Adds nodo::role::proxy::kvm and nodo::role::web::kvm

author Silvio Rhatto <rhatto@riseup.net>

Mon, 8 Jan 2018 00:49:53 +0000 (22:49 -0200)

committer Silvio Rhatto <rhatto@riseup.net>

Mon, 8 Jan 2018 00:49:53 +0000 (22:49 -0200)
author Silvio Rhatto <rhatto@riseup.net>
Mon, 8 Jan 2018 00:49:53 +0000 (22:49 -0200)
committer Silvio Rhatto <rhatto@riseup.net>
Mon, 8 Jan 2018 00:49:53 +0000 (22:49 -0200)
diff --git a/manifests/role/proxy/kvm.pp b/manifests/role/proxy/kvm.pp

new file mode 100644 (file)

index 0000000..f1a0d11
--- /dev/null
+++ b/manifests/role/proxy/kvm.pp
@@ -0,0 +1,4 @@
+# A proxy node that is a KVM guest
+class nodo::role::proxy::kvm inherits nodo::base::kvm {
+  include nodo::role::proxy
+}
diff --git a/manifests/role/web/kvm.pp b/manifests/role/web/kvm.pp

new file mode 100644 (file)

index 0000000..31a8b13
--- /dev/null
+++ b/manifests/role/web/kvm.pp
@@ -0,0 +1,4 @@
+# A web node that is a KVM guest
+class nodo::role::web::kvm inherits nodo::base::kvm {
+  include nodo::role::web
+}
diff --git a/manifests/subsystem/sysctl.pp b/manifests/subsystem/sysctl.pp

index 4329010585ae64ae96e5b3d3c21adb6bb910101d..1f2cfda67c6c2fb73fa9a6ba6b6ef96e7d2b9b24 100644 (file)
--- a/manifests/subsystem/sysctl.pp
+++ b/manifests/subsystem/sysctl.pp
@@ -1,6 +1,7 @@
  class nodo::subsystem::sysctl {
    class { 'nodo::subsystem::sysctl::disable_ipv6': }
    class { 'nodo::subsystem::sysctl::tcp_challenge_ack_limit': }
+  class { 'nodo::subsystem::sysctl::unprivileged_bpf_disabled': }
  
    # Root exploit fix, see http://wiki.debian.org/mmap_min_addr
    # Maybe this can be remove in the future or included in a sysctl puppet module
author	Silvio Rhatto <rhatto@riseup.net>
	Mon, 8 Jan 2018 00:49:53 +0000 (22:49 -0200)
committer	Silvio Rhatto <rhatto@riseup.net>
	Mon, 8 Jan 2018 00:49:53 +0000 (22:49 -0200)
manifests/role/proxy/kvm.pp	[new file with mode: 0644]	patch \| blob
manifests/role/web/kvm.pp	[new file with mode: 0644]	patch \| blob
manifests/subsystem/sysctl.pp		patch \| blob \| history