# This is handled by "hydractl sync-media"
#file { [ "/var/data/code", "/var/data/crypt", "/var/data/crypt/home", "/var/data/load" ]:
# ensure => directory,
- # mode => 0755,
+ # mode => '0755',
# require => File['/var/cache/media'],
#}
# Development
file { [ "/var/cache/vagrant", "/var/cache/virtualbox", "/var/cache/qemu" ]:
ensure => directory,
- mode => 0755,
+ mode => '0755',
}
}
ensure => directory,
owner => "root",
group => "ejabberd",
- mode => 0750,
+ mode => '0750',
}
# We use a concatenated cert file
ensure => present,
owner => root,
group => root,
- mode => 0644,
+ mode => '0644',
content => "no\n",
notify => Service[$pureftpd::params::service_name],
}
},
owner => root,
group => root,
- mode => 0644,
+ mode => '0644',
source => 'puppet:///modules/site_avahi/services/ftp.service',
notify => $avahi ? {
true => Service['avahi-daemon'],
},
owner => root,
group => root,
- mode => 0644,
+ mode => '0644',
source => 'puppet:///modules/site_avahi/services/samba.service',
notify => $avahi ? {
true => Service['avahi-daemon'],
ensure => directory,
owner => root,
group => root,
- mode => 0755,
+ mode => '0755',
}
file { '/etc/avahi/services/http.service':
},
owner => root,
group => root,
- mode => 0644,
+ mode => '0644',
source => 'puppet:///modules/site_avahi/services/http.service',
notify => $avahi ? {
true => Service['avahi-daemon'],
},
owner => root,
group => root,
- mode => 0644,
+ mode => '0644',
source => 'puppet:///modules/site_avahi/services/rsync.service',
notify => $avahi ? {
true => Service['avahi-daemon'],
ensure => present,
owner => root,
group => root,
- mode => 0644,
+ mode => '0644',
source => 'puppet:///modules/site_nodo/dhclient-exit-hooks.d/shorewall'
}
}
ensure => present,
owner => root,
group => root,
- mode => 0644,
+ mode => '0644',
content => $ensure ? {
'present' => template("nodo/apt/${::operatingsystem}.sources.list.erb"),
default => undef,
ensure => $ensure,
owner => root,
group => root,
- mode => 0644,
+ mode => '0644',
require => Package['isc-dhcp-client'],
content => template('nodo/dhcp/dhclient.conf.erb'),
}
class nodo::subsystem::grsec {
include nodo::utils::security::grsec
+ include nodo::subsystem::grsec::group
nodo::subsystem::sysctl::entry { 'kernel.grsecurity.grsec_lock':
order => 'zz',
file { "/etc/sysctl.d/grsec.conf":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
ensure => $ensure,
source => "puppet:///modules/nodo/etc/sysctl.d/grsec.conf",
}
file { "/etc/initramfs-tools/conf.d/resume":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
content => "RESUME=/dev/mapper/swap\n",
notify => Exec['update-initramfs'],
ensure => $enable ? {
file { "/etc/uswsusp.conf":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
source => 'puppet:///modules/nodo/etc/uswsusp.conf',
require => Package['uswsusp'],
ensure => $enable ? {
file { "/etc/pm/config.d/00sleep_module":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
content => "SLEEP_MODULE=\"uswsusp\"\n",
require => Package['uswsusp'],
ensure => $enable ? {
file { "/etc/hostname":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
ensure => present,
content => "${::fqdn}\n",
}
ensure => present,
owner => root,
group => root,
- mode => 0640,
+ mode => '0640',
source => "puppet:///modules/site_nodo/hosts/${::fqdn}",
}
}
file { "/etc/kernel-img.conf":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
ensure => present,
content => "do_initrd = Yes\n",
}
file { "/etc/initramfs-tools/modules":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
ensure => present,
source => "puppet:///modules/nodo/etc/initramfs-tools/modules",
}
content => "KEYMAP=Y\n",
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
}
# Update initramfs when needed
ensure => present,
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
source => "puppet:///modules/site_nodo/keyboard/${::hostname}"
}
ensure => present,
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
source => "puppet:///modules/site_nodo/console/boottime.kmap.gz.${::hostname}"
}
}
"puppet:///modules/nodo/etc/rc.local" ],
owner => "root",
group => "root",
- mode => 0755,
+ mode => '0755',
ensure => present,
}
}
ensure => present,
owner => root,
group => root,
- mode => 0644,
+ mode => '0644',
}
file { 'locale-gen':
ensure => present,
owner => root,
group => root,
- mode => 0644,
+ mode => '0644',
}
exec { "locale-gen":
ensure => present,
owner => root,
group => root,
- mode => 0755,
+ mode => '0755',
source => 'puppet:///modules/nodo/etc/wicd/macchanger',
}
}
# Removable media folders
file { [ "/media/usb", "/media/cdrom", "/media/tablet", "/media/phone" ]:
ensure => directory,
- mode => 0755,
+ mode => '0755',
}
# Local cache for general use
file { "/var/cache/${::hostname}":
ensure => directory,
- mode => 0755,
+ mode => '0755',
}
# Local media cache
file { "/var/cache/${::hostname}/media":
ensure => $cache,
- mode => 0755,
+ mode => '0755',
owner => $owner ? {
false => undef,
default => $owner,
# Code and load folders
file { [ "${base}/code", "${base}/load" ]:
ensure => directory,
- mode => 0755,
+ mode => '0755',
owner => $owner ? {
false => undef,
default => $owner,
file { "/etc/modprobe.d/blacklist.conf":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
ensure => present,
source => "puppet:///modules/nodo/etc/modprobe.d/blacklist.conf",
}
if $message != '' {
$append = "${message}\n"
}
+ else {
+ $append = ''
+ }
file { "/etc/motd":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
ensure => file,
content => "This is ${::fqdn} from the ${network_name}.\n${append}",
}
ensure => present,
owner => root,
group => root,
- mode => 0644,
+ mode => '0644',
source => "puppet:///modules/site_avahi/services/nfs-${name}.service",
notify => Service['avahi-daemon'],
}
ensure => present,
owner => root,
group => root,
- mode => 0644,
+ mode => '0644',
source => 'puppet:///modules/nodo/etc/pbuilderrc',
}
}
content => template('nodo/screen/screenrc.erb'),
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
ensure => present,
}
}
content => template('nodo/screen/screenrc.erb'),
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
ensure => present,
}
}
ensure => present,
owner => $owner,
group => $group,
- mode => 0600,
+ mode => '0600',
require => File["${home}/.ssh"],
}
ensure => $ensure,
owner => $owner,
group => $group,
- mode => 0700,
+ mode => '0700',
}
}
}
ensure => present,
owner => $owner,
group => $group,
- mode => 0600,
+ mode => '0600',
require => File["${home}/.ssh"],
}
ensure => $ensure,
owner => $owner,
group => $group,
- mode => 0400,
+ mode => '0400',
source => $ensure ? {
'present' => $source,
default => undef,
ensure => $ensure,
owner => $owner,
group => $group,
- mode => 0400,
+ mode => '0400',
source => $ensure ? {
'present' => "${source}.pub",
default => undef,
"puppet:///modules/nodo/etc/sudoers" ],
owner => "root",
group => "root",
- mode => 440,
+ mode => '0440',
require => Package["sudo"],
}
}
file { "/etc/sysctl.d/mmap_min_addr.conf":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
ensure => present,
content => "vm.mmap_min_addr = 4096\n",
}
file { "/etc/sysctl.d/net.ipv4.conf.all.promote_secondaries.conf":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
ensure => present,
content => "net.ipv4.conf.all.promote_secondaries = 1\n",
}
file { "/etc/sysctl.d/kernel.printk.conf":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
ensure => present,
content => "kernel.printk = ${printk_levels}\n",
}
file { "/etc/sysctl.d/kernel.panic.conf":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
ensure => present,
content => "kernel.panic = ${kernel_panic}\n",
}
file { "/etc/sysctl.d/disable_ipv6.conf":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
ensure => $ensure,
source => "puppet:///modules/nodo/etc/sysctl.d/disable_ipv6.conf",
}
file { "/etc/sysctl.d/${prefix}${name}.conf":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
ensure => $ensure,
content => "$name = $value\n",
}
file { "/etc/sysctl.d/tcp_challenge_ack_limit.conf":
owner => "root",
group => "root",
- mode => 0644,
+ mode => '0644',
ensure => $ensure,
content => "net.ipv4.tcp_challenge_ack_limit = 999999999\n",
}
projects / puppet-nodo.git / commitdiff