From 96e24f32215c1732de31ab6e708320550d63f693 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Tue, 12 May 2020 12:28:59 -0300
Subject: Feat: apply kernel panic reboot measure to all roles

---
 manifests/base/appliance.pp         | 1 -
 manifests/subsystem/sysctl.pp       | 1 +
 manifests/subsystem/sysctl/panic.pp | 9 ++++++---
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/manifests/base/appliance.pp b/manifests/base/appliance.pp
index 982e589..5e21126 100644
--- a/manifests/base/appliance.pp
+++ b/manifests/base/appliance.pp
@@ -1,3 +1,2 @@
 class nodo::base::appliance inherits nodo::base::physical {
-  class { 'nodo::subsystem::sysctl::appliance': }
 }
diff --git a/manifests/subsystem/sysctl.pp b/manifests/subsystem/sysctl.pp
index 1f2cfda..51361be 100644
--- a/manifests/subsystem/sysctl.pp
+++ b/manifests/subsystem/sysctl.pp
@@ -1,4 +1,5 @@
 class nodo::subsystem::sysctl {
+  class { 'nodo::subsystem::sysctl::panic': }
   class { 'nodo::subsystem::sysctl::disable_ipv6': }
   class { 'nodo::subsystem::sysctl::tcp_challenge_ack_limit': }
   class { 'nodo::subsystem::sysctl::unprivileged_bpf_disabled': }
diff --git a/manifests/subsystem/sysctl/panic.pp b/manifests/subsystem/sysctl/panic.pp
index 2657542..4501937 100644
--- a/manifests/subsystem/sysctl/panic.pp
+++ b/manifests/subsystem/sysctl/panic.pp
@@ -1,13 +1,16 @@
-class nodo::subsystem::sysctl::appliance($kernel_panic = lookup('nodo::sysctl::appliance', undef, undef, '20')) {
+class nodo::subsystem::sysctl::panic($seconds = lookup('nodo::sysctl::panic', undef, undef, '20')) {
+  # See https://www.systutorials.com/how-to-make-linux-automatically-reboot-after-a-kernel-panic/
+  #     https://unix.stackexchange.com/questions/29567/how-to-early-configure-linux-kernel-to-reboot-on-panic
+  #     https://sysctl-explorer.net/kernel/panic/
   file { "/etc/sysctl.d/kernel.panic.conf":
     owner   => "root",
     group   => "root",
     mode    => '0644',
     ensure  => present,
-    content => "kernel.panic = ${kernel_panic}\n",
+    content => "kernel.panic = ${seconds}\n",
   }
 
-  exec { "/bin/echo '${kernel_panic}' > /proc/sys/kernel/panic":
+  exec { "/bin/echo '${seconds}' > /proc/sys/kernel/panic":
     subscribe   => File["/etc/sysctl.d/kernel.panic.conf"],
     refreshonly => true,
   }
-- 
cgit v1.2.3