class nodo::role::nas( $virtual = false, ) { # Munin configuration $munin = hiera('nodo::host::use_munin', True) # Minimal utilities include nodo::utils::network::minimal # Archiving utilities include nodo::utils::storage::layer include nodo::utils::storage::archive include nodo::utils::storage::iso # Media folders and groups include nodo::subsystem::media # # Avahi # # References # http://nfs-lan.sevka.info/ # http://en.gentoo-wiki.com/wiki/Avahi # http://wiki.debian.org/ZeroConf # https://wiki.archlinux.org/index.php/Avahi # http://packages.debian.org/wheezy/libnss-mdns # http://packages.debian.org/wheezy/mdns-scan # http://packages.debian.org/wheezy/avahi-discover # http://askubuntu.com/questions/19590/how-do-i-share-nfs-mounts-over-zeroconf # http://sophie.zarb.org/distrib/Mandriva/current/x86_64/rpms/pure-ftpd/files/1 # https://github.com/stahnma/puppet-module-avahi # https://github.com/tjfontaine/airprint-generate # http://mryoung.soundbomb.net/index.php/apple-airprint-with-linux-avahi # http://lists.freedesktop.org/archives/avahi/2006-July/000824.html # http://cups.org/documentation.php/doc-1.6/ref-cupsd-conf.html#BrowseLocalProtocols # http://www.dns-sd.org/ServiceTypes.html $avahi = hiera('nodo::role::nas::avahi', false) if $avahi == true { include avahi } # DLNA $dlna = hiera('nodo::role::nas::dlna', false) if $dlna == true { # See https://wiki.archlinux.org/index.php/MiniDLNA#Automatic_Media_DB_Update sysctl { 'fs.inotify.max_user_watches': value => 100000, } # See https://dev.openwrt.org/ticket/10711 # http://forum.doozan.com/read.php?2,1931,1931 # http://crunchbang.org/forums/viewtopic.php?pid=294109 # http://dev.shyd.de/2011/08/minidlna-dockstar-dlna-server/ exec { 'minidlna-mknod-inotify': command => 'mknod /dev/inotify c 10 63', user => root, group => root, creates => '/dev/inotify', } class { 'minidlna': } } # # NFS # # References # https://github.com/arioch/puppet-nfs # https://github.com/stankevich/puppet-nfs # https://github.com/camptocamp/puppet-nfs # https://github.com/haraldsk/puppet-module-nfs/ # http://git.puppet.immerda.ch/?p=module-nfsd.git;a=summary # http://wiki.debian.org/NFSServerSetup # http://www.tldp.org/HOWTO/NFS-HOWTO/ $nfs = hiera('nodo::role::nas::nfs', false) if $nfs == true { # Main class class { 'nfs': server => true; } munin::plugin { [ 'nfsd4' ]: ensure => $munin ? { true => present, default => absent, }, } } # # FTP # # References # https://forge.puppetlabs.com/tags/ftp # https://forum.openwrt.org/viewtopic.php?id=12976 # http://download.pureftpd.org/pub/pure-ftpd/doc/FAQ # http://www.massimilianomarini.com/04/02/2012/how-follow-symbolic-links-pure-ftpd $ftp = hiera('nodo::role::nas::ftp', false) if $ftp == true { # Main class class { 'pureftpd': virtualchroot => true, } # Enable anonymous ftp file { '/etc/pure-ftpd/conf/NoAnonymous': ensure => present, owner => root, group => root, mode => 0644, content => "no\n", notify => Service[$pureftpd::params::service_name], } file { '/etc/avahi/services/ftp.service': ensure => $avahi ? { true => present, default => absent, }, owner => root, group => root, mode => 0644, source => 'puppet:///modules/site_avahi/services/ftp.service', notify => $avahi ? { true => Service['avahi-daemon'], default => undef, }, } } # # Samba # # References # https://github.com/ajjahn/puppet-samba # https://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetworkBrowsing.html#id2583364 # http://serverfault.com/questions/240217/dd-wrt-bonjour-netbios-etc-on-two-subnets # http://www.linuxplanet.com/linuxplanet/tutorials/6600/2 # http://forums.fedoraforum.org/showthread.php?t=260519 # http://randombio.com/linuxsetup38.html $samba = hiera('nodo::role::nas::samba', false) if $samba == true { # Main class class { 'samba::server': workgroup => hiera('nodo::samba::workgroup', 'WORKGROUP'), server_string => hiera('nodo::samba::server_string', 'Samba Server'), interfaces => hiera('nodo::samba::interfaces', 'lo eth0'), security => hiera('nodo::samba::security', 'share'), } # We are avoiding multicast # http://bda.ath.cx/blog/2009/01/24/multicast-routing-upnp-traffic-with-linux/ # http://linux-igd.sourceforge.net/documentation.php set_samba_option { # Remote announce won't work since routers don't forward broadcast traffic #'remote announce': value => hiera('nodo::samba::remote_announce', ''); 'wins support': value => 'yes'; 'preferred master': value => 'yes'; 'domain master': value => 'yes'; 'printing': value => 'cups'; 'printcap name': value => 'cups'; 'guest account': value => 'incoming'; } # Disable browsing of printer drivers samba::server::share { 'print$': comment => 'Printer Drivers', path => '/var/lib/samba/printers', browsable => 'no', read_only => 'yes', guest_ok => 'no', ensure => absent, } file { '/etc/avahi/services/samba.service': ensure => $avahi ? { true => present, default => absent, }, owner => root, group => root, mode => 0644, source => 'puppet:///modules/site_avahi/services/samba.service', notify => $avahi ? { true => Service['avahi-daemon'], default => undef, }, } munin::plugin { [ 'samba' ]: ensure => $munin ? { true => present, default => absent, }, } } # # HTTP # # References # https://github.com/camptocamp/puppet-lighttpd # https://github.com/example42/puppet-lighttpd # http://git.puppet.immerda.ch/?p=module-lighttpd.git;a=summary $http = hiera('nodo::role::nas::http', false) if $http == true { # Main class class { 'lighttpd': } # Document root file { '/var/www/data': ensure => directory, owner => root, group => root, mode => 0755, } file { '/etc/avahi/services/http.service': ensure => $avahi ? { true => present, default => absent, }, owner => root, group => root, mode => 0644, source => 'puppet:///modules/site_avahi/services/http.service', notify => $avahi ? { true => Service['avahi-daemon'], default => undef, }, } } # # TFTP # $tftp = hiera('nodo::role::nas::tftp', false) if $tftp == true { # Main class class { 'tftp': directory => '/srv/tftp', address => $::ipaddress, options => '--ipv4 --timeout 60', inetd => false, } } # # Rsync # $rsync = hiera('nodo::role::nas::rsync', false) if $rsync == true { include rsync::server file { '/etc/avahi/services/rsync.service': ensure => $avahi ? { true => present, default => absent, }, owner => root, group => root, mode => 0644, source => 'puppet:///modules/site_avahi/services/rsync.service', notify => $avahi ? { true => Service['avahi-daemon'], default => undef, }, } } # # MPD # $mpd = hiera('nodo::role::nas::mpd', false) if $mpd == true { include mpd include mpd::client } # # CUPS # # References # https://github.com/mosen/puppet-cups # https://github.com/camptocamp/puppet-cups $cups = hiera('nodo::role::nas::cups', false) if $cups == true { include firewall::printer package { [ 'cups', 'cups-client', 'cups-bsd', 'hplip' ]: ensure => installed, } } # # Torrent # $torrent = hiera('nodo::role::nas::torrent', false) if $torrent == true { include pyroscope } # # DAAP # # References # http://packages.debian.org/stable/forked-daapd # http://packages.debian.org/squeeze/mt-daapd # https://github.com/stahnma/puppet-module-daap_server #$daap = hiera('nodo::role::nas::daap', false) #if $daap == true { # # Main class, but package not available on wheezy # class { 'daap_server': # collection_name => 'Noise - DAAP', # music_dir => '/var/cache/media/noise', # } #} # Firewall rules if $virtual == false { class { 'firewall::nas': ftp => $ftp, tftp => $tftp, http => $http, nfsd => $nfs, rsync => $rsync, printer => $cups, torrent => $torrent, mpd => $mpd, samba => $samba, dlna => $dlna, #daap => $daap, } } }