class nodo { include lsb include sudo include users::admin include motd include utils include cron include locales include tunnel include profile include domain include concat::setup class { 'hosts': } # then include puppet class if !defined('puppet::daemon') { class { 'puppet::daemon': } } # # Backup # class { 'backup': } $local_backup = hiera('nodo::backup::localhost', false) # Local encrypted backup case $local_backup { true,enabled,present: { backup::duplicity { "localhost": encryptkey => hiera('nodo::backup::encryptkey'), password => hiera('nodo::backup::password'), } } absent: { backup::duplicity { "localhost": encryptkey => hiera('nodo::backup::encryptkey'), password => hiera('nodo::backup::password'), ensure => absent, } } default: { } } # Does not work well inside vservers class { 'runit': ensure => absent } # Email delivery configuration $mail_delivery = hiera('nodo::mail_delivery', 'exim') case $mail_delivery { 'tunnel': { $mail_hostname = hiera('nodo::mail_hostname') tunnel::mail { "$mail_hostname": sshport => hiera('nodo::mail_ssh_port'), } } 'postfix': { } '','exim',default: { include exim::tls } } # # Apt configuration # class { 'apt': include_src => hiera('nodo::apt_include_src', false), use_next_release => hiera('nodo::apt_use_next_release', false), custom_key_dir => hiera('nodo::apt_custom_key_dir', 'puppet:///modules/site_apt/keys.d') } include apt::unattended_upgrades $apt_domain_source = hiera('nodo::apt_domain_source', false) apt::sources_list { "${::domain}.list": source => [ "puppet:///modules/site_apt/sources.list.d/${::operatingsystem}/${::lsbdistcodename}/${::domain}.list", "puppet:///modules/site_apt/sources.list.d/${::operatingsystem}/${::domain}.list", ], ensure => $apt_domain_source ? { true => present, default => absent, } } # Preferences file can't have dots in the filename $apt_domain_preferences = regsubst($::domain, '\.', '-', 'G') file { "/etc/apt/preferences.d/${apt_domain_preferences}": source => [ "puppet:///modules/site_apt/preferences.d/${::operatingsystem}/${::domain}", "puppet:///modules/nodo/preferences.d/custom" ], ensure => $apt_domain_source ? { true => present, default => absent, } } $apt_proxy = hiera('nodo::apt_proxy', false) if $apt_proxy != false { class { 'apt::proxy_client': proxy => $apt_proxy, port => hiera('nodo::apt_proxy_port', ''), } } package { 'apt-transport-https': ensure => present, } # SSH Server # # We need to restrict listen address by default so multiple # instances can live together in the same physical host. # class { 'sshd': manage_nagios => hiera('nodo::sshd_manage_nagios', false), listen_address => hiera('nodo::sshd_listen_address', [ "${::ipaddress}", '127.0.0.1' ]), password_authentication => hiera('nodo::sshd_password_authentication', 'yes'), shared_ip => hiera('nodo::sshd_shared_ip', 'yes'), tcp_forwarding => hiera('nodo::sshd_tcp_forwarding', 'yes'), hardened_ssl => hiera('nodo::sshd_hardened_ssl', 'yes'), print_motd => hiera('nodo::sshd_print_motd', 'no'), ports => hiera('nodo::sshd_ports', [ 22 ]), use_pam => hiera('nodo::sshd_use_pam', 'no'), } # Add the localhost ssh key, useful when one needs # to ssh to localhost. sshkey { [ 'localhost', '127.0.0.1' ]: type => ssh-rsa, key => $::sshrsakey, ensure => $::sshrsakey ? { '' => absent, default => present, }, } file { "/etc/hostname": owner => "root", group => "root", mode => 0644, ensure => present, content => "${::fqdn}\n", } file { "/etc/rc.local": source => "puppet:///modules/nodo/etc/rc.local", owner => "root", group => "root", mode => 0755, ensure => present, } }