include nodo::subsystem::sudo
include nodo::subsystem::locales
include nodo::subsystem::profile
+ include nodo::subsystem::apt
+ include nodo::subsystem::backup
+ include nodo::subsystem::mail
+ include nodo::subsystem::sshd
+ include nodo::subsystem::hostname
+ include nodo::subsystem::local
include nodo::utils
include tunnel::autossh
include domain_check
master => hiera('nodo::role::master::main', false)
}
- #
- # Backup
- #
- class { 'backup': }
-
- $local_backup = hiera('nodo::backup::localhost', false)
-
- # Local encrypted backup
- case $local_backup {
- true,enabled,present: {
- backup::duplicity { "localhost":
- encryptkey => hiera('nodo::backup::encryptkey'),
- password => hiera('nodo::backup::password'),
- }
- }
- absent: {
- backup::duplicity { "localhost":
- encryptkey => hiera('nodo::backup::encryptkey'),
- password => hiera('nodo::backup::password'),
- ensure => absent,
- }
- }
- default: { }
- }
-
# Does not work well inside vservers
class { 'runit': ensure => absent }
-
- # Email delivery configuration
- $mail_delivery = hiera('nodo::mail_delivery', 'exim')
- case $mail_delivery {
- 'tunnel': {
- $mail_hostname = hiera('nodo::mail_hostname')
- tunnel::autossh::mail { "$mail_hostname":
- sshport => hiera('nodo::mail_ssh_port'),
- }
- }
- 'postfix': { }
- '','exim',default: { include exim::tls }
- }
-
- #
- # Apt configuration
- #
- class { 'apt':
- include_src => hiera('nodo::apt_include_src', false),
- use_next_release => hiera('nodo::apt_use_next_release', false),
- custom_key_dir => hiera('nodo::apt_custom_key_dir', 'puppet:///modules/site_apt/keys.d')
- }
-
- include apt::unattended_upgrades
-
- $apt_domain_source = hiera('nodo::apt_domain_source', false)
-
- apt::sources_list { "${::domain}.list":
- source => [ "puppet:///modules/site_apt/sources.list.d/${::operatingsystem}/${::lsbdistcodename}/${::domain}.list",
- "puppet:///modules/site_apt/sources.list.d/${::operatingsystem}/${::domain}.list", ],
- ensure => $apt_domain_source ? {
- true => present,
- default => absent,
- }
- }
-
- # Preferences file can't have dots in the filename
- $apt_domain_preferences = regsubst($::domain, '\.', '-', 'G')
-
- file { "/etc/apt/preferences.d/${apt_domain_preferences}":
- source => [ "puppet:///modules/site_apt/preferences.d/${::operatingsystem}/${::domain}",
- "puppet:///modules/nodo/preferences.d/custom" ],
- ensure => $apt_domain_source ? {
- true => present,
- default => absent,
- }
- }
-
- $apt_proxy = hiera('nodo::apt_proxy', false)
-
- if $apt_proxy != false {
- class { 'apt::proxy_client':
- proxy => $apt_proxy,
- port => hiera('nodo::apt_proxy_port', ''),
- }
- }
-
- package { 'apt-transport-https':
- ensure => present,
- }
-
- # SSH Server
- #
- # We need to restrict listen address by default so multiple
- # instances can live together in the same physical host.
- #
- class { 'sshd':
- manage_nagios => hiera('nodo::sshd_manage_nagios', false),
- listen_address => hiera('nodo::sshd_listen_address', [ "${::ipaddress}", '127.0.0.1' ]),
- password_authentication => hiera('nodo::sshd_password_authentication', 'yes'),
- shared_ip => hiera('nodo::sshd_shared_ip', 'yes'),
- tcp_forwarding => hiera('nodo::sshd_tcp_forwarding', 'yes'),
- hardened_ssl => hiera('nodo::sshd_hardened_ssl', 'yes'),
- print_motd => hiera('nodo::sshd_print_motd', 'no'),
- ports => hiera('nodo::sshd_ports', [ 22 ]),
- use_pam => hiera('nodo::sshd_use_pam', 'no'),
- }
-
- # Add the localhost ssh key, useful when one needs
- # to ssh to localhost.
- sshkey { [ 'localhost', '127.0.0.1' ]:
- type => ssh-rsa,
- key => $::sshrsakey,
- ensure => $::sshrsakey ? {
- '' => absent,
- default => present,
- },
- }
-
- file { "/etc/hostname":
- owner => "root",
- group => "root",
- mode => 0644,
- ensure => present,
- content => "${::fqdn}\n",
- }
-
- file { "/etc/rc.local":
- source => "puppet:///modules/nodo/etc/rc.local",
- owner => "root",
- group => "root",
- mode => 0755,
- ensure => present,
- }
}
--- /dev/null
+class nodo::subsystem::apt {
+ #
+ # Apt configuration
+ #
+ class { 'apt':
+ include_src => hiera('nodo::subsystem::apt::include_src', false),
+ use_next_release => hiera('nodo::subsystem::apt::use_next_release', false),
+ custom_key_dir => hiera('nodo::subsystem::apt::custom_key_dir', 'puppet:///modules/site_apt/keys.d')
+ }
+
+ include apt::unattended_upgrades
+
+ $apt_domain_source = hiera('nodo::subsystem::apt::domain_source', false)
+
+ apt::sources_list { "${::domain}.list":
+ source => [ "puppet:///modules/site_apt/sources.list.d/${::operatingsystem}/${::lsbdistcodename}/${::domain}.list",
+ "puppet:///modules/site_apt/sources.list.d/${::operatingsystem}/${::domain}.list", ],
+ ensure => $apt_domain_source ? {
+ true => present,
+ default => absent,
+ }
+ }
+
+ # Preferences file can't have dots in the filename
+ $apt_domain_preferences = regsubst($::domain, '\.', '-', 'G')
+
+ file { "/etc/apt/preferences.d/${apt_domain_preferences}":
+ source => [ "puppet:///modules/site_apt/preferences.d/${::operatingsystem}/${::domain}",
+ "puppet:///modules/nodo/preferences.d/custom" ],
+ ensure => $apt_domain_source ? {
+ true => present,
+ default => absent,
+ }
+ }
+
+ $apt_proxy = hiera('nodo::subsystem::apt::proxy', false)
+
+ if $apt_proxy != false {
+ class { 'apt::proxy_client':
+ proxy => $apt_proxy,
+ port => hiera('nodo::subsystem::apt::proxy_port', ''),
+ }
+ }
+
+ package { 'apt-transport-https':
+ ensure => present,
+ }
+}
--- /dev/null
+class nodo::subsystem::sshd {
+ # SSH Server
+ #
+ # We need to restrict listen address by default so multiple
+ # instances can live together in the same physical host.
+ #
+ class { 'sshd':
+ manage_nagios => hiera('nodo::subsystem::sshd::manage_nagios', false),
+ listen_address => hiera('nodo::subsystem::sshd::listen_address', [ "${::ipaddress}", '127.0.0.1' ]),
+ password_authentication => hiera('nodo::subsystem::sshd::password_authentication', 'yes'),
+ shared_ip => hiera('nodo::subsystem::sshd::shared_ip', 'yes'),
+ tcp_forwarding => hiera('nodo::subsystem::sshd::tcp_forwarding', 'yes'),
+ hardened_ssl => hiera('nodo::subsystem::sshd::hardened_ssl', 'yes'),
+ print_motd => hiera('nodo::subsystem::sshd::print_motd', 'no'),
+ ports => hiera('nodo::subsystem::sshd::ports', [ 22 ]),
+ use_pam => hiera('nodo::subsystem::sshd::use_pam', 'no'),
+ }
+
+ # Add the localhost ssh key, useful when one needs
+ # to ssh to localhost.
+ sshkey { [ 'localhost', '127.0.0.1' ]:
+ type => ssh-rsa,
+ key => $::sshrsakey,
+ ensure => $::sshrsakey ? {
+ '' => absent,
+ default => present,
+ },
+ }
+}
projects / puppet-nodo.git / commitdiff