diff options
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/role/proxy/kvm.pp | 4 | ||||
-rw-r--r-- | manifests/role/web/kvm.pp | 4 | ||||
-rw-r--r-- | manifests/subsystem/sysctl.pp | 1 |
3 files changed, 9 insertions, 0 deletions
diff --git a/manifests/role/proxy/kvm.pp b/manifests/role/proxy/kvm.pp new file mode 100644 index 0000000..f1a0d11 --- /dev/null +++ b/manifests/role/proxy/kvm.pp @@ -0,0 +1,4 @@ +# A proxy node that is a KVM guest +class nodo::role::proxy::kvm inherits nodo::base::kvm { + include nodo::role::proxy +} diff --git a/manifests/role/web/kvm.pp b/manifests/role/web/kvm.pp new file mode 100644 index 0000000..31a8b13 --- /dev/null +++ b/manifests/role/web/kvm.pp @@ -0,0 +1,4 @@ +# A web node that is a KVM guest +class nodo::role::web::kvm inherits nodo::base::kvm { + include nodo::role::web +} diff --git a/manifests/subsystem/sysctl.pp b/manifests/subsystem/sysctl.pp index 4329010..1f2cfda 100644 --- a/manifests/subsystem/sysctl.pp +++ b/manifests/subsystem/sysctl.pp @@ -1,6 +1,7 @@ class nodo::subsystem::sysctl { class { 'nodo::subsystem::sysctl::disable_ipv6': } class { 'nodo::subsystem::sysctl::tcp_challenge_ack_limit': } + class { 'nodo::subsystem::sysctl::unprivileged_bpf_disabled': } # Root exploit fix, see http://wiki.debian.org/mmap_min_addr # Maybe this can be remove in the future or included in a sysctl puppet module |