+++ /dev/null
-<pre>
-When not explicitly mentioned, the use of these images is restricted to <%= base_domain %>
-</pre>
+++ /dev/null
-<html><head>
-<meta http-equiv="refresh" content="1;url=http://<%= domain %>">
-<title><%= domain %></title></head><body>
-
-<center>
- <p><code>You are being redirected to <a href="http://<%= domain %>">http://<%= domain %></a>.</code></p>
-</center>
-
-</body></html>
+++ /dev/null
-<html>
-<head>
-<title>404 - Not Found</title>
-</head>
-<body>
- <center>
- <pre>
- The address you are trying to reach could not be found. :(
- </pre>
- </center>
-</body>
-</html>
+++ /dev/null
-# begin vhost for cgit
-<VirtualHost *:80>
- ServerName git.<%= domain %>
- ServerAlias gitweb.<%= domain %>
-
- ServerSignature Off
-
- Alias /cgit.css /var/www/htdocs/cgit/cgit.css
- Alias /cgit.png /var/www/htdocs/cgit/cgit.png
-
- ScriptAlias /cgi-bin/ /var/www/htdocs/cgit/
-
- DocumentRoot /var/git/repositories
- <Directory /var/git/repositories>
- AllowOverride None
- Options +ExecCGI
- Order allow,deny
- Allow from all
-
- DirectoryIndex /cgi-bin/cgit.cgi
-
- RewriteEngine on
- RewriteCond %{REQUEST_FILENAME} !-f
- RewriteRule ^.*$ /cgi-bin/cgit.cgi/$0 [L,PT]
- </Directory>
-
- ErrorLog /var/log/apache2/cgit.openezx.org/error.log
- CustomLog /var/log/apache2/cgit.openezx.org/access.log common
-</VirtualHost>
-# end vhost for git
+++ /dev/null
-# begin vhost for git
-<VirtualHost *:80>
- # Recipe based on http://josephspiros.com/2009/07/26/configuring-gitweb-for-apache-on-debian
-
- ServerName git.<%= domain %>
- ServerAlias gitweb.<%= domain %>
- SetEnv GITWEB_CONFIG /etc/gitweb.conf
- HeaderName HEADER
- DocumentRoot /var/git/repositories
- Alias /gitweb.css /usr/share/gitweb/gitweb.css
- Alias /git-favicon.png /usr/share/gitweb/git-favicon.png
- Alias /git-logo.png /usr/share/gitweb/git-logo.png
-
- ScriptAlias /gitweb /usr/lib/cgi-bin/gitweb.cgi
- RewriteEngine on
-
- # Rewrite all other paths that aren't git repo internals to gitweb
- RewriteRule ^/$ /gitweb [PT]
- RewriteRule ^/(.*\.git/(?!/?(HEAD|info|objects|refs)).*)?$ /gitweb%{REQUEST_URI} [L,PT]
-
- <IfModule mpm_itk_module>
- AssignUserId www-data git
- </IfModule>
-</VirtualHost>
-# end vhost for git
+++ /dev/null
-# begin vhost for lists.<%= domain %>
-<VirtualHost *:80>
- ServerName lists.<%= domain %>
- DocumentRoot /var/www/data/lists
-
- RedirectMatch ^/$ https://lists.<%= domain %>/wws
- Alias /static-sympa /var/lib/sympa/static_content
- Alias /wwsicons /usr/share/sympa/icons
- ScriptAlias /wws /var/www/data/lists/wwsympa.fcgi
-
- <IfModule mod_fcgid.c>
- IPCCommTimeout 120
- MaxProcessCount 2
- </IfModule>
-
- SuexecUserGroup sympa sympa
-
- <Location /wws>
- SetHandler fcgid-script
- </Location>
-</VirtualHost>
-# end vhost for lists.<%= domain %>
+++ /dev/null
-# begin vhost for mail.<%= domain >
-<VirtualHost *:80>
- ServerName mail.<%= domain >
- #DocumentRoot /usr/share/squirrelmail
- DocumentRoot /var/lib/roundcube
-
- # begin squirrel config
- <Directory /usr/share/squirrelmail>
- Options Indexes FollowSymLinks
- <IfModule mod_php4.c>
- php_flag register_globals off
- </IfModule>
- <IfModule mod_php5.c>
- php_flag register_globals off
- </IfModule>
- <IfModule mod_dir.c>
- DirectoryIndex index.php
- </IfModule>
-
- # access to configtest is limited by default to prevent information leak
- <Files configtest.php>
- order deny,allow
- deny from all
- allow from 127.0.0.1
- </Files>
- </Directory>
- # end squirrel config
-
- # begin roundcube config
- # Access to tinymce files
- Alias /roundcube/program/js/tiny_mce/ /usr/share/tinymce/www/
- Alias /roundcube /var/lib/roundcube
-
- <Directory "/usr/share/tinymce/www/">
- Options Indexes MultiViews FollowSymLinks
- AllowOverride None
- Order allow,deny
- allow from all
- </Directory>
-
- <Directory /var/lib/roundcube/>
- Options +FollowSymLinks
- # This is needed to parse /var/lib/roundcube/.htaccess. See its
- # content before setting AllowOverride to None.
- AllowOverride All
- order allow,deny
- allow from all
- </Directory>
-
- # Protecting basic directories:
- <Directory /var/lib/roundcube/config>
- Options -FollowSymLinks
- AllowOverride None
- </Directory>
-
- <Directory /var/lib/roundcube/temp>
- Options -FollowSymLinks
- AllowOverride None
- Order allow,deny
- Deny from all
- </Directory>
-
- <Directory /var/lib/roundcube/logs>
- Options -FollowSymLinks
- AllowOverride None
- Order allow,deny
- Deny from all
- </Directory>
- # end roundcube config
-
-</VirtualHost>
-# end vhost for mail.<%= domain >
+++ /dev/null
-# begin vhost for nagios
-<VirtualHost *:80>
- ServerName nagios.<%= domain >
- DocumentRoot /usr/share/nagios3/htdocs
-
- # apache configuration for nagios 3.x
- # note to users of nagios 1.x and 2.x:
- # throughout this file are commented out sections which preserve
- # backwards compatibility with bookmarks/config forî<80><80>older nagios versios.
- # simply look for lines following "nagios 1.x:" and "nagios 2.x" comments.
-
- ScriptAlias /cgi-bin/nagios3 /usr/lib/cgi-bin/nagios3
- ScriptAlias /nagios3/cgi-bin /usr/lib/cgi-bin/nagios3
- # nagios 1.x:
- #ScriptAlias /cgi-bin/nagios /usr/lib/cgi-bin/nagios3
- #ScriptAlias /nagios/cgi-bin /usr/lib/cgi-bin/nagios3
- # nagios 2.x:
- #ScriptAlias /cgi-bin/nagios2 /usr/lib/cgi-bin/nagios3
- #ScriptAlias /nagios2/cgi-bin /usr/lib/cgi-bin/nagios3
-
- # Where the stylesheets (config files) reside
- Alias /nagios3/stylesheets /etc/nagios3/stylesheets
- # nagios 1.x:
- #Alias /nagios/stylesheets /etc/nagios3/stylesheets
- # nagios 2.x:
- #Alias /nagios2/stylesheets /etc/nagios3/stylesheets
-
- # Where the HTML pages live
- Alias /nagios3 /usr/share/nagios3/htdocs
- # nagios 2.x:
- #Alias /nagios2 /usr/share/nagios3/htdocs
- # nagios 1.x:
- #Alias /nagios /usr/share/nagios3/htdocs
-
- <DirectoryMatch (/usr/share/nagios3/htdocs|/usr/lib/cgi-bin/nagios3)>
- Options FollowSymLinks
-
- DirectoryIndex index.html
-
- AllowOverride AuthConfig
- Order Allow,Deny
- Allow From All
-
- AuthName "Nagios Access"
- AuthType Basic
- AuthUserFile /etc/nagios3/htpasswd.users
- # nagios 1.x:
- #AuthUserFile /etc/nagios/htpasswd.users
- require valid-user
- </DirectoryMatch>
-
- # Enable this ScriptAlias if you want to enable the grouplist patch.
- # See http://apan.sourceforge.net/download.html for more info
- # It allows you to see a clickable list of all hostgroups in the
- # left pane of the Nagios web interface
- # XXX This is not tested for nagios 2.x use at your own peril
- #ScriptAlias /nagios3/side.html /usr/lib/cgi-bin/nagios3/grouplist.cgi
- # nagios 1.x:
- #ScriptAlias /nagios/side.html /usr/lib/cgi-bin/nagios3/grouplist.cgi
-</VirtualHost>
-# end vhost for nagios
+++ /dev/null
-# begin vhost for wiki.<%= domain >
-<VirtualHost *:80>
- ServerName wiki.<%= domain >
- DocumentRoot /var/www/data/wiki
-
- # begin wiki config
- <Directory /var/www/data/wiki>
- Options Indexes Includes FollowSymLinks MultiViews
- AllowOverride All
- </Directory>
- # end wiki config
-
- <IfModule mpm_itk_module>
- AssignUserId wiki wiki
- </IfModule>
-</VirtualHost>
-# end vhost for wiki.<%= domain >
+++ /dev/null
-# /etc/aliases
-mailer-daemon: postmaster
-postmaster: root
-nobody: root
-hostmaster: root
-usenet: root
-news: root
-webmaster: root
-www: root
-ftp: root
-abuse: root
-noc: root
-security: root
-reprepro: root
-root: <%= first_user_email %>
+++ /dev/null
-nagiosadmin:0FCabjvUTHvxF
+++ /dev/null
-# <%= domain %> proxy config
-
-# Set the max size for file uploads
-client_max_body_size 100M;
-
-# SNI Configuration
-server {
- listen 443 default;
- server_name _;
- ssl on;
- ssl_certificate /etc/ssl/certs/blank.crt;
- ssl_certificate_key /etc/ssl/private/blank.pem;
- return 403;
-}
-
-server {
- # see config tips at
- # http://blog.taragana.com/index.php/archive/nginx-hacking-tips/
-
- # Don't log anything
- access_log /dev/null;
- error_log /dev/null;
-
- # simple reverse-proxy
- listen 80;
- server_name *.<%= domain %> <%= domain %>
-
- # enable HSTS header
- add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
-
- # https redirection by default
- rewrite ^(.*) https://$host$1 redirect;
-
- # rewrite rules for backups.<%= domain %>
- #if ($host ~* ^backups\.<%= domain %>$) {
- # rewrite ^(.*) https://$host$1 redirect;
- # break;
- #}
-
- # rewrite rules for admin.<%= domain %>
- #if ($host ~* ^admin\.<%= domain %>$) {
- # rewrite ^(.*) https://$host$1 redirect;
- # break;
- #}
-
- # rewrite rules for munin.<%= domain %>
- #if ($host ~* ^munin\.<%= domain %>$) {
- # rewrite ^(.*) https://$host$1 redirect;
- # break;
- #}
-
- # rewrite rules for trac.<%= domain %>
- #if ($host ~* ^trac\.<%= domain %>$) {
- # rewrite ^(.*) https://$host$1 redirect;
- # break;
- #}
-
- # rewrite rules for nagios.<%= domain %>
- #if ($host ~* ^nagios\.<%= domain %>$) {
- # rewrite ^(.*) https://$host$1 redirect;
- # break;
- #}
-
- # rewrite rules for htpasswd.<%= domain %>
- #if ($host ~* ^htpasswd\.<%= domain %>$) {
- # rewrite ^(.*) https://$host$1 redirect;
- # break;
- #}
-
- # rewrite rules for postfixadmin.<%= domain %>
- #if ($host ~* ^postfixadmin\.<%= domain %>$) {
- # rewrite ^(.*) https://$host$1 redirect;
- # break;
- #}
-
- # rewrite rules for mail.<%= domain %>
- #if ($host ~* ^mail\.<%= domain %>$) {
- # rewrite ^(.*) https://$host$1 redirect;
- # break;
- #}
-
- # rewrite rules for lists.<%= domain %>
- #if ($host ~* ^lists\.<%= domain %>$) {
- # rewrite ^(.*) https://$host$1 redirect;
- # break;
- #}
-
- # pass requests for dynamic content
- location / {
- proxy_set_header Host $http_host;
- proxy_pass http://weblocal:80;
- }
-
-}
-
-server {
- # https reverse proxy
- listen 443;
- server_name *.<%= domain %> <%= domain %>;
-
- # Don't log anything
- access_log /dev/null;
- error_log /dev/null;
-
- ssl on;
- ssl_certificate /etc/ssl/certs/cert.crt;
- ssl_certificate_key /etc/ssl/private/cert.pem;
-
- # Set the max size for file uploads
- client_max_body_size 100M;
-
- location / {
- # preserve http header and set forwarded proto
- proxy_set_header Host $http_host;
- proxy_set_header X-Forwarded-Proto https;
-
- proxy_read_timeout 120;
- proxy_connect_timeout 120;
-
- # rewrite rules for admin.<%= domain %>
- if ($host ~* ^admin\.<%= domain %>$) {
- proxy_pass http://admin:80;
- break;
- }
-
- # rewrite rules for munin.<%= domain %>
- if ($host ~* ^munin\.<%= domain %>$) {
- proxy_pass http://admin:80;
- break;
- }
-
- # rewrite rules for trac.<%= domain %>
- if ($host ~* ^trac\.<%= domain %>$) {
- proxy_pass http://admin:80;
- break;
- }
-
- # rewrite rules for nagios.<%= domain %>
- if ($host ~* ^nagios\.<%= domain %>$) {
- proxy_pass http://admin:80;
- break;
- }
-
- # rewrite rules for postfixadmin.<%= domain %>
- if ($host ~* ^postfixadmin\.<%= domain %>$) {
- proxy_pass http://mail:80;
- break;
- }
-
- # rewrite rules for mail.<%= domain %>
- if ($host ~* ^mail\.<%= domain %>$) {
- proxy_pass http://mail:80;
- break;
- }
-
- # rewrite rules for lists.<%= domain %>
- if ($host ~* ^lists\.<%= domain %>$) {
- proxy_pass http://mail:80;
- break;
- }
-
- # default proxy pass
- proxy_pass http://weblocal:80;
- }
-
-}
+++ /dev/null
-# This is the default auth.conf file, which implements the default rules
-# used by the puppet master. (That is, the rules below will still apply
-# even if this file is deleted.)
-#
-# The ACLs are evaluated in top-down order. More specific stanzas should
-# be towards the top of the file and more general ones at the bottom;
-# otherwise, the general rules may "steal" requests that should be
-# governed by the specific rules.
-#
-# See http://docs.puppetlabs.com/guides/rest_auth_conf.html for a more complete
-# description of auth.conf's behavior.
-#
-# Supported syntax:
-# Each stanza in auth.conf starts with a path to match, followed
-# by optional modifiers, and finally, a series of allow or deny
-# directives.
-#
-# Example Stanza
-# ---------------------------------
-# path /path/to/resource # simple prefix match
-# # path ~ regex # alternately, regex match
-# [environment envlist]
-# [method methodlist]
-# [auth[enthicated] {yes|no|on|off|any}]
-# allow [host|backreference|*|regex]
-# deny [host|backreference|*|regex]
-# allow_ip [ip|cidr|ip_wildcard|*]
-# deny_ip [ip|cidr|ip_wildcard|*]
-#
-# The path match can either be a simple prefix match or a regular
-# expression. `path /file` would match both `/file_metadata` and
-# `/file_content`. Regex matches allow the use of backreferences
-# in the allow/deny directives.
-#
-# The regex syntax is the same as for Ruby regex, and captures backreferences
-# for use in the `allow` and `deny` lines of that stanza
-#
-# Examples:
-#
-# path ~ ^/path/to/resource # Equivalent to `path /path/to/resource`.
-# allow * # Allow all authenticated nodes (since auth
-# # defaults to `yes`).
-#
-# path ~ ^/catalog/([^/]+)$ # Permit nodes to access their own catalog (by
-# allow $1 # certname), but not any other node's catalog.
-#
-# path ~ ^/file_(metadata|content)/extra_files/ # Only allow certain nodes to
-# auth yes # access the "extra_files"
-# allow /^(.+)\.example\.com$/ # mount point; note this must
-# allow_ip 192.168.100.0/24 # go ABOVE the "/file" rule,
-# # since it is more specific.
-#
-# environment:: restrict an ACL to a comma-separated list of environments
-# method:: restrict an ACL to a comma-separated list of HTTP methods
-# auth:: restrict an ACL to an authenticated or unauthenticated request
-# the default when unspecified is to restrict the ACL to authenticated requests
-# (ie exactly as if auth yes was present).
-#
-
-### Authenticated ACLs - these rules apply only when the client
-### has a valid certificate and is thus authenticated
-
-# allow nodes to retrieve their own catalog
-path ~ ^/catalog/([^/]+)$
-method find
-allow $1
-
-# allow nodes to retrieve their own node definition
-path ~ ^/node/([^/]+)$
-method find
-allow $1
-
-# allow all nodes to access the certificates services
-path /certificate_revocation_list/ca
-method find
-allow *
-
-# allow all nodes to store their own reports
-path ~ ^/report/([^/]+)$
-method save
-allow $1
-
-# Allow all nodes to access all file services; this is necessary for
-# pluginsync, file serving from modules, and file serving from custom
-# mount points (see fileserver.conf). Note that the `/file` prefix matches
-# requests to both the file_metadata and file_content paths. See "Examples"
-# above if you need more granular access control for custom mount points.
-path /file
-allow *
-
-### Unauthenticated ACLs, for clients without valid certificates; authenticated
-### clients can also access these paths, though they rarely need to.
-
-# allow access to the CA certificate; unauthenticated nodes need this
-# in order to validate the puppet master's certificate
-path /certificate/ca
-auth any
-method find
-allow *
-
-# allow nodes to retrieve the certificate they requested earlier
-path /certificate/
-auth any
-method find
-allow *
-
-# allow nodes to request a new certificate
-path /certificate_request
-auth any
-method find, save
-allow *
-
-path /v2.0/environments
-method find
-allow *
-
-# deny everything else; this ACL is not strictly necessary, but
-# illustrates the default policy.
-path /
-auth any
+++ /dev/null
-# See http://docs.puppetlabs.com/guides/file_serving.html
-
-# Files
-[files]
- path /etc/puppet/files
- allow *.<%= base_domain %>
-
-# SSL keys
-[ssl]
- path /etc/puppet/keys/ssl
- deny *
-
-# SSH keys
-[ssh]
- path /etc/puppet/keys/ssh/%h
- allow *
-
-# Public keys
-[pubkeys]
- path /etc/puppet/keys/public
- allow *
+++ /dev/null
-node '<%= hostname %>-master.<%= domain %>' {
- $main_master = true
- include nodo::master
-
- # encrypted data remote backup
- #backup::rdiff { "other-host":
- # port => "10102",
- #}
-
-}
+++ /dev/null
-#
-# Node definitions.
-#
-
-<%- if first_nodes == 'present' then -%>
-import "nodes/<%= first_hostname %>.pp"
-import "nodes/<%= first_hostname %>-master.pp"
-import "nodes/<%= first_hostname %>-proxy.pp"
-import "nodes/<%= first_hostname %>-web.pp"
-import "nodes/<%= first_hostname %>-storage.pp"
-import "nodes/<%= first_hostname %>-test.pp"
-<%- else -%>
-#import "nodes/example.pp"
-<%- end -%>
+++ /dev/null
-node '<%= hostname %>-proxy.<%= domain %>' {
- #$mail_delivery = 'tunnel'
- #$mail_hostname = 'mail'
- #$mail_ssh_port = '2202'
-
- include nodo::proxy
-
- # encrypted data remote backup
- #backup::rdiff { "other-host":
- # port => "10102",
- #}
-
- # reference to admin vserver
- host { "<%= hostname %>-master":
- ensure => present,
- ip => "192.168.0.2",
- host_aliases => [ "<%= hostname %>-master.<%= domain %>", "puppet", "admin" ],
- notify => Service["nginx"],
- }
-
- # reference to proxy vserver
- #host { "<%= hostname %>-proxy":
- # ensure => present,
- # ip => "192.168.0.3",
- # host_aliases => [ "<%= hostname %>-proxy.<%= domain %>", "<%= hostname %>-proxy" ],
- # notify => Service["nginx"],
- #}
-
- # reference to web vserver
- host { "<%= hostname %>-web":
- ensure => present,
- ip => "192.168.0.4",
- host_aliases => [ "<%= hostname %>-web.<%= domain %>", "<%= hostname %>-web", "weblocal" ],
- notify => Service["nginx"],
- }
-
- # reference to storage vserver
- host { "<%= hostname %>-storage":
- ensure => present,
- ip => "192.168.0.5",
- host_aliases => [ "<%= hostname %>-storage.<%= domain %>", "<%= hostname %>-storage" ],
- notify => Service["nginx"],
- }
-
- # reference to test vserver
- host { "<%= hostname %>-test":
- ensure => present,
- ip => "192.168.0.6",
- host_aliases => [ "<%= hostname %>-test.<%= domain %>", "<%= hostname %>-test" ],
- notify => Service["nginx"],
- }
-
-}
+++ /dev/null
-[main]
-logdir = /var/log/puppet
-vardir = /var/lib/puppetmaster
-ssldir = $vardir/ssl
-rundir = /var/run/puppet
-factpath = $vardir/lib/facter
-pluginsync = true
-
-[master]
-templatedir = $vardir/templates
-masterport = 8140
-autosign = false
-storeconfigs = true
-dbadapter = sqlite3
-#dbadapter = mysql
-#dbserver = localhost
-#dbuser = puppet
-#dbpassword = <%= db_password %>
-dbconnections = 15
-certname = puppet.<%= base_domain %>
-ssl_client_header = SSL_CLIENT_S_DN
-ssl_client_verify_header = SSL_CLIENT_VERIFY
-
-[agent]
-server = puppet.<%= base_domain %>
-vardir = /var/lib/puppet
-ssldir = $vardir/ssl
-runinterval = 7200
-puppetport = 8139
-configtimeout = 300
+++ /dev/null
-node '<%= hostname %>.<%= domain %>' {
- #$mail_delivery = 'tunnel'
- #$mail_hostname = 'mail'
- #$mail_ssh_port = '2202'
- $shorewall_dmz = true
- $resolvconf_nameservers = $opendns_nameservers
- $has_ups = false
- include nodo::server
-
- #
- # Linux-VServers
- #
- #nodo::vserver::instance { "<%= hostname %>-master":
- # context => '2',
- # puppetmaster => true,
- #}
-
- #nodo::vserver::instance { "<%= hostname %>-proxy":
- # context => '3',
- # proxy => true,
- #}
-
- #nodo::vserver::instance { "<%= hostname %>-web":
- # context => '4',
- # gitd => true,
- #}
-
- #nodo::vserver::instance { "<%= hostname %>-storage":
- # context => '5',
- #}
-
- #nodo::vserver::instance { "<%= hostname %>-test":
- # context => '6',
- # memory_limit => 500,
- #}
-
- # encrypted data remote backup
- #backup::rdiff { "other-host":
- # port => "10105",
- #}
-}
+++ /dev/null
-node '<%= hostname %>-storage.<%= domain %>' {
- #$mail_delivery = 'tunnel'
- #$mail_hostname = 'mail'
- #$mail_ssh_port = '2202'
-
- include nodo::storage
-
- # encrypted data remote backup
- #backup::rdiff { "other-host":
- # port => "10102",
- #}
-
-}
+++ /dev/null
-node '<%= hostname %>-test.<%= domain %>' {
- #$mail_delivery = 'tunnel'
- #$mail_hostname = 'mail'
- #$mail_ssh_port = '2202'
-
- include nodo::test
-
- # encrypted data remote backup
- #backup::rdiff { "other-host":
- # port => "10102",
- #}
-
-}
+++ /dev/null
-class users::virtual inherits user {
- # define custom users here
-}
-
-class users::backup inherits user {
- # define third-party hosted backup users here
-}
-
-class users::admin inherits user {
- # root user and password
- user::manage { "root":
- tag => "admin",
- homedir => '/root',
- password => '<%= root_password %>',
- }
-
- # first user config
- user::manage { "<%= first_user %>":
- tag => "admin",
- groups => [ "sudo", ],
- password => '<%= first_user_password %>',
- sshkey => [ "<%= first_user_sshkey %>" ],
- }
-
-}
+++ /dev/null
-node '<%= hostname %>-web.<%= domain %>' {
- #$mail_delivery = 'tunnel'
- #$mail_hostname = 'mail'
- #$mail_ssh_port = '2202'
-
- include nodo::web
-
- # encrypted data remote backup
- #backup::rdiff { "other-host":
- # port => "10102",
- #}
-
-}
projects / puppet-bootstrap.git / commitdiff