/subsystems/firewall/printer.pp b/manifests/subsystems/firewall/printer.pp deleted file mode 100644 index b44f65a..0000000 --- a/manifests/subsystems/firewall/printer.pp +++ /dev/null @@ -1,21 +0,0 @@ -class firewall::printer { - shorewall::rule { "cups-tcp": - action => 'ACCEPT', - source => 'net', - destination => '$FW', - proto => 'tcp', - destinationport => "631", - ratelimit => '-', - order => 200, - } - - shorewall::rule { "cups-udp": - action => 'ACCEPT', - source => 'net', - destination => '$FW', - proto => 'udp', - destinationport => "631", - ratelimit => '-', - order => 201, - } -} diff --git a/manifests/subsystems/firewall/redirect.pp b/manifests/subsystems/firewall/redirect.pp deleted file mode 100644 index 7a9734a..0000000 --- a/manifests/subsystems/firewall/redirect.pp +++ /dev/null @@ -1,14 +0,0 @@ -class firewall::redirect::ssh($destinationport) { - # When the box is in an internal network and we want to provide - # and external access through a shared real IP, we have to - # redirect requests coming from another port to port 22. - shorewall::rule { "ssh-redirect-1": - action => 'DNAT', - source => 'net', - destination => "fw:$ipaddress:22", - proto => 'tcp', - destinationport => $destinationport, - ratelimit => '-', - order => $destinationport, - } -} diff --git a/manifests/subsystems/firewall/router.pp b/manifests/subsystems/firewall/router.pp deleted file mode 100644 index 7fa2db3..0000000 --- a/manifests/subsystems/firewall/router.pp +++ /dev/null @@ -1,401 +0,0 @@ -class firewall::router::http($destination, $zone = 'loc', $originaldest = $ipaddress) { - shorewall::rule { 'http-route-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:80", - proto => 'tcp', - destinationport => '80', - ratelimit => '-', - order => 600, - } - - shorewall::rule { 'http-route-2': - action => 'DNAT', - source => '$FW', - destination => "fw:$destination:80", - proto => 'tcp', - destinationport => '80', - originaldest => "$originaldest", - ratelimit => '-', - order => 601, - } -} - -class firewall::router::https($destination, $zone = 'loc', $originaldest = $ipaddress) { - shorewall::rule { 'https-route-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:443", - proto => 'tcp', - destinationport => '443', - ratelimit => '-', - order => 602, - } - - shorewall::rule { 'https-route-2': - action => 'DNAT', - source => '$FW', - destination => "fw:$destination:443", - proto => 'tcp', - destinationport => '443', - originaldest => "$originaldest", - ratelimit => '-', - order => 602, - } -} - -class firewall::router::puppetmaster($destination, $puppetmaster_port = '8140', - $puppetmaster_nonssl_port = '8141', $zone = 'loc', - $originaldest = $ipaddress) { - shorewall::rule { 'puppetmaster-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:$puppetmaster_port", - proto => 'tcp', - destinationport => "$puppetmaster_port", - ratelimit => '-', - order => 700, - } - - shorewall::rule { 'puppetmaster-2': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:$puppetmaster_port", - proto => 'udp', - destinationport => "$puppetmaster_port", - ratelimit => '-', - order => 701, - } - - shorewall::rule { 'puppetmaster-3': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:$puppetmaster_port", - proto => 'tcp', - destinationport => "$puppetmaster_port", - originaldest => "$originaldest", - ratelimit => '-', - order => 702, - } - - shorewall::rule { 'puppetmaster-4': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:$puppetmaster_port", - proto => 'udp', - destinationport => "$puppetmaster_port", - originaldest => "$originaldest", - ratelimit => '-', - order => 703, - } - - shorewall::rule { 'puppetmaster-5': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:$puppetmaster_nonssl_port", - proto => 'tcp', - destinationport => "$puppetmaster_nonssl_port", - ratelimit => '-', - order => 704, - } - - shorewall::rule { 'puppetmaster-6': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:$puppetmaster_nonssl_port", - proto => 'udp', - destinationport => "$puppetmaster_nonssl_port", - ratelimit => '-', - order => 705, - } - - shorewall::rule { 'puppetmaster-7': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:$puppetmaster_nonssl_port", - proto => 'tcp', - destinationport => "$puppetmaster_nonssl_port", - originaldest => "$originaldest", - ratelimit => '-', - order => 706, - } - - shorewall::rule { 'puppetmaster-8': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:$puppetmaster_nonssl_port", - proto => 'udp', - destinationport => "$puppetmaster_nonssl_port", - originaldest => "$originaldest", - ratelimit => '-', - order => 707, - } -} - -class firewall::router::gitd($destination, $zone = 'loc', $originaldest = $ipaddress) { - shorewall::rule { 'git-daemon-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:9418", - proto => 'tcp', - destinationport => '9418', - ratelimit => '-', - order => 800, - } - - shorewall::rule { 'git-daemon-2': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:9418", - proto => 'tcp', - destinationport => '9418', - originaldest => "$originaldest", - ratelimit => '-', - order => 801, - } -} - -class firewall::router::icecast($destination, $zone = 'loc', $originaldest = $ipaddress) { - shorewall::rule { 'icecast-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:8000", - proto => 'tcp', - destinationport => '8000', - ratelimit => '-', - order => 900, - } - - shorewall::rule { 'icecast-2': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:8000", - proto => 'tcp', - destinationport => '8000', - originaldest => "$originaldest", - ratelimit => '-', - order => 901, - } -} - -class firewall::router::mail($destination, $zone = 'loc', $originaldest = $ipaddress) { - shorewall::rule { 'mail-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:25", - proto => 'tcp', - destinationport => '25', - ratelimit => '-', - order => 1000, - } - - shorewall::rule { 'mail-2': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:25", - proto => 'tcp', - destinationport => '25', - originaldest => "$originaldest", - ratelimit => '-', - order => 1001, - } - - shorewall::rule { 'mail-3': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:993", - proto => 'tcp', - destinationport => '993', - ratelimit => '-', - order => 1002, - } - - shorewall::rule { 'mail-4': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:993", - proto => 'tcp', - destinationport => '993', - originaldest => "$originaldest", - ratelimit => '-', - order => 1003, - } - - shorewall::rule { 'mail-5': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:587", - proto => 'tcp', - destinationport => '587', - ratelimit => '-', - order => 1004, - } - - shorewall::rule { 'mail-6': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:587", - proto => 'tcp', - destinationport => '587', - originaldest => "$originaldest", - ratelimit => '-', - order => 1005, - } -} - -define firewall::router::ssh($destination, $port_orig = '22', $port_dest = '', $zone = 'loc', - $originaldest = $ipaddress) { - shorewall::rule { "ssh-$name-1": - action => 'DNAT', - source => 'net', - destination => $port_dest ? { - '' => "$zone:$destination", - default => "$zone:$destination:$port_dest", - }, - proto => 'tcp', - destinationport => "$port_orig", - ratelimit => '-', - order => "2$port_orig", - } - - shorewall::rule { "ssh-$name-2": - action => 'DNAT', - source => '$FW', - destination => $port_dest ? { - '' => "$zone:$destination", - default => "$zone:$destination:$port_dest", - }, - proto => 'tcp', - destinationport => "$port_orig", - originaldest => "$originaldest", - ratelimit => '-', - order => "2$port_orig", - } -} - -define firewall::router::munin($destination, $port_orig, $port_dest = '', $zone = 'loc', - $order = '400', $originaldest = $ipaddress) { - shorewall::rule { "munin-$name-1": - action => 'DNAT', - source => 'net', - destination => $port_dest ? { - '' => "$zone:$destination", - default => "$zone:$destination:$port_dest", - }, - proto => 'tcp', - destinationport => "$port_orig", - ratelimit => '-', - order => $order, - } - - shorewall::rule { "munin-$name-2": - action => 'DNAT', - source => '$FW', - destination => $port_dest ? { - '' => "$zone:$destination", - default => "$zone:$destination:$port_dest", - }, - proto => 'tcp', - destinationport => "$port_orig", - originaldest => "$originaldest", - ratelimit => '-', - order => $order, - } -} - -class firewall::router::torrent($destination, $zone = 'loc', $originaldest = $ipaddress) { - shorewall::rule { "torrent-tcp-1": - action => 'DNAT', - source => 'net', - destination => "$zone:$destination", - proto => 'tcp', - destinationport => "6881:6999", - ratelimit => '-', - order => 200, - } - - shorewall::rule { "torrent-tcp-2": - action => 'DNAT', - source => 'all', - destination => "$zone:$destination", - proto => 'tcp', - destinationport => "6881:6999", - originaldest => "$originaldest", - ratelimit => '-', - order => 200, - } - - shorewall::rule { "torrent-udp-1": - action => 'DNAT', - source => 'net', - destination => "$zone:$destination", - proto => 'udp', - destinationport => "6881:6999", - ratelimit => '-', - order => 201, - } - - shorewall::rule { "torrent-udp-2": - action => 'DNAT', - source => 'all', - destination => "$zone:$destination", - proto => 'udp', - destinationport => "6881:6999", - originaldest => "$originaldest", - ratelimit => '-', - order => 201, - } -} - -class firewall::router::gobby($destination, $zone = 'loc', $originaldest = $ipaddress) { - shorewall::rule { 'gobby-route-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:6523", - proto => 'tcp', - destinationport => '6523', - ratelimit => '-', - order => 600, - } - - shorewall::rule { 'gobby-route-2': - action => 'DNAT', - source => '$FW', - destination => "fw:$destination:6523", - proto => 'tcp', - destinationport => '6523', - originaldest => "$originaldest", - ratelimit => '-', - order => 601, - } -} - -# See http://www.shorewall.net/FAQ.htm#faq2 -define firewall::router::hairpinning($order = '5000', $proto = 'tcp', $port = 'www', - $external_ip = '$ETH0_IP', $interface = 'eth1', - $destination = '192.168.1.100', $source = 'eth1', - $source_zone = 'loc', $dest_zone = 'loc', - $port_dest = '') { - shorewall::masq { "routeback-$name": - interface => "$interface:$destination", - source => $source, - address => $external_ip, - proto => $proto, - port => $port, - order => $order, - } - - shorewall::rule { "routeback-$name": - action => 'DNAT', - source => $source_zone, - destination => $port_dest ? { - '' => "$dest_zone:$destination", - default => "$dest_zone:$destination:$port_dest", - }, - proto => $proto, - destinationport => $port, - ratelimit => '-', - order => $order, - originaldest => $external_ip, - } -} diff --git a/manifests/subsystems/firewall/torrent.pp b/manifests/subsystems/firewall/torrent.pp deleted file mode 100644 index 2dc8451..0000000 --- a/manifests/subsystems/firewall/torrent.pp +++ /dev/null @@ -1,21 +0,0 @@ -class firewall::torrent { - shorewall::rule { "torrent-tcp": - action => 'ACCEPT', - source => 'net', - destination => '$FW', - proto => 'tcp', - destinationport => "6881:6999", - ratelimit => '-', - order => 200, - } - - shorewall::rule { "torrent-udp": - action => 'ACCEPT', - source => 'net', - destination => '$FW', - proto => 'udp', - destinationport => "6881:6999", - ratelimit => '-', - order => 201, - } -} diff --git a/manifests/subsystems/firewall/ups.pp b/manifests/subsystems/firewall/ups.pp deleted file mode 100644 index 042fcdc..0000000 --- a/manifests/subsystems/firewall/ups.pp +++ /dev/null @@ -1,11 +0,0 @@ -class firewall::ups { - shorewall::rule { "ups": - action => 'ACCEPT', - source => 'net', - destination => '$FW', - proto => 'tcp', - destinationport => "3551", - ratelimit => '-', - order => 200, - } -} diff --git a/manifests/subsystems/firewall/vserver.pp b/manifests/subsystems/firewall/vserver.pp deleted file mode 100644 index 702acc9..0000000 --- a/manifests/subsystems/firewall/vserver.pp +++ /dev/null @@ -1,524 +0,0 @@ -class firewall::vserver::http($destination, $zone = 'vm') { - shorewall::rule { 'http-route-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:80", - proto => 'tcp', - destinationport => '80', - ratelimit => '-', - order => 600, - } - - shorewall::rule { 'http-route-2': - action => 'DNAT', - source => '$FW', - destination => "fw:$destination:80", - proto => 'tcp', - destinationport => '80', - originaldest => "$ipaddress", - ratelimit => '-', - order => 601, - } -} - -class firewall::vserver::https($destination, $zone = 'vm') { - shorewall::rule { 'https-route-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:443", - proto => 'tcp', - destinationport => '443', - ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'), - order => 602, - } - - shorewall::rule { 'https-route-2': - action => 'DNAT', - source => '$FW', - destination => "fw:$destination:443", - proto => 'tcp', - destinationport => '443', - originaldest => "$ipaddress", - ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'), - order => 602, - } -} - -class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140', $puppetmaster_nonssl_port = '8141', $zone = 'fw') { - shorewall::rule { 'puppetmaster-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:$puppetmaster_port", - proto => 'tcp', - destinationport => "$puppetmaster_port", - ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'), - order => 700, - } - - shorewall::rule { 'puppetmaster-2': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:$puppetmaster_port", - proto => 'udp', - destinationport => "$puppetmaster_port", - ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'), - order => 701, - } - - shorewall::rule { 'puppetmaster-3': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:$puppetmaster_port", - proto => 'tcp', - destinationport => "$puppetmaster_port", - originaldest => "$ipaddress", - ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'), - order => 702, - } - - shorewall::rule { 'puppetmaster-4': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:$puppetmaster_port", - proto => 'udp', - destinationport => "$puppetmaster_port", - originaldest => "$ipaddress", - ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'), - order => 703, - } - - shorewall::rule { 'puppetmaster-5': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:$puppetmaster_nonssl_port", - proto => 'tcp', - destinationport => "$puppetmaster_nonssl_port", - ratelimit => '-', - order => 704, - } - - shorewall::rule { 'puppetmaster-6': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:$puppetmaster_nonssl_port", - proto => 'udp', - destinationport => "$puppetmaster_nonssl_port", - ratelimit => '-', - order => 705, - } - - shorewall::rule { 'puppetmaster-7': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:$puppetmaster_nonssl_port", - proto => 'tcp', - destinationport => "$puppetmaster_nonssl_port", - originaldest => "$ipaddress", - ratelimit => '-', - order => 706, - } - - shorewall::rule { 'puppetmaster-8': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:$puppetmaster_nonssl_port", - proto => 'udp', - destinationport => "$puppetmaster_nonssl_port", - originaldest => "$ipaddress", - ratelimit => '-', - order => 707, - } -} - -class firewall::vserver::gitd($destination, $zone = 'fw') { - shorewall::rule { 'git-daemon-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:9418", - proto => 'tcp', - destinationport => '9418', - ratelimit => '-', - order => 800, - } - - shorewall::rule { 'git-daemon-2': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:9418", - proto => 'tcp', - destinationport => '9418', - originaldest => "$ipaddress", - ratelimit => '-', - order => 801, - } -} - -class firewall::vserver::icecast($destination, $zone = 'fw') { - shorewall::rule { 'icecast-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:8000", - proto => 'tcp', - destinationport => '8000', - ratelimit => '-', - order => 900, - } - - shorewall::rule { 'icecast-2': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:8000", - proto => 'tcp', - destinationport => '8000', - originaldest => "$ipaddress", - ratelimit => '-', - order => 901, - } -} - -class firewall::vserver::mail($destination, $zone = 'fw') { - shorewall::rule { 'mail-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:25", - proto => 'tcp', - destinationport => '25', - ratelimit => '-', - order => 1000, - } - - shorewall::rule { 'mail-2': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:25", - proto => 'tcp', - destinationport => '25', - originaldest => "$ipaddress", - ratelimit => '-', - order => 1001, - } - - shorewall::rule { 'mail-3': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:993", - proto => 'tcp', - destinationport => '993', - ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'), - order => 1002, - } - - shorewall::rule { 'mail-4': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:993", - proto => 'tcp', - destinationport => '993', - originaldest => "$ipaddress", - ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'), - order => 1003, - } - - shorewall::rule { 'mail-5': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:587", - proto => 'tcp', - destinationport => '587', - ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'), - order => 1004, - } - - shorewall::rule { 'mail-6': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:587", - proto => 'tcp', - destinationport => '587', - originaldest => "$ipaddress", - ratelimit => hiera("nodo::firewall::ssl_ratelimit", '-'), - order => 1005, - } -} - -define firewall::vserver::ssh($destination, $port_orig = '22', $port_dest = '', $zone = 'vm') { - shorewall::rule { "ssh-$name-1": - action => 'DNAT', - source => 'net', - destination => $port_dest ? { - '' => "$zone:$destination", - default => "$zone:$destination:$port_dest", - }, - proto => 'tcp', - destinationport => "$port_orig", - ratelimit => '-', - order => "2$port_orig", - } - - shorewall::rule { "ssh-$name-2": - action => 'DNAT', - source => '$FW', - destination => $port_dest ? { - '' => "fw:$destination", - default => "fw:$destination:$port_dest", - }, - proto => 'tcp', - destinationport => "$port_orig", - originaldest => "$ipaddress", - ratelimit => '-', - order => "2$port_orig", - } -} - -define firewall::vserver::munin($destination, $port_orig, $port_dest = '', $order = '400', $zone = 'fw') { - shorewall::rule { "munin-$name-1": - action => 'DNAT', - source => 'net', - destination => $port_dest ? { - '' => "$zone:$destination", - default => "$zone:$destination:$port_dest", - }, - proto => 'tcp', - destinationport => "$port_orig", - ratelimit => '-', - order => $order, - } - - shorewall::rule { "munin-$name-2": - action => 'DNAT', - source => '$FW', - destination => $port_dest ? { - '' => "$zone:$destination", - default => "$zone:$destination:$port_dest", - }, - proto => 'tcp', - destinationport => "$port_orig", - originaldest => "$ipaddress", - ratelimit => '-', - order => $order, - } -} - -class firewall::vserver::dns($destination, $zone = 'vm') { - shorewall::rule { 'dns-route-0': - action => 'DNS/ACCEPT', - source => 'net', - destination => '$FW', - proto => '-', - destinationport => '-', - ratelimit => '-', - order => 2000, - } - - shorewall::rule { 'dns-route-1': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:53", - proto => 'tcp', - destinationport => '53', - ratelimit => '-', - order => 2001, - } - - shorewall::rule { 'dns-route-2': - action => 'DNAT', - source => '$FW', - destination => "fw:$destination:53", - proto => 'tcp', - destinationport => '53', - originaldest => "$ipaddress", - ratelimit => '-', - order => 2002, - } - - shorewall::rule { 'dns-route-3': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:53", - proto => 'udp', - destinationport => '53', - ratelimit => '-', - order => 2003, - } - - shorewall::rule { 'dns-route-4': - action => 'DNAT', - source => '$FW', - destination => "fw:$destination:53", - proto => 'udp', - destinationport => '53', - originaldest => "$ipaddress", - ratelimit => '-', - order => 2004, - } -} - -class firewall::vserver::tor($destination, $zone = 'fw') { - shorewall::rule { 'tor-0': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:9001", - proto => 'tcp', - destinationport => '9001', - ratelimit => '-', - order => 2100, - } - - shorewall::rule { 'tor-1': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:9001", - proto => 'tcp', - destinationport => '9001', - originaldest => "$ipaddress", - ratelimit => '-', - order => 2101, - } - - shorewall::rule { 'tor-2': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:9030", - proto => 'tcp', - destinationport => '9030', - ratelimit => '-', - order => 2102, - } - - shorewall::rule { 'tor-3': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:9030", - proto => 'tcp', - destinationport => '9030', - originaldest => "$ipaddress", - ratelimit => '-', - order => 2103, - } -} - -class firewall::vserver::jabber($destination, $zone = 'fw') { - shorewall::rule { 'jabber-0': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:5222", - proto => 'tcp', - destinationport => '5222', - ratelimit => '-', - order => 2200, - } - - shorewall::rule { 'jabber-1': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:5223", - proto => 'tcp', - destinationport => '5223', - originaldest => "$ipaddress", - ratelimit => '-', - order => 2201, - } - - shorewall::rule { 'jabber-2': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:5269", - proto => 'tcp', - destinationport => '5269', - ratelimit => '-', - order => 2202, - } - - shorewall::rule { 'jabber-3': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:4369", - proto => 'tcp', - destinationport => '4369', - originaldest => "$ipaddress", - ratelimit => '-', - order => 2203, - } - - shorewall::rule { 'jabber-4': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:4370", - proto => 'tcp', - destinationport => '4370:4375', - originaldest => "$ipaddress", - ratelimit => '-', - order => 2204, - } -} - -class firewall::vserver::mumble($destination, $zone = 'fw') { - shorewall::rule { 'mumble-0': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:64738", - proto => 'tcp', - destinationport => '64738', - ratelimit => '-', - order => 2300, - } - - shorewall::rule { 'mumble-1': - action => 'DNAT', - source => '$FW', - destination => "$zone:$destination:64738", - proto => 'udp', - destinationport => '64738', - originaldest => "$ipaddress", - ratelimit => '-', - order => 2301, - } -} - -class firewall::vserver::gobby($destination, $zone = 'fw') { - shorewall::rule { 'gobby-0': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:6523", - proto => 'tcp', - destinationport => '6523', - ratelimit => '-', - order => 2400, - } -} - -class firewall::vserver::yacy($destination, $zone = 'fw') { - shorewall::rule { 'yacy-0': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:8090", - proto => 'tcp', - destinationport => '8090', - ratelimit => '-', - order => 2500, - } -} - -class firewall::vserver::rsync($destination, $zone = 'fw') { - shorewall::rule { 'rsync-0': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:873", - proto => 'tcp', - destinationport => '873', - ratelimit => '-', - order => 2600, - } -} - -class firewall::vserver::mdns($destination, $zone = 'fw') { - shorewall::rule { 'mdns-0': - action => 'DNAT', - source => 'net', - destination => "$zone:$destination:5353", - proto => 'tcp', - destinationport => '5353', - ratelimit => '-', - order => 2700, - } -} diff --git a/manifests/subsystems/firewall/wifi.pp b/manifests/subsystems/firewall/wifi.pp deleted file mode 100644 index 161d402..0000000 --- a/manifests/subsystems/firewall/wifi.pp +++ /dev/null @@ -1,50 +0,0 @@ -class firewall::wifi { - $rfc1918 = $shorewall_local_net ? { - true => true, - false => false, - default => false, - } - - # Default device depends if madwifi or - # built-in kernel driver is being used - $wifi_default_device = $lsbdistcodename ? { - 'lenny' => 'ath0', - default => 'wlan0', - } - - $wifi_dev = $wifi_device ? { - '' => $wifi_default_device, - default => $wifi_device, - } - - # - # Interfaces - # - shorewall::interface { "$wifi_dev": - zone => '-', - rfc1918 => $rfc1918, - } - - # - # Hosts - # - shorewall::host { "$wifi_dev-subnet": - name => "$wifi_dev:192.168.0.0/24", - zone => 'vm', - options => '', - order => 1, - } - - shorewall::host { "$wifi_dev": - name => "$wifi_dev:0.0.0.0/0", - zone => 'net', - options => '', - order => 2, - } - - shorewall::masq { "$wifi_dev": - interface => "$wifi_dev:!192.168.0.0/24", - source => '192.168.0.0/24', - order => 1, - } -} diff --git a/manifests/subsystems/firewire.pp b/manifests/subsystems/firewire.pp deleted file mode 100644 index 088e194..0000000 --- a/manifests/subsystems/firewire.pp +++ /dev/null @@ -1,9 +0,0 @@ -class firewire { - # make sure ohci1394 is not loaded - # see http://padrao.sarava.org/trac/wiki/Debian/Firewire - # see also the modprobe class - exec { "rmmod ohci1394": - unless => "/bin/sh -c 'if `grep -q ^ohci1394 /proc/modules`; then false; else true; fi'", - user => "root", - } -} diff --git a/manifests/subsystems/fstab.pp b/manifests/subsystems/fstab.pp deleted file mode 100644 index c6f2ecd..0000000 --- a/manifests/subsystems/fstab.pp +++ /dev/null @@ -1,15 +0,0 @@ -class fstab( - $type, - $manage = hiera('nodo::fstab::manage', false) -) { - if $manage == true { - file { "/etc/fstab": - source => "puppet:///modules/nodo/etc/fstab/${type}", - owner => "root", - group => "root", - mode => 0644, - ensure => present, - notify => Exec['update-initramfs'], - } - } -} diff --git a/manifests/subsystems/gdm.pp b/manifests/subsystems/gdm.pp deleted file mode 100644 index 8e7cefc..0000000 --- a/manifests/subsystems/gdm.pp +++ /dev/null @@ -1,85 +0,0 @@ -class gdm { - package { 'gdm': - ensure => installed, - } - - service { 'gdm': - ensure => running, - require => Package['gdm'], - } - - exec { '/usr/sbin/dpkg-reconfigure gdm': - subscribe => File['/etc/gdm/gdm.conf'], - user => root, - group => root, - refreshonly => true, - require => Service['gdm'], - } - - file { '/etc/gdm/gdm.conf': - ensure => present, - owner => root, - group => root, - mode => 0644, - source => [ "puppet:///modules/site_nodo/etc/gdm/${::domain}/gdm.conf", - "puppet:///modules/nodo/etc/gdm/gdm.conf", ] - } - - file { '/usr/share/gdm/themes/crunchbang': - ensure => directory, - recurse => true, - purge => true, - force => true, - owner => "root", - group => "root", - # This mode will also apply to files from the source directory - mode => 0644, - # Puppet will automatically set +x for directories - source => 'puppet:///modules/nodo/etc/gdm/themes/crunchbang', - } - - file { '/usr/share/gdm/themes/Tuxtastic': - ensure => directory, - recurse => true, - purge => true, - force => true, - owner => "root", - group => "root", - # This mode will also apply to files from the source directory - mode => 0644, - # Puppet will automatically set +x for directories - source => 'puppet:///modules/nodo/etc/gdm/themes/Tuxtastic', - } - - file { '/usr/share/gdm/themes/dasUberMini': - ensure => directory, - recurse => true, - purge => true, - force => true, - owner => "root", - group => "root", - # This mode will also apply to files from the source directory - mode => 0644, - # Puppet will automatically set +x for directories - source => 'puppet:///modules/nodo/etc/gdm/themes/dasUberMini', - } -} - -class gdm::disabled inherits gdm { - File['/usr/share/gdm/themes/dasUberMini', '/usr/share/gdm/themes/Tuxtastic', - '/usr/share/gdm/themes/crunchbang', '/etc/gdm/gdm.conf' ] { - ensure => absent, - } - - Exec['/usr/sbin/dpkg-reconfigure gdm'] { - command => '/bin/true', - } - - Service['gdm'] { - ensure => stopped, - } - - Package['gdm'] { - ensure => absent, - } -} diff --git a/manifests/subsystems/gdm3.pp b/manifests/subsystems/gdm3.pp deleted file mode 100644 index 0dfda11..0000000 --- a/manifests/subsystems/gdm3.pp +++ /dev/null @@ -1,20 +0,0 @@ -class gdm3 { - package { 'gdm3': - ensure => installed, - } - - service { 'gdm3': - ensure => running, - require => Package['gdm3'], - } - - file { '/etc/gdm3/greeter.gsettings': - ensure => present, - owner => root, - group => root, - mode => 0644, - notify => Service['gdm3'], - source => [ "puppet:///modules/site_nodo/etc/gdm3/${::domain}/greeter.gseetings", - "puppet:///modules/nodo/etc/gdm3/greeter.gsettings", ] - } -} diff --git a/manifests/subsystems/hosts.pp b/manifests/subsystems/hosts.pp deleted file mode 100644 index 9453853..0000000 --- a/manifests/subsystems/hosts.pp +++ /dev/null @@ -1,60 +0,0 @@ -class hosts( - $custom = hiera('nodo::hosts::custom', false) -) { - # Sometimes might be useful to manage the whole - # hosts file, see http://projects.puppetlabs.com/issues/10704 - case $custom { - true: { - file { '/etc/hosts': - ensure => present, - owner => root, - group => root, - mode => 0640, - source => "puppet:///modules/site_nodo/hosts/${::fqdn}", - } - } - default: { - host { "${::hostname}": - ensure => present, - ip => "${::ipaddress}", - host_aliases => [ "${::fqdn}" ], - } - - host { "localhost": - ensure => present, - ip => "127.0.0.1", - } - - host { "ip6-localhost": - ensure => present, - ip => "::1", - host_aliases => [ "ip6-loopback" ], - } - - host { "ip6-localnet": - ensure => present, - ip => "fe00::0", - } - - host { "ip6-mcastprefix": - ensure => present, - ip => "ff00::0", - } - - host { "ip6-allnodes": - ensure => present, - ip => "ff02::1", - } - - host { "ip6-allrouters": - ensure => present, - ip => "ff02::2", - } - - host { "ip6-allhosts": - ensure => present, - ip => "ff02::3", - } - } - } -} diff --git a/manifests/subsystems/initramfs.pp b/manifests/subsystems/initramfs.pp deleted file mode 100644 index 17296a2..0000000 --- a/manifests/subsystems/initramfs.pp +++ /dev/null @@ -1,39 +0,0 @@ -class initramfs( - $keymap = hiera('nodo::initramfs::keymap', 'absent') -) { - # initramfs config - file { "/etc/kernel-img.conf": - owner => "root", - group => "root", - mode => 0644, - ensure => present, - content => "do_initrd = Yes\n", - } - - # initramfs config - file { "/etc/initramfs-tools/modules": - owner => "root", - group => "root", - mode => 0644, - ensure => present, - source => "puppet:///modules/nodo/etc/initramfs-tools/modules", - } - - # keymap - file { "/etc/initramfs-tools/conf.d/keymap.conf": - ensure => $keymap, - content => "KEYMAP=Y\n", - owner => "root", - group => "root", - mode => 0644, - } - - # update initramfs when needed - exec { "update-initramfs -v -t -u": - subscribe => [ File["/etc/initramfs-tools/modules"], - File["/etc/modprobe.d/blacklist"], - File["/etc/initramfs-tools/conf.d/keymap.conf"] ], - refreshonly => true, - alias => 'update-initramfs', - } -} diff --git a/manifests/subsystems/keyboard.pp b/manifests/subsystems/keyboard.pp deleted file mode 100644 index 440f552..0000000 --- a/manifests/subsystems/keyboard.pp +++ /dev/null @@ -1,22 +0,0 @@ -class keyboard { - # Keyboard, see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=619711 - file { "/etc/default/keyboard": - ensure => present, - owner => "root", - group => "root", - mode => 0644, - source => "puppet:///modules/site_nodo/keyboard/${::hostname}" - } - - package { 'console-common': - ensure => present, - } - - file { '/etc/console/boottime.kmap.gz': - ensure => present, - owner => "root", - group => "root", - mode => 0644, - source => "puppet:///modules/site_nodo/console/boottime.kmap.gz.${::hostname}" - } -} diff --git a/manifests/subsystems/locales.pp b/manifests/subsystems/locales.pp deleted file mode 100644 index f52f100..0000000 --- a/manifests/subsystems/locales.pp +++ /dev/null @@ -1,28 +0,0 @@ -class locales { - package { "locales": - ensure => installed, - } - - file { "/etc/default/locale": - source => [ "puppet:///modules/site_nodo/etc/default/locale", - "puppet:///modules/nodo/etc/default/locale" ], - ensure => present, - owner => root, - group => root, - mode => 0644, - } - - file { "/etc/locale.gen": - source => [ "puppet:///modules/site_nodo/etc/locale.gen", - "puppet:///modules/nodo/etc/locale.gen" ], - ensure => present, - owner => root, - group => root, - mode => 0644, - } - - exec { "locale-gen": - refreshonly => true, - subscribe => File["/etc/locale.gen"], - } -} diff --git a/manifests/subsystems/media.pp b/manifests/subsystems/media.pp deleted file mode 100644 index cbe89b9..0000000 --- a/manifests/subsystems/media.pp +++ /dev/null @@ -1,38 +0,0 @@ -class media::folders( - $ensure_cache = hiera('nodo::media::folders', directory) -) { - # Removable media folder - file { [ "/media/usb", "/media/cdrom", "/media/tablet", "/media/phone" ]: - ensure => directory, - mode => 0755, - } - - # Media cache - file { "/var/cache/media": - ensure => $ensure_cache, - mode => 0755, - } - - # Data folder is a cache - file { "/var/data": - ensure => "/var/cache/media", - } - - # Hostname cache for general use - file { "/var/cache/${::hostname}": - ensure => directory, - mode => 0755, - } - - # Link to the media cache, useful to have unique remotes - # for git-annex in removable media - file { "/var/cache/${::hostname}/media": - ensure => "/var/cache/media", - } -} - -class media::groups { - group { 'incoming': - ensure => 'present', - } -} diff --git a/manifests/subsystems/modprobe.pp b/manifests/subsystems/modprobe.pp deleted file mode 100644 index 99f7879..0000000 --- a/manifests/subsystems/modprobe.pp +++ /dev/null @@ -1,28 +0,0 @@ -class modprobe { - # keep firewire disabled among other things - case $lsbdistcodename { - 'lenny': { - file { "/etc/modprobe.d/blacklist": - owner => "root", - group => "root", - mode => 0644, - ensure => present, - source => "puppet:///modules/nodo/etc/modprobe.d/blacklist.conf", - } - } - default: { - # upgrade from lenny - file { "/etc/modprobe.d/blacklist": - ensure => absent, - } - - file { "/etc/modprobe.d/blacklist.conf": - owner => "root", - group => "root", - mode => 0644, - ensure => present, - source => "puppet:///modules/nodo/etc/modprobe.d/blacklist.conf", - } - } - } -} diff --git a/manifests/subsystems/monitor.pp b/manifests/subsystems/monitor.pp deleted file mode 100644 index 45608a9..0000000 --- a/manifests/subsystems/monitor.pp +++ /dev/null @@ -1,26 +0,0 @@ -class monitor( - $type = 'vserver', - $use_nagios = hiera('nodo::monitor::use_nagios', True), - $use_fqdn = hiera('nodo::monitor::use_nagios_fqdn', false) -) { - - if $use_nagios != false { - - if $type == 'vserver' { - include nagios::target::fqdn - nagios::service::ping { "${::fqdn}": } - } - - if $type == 'host' or $type == 'personal' { - if $use_fqdn == true { - include nagios::target::fqdn - } - else { - include nagios::target - } - nagios::service::ping { "${::fqdn}": } - } - - } - -} diff --git a/manifests/subsystems/monkeysphere.pp b/manifests/subsystems/monkeysphere.pp deleted file mode 100644 index b4b21e0..0000000 --- a/manifests/subsystems/monkeysphere.pp +++ /dev/null @@ -1,20 +0,0 @@ -define monkeysphere_host( - $port = hiera('nodo::monkeysphere_host::ssh_port', ''), - $mail_recipient = hiera('mail::root_mail_recipient', 'nobody') -) { - include monkeysphere - - # Ensure the server's ssh key is imported into your monkeysphere key ring - monkeysphere::import_key { "ssh": - port => $port, - } - - # TODO - # Currently we don't have a defined policy regarding whether - # to publish all our node keys to public keyservers, so leave - # automatic publishing disabled for now. - #monkeysphere::publish_server_keys { } - - # Email the server key - monkeysphere::email_server_keys { "$mail_recipient": } -} diff --git a/manifests/subsystems/motd.pp b/manifests/subsystems/motd.pp deleted file mode 100644 index f9ece2d..0000000 --- a/manifests/subsystems/motd.pp +++ /dev/null @@ -1,19 +0,0 @@ -class motd( - $network_name = hiera('nodo::motd::network_name', 'Nodo') -) { - # http://projects.reductivelabs.com/issues/1915 - file { "/var/run/motd": - owner => "root", - group => "root", - mode => 0644, - ensure => file, - content => "This is ${::fqdn} from the ${network_name}.\n", - } - - file { "/etc/motd": - owner => "root", - group => "root", - ensure => "/var/run/motd", - require => File["/var/run/motd"], - } -} diff --git a/manifests/subsystems/mount.pp b/manifests/subsystems/mount.pp deleted file mode 100644 index 3fcee58..0000000 --- a/manifests/subsystems/mount.pp +++ /dev/null @@ -1,15 +0,0 @@ -class mount { - class { autofs: } - - file { '/etc/auto.removable': - source => [ "puppet:///modules/site_nodo/etc/${::fqdn}/auto.removable", - "puppet:///modules/site_nodo/etc/${::domain}/auto.removable", - "puppet:///modules/site_nodo/etc/auto.removable", - "puppet:///modules/nodo/etc/auto.removable.${::operatingssystem}", - "puppet:///modules/nodo/etc/auto.removable" ], - notify => Service[autofs], - owner => root, - group => root, - mode => 0644; - } -} diff --git a/manifests/subsystems/munin.pp b/manifests/subsystems/munin.pp deleted file mode 100644 index 770d551..0000000 --- a/manifests/subsystems/munin.pp +++ /dev/null @@ -1,21 +0,0 @@ -# Define a munin node -define munin_node( - $port = hiera('nodo::munin_node::port', '4949'), - $allow = hiera('nodo::munin_node::allow', ''), - $host = hiera('nodo::munin_node::host', $::fqdn), - $listen = hiera('nodo::munin_node::listen', '*') -) { - - case $allow { - '': { fail("Please set nodo::munin_node::allow in your config") } - } - - class { 'munin::client': - port => $port, - allow => $allow, - host => $host, - listen => $listen, - } - - munin::plugin { apt_all: ensure => present; } -} diff --git a/manifests/subsystems/onion.pp b/manifests/subsystems/onion.pp deleted file mode 100644 index 64a41f8..0000000 --- a/manifests/subsystems/onion.pp +++ /dev/null @@ -1,54 +0,0 @@ -class onion { - class { 'tor::daemon': } - - # It's important to use a subdir from the tor datadir - # to ease backup/restore procedures as we don't mix - # hidden service data with other tor files. - file { "${tor::daemon::data_dir}/hidden": - ensure => directory, - owner => 'debian-tor', - group => 'debian-tor', - mode => 0700, - } -} - -class onion::socks inherits onion { - # Default tor daemon configuration - tor::daemon::socks { 'socks': - port => 9050, - listen_addresses => [ '127.0.0.1' ], - } -} - -class onion::freenode inherits onion::socks { - # Freenode via Tor - # http://freenode.net/irc_servers.shtml - # http://pthree.org/2010/01/31/freenode-ssl-and-sasl-authentication-with-irssi/ - # http://freenode.net/sasl/sasl-irssi.shtml - # https://wiki.archlinux.org/index.php/Tor - tor::daemon::map_address { 'freenode': - address => '10.40.40.40', - newaddress => 'p4fsi4ockecnea7l.onion', - } -} - -class onion::ssh { - tor::daemon::hidden_service { 'ssh': - ports => [ "22 127.0.0.1:22" ], - data_dir => "${tor::daemon::data_dir}/hidden", - ensure => present, - } -} - -class onion::full inherits onion::freenode { - include onion::ssh - - # Currently tor management just works for debian - case $::operatingsystem { - debian: { - include tor::polipo - } - default: { } - } - -} diff --git a/manifests/subsystems/pam.pp b/manifests/subsystems/pam.pp deleted file mode 100644 index 206a5c3..0000000 --- a/manifests/subsystems/pam.pp +++ /dev/null @@ -1,40 +0,0 @@ -class pam( - $enable = hiera('nodo::pam::enable', false) -) { - if $enable != false { - - # Squeeze only - if $::lsbdistcodename == 'squeeze' { - # pam - login - file { "/etc/pam.d/login": - source => [ "puppet:///modules/nodo/etc/pam.d/login.${::lsbdistcodename}", - "puppet:///modules/nodo/etc/pam.d/login", - ], - owner => "root", - group => "root", - mode => 0644, - ensure => present, - } - - # pam - gdm - file { "/etc/pam.d/gdm": - source => "puppet:///modules/nodo/etc/pam.d/gdm", - owner => "root", - group => "root", - mode => 0644, - ensure => present, - } - } - - # pam - mountpoints - file { "/etc/security/pam_mount.conf.xml": - ensure => present, - owner => root, - group => root, - mode => 0644, - source => [ "puppet:///modules/site_nodo/security/pam_mount.conf.xml.${::lsbdistcodename}", - "puppet:///modules/site_nodo/security/pam_mount.conf.xml", - ], - } - } -} diff --git a/manifests/subsystems/profile.pp b/manifests/subsystems/profile.pp deleted file mode 100644 index cc84ae0..0000000 --- a/manifests/subsystems/profile.pp +++ /dev/null @@ -1,46 +0,0 @@ -# Custom configuration for user profiles -class profile { - file { "/etc/screenrc": - source => "puppet:///modules/nodo/etc/screenrc", - owner => "root", - group => "root", - mode => 0644, - ensure => present, - } - - # As of squeeze, custom configuration can be placed directly at - # /etc/profile.d, so in the future this file won't need to be - # managed by puppet anymore. - file { "/etc/profile": - source => [ "puppet:///modules/nodo/etc/profile.${::lsbdistcodename}", - "puppet:///modules/nodo/etc/profile", - ], - owner => "root", - group => "root", - mode => 0644, - ensure => present, - require => File['/usr/local/bin/prompt.sh'], - } - - file { "/etc/bash.bashrc": - source => "puppet:///modules/nodo/etc/bash.bashrc", - owner => "root", - group => "root", - mode => 0644, - ensure => present, - require => File['/usr/local/bin/prompt.sh'], - } - - file { "/usr/local/bin/prompt.sh": - source => "puppet:///modules/nodo/bin/prompt.sh", - owner => "root", - group => "root", - mode => 0644, - ensure => present, - } - - # This is already being sourced by bash.bashrc. - file { "/etc/profile.d/prompt.sh": - ensure => absent, - } -} diff --git a/manifests/subsystems/resolver.pp b/manifests/subsystems/resolver.pp deleted file mode 100644 index 94c9cb9..0000000 --- a/manifests/subsystems/resolver.pp +++ /dev/null @@ -1,27 +0,0 @@ -class resolver( - $manage = hiera('nodo::resolver::manage', false), - $nameservers = hiera('nodo::resolver::nameservers', ''), - $domain = hiera('nodo::resolver::domain', $::domain), - $search = hiera('nodo::resolver::search', $::fqdn) -) { - # DNS resolver - case $manage { - true: { - package { 'resolvconf': - ensure => present, - } - - file { '/etc/resolv.conf': - ensure => '/etc/resolvconf/run/resolv.conf', - require => Package['resolvconf'], - } - } - default: { - class { 'resolvconf': - domain => $domain, - search => $search, - nameservers => $nameservers, - } - } - } -} diff --git a/manifests/subsystems/schroot.pp b/manifests/subsystems/schroot.pp deleted file mode 100644 index 58d6dee..0000000 --- a/manifests/subsystems/schroot.pp +++ /dev/null @@ -1,26 +0,0 @@ -class schroot { - package { 'schroot': - ensure => installed, - } - - file { '/etc/schroot/default/fstab': - ensure => present, - owner => root, - group => root, - mode => 0644, - require => Package['schroot'], - source => [ "puppet:///modules/site_nodo/etc/schroot/default/${::fqdn}/fstab", - "puppet:///modules/nodo/etc/schroot/default/fstab" ] - } - - define instance($instance_type = 'plain', $description, $directory, $users, $groups, $aliases, $ensure = present) { - file { "/etc/schroot/chroot.d/${name}": - ensure => $ensure, - owner => root, - group => root, - mode => 0644, - require => Package['schroot'], - content => template('nodo/schroot/schroot.conf.erb'), - } - } -} diff --git a/manifests/subsystems/ssh.pp b/manifests/subsystems/ssh.pp deleted file mode 100644 index f15931d..0000000 --- a/manifests/subsystems/ssh.pp +++ /dev/null @@ -1,101 +0,0 @@ -# Base class -class ssh_folder { - if !defined(File["${home}/.ssh"]) { - file { "${home}/.ssh": - ensure => directory, - owner => $owner, - group => $group, - mode => 0700, - } - } -} - -# Manage ssh config for a particular user -define ssh_config($owner, $home = '/home/$owner', $ssh_localhost_auth = false) { - include ssh_folder - - file { "${home}/.ssh/config": - ensure => present, - owner => $owner, - group => $group, - mode => 0600, - require => File["${home}/.ssh"], - } - - # The NoHostAuthenticationForLocalhost ssh option might be useful - # for automated deployment environments so your ikiwiki user doesn't - # get stuck with the fingerprint confirmation prompt when pushing - # content via ssh in the first time it runs. - line { 'NoHostAuthenticationForLocalhost-${owner}': - file => "${home}/.ssh/config", - line => "NoHostAuthenticationForLocalhost yes", - ensure => $ssh_localhost_auth ? { - 'auto' => present, - 'fingerprint' => absent, - default => absent, - }, - } -} - -# Manage known_hosts for a particular user -define ssh_known_host($owner, $home = '/home/$owner', $ssh_localhost_auth = false) { - include ssh_folder - - file { "${home}/.ssh/known_hosts": - ensure => present, - owner => $owner, - group => $group, - mode => 0600, - require => File["${home}/.ssh"], - } - - # You can choose to include the host's fingeprints - # directly into the known_hosts file. - if $::sshrsakey != '' { - line { 'known_hosts-localhost-rsa-${owner}': - file => "${home}/.ssh/known_hosts", - line => "localhost ssh-rsa ${::sshrsakey}", - ensure => $ssh_localhost_auth ? { - 'fingerprint' => present, - 'auto' => undef, - default => undef, - }, - } - } - - if $::sshdsakey != '' { - line { 'known_hosts-localhost-dsa-${owner}': - file => "${home}/.ssh/known_hosts", - line => "localhost ssh-dss ${::sshdsakey}", - ensure => $ssh_localhost_auth ? { - 'fingerprint' => present, - 'auto' => undef, - default => undef, - }, - } - } - - if $::sshecdsakey != '' { - line { 'known_hosts-localhost-ecdsa-${owner}': - file => "${home}/.ssh/known_hosts", - line => "localhost ecdsa-sha2-nistp256 ${::sshedsakey}", - ensure => $ssh_localhost_auth ? { - 'fingerprint' => present, - 'auto' => undef, - default => undef, - }, - } - } -} - -define ssh_create_key($owner, $group, $keyfile = 'id_rsa', $home = '/home/$owner') { - include ssh_folder - - exec { "ssh-keygen-${owner}": - command => "ssh-keygen -t rsa -P '' -f ${home}/.ssh/${keyfile}", - creates => "${home}/.ssh/${keyfile}", - user => $owner, - group => $group, - require => File["${home}/.ssh"], - } -} diff --git a/manifests/subsystems/sudo.pp b/manifests/subsystems/sudo.pp deleted file mode 100644 index 4ec615c..0000000 --- a/manifests/subsystems/sudo.pp +++ /dev/null @@ -1,15 +0,0 @@ -class sudo { - - package { "sudo": - ensure => "present", - } - - file { "/etc/sudoers": - source => [ "puppet:///modules/site_nodo/etc/sudoers/${::hostname}", - "puppet:///modules/nodo/etc/sudoers" ], - owner => "root", - group => "root", - mode => 440, - require => Package["sudo"], - } -} diff --git a/manifests/subsystems/sysctl.pp b/manifests/subsystems/sysctl.pp deleted file mode 100644 index e434008..0000000 --- a/manifests/subsystems/sysctl.pp +++ /dev/null @@ -1,55 +0,0 @@ -class sysctl { - # root exploit fix, see http://wiki.debian.org/mmap_min_addr - # TODO: remove in the future or use a sysctl puppet module - file { "/etc/sysctl.d/mmap_min_addr.conf": - owner => "root", - group => "root", - mode => 0644, - ensure => present, - content => "vm.mmap_min_addr = 4096\n", - } - - # see http://www.linux-vserver.org/Frequently_Asked_Questions - file { "/etc/sysctl.d/net.ipv4.conf.all.promote_secondaries.conf": - owner => "root", - group => "root", - mode => 0644, - ensure => present, - content => "net.ipv4.conf.all.promote_secondaries = 1\n", - } - - exec { "/etc/init.d/procps restart": - subscribe => File["/etc/sysctl.d/mmap_min_addr.conf", "/etc/sysctl.d/net.ipv4.conf.all.promote_secondaries.conf"], - refreshonly => true, - } - - $printk_levels = '3 4 1 3' - - file { "/etc/sysctl.d/kernel.printk.conf": - owner => "root", - group => "root", - mode => 0644, - ensure => present, - content => "kernel.printk = ${printk_levels}\n", - } - - exec { "/bin/echo '${printk_levels}' > /proc/sys/kernel/printk": - subscribe => File["/etc/sysctl.d/kernel.printk.conf"], - refreshonly => true, - } -} - -class sysctl::appliance($kernel_panic = hiera('nodo::sysctl::appliance', '20')) { - file { "/etc/sysctl.d/kernel.panic.conf": - owner => "root", - group => "root", - mode => 0644, - ensure => present, - content => "kernel.panic = ${kernel_panic}\n", - } - - exec { "/bin/echo '${kernel_panic}' > /proc/sys/kernel/panic": - subscribe => File["/etc/sysctl.d/kernel.panic.conf"], - refreshonly => true, - } -} diff --git a/manifests/subsystems/tunnel.pp b/manifests/subsystems/tunnel.pp deleted file mode 100644 index 47384df..0000000 --- a/manifests/subsystems/tunnel.pp +++ /dev/null @@ -1,148 +0,0 @@ -# autossh tunnel interface -# -# TODO: User handling should be put somewhere. Here we are duplicating -# code from backupninja module. Further developments should consider -# have an unified user handling, maybe at puppet-user. -# -# For now, it's important to preserve the 'backupninja-' like tag -# otherwise the behavior of this code will conflict with backupninja -# and we'll see strange things like exported resources not being -# realized. - -# this define realizes all needed resources for a hosted tunnel -define tunnel_server_realize($host) { - User <<| tag == "backupninja-${host}" |>> - File <<| tag == "backupninja-${host}" |>> - Ssh_authorized_key <<| tag == "backupninja-${host}" |>> -} - -class tunnel { - - # collect all resources from hosted tunnels - Tunnel_server_realize <<| tag == "${::fqdn}" |>> - - define setup($ensure = present, $user = $hostname, $host, $localport, $hostport, $sshport = '22', $keytype = 'rsa', $root_mail_recipient = hiera('mail::root_mail_recipient', 'nobody')) { - $dir = "/var/backups/remote/${user}.${::domain}" - $tag = "backupninja-${::fqdn}" - $ssh_dir = "${dir}/.ssh" - - autossh::tunnel { $name: - ensure => $ensure, - user => 'root', - remote_user => $user, - port => $localport, - hostport => $hostport, - host => $host, - remote_host => $host, - sshport => $sshport, - } - - if !defined(Tunnel_server_realize["${::hostname}@${host}"]) { - # this defines just maps that $host host an user environment for $fdqn - @@tunnel_server_realize { "${::hostname}@${host}": - host => $::fqdn, - tag => $host, - } - } - - if !defined(File["${dir}"]) { - @@file { "${dir}": - ensure => directory, - mode => 0750, - owner => $user, - group => 0, - tag => "${tag}", - } - } - - if !defined(File["${ssh_dir}"]) { - @@file { "${ssh_dir}": - ensure => directory, - mode => 0700, - owner => $user, - group => 0, - require => [User[$user], File["${dir}"]], - tag => "${tag}", - } - } - - if !defined(File["${ssh_dir}/authorized_keys"]) { - @@file { "${ssh_dir}/authorized_keys": - ensure => present, - mode => 0644, - owner => 0, - group => 0, - source => "puppet:///modules/site_keys/${user}_id_${keytype}.pub", - require => File["${ssh_dir}"], - tag => "${tag}", - } - } - - if !defined(User["{$user}"]) { - @@user { "${user}": - ensure => "present", - comment => "${user} backup sandbox", - home => "${dir}", - gid => "backupninjas", - managehome => true, - shell => "/bin/sh", - password => '*', - require => Group['backupninjas'], - tag => "${tag}" - } - } - } - - define mail ($sshport = '22') { - package { "nullmailer": - ensure => installed, - } - - service { "nullmailer": - ensure => 'running', - require => Package['nullmailer'], - } - - file { "/etc/mailname": - ensure => present, - owner => root, - group => root, - mode => 0644, - content => "${::fqdn}\n", - notify => Service["nullmailer"], - } - - file { "/etc/nullmailer": - ensure => directory, - owner => root, - group => root, - mode => 0755, - } - - file { "/etc/nullmailer/remotes": - ensure => present, - owner => root, - group => root, - mode => 0644, - content => "localhost smtp --port=2525\n", - notify => Service["nullmailer"], - require => File["/etc/nullmailer"], - } - - file { "/etc/nullmailer/adminaddr": - ensure => present, - owner => root, - group => root, - mode => 0644, - content => "$root_mail_recipient\n", - require => File["/etc/nullmailer"], - } - - tunnel::setup { "smtp": - host => "${name}.${::domain}", - sshport => "${sshport}", - localport => '2525', - hostport => '25', - } - } -} diff --git a/manifests/subsystems/ups.pp b/manifests/subsystems/ups.pp deleted file mode 100644 index 184be46..0000000 --- a/manifests/subsystems/ups.pp +++ /dev/null @@ -1,26 +0,0 @@ -class ups( - $include = hiera('nodo::ups::include', false), - $type = hiera('nodo::ups::type', 'usb'), - $cable = hiera('nodo::ups::cable', 'usb'), - $dev = hiera('nodo::ups::dev', '/dev/usb/hiddev0'), - $nisip = hiera('nodo::ups::nisip', '127.0.0.1'), - $polltime = hiera('nodo::ups::polltime', '60'), - $onbatterydelay = hiera('nodo::ups::onbatterydelay', '6'), - $batterylevel = hiera('nodo::ups::batterylevel', '5'), - $minutes = hiera('nodo::ups::minutes', '3') -) { - case $include { - true: { - class { "apcupsd": - upstype => $type, - cable => $cable, - device => $dev, - nisip => $nisip, - polltime => $polltime, - onbatterydelay => $onbatterydelay, - batterylevel => $batterylevel, - minutes => $minutes, - } - } - } -} diff --git a/manifests/subsystems/utils.pp b/manifests/subsystems/utils.pp deleted file mode 100644 index 09487bd..0000000 --- a/manifests/subsystems/utils.pp +++ /dev/null @@ -1,36 +0,0 @@ -# Common utilities -class utils { - package { [ 'screen', 'less', 'bzip2', 'openssl', 'lynx', 'wget', 'unzip', - 'nmap', 'telnet', 'tree', 'whois', 'dosfstools', 'dnsutils', 'logcheck-database', - 'bc', 'lsof', 'wipe', 'vrms', 'nsca-client', 'logcheck', 'vim-nox' ]: - ensure => installed, - } - - if !defined(Package['git-core']) { - package { 'git-core': - ensure => installed, - } - } - - # Editor alternative - file { "/etc/alternatives/editor": - ensure => "/usr/bin/vi", - owner => root, - group => root, - } - - # Ensure we have the minimum augeas version required by shorewall module - package { - 'libaugeas0': - ensure => $::lsbdistcodename ? { - 'squeeze' => '0.10.0-1~bpo60+3', - default => installed, - }; - 'augeas-tools': - ensure => $::lsbdistcodename ? { - 'squeeze' => '0.10.0-1~bpo60+3', - default => installed, - }, - require => Package['libaugeas0']; - } -} diff --git a/manifests/subsystems/utils/debian.pp b/manifests/subsystems/utils/debian.pp deleted file mode 100644 index be4b4ad..0000000 --- a/manifests/subsystems/utils/debian.pp +++ /dev/null @@ -1,17 +0,0 @@ -class utils::personal::debian { - # System - package { [ 'libpam-mount', 'ecryptfs-utils', 'gawk', - 'laptop-detect', 'syslinux', 'ack-grep', 'mtp-tools' ]: - ensure => installed, - } - - # Misc - package { [ 'fortunes-br', 'recode', 'p7zip-full', 'funcoeszz', 'detox' ]: - ensure => installed, - } - - # Non-free, old, buggy or absent in newer releases - package { [ 'mtpfs', 'unrar', 'figlet' ]: - ensure => purged, - } -} diff --git a/manifests/subsystems/utils/desktop.pp b/manifests/subsystems/utils/desktop.pp deleted file mode 100644 index 22dd2ed..0000000 --- a/manifests/subsystems/utils/desktop.pp +++ /dev/null @@ -1,6 +0,0 @@ -# Common utilities for desktop -class utils::desktop { - package { 'cups': - ensure => installed, - } -} diff --git a/manifests/subsystems/utils/development.pp b/manifests/subsystems/utils/development.pp deleted file mode 100644 index 7d1e19a..0000000 --- a/manifests/subsystems/utils/development.pp +++ /dev/null @@ -1,28 +0,0 @@ -class utils::development { - # Development - package { [ 'debhelper', 'gitk', 'git-gui', 'subversion', 'python-stdeb', - 'fakeroot', 'dupload', 'autotools-dev', 'dh-make', 'doxygen', - 'tig', 'mercurial', 'exuberant-ctags', 'reportbug', 'debian-keyring', - 'devscripts', 'pbuilder', 'build-essential', 'pnopaste-cli', 'agave', - 'cdbs', 'dh-buildinfo', 'quilt', 'dpatch', 'dput', - 'bzr', 'debian-goodies', 'debirf', 'xorriso', 'dh-autoreconf', - 'unetbootin', 'git-buildpackage', 'gem2deb', 'python-setuptools', 'python-virtualenv', - 'ditz', 'mr', 'puppet-lint', 'kpartx', 'openocd' ]: - ensure => installed, - } - - include utils::storage::archive -} - -class utils::development::virtual { - package { 'vagrant': - ensure => $::lsbdistcodename ? { - 'squeeze' => absent, - default => present, - } - } - - package { [ 'virtualbox-guest-additions-iso', 'virtualbox-fuse', 'qemu', 'qemu-kvm' ]: - ensure => present, - } -} diff --git a/manifests/subsystems/utils/dns.pp b/manifests/subsystems/utils/dns.pp deleted file mode 100644 index 3c7c422..0000000 --- a/manifests/subsystems/utils/dns.pp +++ /dev/null @@ -1,5 +0,0 @@ -class utils::dns { - package { 'dnstop': - ensure => installed, - } -} diff --git a/manifests/subsystems/utils/firmware.pp b/manifests/subsystems/utils/firmware.pp deleted file mode 100644 index b0bf9ca..0000000 --- a/manifests/subsystems/utils/firmware.pp +++ /dev/null @@ -1,11 +0,0 @@ -class utils::firmware { - package { 'firmware-linux': - ensure => installed, - } -} - -class utils::firmware::realtek { - package { 'firmware-realtek': - ensure => installed, - } -} diff --git a/manifests/subsystems/utils/hamradio.pp b/manifests/subsystems/utils/hamradio.pp deleted file mode 100644 index e4ded0a..0000000 --- a/manifests/subsystems/utils/hamradio.pp +++ /dev/null @@ -1,5 +0,0 @@ -class utils::hamradio { - package { 'aldo': - ensure => present, - } -} diff --git a/manifests/subsystems/utils/interface.pp b/manifests/subsystems/utils/interface.pp deleted file mode 100644 index b19456d..0000000 --- a/manifests/subsystems/utils/interface.pp +++ /dev/null @@ -1,30 +0,0 @@ -class utils::interface { - # Interface - package { [ 'awesome', 'eterm', 'weather-util', 'gnome-terminal', 'conky', - 'xterm', 'bash-completion', 'tmux', 'xscreensaver', 'thunar', - 'mc', 'gtk-theme-switch', 'gtk-smooth-themes', 'rxvt', 'lxappearance', - 'xtitle', 'xclip', 'pcmanfm', 'awesome-extra', 'numlockx', - 'x11-apps' ]: - ensure => installed, - } - - # Old stuff - package { [ 'conkyforecast', 'fluxbox' ]: - ensure => absent, - } - - # Fonts - package { [ 'xfonts-terminus', 'ttf-bitstream-vera', 'ttf-inconsolata' ]: - ensure => installed, - } - - package { 'rxvt-unicode': - ensure => present, - # We need a workaround for this: - # http://packages.debian.org/search?keywords=screen&searchon=names&suite=all§ion=all&sourceid=mozilla-search - #name => $lsbdistcodename ? { - # 'squeeze' => 'rxvt-unicode', - # default => 'rxvt-unicode-256color', - #} - } -} diff --git a/manifests/subsystems/utils/java.pp b/manifests/subsystems/utils/java.pp deleted file mode 100644 index 15668c3..0000000 --- a/manifests/subsystems/utils/java.pp +++ /dev/null @@ -1,18 +0,0 @@ -class utils::java { - # Java - package { [ 'sun-java6-jre' ]: - ensure => absent, - } - - package { 'default-jre': - ensure => present, - } - - # Java alternative - file { "/etc/alternatives/java": - ensure => "/usr/lib/jvm/java-6-openjdk/jre/bin/java", - owner => root, - group => root, - require => Package['default-jre'], - } -} diff --git a/manifests/subsystems/utils/laptop.pp b/manifests/subsystems/utils/laptop.pp deleted file mode 100644 index 1f962d3..0000000 --- a/manifests/subsystems/utils/laptop.pp +++ /dev/null @@ -1,45 +0,0 @@ -# Common utilities for laptop -class utils::laptop { - case $::operatingsystem { - debian: { - include utils::laptop::debian - } - default: { } - } -} - -# Common utilities for debian laptops -class utils::laptop::debian { - package { [ 'cpufrequtils', 'module-assistant', 'wireless-tools', - 'wpasupplicant', 'ekiga', 'mumble', - 'revelation', 'arp-scan', 'usb-modeswitch', - 'iw', 'wvdial', 'wavemon', - 'btscanner', 'laptop-mode-tools', 'acpi-support', - 'tftp', 'sharutils', 'wireshark', - 'macchanger', 'weplab', 'wpagui', - 'gnokii' ]: - ensure => installed, - } - - # Wicd - package { [ 'wicd', 'wicd-curses', 'wicd-gtk' ]: - ensure => installed, - } - - # Wheezy specific packages - package { 'network-manager': - ensure => $::lsbdistcodename ? { - 'squeeze' => absent, - default => absent, - } - } - - # Squeeze specific packages - package { [ 'kismet' ]: - ensure => $::lsbdistcodename ? { - 'squeeze' => installed, - default => absent, - } - } - -} diff --git a/manifests/subsystems/utils/multimedia.pp b/manifests/subsystems/utils/multimedia.pp deleted file mode 100644 index 83bd70e..0000000 --- a/manifests/subsystems/utils/multimedia.pp +++ /dev/null @@ -1,67 +0,0 @@ -# Multimedia utilities -class utils::multimedia::studio { - package { [ 'ardour', 'hydrogen', ]: - ensure => installed, - } -} - -class utils::multimedia::ripper { - # CD writers and extractors - package { [ 'ripit', 'asunder', 'wodim', 'genisoimage', 'dvd+rw-tools' ]: - ensure => installed, - } -} - -class utils::multimedia { - # Multimedia - package { [ 'alsa-tools-gui', 'mp3blaster', 'alsa-utils', 'netpbm', - 'gqview', 'mpg123', 'audacious', 'qjackctl', - 'gimp', 'xine-ui', 'v4l-utils', 'inkscape', - 'easytag', 'gstreamer-tools', 'vlc', 'audacity', - 'opencubicplayer', 'youtube-dl', 'mencoder', 'libasound2-plugins', - 'cbrpager', 'llgal', 'darksnow', 'mplayer', - 'picard', 'ffmpeg2theora', 'oggfwd', 'jhead', - 'pavucontrol' ]: - ensure => installed, - } - - # Old stuff - package { [ 'flashplugin-nonfree', 'amarok', 'moc', 'cmus' ]: - ensure => purged, - } - - # Squeeze only - package { [ 'tucan', 'orpheus' ]: - ensure => $::lsbdistcodename ? { - 'squeeze' => installed, - default => purged, - } - } - - # Wheezy onwards - package { 'landell': - ensure => $::lsbdistcodename ? { - 'squeeze' => absent, - default => installed, - } - } - - # Flash - package { 'browser-plugin-gnash': - ensure => installed, - } - - # Flash alternative - file { "/etc/alternatives/flash-mozilla.so": - ensure => "/usr/lib/gnash/libgnashplugin.so", - owner => root, - group => root, - require => Package['flashplugin-nonfree'], - } -} - -class utils::multimedia::mediacenter { - package { [ 'xbmc', 'upnp-inspector', 'gupnp-tools' ]: - ensure => present, - } -} diff --git a/manifests/subsystems/utils/network.pp b/manifests/subsystems/utils/network.pp deleted file mode 100644 index 9c60341..0000000 --- a/manifests/subsystems/utils/network.pp +++ /dev/null @@ -1,146 +0,0 @@ -class utils::network::irssi { - package { [ 'irssi', 'bitlbee', 'irssi-scripts' ]: - ensure => installed, - } - - # See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695150 - #package { 'irssi-plugin-otr': - # ensure => installed, - #} - - # These are needed by the cap_sasl.pl irssi plugin - package { [ 'libcrypt-blowfish-perl', 'libcrypt-dh-perl', 'libcrypt-openssl-bignum-perl' ]: - ensure => installed, - } - - # Not on wheezy - package { 'irssi-plugin-silc': - ensure => $::lsbdistcodename ? { - 'wheezy' => absent, - default => present, - } - } -} - -class utils::network::torrent { - package { [ 'rtorrent' ]: - ensure => installed, - } -} - -class utils::network::minimal { - include utils::network::irssi - include utils::network::torrent - - package { 'unison': - ensure => installed, - } - - # For backwards compatibility - # See addversionno unison config parameter - package { 'unison2.32.52': - ensure => $::lsbdistcodename ? { - 'wheezy' => present, - default => absent, - } - } -} - -class utils::network inherits utils::network::minimal { - # Network - package { [ 'mutt', 'offlineimap', - 'newsbeuter', 'nicotine', 'sshfs', - 'bogofilter', 'fetchmail', 'procmail', - 'msmtp', 'mairix', 'notmuch-mutt', - 'links', 'gftp', 'iceweasel', - 'openvpn', 'pssh', 'mutt-patched', - 'pidgin', 'pidgin-encryption', 'pidgin-openpgp', - 'pidgin-otr', 'pidgin-privacy-please', 'pidgin-plugin-pack', - 'sslscan', 'muttprofile', 'connect-proxy', - 'avahi-discover', 'mdns-scan' ]: - ensure => installed, - } - - # Fix: ensure that fetchmail is not a service - service { 'fetchmail': - ensure => stopped, - enable => false, - require => Package['fetchmail'], - } - - # Old packages - # About firegpg, see http://tails.boum.org/bugs/FireGPG_may_be_unsafe/ - package { [ 'silc', 'twinkle', 'konqueror', 'transmission', 'amule', 'epiphany-browser', - 'bittorrent', 'bittornado', 'xul-ext-firegpg' ]: - ensure => absent, - } - - # Squeeze (or newer) packages - if $::lsbdistcodename != 'lenny' { - package { [ 'xul-ext-monkeysphere', 'chromium-browser', 'libical-parser-perl', - 'maildir-utils', 'icedtea6-plugin', 'xul-ext-adblock-plus', - 'xul-ext-noscript', 'xul-ext-firebug' ]: - ensure => installed, - } - - # Not using right now - package { [ 'xul-ext-torbutton', 'vidalia', 'xul-ext-perspectives', 'xul-ext-greasemonkey' ]: - ensure => absent, - } - } - - # Wheezy (or newer) packages - if $::lsbdistcodename != 'squeeze' { - package { [ 'xul-ext-pentadactyl', 'xul-ext-https-everywhere', 'xul-ext-certificatepatrol', - 'xul-ext-cookie-monster', 'xul-ext-refcontrol', 'xul-ext-quickproxy', - 'xul-ext-requestpolicy' ]: - ensure => installed, - } - - package { [ 'torchat' ]: - ensure => installed, - } - } - - # Lenny only - package { [ 'mozilla-firefox-adblock' ]: - ensure => $::lsbdistcodename ? { - 'lenny' => present, - default => absent, - }, - } - - # Browser alternative - file { "/etc/alternatives/x-www-browser": - ensure => "/usr/bin/iceweasel", - owner => root, - group => root, - require => Package['iceweasel'], - } - - # Browser alternative: manpage - file { "/etc/alternatives/x-www-browser.1.gz": - ensure => "/usr/share/man/man1/iceweasel.1.gz", - owner => root, - group => root, - require => Package['iceweasel'], - } -} - -class utils::network::analyzer { - package { [ 'tshark' ]: - ensure => installed, - } -} - -class utils::network::samba { - package { [ 'smbclient', 'cifs-utils' ]: - ensure => installed, - } -} - -class utils::network::nfs { - package { 'nfs-common': - ensure => installed, - } -} diff --git a/manifests/subsystems/utils/office.pp b/manifests/subsystems/utils/office.pp deleted file mode 100644 index 0b4ca19..0000000 --- a/manifests/subsystems/utils/office.pp +++ /dev/null @@ -1,29 +0,0 @@ -class utils::office { - # Office - package { [ 'wyrd', 'vim-gtk', 'gobby', - 'sc', 'antiword', 'dia', - 'kalarm', 'texlive-latex-base', 'texlive-latex-recommended', - 'texlive-latex-extra', 'pandoc', 'gnumeric', - 'cups-client', 'hplip', 'cups-bsd', - 'gnucash', 'worklog', 'pdftk', - 'calibre', 'fbreader', 'gobby-0.5', - 'mat', 'evince-gtk', 'jekyll' ]: - ensure => installed, - } - - # Squeeze only - package { 'broffice.org': - ensure => $::lsbdistcodename ? { - 'squeeze' => installed, - default => absent, - } - } - - # Wheezy onwards - package { 'libreoffice': - ensure => $::lsbdistcodename ? { - 'squeeze' => absent, - default => installed, - } - } -} diff --git a/manifests/subsystems/utils/personal.pp b/manifests/subsystems/utils/personal.pp deleted file mode 100644 index fe6fb89..0000000 --- a/manifests/subsystems/utils/personal.pp +++ /dev/null @@ -1,20 +0,0 @@ -# Common utilities for personal -class utils::personal { - case $::operatingsystem { - debian: { - include utils::personal::debian - } - default: { } - } -} - -class utils::personal::bundle { - include utils::office - include utils::interface - include utils::network - include utils::development - include utils::security - include utils::multimedia - include utils::ruby - include utils::java -} diff --git a/manifests/subsystems/utils/physical.pp b/manifests/subsystems/utils/physical.pp deleted file mode 100644 index 3fbd28c..0000000 --- a/manifests/subsystems/utils/physical.pp +++ /dev/null @@ -1,13 +0,0 @@ -# Common utilities for physical -class utils::physical { - package { [ 'nload', 'acpid', 'slurm', 'ethtool', 'parted', 'iftop', 'iptraf', 'htop', 'sdparm' ]: - ensure => installed, - } - - package { 'acpi': - ensure => $::architecture ? { - 'armv5tel' => absent, - default => present, - } - } -} diff --git a/manifests/subsystems/utils/plug.pp b/manifests/subsystems/utils/plug.pp deleted file mode 100644 index e018f10..0000000 --- a/manifests/subsystems/utils/plug.pp +++ /dev/null @@ -1,6 +0,0 @@ -# Common utilities for plug computers -class utils::plug { - package { [ 'mtd-utils', 'cryptsetup', 'u-boot', 'smartmontools' ]: - ensure => installed, - } -} diff --git a/manifests/subsystems/utils/ruby.pp b/manifests/subsystems/utils/ruby.pp deleted file mode 100644 index 8923ff0..0000000 --- a/manifests/subsystems/utils/ruby.pp +++ /dev/null @@ -1,45 +0,0 @@ -class utils::ruby { - # Gem packages - package { 'capistrano': - ensure => installed, - provider => $::lsbdistcodename ? { - 'squeeze' => gem, - default => apt, - }, - require => Package['rubygems'], - } - - # Gem packages - package { 'slideshow': - ensure => installed, - provider => gem, - require => Package['rubygems'], - } - - if !defined(Package['ruby']) { - package { 'ruby': - ensure => installed, - } - } - - if !defined(Package['rubygems']) { - package { 'rubygems': - ensure => installed, - require => Package['ruby'], - } - } - - if !defined(Package['ruby-dev']) { - package { 'ruby-dev': - ensure => installed, - require => Package['ruby'], - } - } - - if !defined(Package['libgpgme-ruby1.8']) { - package { 'libgpgme-ruby1.8': - ensure => installed, - require => Package['ruby'], - } - } -} diff --git a/manifests/subsystems/utils/security.pp b/manifests/subsystems/utils/security.pp deleted file mode 100644 index 9e4f362..0000000 --- a/manifests/subsystems/utils/security.pp +++ /dev/null @@ -1,13 +0,0 @@ -class utils::security { - # Security - package { [ 'apg', 'gnupg-agent', 'makepasswd', 'pwgen', 'fpm2', 'encfs', - 'signing-party', 'libnss3-tools', 'ssss', 'libgfshare-bin' ]: - ensure => installed, - } - - if $::lsbdistcodename != 'squeeze' { - package { [ 'kedpm', 'kedpm-gtk' ]: - ensure => installed, - } - } -} diff --git a/manifests/subsystems/utils/storage.pp b/manifests/subsystems/utils/storage.pp deleted file mode 100644 index 6a52e16..0000000 --- a/manifests/subsystems/utils/storage.pp +++ /dev/null @@ -1,12 +0,0 @@ -# Common utilities for storage -class utils::storage { - package { 'clamav': - ensure => installed, - } -} - -class utils::storage::archive { - package { 'git-annex': - ensure => installed, - } -} diff --git a/manifests/subsystems/utils/tor.pp b/manifests/subsystems/utils/tor.pp deleted file mode 100644 index 1a696c4..0000000 --- a/manifests/subsystems/utils/tor.pp +++ /dev/null @@ -1,5 +0,0 @@ -class utils::tor { - package { 'tor-arm': - ensure => installed, - } -} diff --git a/manifests/subsystems/utils/web.pp b/manifests/subsystems/utils/web.pp deleted file mode 100644 index 8b0eba9..0000000 --- a/manifests/subsystems/utils/web.pp +++ /dev/null @@ -1,10 +0,0 @@ -# Common utilities for web -class utils::web { - package { [ 'ffmpeg', 'flvtool2', 'curl', 'rake', - 'libxml2', 'libxml2-dev', 'libxslt1-dev', 'libmysqlclient-dev', - 'g++', 'libcurl4-openssl-dev', 'apache2-prefork-dev' ]: - ensure => installed, - } - - include utils::storage::archive -} diff --git a/manifests/subsystems/websites.pp b/manifests/subsystems/websites.pp deleted file mode 100644 index 6fa764b..0000000 --- a/manifests/subsystems/websites.pp +++ /dev/null @@ -1,151 +0,0 @@ -class websites::setup { - # Third-party hosted nodes generally aren't behind an https proxy - $hosting_type = hiera('nodo::vserver::hosting_type', 'direct') - - # Include apache - class { 'apache': - https_proxy => $hosting_type ? { - 'direct' => 'yes', - default => false, - }, - } - - # The needed apache modules - apache::module { "alias": - ensure => present, - } - - # Images folder - file { "${apache::www_folder}/images": - ensure => directory, - recurse => true, - purge => true, - force => true, - owner => "root", - group => "root", - # This mode will also apply to files from the source directory - mode => 0644, - # Puppet will automatically set +x for directories - source => [ "puppet:///modules/site_apache/htdocs/${::domain}/images", - "puppet:///modules/nodo/htdocs/images", ] - } - - # Web index - file { "${apache::www_folder}/index.html": - ensure => present, - owner => "root", - group => "root", - mode => 0644, - source => [ "puppet:///modules/site_apache/htdocs/${::domain}/index.html", - "puppet:///modules/nodo/htdocs/index.html", ] - } - - # Missing page - file { "${apache::www_folder}/missing.html": - ensure => present, - owner => "root", - group => "root", - mode => 0644, - source => [ "puppet:///modules/site_apache/htdocs/${::domain}/missing.html", - "puppet:///modules/nodo/htdocs/missing.html", ] - } - - # Make sure that a top level index exists - file { "/var/www/index.html": - ensure => present, - } - - # Default vhost: can just be applied on the defining host - apache::site { "${apache::server_name}": - server_alias => "${::domain}", - docroot => "${apache::www_folder}", - mpm => false, - tag => 'all', - } - - # We have to use 'zzz-error' so it will be the last matched vhost - apache::site { "error": - template => 'apache/error.erb', - docroot => "${apache::error_folder}", - filename => 'zzz-error', - mpm => false, - tag => 'all', - } - - # Index page for error - file { "${apache::error_folder}/index.html": - ensure => "${apache::www_folder}/index.html", - owner => "root", - group => "root", - force => true, - require => File["${apache::error_folder}"], - } - - # Images folder for error - file { "${apache::error_folder}/images": - ensure => "${apache::www_folder}/images", - owner => "root", - group => "root", - force => true, - require => File["${apache::error_folder}", "${apache::www_folder}/images"], - } - -} - -class websites::hosting inherits websites::setup { - # Include the needed classes for website hosting - include php - include trac - include websvn - include moin - include apache::rails - - # Declare the needed classes for website hosting - class { [ 'drupal', 'ikiwiki', 'pmwiki', 'hotglue', 'wordpress' ]: } - class { - 'viewvc': - root_parents => "/var/svn : svn"; - } - - $git_daemon = hiera('nodo::web::git_daemon', True) - - if $git_daemon != false { - class { 'gitweb': } - } - - apache::site { "images": - docroot => "${apache::www_folder}/images", - mpm => false, - tag => 'all', - } - - # Remove untagged site instances - Apache::Site <| tag != $::hostname and tag != 'all' |> { - ensure => absent, - } - - # Remove untagged database instances - Database::Instance <| tag != $::hostname and tag != 'all' |> { - ensure => absent, - } - - # Remove untagged ikiwiki instances - Ikiwiki::Instance <| tag != $::hostname and tag != 'all' |> { - ensure => absent, - } -} - -class websites::hosting::admin inherits websites::setup { - # Include the needed classes for admin interfaces - include trac - include gitweb -} - -class websites::dev::setup inherits websites::setup { - # Include the needed classes for website development - include php - include apache::rails - - # Declare the needed classes for website development - class { 'drupal': } -} diff --git a/manifests/subsystems/xorg.pp b/manifests/subsystems/xorg.pp deleted file mode 100644 index 7009707..0000000 --- a/manifests/subsystems/xorg.pp +++ /dev/null @@ -1,13 +0,0 @@ -class xorg($enable = hiera('nodo::xorg::enable', false)) { - if $xorg != false { - file { "/etc/X11/xorg.conf": - ensure => present, - owner => root, - group => root, - mode => 0644, - source => [ "puppet:///modules/site_nodo/X11/xorg.conf/${::hostname}.${::lsbdistcodename}", - "puppet:///modules/site_nodo/X11/xorg.conf/${::hostname}", - "puppet:///modules/site_nodo/X11/xorg.conf.default" ], - } - } -} |