class nodo::physical inherits nodo { include syslog-ng include initramfs include modprobe include firewire include sysctl include ups include utils::physical include smartmontools include resolver include monkeysphere_nodo # SSL computational DoS mitigation # See http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html $firewall_ssl_ratelimit = $firewall_ssl_ratelimit ? { '' => $firewall_global_ssl_ratelimit ? { '' => '-', default => $firewall_global_ssl_ratelimit, }, default => $firewall_ssl_ratelimit, } # Firewall configuration include firewall # Vserver configuration $vserver_vdirbase = "/var/vservers" include vserver::host if $use_nagios != false { if $use_nagios_fqdn == true { include nagios::target::fqdn } else { include nagios::target } nagios::service::ping { "$fqdn": } } # Time configuration case $ntpdate { false: { include timezone } default: { include ntpdate } } # SSH Server # # We need to restrict listen address so multiple instances # can live together in the same physical host. # case $sshd_listen_address { '': { $sshd_listen_address = [ "$ipaddress", '127.0.0.1' ] } } class { 'sshd': listen_address => $sshd_listen_address, password_authentication => $ssh_password_authentication, shared_ip => $ssh_shared_ip, tcp_forwarding => $ssh_tcp_forwarding, hardened_ssl => $ssh_hardened_ssl, print_motd => $ssh_print_motd, ports => $sshd_ports, use_pam => $sshd_use_pam, } backupninja::sys { "sys": ensure => present, } # Munin configuration munin_node { "$hostname": port => '4900', } # SMART monitoring include munin::plugins::smart munin::plugin { "smart_sda": ensure => "smart_", config => "user root\ngroup disk", } # Removable media folder file { [ "/media/usb", "/media/cdrom", "/media/tablet", "/media/phone" ]: ensure => directory, mode => 0755, } # Entropy key if $ekey_masterkey != '' { class { "ekeyd": ekeyd_masterkey => $ekey_masterkey, } } }