From: Silvio Rhatto Date: Fri, 6 Nov 2015 13:01:26 +0000 (-0200) Subject: Merge commit '5512c493e13998d4c83d7eab3d89e5a1c0836566' into develop X-Git-Url: https://gitweb.fluxo.info/?a=commitdiff_plain;h=8748f432cdb01090767001523496f096345a492b;p=debian.git Merge commit '5512c493e13998d4c83d7eab3d89e5a1c0836566' into develop Conflicts: puppet/puppet.conf --- 8748f432cdb01090767001523496f096345a492b diff --cc puppet/.mrconfig index 8731bee,0000000..5c24dc7 mode 100644,000000..100644 --- a/puppet/.mrconfig +++ b/puppet/.mrconfig @@@ -1,258 -1,0 +1,255 @@@ + +[puppet/modules/apache] - checkout = git clone git://git.sarava.org/puppet-apache.git apache ++checkout = git clone git://git.fluxo.info/puppet-apache.git apache + +[puppet/modules/apcupsd] - checkout = git clone git://git.sarava.org/puppet-apcupsd.git apcupsd ++checkout = git clone git://git.fluxo.info/puppet-apcupsd.git apcupsd + +[puppet/modules/apparmor] - checkout = git clone git://git.sarava.org/puppet-apparmor.git apparmor ++checkout = git clone git://git.fluxo.info/puppet-apparmor.git apparmor + +[puppet/modules/apt] - checkout = git clone git://git.sarava.org/puppet-apt.git apt ++checkout = git clone git://git.fluxo.info/puppet-apt.git apt + +[puppet/modules/autofs] - checkout = git clone git://git.sarava.org/puppet-autofs.git autofs ++checkout = git clone git://git.fluxo.info/puppet-autofs.git autofs + +[puppet/modules/autossh] - checkout = git clone git://git.sarava.org/puppet-autossh.git autossh ++checkout = git clone git://git.fluxo.info/puppet-autossh.git autossh + +[puppet/modules/avahi] - checkout = git clone git://git.sarava.org/puppet-avahi.git avahi ++checkout = git clone git://git.fluxo.info/puppet-avahi.git avahi + +[puppet/modules/backup] - checkout = git clone git://git.sarava.org/puppet-backup.git backup ++checkout = git clone git://git.fluxo.info/puppet-backup.git backup + +[puppet/modules/backupninja] - checkout = git clone git://git.sarava.org/puppet-backupninja.git backupninja ++checkout = git clone git://git.fluxo.info/puppet-backupninja.git backupninja + +[puppet/modules/bind] - checkout = git clone git://git.sarava.org/puppet-bind.git bind ++checkout = git clone git://git.fluxo.info/puppet-bind.git bind + +[puppet/modules/bitcoind] - checkout = git clone git://git.sarava.org/puppet-bitcoind.git bitcoind - - [puppet/modules/bootstrap] - checkout = git clone git://git.sarava.org/puppet-bootstrap.git bootstrap ++checkout = git clone git://git.fluxo.info/puppet-bitcoind.git bitcoind + +[puppet/modules/common] - checkout = git clone git://git.sarava.org/puppet-common.git common ++checkout = git clone git://git.fluxo.info/puppet-common.git common + +[puppet/modules/concat] - checkout = git clone git://git.sarava.org/puppet-concat.git concat ++checkout = git clone git://git.fluxo.info/puppet-concat.git concat + +[puppet/modules/cron] - checkout = git clone git://git.sarava.org/puppet-cron.git cron ++checkout = git clone git://git.fluxo.info/puppet-cron.git cron + +[puppet/modules/daap_server] - checkout = git clone git://git.sarava.org/puppet-daap_server.git daap_server - - [puppet/modules/darkice] - checkout = git clone git://git.sarava.org/puppet-darkice.git darkice ++checkout = git clone git://git.fluxo.info/puppet-daap_server.git daap_server + +[puppet/modules/database] - checkout = git clone git://git.sarava.org/puppet-database.git database ++checkout = git clone git://git.fluxo.info/puppet-database.git database + +[puppet/modules/dhcp] - checkout = git clone git://git.sarava.org/puppet-dhcp.git dhcp ++checkout = git clone git://git.fluxo.info/puppet-dhcp.git dhcp + +[puppet/modules/domain_check] - checkout = git clone git://git.sarava.org/puppet-domain_check.git domain_check ++checkout = git clone git://git.fluxo.info/puppet-domain_check.git domain_check + +[puppet/modules/drupal] - checkout = git clone git://git.sarava.org/puppet-drupal.git drupal ++checkout = git clone git://git.fluxo.info/puppet-drupal.git drupal + +[puppet/modules/dyndns] - checkout = git clone git://git.sarava.org/puppet-dyndns.git dyndns ++checkout = git clone git://git.fluxo.info/puppet-dyndns.git dyndns + +[puppet/modules/ejabberd] - checkout = git clone git://git.sarava.org/puppet-ejabberd.git ejabberd ++checkout = git clone git://git.fluxo.info/puppet-ejabberd.git ejabberd + +[puppet/modules/ekeyd] - checkout = git clone git://git.sarava.org/puppet-ekeyd.git ekeyd ++checkout = git clone git://git.fluxo.info/puppet-ekeyd.git ekeyd + +[puppet/modules/etherpad] - checkout = git clone git://git.sarava.org/puppet-etherpad.git etherpad ++checkout = git clone git://git.fluxo.info/puppet-etherpad.git etherpad + +[puppet/modules/exim] - checkout = git clone git://git.sarava.org/puppet-exim.git exim ++checkout = git clone git://git.fluxo.info/puppet-exim.git exim + +[puppet/modules/firewall] - checkout = git clone git://git.sarava.org/puppet-firewall.git firewall ++checkout = git clone git://git.fluxo.info/puppet-firewall.git firewall + +[puppet/modules/git] - checkout = git clone git://git.sarava.org/puppet-git.git git ++checkout = git clone git://git.fluxo.info/puppet-git.git git + +[puppet/modules/hotglue] - checkout = git clone git://git.sarava.org/puppet-hotglue.git hotglue ++checkout = git clone git://git.fluxo.info/puppet-hotglue.git hotglue + +[puppet/modules/hydra] - checkout = git clone git://git.sarava.org/puppet-hydra.git hydra ++checkout = git clone git://git.fluxo.info/puppet-hydra.git hydra + +[puppet/modules/icecast] - checkout = git clone git://git.sarava.org/puppet-icecast.git icecast ++checkout = git clone git://git.fluxo.info/puppet-icecast.git icecast + +[puppet/modules/ikiwiki] - checkout = git clone git://git.sarava.org/puppet-ikiwiki.git ikiwiki ++checkout = git clone git://git.fluxo.info/puppet-ikiwiki.git ikiwiki + +[puppet/modules/inetd] - checkout = git clone git://git.sarava.org/puppet-inetd.git inetd ++checkout = git clone git://git.fluxo.info/puppet-inetd.git inetd + +[puppet/modules/infinoted] - checkout = git clone git://git.sarava.org/puppet-infinoted.git infinoted ++checkout = git clone git://git.fluxo.info/puppet-infinoted.git infinoted + +[puppet/modules/inifile] - checkout = git clone git://git.sarava.org/puppet-inifile.git inifile ++checkout = git clone git://git.fluxo.info/puppet-inifile.git inifile + +[puppet/modules/lighttpd] - checkout = git clone git://git.sarava.org/puppet-lighttpd.git lighttpd ++checkout = git clone git://git.fluxo.info/puppet-lighttpd.git lighttpd + +[puppet/modules/lsb] - checkout = git clone git://git.sarava.org/puppet-lsb.git lsb ++checkout = git clone git://git.fluxo.info/puppet-lsb.git lsb + +[puppet/modules/mail] - checkout = git clone git://git.sarava.org/puppet-mail.git mail ++checkout = git clone git://git.fluxo.info/puppet-mail.git mail + +[puppet/modules/minidlna] - checkout = git clone git://git.sarava.org/puppet-minidlna.git minidlna ++checkout = git clone git://git.fluxo.info/puppet-minidlna.git minidlna + +[puppet/modules/moin] - checkout = git clone git://git.sarava.org/puppet-moin.git moin ++checkout = git clone git://git.fluxo.info/puppet-moin.git moin + +[puppet/modules/monkeysphere] - checkout = git clone git://git.sarava.org/puppet-monkeysphere.git monkeysphere ++checkout = git clone git://git.fluxo.info/puppet-monkeysphere.git monkeysphere + +[puppet/modules/motion] - checkout = git clone git://git.sarava.org/puppet-motion.git motion ++checkout = git clone git://git.fluxo.info/puppet-motion.git motion + +[puppet/modules/mpd] - checkout = git clone git://git.sarava.org/puppet-mpd.git mpd ++checkout = git clone git://git.fluxo.info/puppet-mpd.git mpd + +[puppet/modules/mumble] - checkout = git clone git://git.sarava.org/puppet-mumble.git mumble ++checkout = git clone git://git.fluxo.info/puppet-mumble.git mumble + +[puppet/modules/munin] - checkout = git clone git://git.sarava.org/puppet-munin.git munin ++checkout = git clone git://git.fluxo.info/puppet-munin.git munin + +[puppet/modules/mysql] - checkout = git clone git://git.sarava.org/puppet-mysql.git mysql ++checkout = git clone git://git.fluxo.info/puppet-mysql.git mysql + +[puppet/modules/nagios] - checkout = git clone git://git.sarava.org/puppet-nagios.git nagios ++checkout = git clone git://git.fluxo.info/puppet-nagios.git nagios + +[puppet/modules/nfs] - checkout = git clone git://git.sarava.org/puppet-nfs.git nfs ++checkout = git clone git://git.fluxo.info/puppet-nfs.git nfs + +[puppet/modules/nginx] - checkout = git clone git://git.sarava.org/puppet-nginx.git nginx ++checkout = git clone git://git.fluxo.info/puppet-nginx.git nginx + +[puppet/modules/nodo] - checkout = git clone git://git.sarava.org/puppet-nodo.git nodo ++checkout = git clone git://git.fluxo.info/puppet-nodo.git nodo + +[puppet/modules/ntp] - checkout = git clone git://git.sarava.org/puppet-ntp.git ntp ++checkout = git clone git://git.fluxo.info/puppet-ntp.git ntp + +[puppet/modules/onion] - checkout = git clone git://git.sarava.org/puppet-onion.git onion ++checkout = git clone git://git.fluxo.info/puppet-onion.git onion + +[puppet/modules/pear] - checkout = git clone git://git.sarava.org/puppet-pear.git pear ++checkout = git clone git://git.fluxo.info/puppet-pear.git pear + +[puppet/modules/php] - checkout = git clone git://git.sarava.org/puppet-php.git php ++checkout = git clone git://git.fluxo.info/puppet-php.git php + +[puppet/modules/pmwiki] - checkout = git clone git://git.sarava.org/puppet-pmwiki.git pmwiki ++checkout = git clone git://git.fluxo.info/puppet-pmwiki.git pmwiki + +[puppet/modules/postfix] - checkout = git clone git://git.sarava.org/puppet-postfix.git postfix ++checkout = git clone git://git.fluxo.info/puppet-postfix.git postfix + +[puppet/modules/puppet] - checkout = git clone git://git.sarava.org/puppet-puppet.git puppet ++checkout = git clone git://git.fluxo.info/puppet-puppet.git puppet + +[puppet/modules/pureftpd] - checkout = git clone git://git.sarava.org/puppet-pureftpd.git pureftpd ++checkout = git clone git://git.fluxo.info/puppet-pureftpd.git pureftpd + +[puppet/modules/pyroscope] - checkout = git clone git://git.sarava.org/puppet-pyroscope.git pyroscope ++checkout = git clone git://git.fluxo.info/puppet-pyroscope.git pyroscope + +[puppet/modules/qwebirc] - checkout = git clone git://git.sarava.org/puppet-qwebirc.git qwebirc ++checkout = git clone git://git.fluxo.info/puppet-qwebirc.git qwebirc + +[puppet/modules/reprepro] - checkout = git clone git://git.sarava.org/puppet-reprepro.git reprepro ++checkout = git clone git://git.fluxo.info/puppet-reprepro.git reprepro + +[puppet/modules/resolvconf] - checkout = git clone git://git.sarava.org/puppet-resolvconf.git resolvconf ++checkout = git clone git://git.fluxo.info/puppet-resolvconf.git resolvconf + +[puppet/modules/rng-tools] - checkout = git clone git://git.sarava.org/puppet-rng-tools.git rng-tools ++checkout = git clone git://git.fluxo.info/puppet-rng-tools.git rng-tools + +[puppet/modules/rsync] - checkout = git clone git://git.sarava.org/puppet-rsync.git rsync ++checkout = git clone git://git.fluxo.info/puppet-rsync.git rsync + +[puppet/modules/runit] - checkout = git clone git://git.sarava.org/puppet-runit.git runit ++checkout = git clone git://git.fluxo.info/puppet-runit.git runit + +[puppet/modules/samba] - checkout = git clone git://git.sarava.org/puppet-samba.git samba ++checkout = git clone git://git.fluxo.info/puppet-samba.git samba + +[puppet/modules/schroot] - checkout = git clone git://git.sarava.org/puppet-schroot.git schroot ++checkout = git clone git://git.fluxo.info/puppet-schroot.git schroot + +[puppet/modules/shorewall] - checkout = git clone git://git.sarava.org/puppet-shorewall.git shorewall ++checkout = git clone git://git.fluxo.info/puppet-shorewall.git shorewall + +[puppet/modules/smartmonster] - checkout = git clone git://git.sarava.org/puppet-smartmonster.git smartmonster ++checkout = git clone git://git.fluxo.info/puppet-smartmonster.git smartmonster + +[puppet/modules/smartmontools] - checkout = git clone git://git.sarava.org/puppet-smartmontools.git smartmontools ++checkout = git clone git://git.fluxo.info/puppet-smartmontools.git smartmontools + +[puppet/modules/sshd] - checkout = git clone git://git.sarava.org/puppet-sshd.git sshd ++checkout = git clone git://git.fluxo.info/puppet-sshd.git sshd + +[puppet/modules/ssl] - checkout = git clone git://git.sarava.org/puppet-ssl.git ssl ++checkout = git clone git://git.fluxo.info/puppet-ssl.git ssl ++ ++[puppet/modules/stdlib] ++checkout = git clone git://git.fluxo.info/puppet-stdlib.git stdlib + +[puppet/modules/supervisor] - checkout = git clone git://git.sarava.org/puppet-supervisor.git supervisor ++checkout = git clone git://git.fluxo.info/puppet-supervisor.git supervisor + +[puppet/modules/supybot] - checkout = git clone git://git.sarava.org/puppet-supybot.git supybot ++checkout = git clone git://git.fluxo.info/puppet-supybot.git supybot + +[puppet/modules/syslog-ng] - checkout = git clone git://git.sarava.org/puppet-syslog-ng.git syslog-ng ++checkout = git clone git://git.fluxo.info/puppet-syslog-ng.git syslog-ng + +[puppet/modules/tftp] - checkout = git clone git://git.sarava.org/puppet-tftp.git tftp ++checkout = git clone git://git.fluxo.info/puppet-tftp.git tftp + +[puppet/modules/tor] - checkout = git clone git://git.sarava.org/puppet-tor.git tor ++checkout = git clone git://git.fluxo.info/puppet-tor.git tor + +[puppet/modules/trac] - checkout = git clone git://git.sarava.org/puppet-trac.git trac ++checkout = git clone git://git.fluxo.info/puppet-trac.git trac + +[puppet/modules/tunnel] - checkout = git clone git://git.sarava.org/puppet-tunnel.git tunnel ++checkout = git clone git://git.fluxo.info/puppet-tunnel.git tunnel + +[puppet/modules/user] - checkout = git clone git://git.sarava.org/puppet-user.git user ++checkout = git clone git://git.fluxo.info/puppet-user.git user + +[puppet/modules/vcsrepo] - checkout = git clone git://git.sarava.org/puppet-vcsrepo.git vcsrepo ++checkout = git clone git://git.fluxo.info/puppet-vcsrepo.git vcsrepo + +[puppet/modules/viewvc] - checkout = git clone git://git.sarava.org/puppet-viewvc.git viewvc ++checkout = git clone git://git.fluxo.info/puppet-viewvc.git viewvc + +[puppet/modules/virtual] - checkout = git clone git://git.sarava.org/puppet-virtual.git virtual ++checkout = git clone git://git.fluxo.info/puppet-virtual.git virtual + +[puppet/modules/websites] - checkout = git clone git://git.sarava.org/puppet-websites.git websites ++checkout = git clone git://git.fluxo.info/puppet-websites.git websites + +[puppet/modules/websvn] - checkout = git clone git://git.sarava.org/puppet-websvn.git websvn ++checkout = git clone git://git.fluxo.info/puppet-websvn.git websvn + +[puppet/modules/wordpress] - checkout = git clone git://git.sarava.org/puppet-wordpress.git wordpress ++checkout = git clone git://git.fluxo.info/puppet-wordpress.git wordpress diff --cc puppet/Makefile index 2209271,0000000..97c4a58 mode 100644,000000..100644 --- a/puppet/Makefile +++ b/puppet/Makefile @@@ -1,59 -1,0 +1,67 @@@ +# +# Puppet Boostrap Makefile by Silvio Rhatto (rhatto at riseup.net). +# +# This Makefile is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the Free +# Software Foundation; either version 3 of the License, or any later version. +# +# This Makefile is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS - # # FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. ++# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along with +# this program; if not, write to the Free Software Foundation, Inc., 59 Temple +# Place - Suite 330, Boston, MA 02111-1307, USA +# + +CWD = $(shell pwd) - REPO = git://git.sarava.org/puppet-bootstrap.git ++REPO = git://git.fluxo.info/puppet-bootstrap.git +PUPPET = FACTER_BOOTSTRAP_PATH="$(CWD)" puppet apply --confdir="$(CWD)" --modulepath=modules + +all: deps remote modules config + +deps: + bin/dependencies + +modules: + mr up + +submodules: + bin/submodules + +subtrees: + bin/subtrees + +symlinks: + bin/symlinks $(MODULES) + +remote: + git remote add bootstrap $(REPO) + +hiera/boostrap.yaml: + $(EDITOR) hiera/bootstrap.yaml + +puppet.conf: + mkdir -p $(HOME)/.puppet + $(PUPPET) manifests/bootstrap/configurator.pp + +config: hiera/boostrap.yaml puppet.conf + @true + +apply: + $(PUPPET) manifests/bootstrap/$(stage).pp + +clean: + rm -f auth.conf fileserver.conf puppet.conf + rm -f manifests/classes/users.pp + rm -rf ssl + rm -rf modules + git checkout modules ++ ++post_update: ++ git config receive.denyCurrentBranch ignore ++ cd .git/hooks && ln -sf ../../bin/post-update ++ ++post_receive: ++ git config receive.denyCurrentBranch ignore ++ cd .git/hooks && ln -sf ../../bin/post-receive diff --cc puppet/README.md index 67dad5f,0000000..bb5375d mode 100644,000000..100644 --- a/puppet/README.md +++ b/puppet/README.md @@@ -1,38 -1,0 +1,38 @@@ +Puppet Boostrap Module +====================== + +This is a multi-purpose but very specific puppet module which can be used: + +* As the base repository for a puppet infrastructure. +* As a standalone provisioner for boxes, with Vagrant support. - * It can be optionally used together with the Hydra Suite from https://git.sarava.org/?p=hydra.git ++* It can be optionally used together with the Hydra Suite from https://git.fluxo.info/hydra.git + - Setting up a new puppetmaster repository - ---------------------------------------- ++Setting up a new puppet repository ++---------------------------------- + +You'll basically use the `bootstrap` repository as your `puppet` repository: + - git clone git://git.sarava.org/puppet-bootstrap.git puppet ++ git clone git://git.fluxo.info/puppet-bootstrap.git puppet + cd puppet && git tag -v # check integrity + make deps # install dependencies + make submodules # add all needed puppet module as as git submodules + make config # basic configuration + +Using as a standalone provisioner +--------------------------------- + +This will be a `Vagrant` example: + + cd your-project - git clone git://git.sarava.org/puppet-bootstrap.git puppet # use submodule or subtree as you please ++ git clone git://git.fluxo.info/puppet-bootstrap.git puppet # use submodule or subtree as you please + ln -s puppet/Vagrantfile # or copy if you want to customize + ( cd puppet && make modules ) # need the mr binary to download the submodules + vagrant up web # with no arguments, all defined VMs are started + +Using subtrees or symlinks for modules +-------------------------------------- + +You might use `make subtrees` instead of `make submodules`. Also, if you already have +all the modules in a different subtree, use + + make symlinks MODULES=/path/to/puppet/modules diff --cc puppet/TODO.md index c773654,0000000..429bd4d mode 100644,000000..100644 --- a/puppet/TODO.md +++ b/puppet/TODO.md @@@ -1,7 -1,0 +1,141 @@@ +TODO +==== + - * Minimal manifest for fast provisioning. - * Update to new nodo style (hiera and nodo::role). - * Support for recursive clones in `bin/mrconfig`. - * Test! ++High priority ++------------- ++ ++- puppet: masterless: ++ - keyringer/gpg integration. ++ - https://github.com/compete/hiera_yamlgpg ++ - https://github.com/crayfishx/hiera-gpg ++ - https://github.com/sihil/hiera-eyaml-gpg ++ - https://github.com/StackExchange/blackbox ++ - http://ww.telent.net/2014/2/10/keeping_secrets_in_public_with_puppet ++ - https://docs.puppetlabs.com/hiera/1/custom_backends.html ++ - https://puppetlabs.com/blog/encrypt-your-data-using-hiera-eyaml ++ - https://packages.debian.org/jessie/hiera-eyaml ++ - how to distribute keys outside the repo (i.e, avoiding all nodes to have all keys?): ++ - add a monkeysphere auth subkey to every openpgp key used for backups. ++ - make backupninja wrap around monkeysphere: http://web.monkeysphere.info/doc/user-ssh-advanced/ ++ - http://current.workingdirectory.net/posts/2011/puppet-without-masters/ ++ - http://andrewbunday.co.uk/2012/12/04/masterless-puppet-wrapper/ ++ - http://semicomplete.com/presentations/puppet-at-loggly/puppet-at-loggly.pdf.html ++ - https://github.com/jordansissel/puppet-examples/tree/master/masterless ++- sshd: ++ - https://stribika.github.io/2015/01/04/secure-secure-shell.html ++ - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774711#60 ++ - enable ecdsa key. ++ - ecdsa priority: alternatives: ++ - unsupport ecdsa in the server. ++ - export ecdsa pubkeys. ++ - manage client's /root/.ssh/config: `HostKeyAlgorithms ssh-rsa`. ++ - force option via rsync/rdiff handlers. ++- virtual: migrate to kvm/libvirt. ++- loginrecords: deploy module. ++- deploy https://github.com/wido/puppet-module-tcpwrappers ++- nodo: ++ - run stages. ++ - allow more resources to be declared via hiera. ++ - fix hiera default boolean value when true. ++ - easy way to toggle management of subsystems. ++ ++Medium priority ++--------------- ++ ++- apt: raspbian support, including unnatended-upgrades. ++- backup: ++ - support for $dombr and $dobios on backupninja::sys for servers and physical machines. ++ - sync-backups support for rsyncing from kvms / snapshots. ++- nodo: ++ - cleanup and refactor. ++ - uniform variable names. ++ - use prompt.sh from bash-prompt as a submodule. ++- common: autoload. ++- general: ++ - rollback of commits about charset. ++ - switch to conf.d: ++ - php ("refactor" branch), remove E_STRICT from production's error_reporting. ++ - apache2. ++ - sudoers. ++- backup: `sync-media-iterate [volume]`. ++- mail: ++ - use ssl::dhparams, move to 2048 bit and use the standard file names and paths: ++ - [Feature #4012: postfix: ship 2048bit dh parameters - Platform - LEAP Issue Tracker](https://leap.se/code/issues/4012) ++ ++Low priority ++------------ ++ ++- merge, review, pull requests for all modules. ++- bind: nsupdate / dynamic dns: ++ - http://linux.yyz.us/nsupdate/ ++ - http://linux.yyz.us/dns/ddns-server.html ++ - http://caunter.ca/nsupdate.txt ++ - http://www.rtfm-sarl.ch/articles/using-nsupdate.html ++ - https://github.com/skx/dhcp.io/ ++- munin: lvm monitoring. ++- pyroscope: torrent workflow: torrent-maker, magnet2torrent and torrent-reseed: ++ - http://wiki.rtorrent.org/MagnetUri ++ - http://dan.folkes.me/2012/04/19/converting-a-magnet-link-into-a-torrent/ ++ - https://github.com/danfolkes/Magnet2Torrent ++ - http://code.google.com/p/pyroscope/wiki/CommandLineTools ++ - https://trac.transmissionbt.com/ticket/4176 ++ - http://wiki.rtorrent.org/MagnetUri ++ - https://github.com/rakshasa/rtorrent/issues/212 ++ - saving/restoring `.meta` and `~/rtorrent/.session` files. ++- support for http/https proxy inside web nodes: ++ - encrypted ssl keys: http://support.f5.com/kb/en-us/solutions/public/11000/400/sol11440.html ++ - make all apache sites listen to 8080. ++- git: ++ - gitolite: [monkeysphere integration](http://gitolite.com/gitolite/g2/monkeysphere.html). ++ - gitweb clean urls. ++ - email notifications. ++ - https://packages.debian.org/jessie/git-notifier ++ - https://github.com/mhagger/git-multimail ++ - using OpenPGP? ++- syslog-ng: use conf.d. ++- etherpad: `You need to set a sessionKey value in settings.json`. ++- knock integration via https://github.com/juasiepo/knockd ++- apache: ++ - try libapache2-modsecurity. ++ - deploy https://git.immerda.ch/csp-report/ ++ - disable other_vhosts_access.log. ++- onion: ++ - support for existing hidden service key, generated with tools like https://github.com/katmagic/Shallot ++ - load balancing: http://archives.seul.org/tor/relays/Apr-2011/msg00022.html ++- nagios: snmp, nrpe, nsca ++ - http://nagios.sourceforge.net/docs/3_0/addons.html ++ - http://www.math.wisc.edu/~jheim/snmp/ ++- ssh access restrictions: ++ - denyhosts, but we don't want to log IPs. ++ - using shorewall: http://www.debian-administration.org/articles/250#comment_16 ++ - alowed users / groups. ++- websites: freewvs. ++- puppet: bug report: debian wheezy puppet-common: needs the following patch: http://projects.puppetlabs.com/issues/10963 ++- mail: ++ - review dovecot recipient delimiter handling: to which mailbox messages should be sent? ++ - mlmmj: ++ - lists with hyphens are not working when mails are sent directly, but work when sent to an alias. ++ - `mail::mlmmj::domain` needs updating or additional domains should be added into `relay_domains`. ++- drupal/wordpress: ++ - cronjob/cli: switch to site user. ++ - drupal_update: Do you really want to continue with the update process? (y/n): ++ Do you really want to continue with the update process? (y/n): Aborting. [cancel], ++ possibly related to https://www.drupal.org/node/443392 ++- php / wordpress / wp-cli: composer installation and dependencies: ++ - http://getcomposer.org/doc/00-intro.md#installation-nix ++ - https://github.com/wp-cli/wp-cli/wiki/Alternative-Install-Methods ++ - suhosin needs `suhosin.executor.include.whitelist = phar` on `/etc/php5/cli/conf.d/suhosin.ini`. ++- nodo: support for prosody: ++ - https://github.com/dgoulet/prosody-otr ++ - http://prosody.im/doc/creating_accounts#importing_from_ejabberd ++ - config with good score at https://xmpp.net/index.php ++- mail: ++ - support for [preventing SPAM connections with bird](http://www.debian-administration.org/article/715/Preventing_SPAM_connections_with_bird.). ++ - schleuder: manage `/etc/schleuder/schleuder.conf`, using `superadminaddr: root` or other recipient, to avoid mails. ++ sent as `root@localhost`. ++ - deploy https://git.autistici.org/ale/smtp-fp/tree/master ++ https://github.com/EFForg/starttls-everywhere ++ - deploy https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration#Configuration_server_at_ISP ++ https://git-ipuppet.immerda.ch/module-apache/commit/?id=058dbb366b96cae1f8fb0def65f73a698f1c375d ++ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577616 ++ - support for [preventing SPAM connections with bird](http://www.debian-administration.org/article/715/Preventing_SPAM_connections_with_bird.). diff --cc puppet/Vagrantfile index 8999cf0,0000000..3ee05e6 mode 100644,000000..100644 --- a/puppet/Vagrantfile +++ b/puppet/Vagrantfile @@@ -1,61 -1,0 +1,29 @@@ - # -*- mode: ruby -*- - # vi: set ft=ruby : ++# Vagrantfile API/syntax version. Don't touch unless you know what you're doing! ++VAGRANTFILE_API_VERSION = "2" + - Vagrant::Config.run do |config| ++Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| + # Every Vagrant virtual environment requires a box to build off of. - config.vm.box = "wheezy" ++ config.vm.box = "jessie" ++ ++ # Hostname ++ config.vm.hostname = "puppet-bootstrap.example.org" + + # Shell provisioner to setup basic environment. + config.vm.provision :shell, :inline => "/vagrant/puppet/bin/provision" + + # Enable provisioning with Puppet stand alone. + config.vm.provision :puppet do |puppet| + puppet.manifest_file = "bootstrap/vagrant.pp" + puppet.manifests_path = "puppet/manifests" + puppet.module_path = "puppet/modules" ++ puppet.hiera_config_path = "puppet/hiera.yaml" + puppet.temp_dir = "/etc/puppet" + puppet.working_directory = "/etc/puppet" + end + - # Define a Host VM - config.vm.define :host do |host_config| - db_config.vm.box = "host" - web_config.vm.network :hostonly, "192.168.50.101" - end - - # Define a Puppetmaster VM - config.vm.define :master do |master_config| - master_config.vm.box = "master" - master_config.vm.forward_port 8139, 8140 - web_config.vm.network :hostonly, "192.168.50.102" - end - - # Define a Proxy VM - config.vm.define :proxy do |proxy_config| - proxy_config.vm.box = "proxy" - proxy_config.vm.forward_port 8139, 8140 - web_config.vm.network :hostonly, "192.168.50.103" - end - - # Define a Web VM - config.vm.define :web do |web_config| - web_config.vm.box = "web" - web_config.vm.forward_port 80, 8080 - web_config.vm.network :hostonly, "192.168.50.104" - end - - # Define a Storage VM - config.vm.define :storage do |storage_config| - storage_config.vm.box = "storage" - storage_config.vm.network :hostonly, "192.168.50.105" - end - - # Define a Test VM - config.vm.define :test do |test_config| - test_config.vm.box = "test" - test_config.vm.network :hostonly, "192.168.50.106" - end - + # Share hiera configuration. - config.vm.share_folder "hiera", "/etc/puppet/hiera", "puppet/hiera", create: true ++ config.vm.synced_folder "puppet/hiera", "/etc/puppet/hiera" ++ ++ # Forwarded ports ++ #config.vm.network "forwarded_port", guest: 80, host: 8081 +end diff --cc puppet/bin/deploy index 0000000,5d3361b..5d3361b mode 000000,100755..100755 --- a/puppet/bin/deploy +++ b/puppet/bin/deploy diff --cc puppet/bin/post-receive index 0000000,996189d..996189d mode 000000,100755..100755 --- a/puppet/bin/post-receive +++ b/puppet/bin/post-receive diff --cc puppet/bin/post-update index 0000000,48a6a16..48a6a16 mode 000000,100755..100755 --- a/puppet/bin/post-update +++ b/puppet/bin/post-update diff --cc puppet/files/patches/trusty/puppet-stack-level.md index 0000000,9a3f4d7..9a3f4d7 mode 000000,100644..100644 --- a/puppet/files/patches/trusty/puppet-stack-level.md +++ b/puppet/files/patches/trusty/puppet-stack-level.md diff --cc puppet/files/patches/trusty/puppet-stack-level.patch index 0000000,1d112f7..1d112f7 mode 000000,100644..100644 --- a/puppet/files/patches/trusty/puppet-stack-level.patch +++ b/puppet/files/patches/trusty/puppet-stack-level.patch diff --cc puppet/hiera/node/puppet-bootstrap.example.org.yaml index 0000000,c108e7d..c108e7d mode 000000,100644..100644 --- a/puppet/hiera/node/puppet-bootstrap.example.org.yaml +++ b/puppet/hiera/node/puppet-bootstrap.example.org.yaml diff --cc puppet/manifests/nodes/default.pp index 0000000,5ebbf90..5ebbf90 mode 000000,100644..100644 --- a/puppet/manifests/nodes/default.pp +++ b/puppet/manifests/nodes/default.pp diff --cc puppet/modules/site_apt/files/keys.d/.empty index 0000000,e69de29..e69de29 mode 000000,100644..100644 --- a/puppet/modules/site_apt/files/keys.d/.empty +++ b/puppet/modules/site_apt/files/keys.d/.empty diff --cc puppet/modules/site_bind/manifests/init.pp index 0000000,7ee08d2..7ee08d2 mode 000000,100644..100644 --- a/puppet/modules/site_bind/manifests/init.pp +++ b/puppet/modules/site_bind/manifests/init.pp diff --cc puppet/modules/site_mail/files/aliases index 0000000,08a0723..08a0723 mode 000000,100644..100644 --- a/puppet/modules/site_mail/files/aliases +++ b/puppet/modules/site_mail/files/aliases diff --cc puppet/modules/site_users/manifests/admin.pp index 0000000,14ad9da..14ad9da mode 000000,100644..100644 --- a/puppet/modules/site_users/manifests/admin.pp +++ b/puppet/modules/site_users/manifests/admin.pp diff --cc puppet/modules/site_users/manifests/backups.pp index 0000000,aab00f9..aab00f9 mode 000000,100644..100644 --- a/puppet/modules/site_users/manifests/backups.pp +++ b/puppet/modules/site_users/manifests/backups.pp diff --cc puppet/modules/site_users/manifests/init.pp index 0000000,b3c656a..b3c656a mode 000000,100644..100644 --- a/puppet/modules/site_users/manifests/init.pp +++ b/puppet/modules/site_users/manifests/init.pp diff --cc puppet/modules/site_users/manifests/virtual.pp index 0000000,20aba01..20aba01 mode 000000,100644..100644 --- a/puppet/modules/site_users/manifests/virtual.pp +++ b/puppet/modules/site_users/manifests/virtual.pp diff --cc puppet/modules/site_websites/manifests/init.pp index 0000000,c98ca7d..c98ca7d mode 000000,100644..100644 --- a/puppet/modules/site_websites/manifests/init.pp +++ b/puppet/modules/site_websites/manifests/init.pp diff --cc puppet/templates/apache/vhosts/cgit.erb index 0000000,d2d393d..d2d393d mode 000000,100644..100644 --- a/puppet/templates/apache/vhosts/cgit.erb +++ b/puppet/templates/apache/vhosts/cgit.erb