Merge commit 'c212514035cffd38acbfac1413064937b28685b6' as 'puppet'

3 files changed, 156 insertions, 0 deletions

diff --git a/puppet/config/common.yaml b/puppet/config/common.yaml
new file mode 100644
index 0000000..936420d
--- /dev/null
+++ b/puppet/config/common.yaml
@@ -0,0 +1,65 @@
+---
+#
+# General
+#
+nodo::subsystem::apt::include_src      : false
+nodo::subsystem::apt::use_next_release : false
+nodo::subsystem::monitor::use_nagios   : false
+nodo::subsystem::monitor::address      : "%{::fqdn}"
+
+#
+# Firewall
+#
+firewall::ssl_ratelimit       : "s:ssl:200/sec:20"
+firewall::local_net           : false
+firewall::local::manage_host  : true
+firewall::local::manage_iface : false
+
+#
+# Mail
+#
+mail::sympa::subdomain : "listas"
+mail::sympa::lang      : "pt_BR"
+
+#
+# Monitoring
+#
+nodo::munin_node::allow: '127.0.0.1:192.168.0.[0-9]*:192.168.1.[0-9]*'
+
+#
+# Timezone and ntp
+#
+ntp::zone     : "Brazil/East"
+ntp::pool     : "south-america.pool.ntp.org"
+ntp::servers  :
+  - 'a.ntp.br'
+  - 'b.ntp.br'
+  - 'c.ntp.br'
+
+#
+# Nameservers
+#
+# OpenDNS
+nodo::subsystem::resolver::nameservers:
+  - '208.67.222.222'
+  - '208.67.220.220'
+
+#
+# OpenSSH
+#
+sshd::use_storedconfigs       : false
+sshd::manage_nagios           : false
+sshd::listen_address          : [ "%{::ipaddress}", '127.0.0.1' ]
+sshd::password_authentication : 'yes'
+sshd::shared_ip               : 'yes'
+sshd::tcp_forwarding          : 'yes'
+sshd::x11_forwarding          : 'no'
+sshd::hardened                : 'yes'
+sshd::print_motd              : 'no'
+sshd::ports                   : [ 22 ]
+sshd::use_pam                 : 'no'
+
+#
+# Backup
+#
+backupninja::keystore: ''
diff --git a/puppet/config/hiera.yaml b/puppet/config/hiera.yaml
new file mode 100644
index 0000000..14e393d
--- /dev/null
+++ b/puppet/config/hiera.yaml
@@ -0,0 +1,38 @@
+---
+version: 5
+defaults:
+  datadir: "config"
+  data_hash: "yaml_data"
+hierarchy:
+  #
+  # Put in the secrets folder all sensitive information that
+  # wont be spread into every system if you"re using the Hydra Suite.
+  #
+  # We also recommend to leave only encrypted data in your hiera config.
+  #
+  - name: "encrypted secrets"
+    path: "secrets/node/%{facts.fqdn}.yaml"
+    lookup_key: eyaml_lookup_key
+    options:
+      # If using the pkcs7 encryptor (default)
+      pkcs7_private_key: "%{settings::confdir}/keys/private_key.pkcs7.pem"
+      pkcs7_public_key:  "%{settings::confdir}/keys/public_key.pkcs7.pem"
+
+  - name: "regular secrets"
+    paths:
+      - "secrets/role/%{facts.role}.yaml"
+      - "secrets/location/%{facts.location}.yaml"
+      - "secrets/domain/%{facts.domain}.yaml"
+
+  #
+  # All other stuff goes in regular YAML files.
+  #
+  - name: "public"
+    paths:
+      - "node/%{facts.fqdn}.yaml"
+      - "role/%{facts.role}.yaml"
+      - "virtual/%{facts.virtual}.yaml"
+      - "location/%{facts.location}.yaml"
+      - "domain/%{facts.domain}.yaml"
+      - "compiled.yaml"
+      - "common.yaml"
diff --git a/puppet/config/node/box.example.org.yaml b/puppet/config/node/box.example.org.yaml
new file mode 100644
index 0000000..657bce1
--- /dev/null
+++ b/puppet/config/node/box.example.org.yaml
@@ -0,0 +1,53 @@
+---
+#
+# Nodo
+#
+nodo::role: 'dev::virtual'
+
+#
+# Classes
+#
+#classes:
+#  - 'database'
+#  - 'apache'
+
+#
+# MySQL
+#
+# The following password is public information and therefore
+# shall not be user on production.
+mysql::server::rootpw: '9pRfteNbSFFyrHhackme'
+
+#
+# Backup
+#
+nodo::subsystem::backup::localhost  : false
+nodo::subsystem::backup::encryptkey : 'none'
+nodo::subsystem::backup::password   : 'hackme'
+
+#
+# Websites
+#
+#websites::default_db           : 'dbname'
+#websites::default_db::password : 'hackme'
+
+#
+# Apache
+#
+#apache::default_folder : '/srv/kvmx'
+#apache::default_user   : 'user'
+#apache::default_group  : 'user'
+
+# Manage your app
+#apache::sites:
+#  myapp:
+#    docroot      : "/vagrant/"
+#    server_alias : 'myapp vagrant localhost'
+#    use          : [ "Site myapp" ]
+#    tag          : 'all'
+#    owner        : vagrant
+#    group        : vagrant
+#    mpm_user     : vagrant
+#    mpm_group    : vagrant
+#    password     : '$5$NZfZqcdyZ3Xt$.kfZejriEJP3fc6RU0gBGEzMPQ/c3XiowVImB6VDrtD'
+#    shell        : '/bin/bash'