1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
class nodo {
include lsb
include sudo
include users::admin
include motd
include utils
include cron
include locales
include tunnel
include profile
include domain
include concat::setup
class { 'hosts': }
if !defined('puppet::daemon') {
class { 'puppetd::daemon': }
}
#
# Backup
#
class { 'backup': }
$local_backup = hiera('nodo::backup::localhost', false)
# Local encrypted backup
case $local_backup {
true,enabled,present: {
backup::duplicity { "localhost":
encryptkey => hiera('nodo::backup::encryptkey'),
password => hiera('nodo::backup::password'),
}
}
absent: {
backup::duplicity { "localhost":
encryptkey => hiera('nodo::backup::encryptkey'),
password => hiera('nodo::backup::password'),
ensure => absent,
}
}
default: { }
}
# Does not work well inside vservers
class { 'runit': ensure => absent }
# Email delivery configuration
case hiera('nodo::mail_delivery', 'exim') {
'tunnel': {
$mail_hostname = hiera('nodo::mail_hostname')
tunnel::mail { "$mail_hostname":
sshport => hiera('nodo::mail_ssh_port'),
}
}
'postfix': { }
'','exim',default: { include exim::tls }
}
# Apt configuration
if $use_apt != false {
class { 'apt':
include_src => hiera('nodo::apt_include_src', false),
use_next_release => hiera('nodo::apt_use_next_release', false),
}
include apt::unattended_upgrades
$apt_domain_source = hiera('nodo::apt_domain_source', false)
apt::sources_list { "${::domain}.list":
source => "puppet:///modules/site_apt/sources.list.d/${::operatingsystem}/${::domain}.list",
ensure => $apt_domain_source ? {
true => present,
default => absent,
}
}
# Preferences file can't have dots in the filename
$apt_domain_preferences = regsubst($::domain, '\.', '-', 'G')
file { "/etc/apt/preferences.d/${apt_domain_preferences}":
source => [ "puppet:///modules/site_apt/preferences.d/${::operatingsystem}/${::domain}",
"puppet:///modules/nodo/preferences.d/custom" ],
ensure => $apt_domain_source ? {
true => present,
default => absent,
}
}
package { 'apt-transport-https':
ensure => present,
}
}
# SSH Server
#
# We need to restrict listen address by default so multiple
# instances can live together in the same physical host.
#
class { 'sshd':
manage_nagios => hiera('nodo::sshd_manage_nagios', false),
listen_address => hiera('nodo::sshd_listen_address', [ "${::ipaddress}", '127.0.0.1' ]),
password_authentication => hiera('nodo::sshd_password_authentication', 'yes'),
shared_ip => hiera('nodo::sshd_shared_ip', 'yes'),
tcp_forwarding => hiera('nodo::sshd_tcp_forwarding', 'yes'),
hardened_ssl => hiera('nodo::sshd_hardened_ssl', 'yes'),
print_motd => hiera('nodo::sshd_print_motd', 'no'),
ports => hiera('nodo::sshd_ports', [ 22 ]),
use_pam => hiera('nodo::sshd_use_pam', 'no'),
}
file { "/etc/hostname":
owner => "root",
group => "root",
mode => 0644,
ensure => present,
content => "${::fqdn}\n",
}
file { "/etc/rc.local":
source => "puppet:///modules/nodo/etc/rc.local",
owner => "root",
group => "root",
mode => 0755,
ensure => present,
}
}
|