diff options
Diffstat (limited to 'manifests/base')
| -rw-r--r-- | manifests/base/appliance.pp | 7 | ||||
| -rw-r--r-- | manifests/base/desktop.pp | 7 | ||||
| -rw-r--r-- | manifests/base/host.pp | 55 | ||||
| -rw-r--r-- | manifests/base/kvm.pp | 5 | ||||
| -rw-r--r-- | manifests/base/laptop.pp | 33 | ||||
| -rw-r--r-- | manifests/base/personal.pp | 37 | ||||
| -rw-r--r-- | manifests/base/physical.pp | 21 | ||||
| -rw-r--r-- | manifests/base/plug.pp | 21 | ||||
| -rw-r--r-- | manifests/base/removable.pp | 9 | ||||
| -rw-r--r-- | manifests/base/server.pp | 5 | ||||
| -rw-r--r-- | manifests/base/vserver.pp | 38 | 
11 files changed, 238 insertions, 0 deletions
| diff --git a/manifests/base/appliance.pp b/manifests/base/appliance.pp new file mode 100644 index 0000000..73d95f5 --- /dev/null +++ b/manifests/base/appliance.pp @@ -0,0 +1,7 @@ +class nodo::base::appliance inherits nodo::base::physical { +  class { 'sysctl::appliance': } + +  class { [ 'nodo::subsystem::fstab', 'nodo::subsystem::crypttab' ]: +    type => 'appliance', +  } +} diff --git a/manifests/base/desktop.pp b/manifests/base/desktop.pp new file mode 100644 index 0000000..bf9d2fe --- /dev/null +++ b/manifests/base/desktop.pp @@ -0,0 +1,7 @@ +class nodo::base::desktop inherits nodo::base::personal { +  include nodo::utils::desktop + +  class { [ 'nodo::subsystem::fstab', 'nodo::subsystem::crypttab' ]: +    type => 'desktop', +  } +} diff --git a/manifests/base/host.pp b/manifests/base/host.pp new file mode 100644 index 0000000..f57aeb4 --- /dev/null +++ b/manifests/base/host.pp @@ -0,0 +1,55 @@ +# Fully capable node able to host other nodes +class nodo::base::host { +  include nodo::subsystem::initramfs +  include nodo::subsystem::modprobe +  include nodo::subsystem::firewire +  include nodo::subsystem::sysctl +  include nodo::subsystem::resolver +  include nodo::utils::physical +  class { 'syslog-ng': } + +  monkeysphere_host { "${::hostname}": } + +  # Firewall +  class { 'firewall': } + +  # Vserver +  if $::lsbdistcodename == 'squeeze' { +    $vserver = hiera('nodo::host::use_vserver', True) + +    if $vserver == true { +      class { 'vserver::host': +        vdirbase => "/var/vservers", +      } +    } +  } + +  # Time +  $ntpdate = hiera('nodo::host::ntpdate', True) +  case $ntpdate { +    false:   { class { 'timezone': } } +    default: { class { 'ntpdate':  } } +  } + +  # Backup +  backupninja::sys { "sys": +    ensure => present, +  } + +  # Monitoring +  if !defined(Class['nodo::subsystem::monitor']) { +    class { 'nodo::subsystem::monitor': +      type       => 'host', +      use_nagios => hiera('nodo::host::use_nagios', True), +    } +  } + +  # Munin configuration +  $munin = hiera('nodo::host::use_munin', True) +  if $munin == true { +    munin_node { "$hostname": +      port => '4900', +    } +  } + +} diff --git a/manifests/base/kvm.pp b/manifests/base/kvm.pp new file mode 100644 index 0000000..06a7d10 --- /dev/null +++ b/manifests/base/kvm.pp @@ -0,0 +1,5 @@ +class nodo::base::kvm inherits nodo::base::host { +  class { [ 'nodo::subsystem::fstab', 'nodo::subsystem::crypttab' ]: +    type => 'kvm', +  } +} diff --git a/manifests/base/laptop.pp b/manifests/base/laptop.pp new file mode 100644 index 0000000..dbafda7 --- /dev/null +++ b/manifests/base/laptop.pp @@ -0,0 +1,33 @@ +class nodo::base::laptop inherits nodo::base::personal { +  include nodo::utils::laptop +  include nodo::subsystem::dhclient +  include firewall::wifi +  include firewall::openvpn +  include firewall::ppp + +  class { 'nodo::subsystem::fstab': +    type => 'laptop', +  } + +  $hibernate = hiera('nodo::laptop::hibernate', false) + +  class { 'nodo::subsystem::crypttab': +    type => $hibernate ? { +      false   => "laptop", +      default => "laptop.hibernate", +    }, +  } + +  # Hibernation +  file { "/etc/initramfs-tools/conf.d/resume": +    owner     => "root", +    group     => "root", +    mode      => 0644, +    content   => "RESUME=/dev/mapper/cswap\n", +    notify    => Exec['update-initramfs'], +    ensure    => $hibernate ? { +      false   => absent, +      default => present, +    }, +  } +} diff --git a/manifests/base/personal.pp b/manifests/base/personal.pp new file mode 100644 index 0000000..5aa28ad --- /dev/null +++ b/manifests/base/personal.pp @@ -0,0 +1,37 @@ +# Personal computer +class nodo::base::personal { +  include nodo::physical +  include nodo::utils::personal +  include autossh + +  class { 'nodo::subsystem::pam': } +  class { 'nodo::subsystem::xorg': } + +  if $::lsbdistcodename == 'squeeze' { +    include nodo::subsystem::gdm +  } +  else { +    include nodo::subsystem::gdm3 +  } + +  # Media folders and groups +  class { [ 'nodo::subsystem::media::folders', 'nodo::subsystem::media::groups' ]: } + +  # Mountpoint for encrypted home folders +  file { [ '/mnt/crypt/', '/mnt/crypt/home' ]: +    ensure => directory, +  } + +  # Misc user data +  file { [ "/var/data/code", "/var/data/crypt", "/var/data/crypt/home", "/var/data/load" ]: +    ensure  => directory, +    mode    => 0755, +    require => File['/var/cache/media'], +  } + +  # Development +  file { [ "/var/cache/vagrant", "/var/cache/virtualbox" ]: +    ensure => directory, +    mode   => 0755, +  } +} diff --git a/manifests/base/physical.pp b/manifests/base/physical.pp new file mode 100644 index 0000000..e01bfb2 --- /dev/null +++ b/manifests/base/physical.pp @@ -0,0 +1,21 @@ +class nodo::base::physical inherits nodo::base::host { +  class { [ 'nodo::subsystem::ups', 'smartmontools' ]: } + +  # SMART monitoring +  $munin = hiera('nodo::host::use_munin', True) +  if $munin == true { +    include munin::plugins::smart +    munin::plugin { 'smart_sda': +      ensure => 'smart_', +      config => "user root\ngroup disk", +    } +  } + +  # Entropy key +  $ekey_masterkey = hiera('nodo::physical::ekey_masterkey', '') +  if $ekey_masterkey != '' { +    class { "ekeyd": +      ekeyd_masterkey => $ekey_masterkey, +    } +  } +} diff --git a/manifests/base/plug.pp b/manifests/base/plug.pp new file mode 100644 index 0000000..17ce366 --- /dev/null +++ b/manifests/base/plug.pp @@ -0,0 +1,21 @@ +class nodo::base::plug { +  include syslog-ng +  include nodo::utils::plug +  include nodo::utils::physical +  include nodo::utils::storage::archive +  include nodo::subsystem::sysctl +  include nodo::subsystem::resolver + +  monkeysphere_host { "${::hostname}": } + +  class { [ 'ntpdate', 'firewall' ]:  } + +  backupninja::sys { "sys": +    ensure     => present, +  } + +  # Munin configuration +  munin_node { "${::hostname}": +    port => '4900', +  } +} diff --git a/manifests/base/removable.pp b/manifests/base/removable.pp new file mode 100644 index 0000000..d13b5ee --- /dev/null +++ b/manifests/base/removable.pp @@ -0,0 +1,9 @@ +class nodo::base::removable inherits nodo::base::desktop { +  File["/etc/fstab"] { +    source  => "puppet:///modules/nodo/etc/fstab/removable", +  } + +  File["/etc/crypttab"] { +    source  => "puppet:///modules/nodo/etc/crypttab/removable", +  } +} diff --git a/manifests/base/server.pp b/manifests/base/server.pp new file mode 100644 index 0000000..93cce4c --- /dev/null +++ b/manifests/base/server.pp @@ -0,0 +1,5 @@ +class nodo::base::server inherits nodo::base::physical { +  class { [ 'nodo::subsystem::fstab', 'nodo::subsystem::crypttab' ]: +    type => 'server', +  } +} diff --git a/manifests/base/vserver.pp b/manifests/base/vserver.pp new file mode 100644 index 0000000..433be5a --- /dev/null +++ b/manifests/base/vserver.pp @@ -0,0 +1,38 @@ +class nodo::base::vserver { +  class { 'timezone': } +  class { 'syslog-ng::vserver': } + +  backupninja::sys { "sys": +    ensure     => present, +    partitions => false, +    hardware   => false, +    dosfdisk   => false, +    dohwinfo   => false, +  } + +  $hosting_type = hiera('nodo::vserver::hosting_type', 'direct') + +  case $hosting_type { +    "direct": { +      # Apply munin and monkeysphere configuration for +      # for directly hosted nodes. +      Munin_node        <<| title == $::hostname |>> +      Monkeysphere_host <<| title == $::hostname |>> +    } +    "third-party": { +      # Apply munin and monkeysphere configuration for +      # nodes hosted by third-parties. +      munin_node { "${::hostname}": } +      monkeysphere_host { "${::hostname}": +        port => hiera('nodo::vserver::ssh_port', '22'), +      } + +      # Nagios configuration +      class { 'nodo::subsystem::monitor': +        type       => 'vserver', +        use_nagios => hiera('nodo::vserver::use_nagios', false), +      } +    } +  } + +} | 
