--- /dev/null
+net.ipv6.conf.all.disable_ipv6 = 1
+net.ipv6.conf.default.disable_ipv6 = 1
+net.ipv6.conf.lo.disable_ipv6 = 1
+net.ipv6.conf.eth0.disable_ipv6 = 1
class nodo::subsystem::sysctl {
+ class { 'nodo::subsystem::sysctl::disable_ipv6': }
+
# Root exploit fix, see http://wiki.debian.org/mmap_min_addr
# Maybe this can be remove in the future or included in a sysctl puppet module
file { "/etc/sysctl.d/mmap_min_addr.conf":
--- /dev/null
+# Do not enable ipv6 by default
+# See https://wiki.debian.org/DebianIPv6
+class nodo::subsystem::sysctl::disable_ipv6(
+ $ensure = hiera('nodo::sysctl::disable_ipv6', 'present'),
+) {
+ file { "/etc/sysctl.d/disable_ipv6.conf":
+ owner => "root",
+ group => "root",
+ mode => 0644,
+ ensure => $ensure,
+ source => "puppet:///modules/nodo/etc/sysctl.d/disable_ipv6.conf",
+ }
+
+ exec { "sysctl-disable-ipv6":
+ command => '/sbin/sysctl -p',
+ subscribe => File["/etc/sysctl.d/disable_ipv6.conf"],
+ refreshonly => true,
+ }
+}
projects / puppet-nodo.git / commitdiff