class nodo::kvm inherits nodo { include syslog-ng include initramfs include modprobe include firewire include sysctl include ups include utils::physical include resolver include monkeysphere_nodo # SSL computational DoS mitigation # See http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html $firewall_ssl_ratelimit = $firewall_ssl_ratelimit ? { '' => $firewall_global_ssl_ratelimit ? { '' => '-', default => $firewall_global_ssl_ratelimit, }, default => $firewall_ssl_ratelimit, } # Firewall configuration include firewall # Vserver configuration $vserver_vdirbase = "/var/vservers" include vserver::host if $use_nagios != false { if $use_nagios_fqdn == true { include nagios::target::fqdn } else { include nagios::target } nagios::service::ping { "$fqdn": } } # Time configuration case $ntpdate { false: { include timezone } default: { include ntpdate } } # SSH Server # # We need to restrict listen address so multiple instances # can live together in the same physical host. # case $sshd_listen_address { '': { $sshd_listen_address = [ "$ipaddress" ] } } class { 'sshd': listen_address => $sshd_listen_address, password_authentication => $ssh_password_authentication, shared_ip => $ssh_shared_ip, tcp_forwarding => $ssh_tcp_forwarding, hardened_ssl => $ssh_hardened_ssl, print_motd => $ssh_print_motd, } backupninja::sys { "sys": ensure => present, } # Munin configuration munin_node { "$hostname": port => '4900', } # fstab file { "/etc/fstab": source => "puppet://$server/modules/nodo/etc/fstab/kvm", owner => "root", group => "root", mode => 0644, ensure => present, notify => Exec['update-initramfs'], } # crypttab file { "/etc/crypttab": source => "puppet://$server/modules/nodo/etc/crypttab/kvm", owner => "root", group => "root", mode => 0644, ensure => present, notify => Exec['update-initramfs'], } }