1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
|
class nodo::subsystem::scanner($access_list = hiera('nodo::subsystem::scanner::access_list', '')) {
package { [ 'sane', 'sane-utils' ]:
ensure => present,
}
if !defined(Group['scanner']) {
group { 'scanner':
ensure => present,
allowdupe => false,
}
}
group { [ 'lp', 'saned' ]:
ensure => present,
allowdupe => false,
}
user { 'saned':
ensure => present,
comment => 'saned',
gid => 'saned',
groups => 'lp',
home => '/var/lib/saned',
shell => '/bin/false',
allowdupe => false,
require => Group['lp', 'saned', 'scanner'],
}
file { '/etc/default/saned' :
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
source => 'puppet:///modules/nodo/etc/default/saned',
require => Package['sane'],
}
file { '/etc/sane.d/saned.conf' :
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
content => template('nodo/sane.d/saned.conf.erb'),
require => Package['sane'],
}
service { 'saned' :
ensure => running,
enable => true,
require => Package['sane'],
subscribe => [ File['/etc/default/saned/', '/etc/sane.d/saned.conf'], User['saned'] ],
}
# Firewall
shorewall::rule { "saned":
action => 'ACCEPT',
source => 'net',
destination => '$FW',
proto => 'tcp',
destinationport => "6566",
ratelimit => '-',
order => 200,
}
shorewall::rule { "saned-range":
action => 'ACCEPT',
source => 'net',
destination => '$FW',
proto => 'tcp',
destinationport => "10000:10100",
ratelimit => '-',
order => 200,
}
}
|
