aboutsummaryrefslogtreecommitdiff
path: root/manifests/subsystem
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/subsystem')
-rw-r--r--manifests/subsystem/apt.pp48
-rw-r--r--manifests/subsystem/backup.pp26
-rw-r--r--manifests/subsystem/hostname.pp9
-rw-r--r--manifests/subsystem/local.pp9
-rw-r--r--manifests/subsystem/mail.pp14
-rw-r--r--manifests/subsystem/sshd.pp29
6 files changed, 135 insertions, 0 deletions
diff --git a/manifests/subsystem/apt.pp b/manifests/subsystem/apt.pp
new file mode 100644
index 0000000..b3f643d
--- /dev/null
+++ b/manifests/subsystem/apt.pp
@@ -0,0 +1,48 @@
+class nodo::subsystem::apt {
+ #
+ # Apt configuration
+ #
+ class { 'apt':
+ include_src => hiera('nodo::subsystem::apt::include_src', false),
+ use_next_release => hiera('nodo::subsystem::apt::use_next_release', false),
+ custom_key_dir => hiera('nodo::subsystem::apt::custom_key_dir', 'puppet:///modules/site_apt/keys.d')
+ }
+
+ include apt::unattended_upgrades
+
+ $apt_domain_source = hiera('nodo::subsystem::apt::domain_source', false)
+
+ apt::sources_list { "${::domain}.list":
+ source => [ "puppet:///modules/site_apt/sources.list.d/${::operatingsystem}/${::lsbdistcodename}/${::domain}.list",
+ "puppet:///modules/site_apt/sources.list.d/${::operatingsystem}/${::domain}.list", ],
+ ensure => $apt_domain_source ? {
+ true => present,
+ default => absent,
+ }
+ }
+
+ # Preferences file can't have dots in the filename
+ $apt_domain_preferences = regsubst($::domain, '\.', '-', 'G')
+
+ file { "/etc/apt/preferences.d/${apt_domain_preferences}":
+ source => [ "puppet:///modules/site_apt/preferences.d/${::operatingsystem}/${::domain}",
+ "puppet:///modules/nodo/preferences.d/custom" ],
+ ensure => $apt_domain_source ? {
+ true => present,
+ default => absent,
+ }
+ }
+
+ $apt_proxy = hiera('nodo::subsystem::apt::proxy', false)
+
+ if $apt_proxy != false {
+ class { 'apt::proxy_client':
+ proxy => $apt_proxy,
+ port => hiera('nodo::subsystem::apt::proxy_port', ''),
+ }
+ }
+
+ package { 'apt-transport-https':
+ ensure => present,
+ }
+}
diff --git a/manifests/subsystem/backup.pp b/manifests/subsystem/backup.pp
new file mode 100644
index 0000000..eb3dafc
--- /dev/null
+++ b/manifests/subsystem/backup.pp
@@ -0,0 +1,26 @@
+class nodo::subsystem::backup {
+ #
+ # Backup
+ #
+ class { 'backup': }
+
+ $local_backup = hiera('nodo::subsystem::backup::localhost', false)
+
+ # Local encrypted backup
+ case $local_backup {
+ true,enabled,present: {
+ backup::duplicity { "localhost":
+ encryptkey => hiera('nodo::subsystem::backup::encryptkey'),
+ password => hiera('nodo::subsystem::backup::password'),
+ }
+ }
+ absent: {
+ backup::duplicity { "localhost":
+ encryptkey => hiera('nodo::subsystem::backup::encryptkey'),
+ password => hiera('nodo::subsystem::backup::password'),
+ ensure => absent,
+ }
+ }
+ default: { }
+ }
+}
diff --git a/manifests/subsystem/hostname.pp b/manifests/subsystem/hostname.pp
new file mode 100644
index 0000000..4dedcec
--- /dev/null
+++ b/manifests/subsystem/hostname.pp
@@ -0,0 +1,9 @@
+class nodo::subsystem::hostname {
+ file { "/etc/hostname":
+ owner => "root",
+ group => "root",
+ mode => 0644,
+ ensure => present,
+ content => "${::fqdn}\n",
+ }
+}
diff --git a/manifests/subsystem/local.pp b/manifests/subsystem/local.pp
new file mode 100644
index 0000000..be02bbe
--- /dev/null
+++ b/manifests/subsystem/local.pp
@@ -0,0 +1,9 @@
+class nodo::subsystem::local {
+ file { "/etc/rc.local":
+ source => "puppet:///modules/nodo/etc/rc.local",
+ owner => "root",
+ group => "root",
+ mode => 0755,
+ ensure => present,
+ }
+}
diff --git a/manifests/subsystem/mail.pp b/manifests/subsystem/mail.pp
new file mode 100644
index 0000000..12c7e4b
--- /dev/null
+++ b/manifests/subsystem/mail.pp
@@ -0,0 +1,14 @@
+class nodo::subsystem::mail {
+ # Email delivery configuration
+ $mail_delivery = hiera('nodo::subsystem::mail::delivery', 'exim')
+ case $mail_delivery {
+ 'tunnel': {
+ $mail_hostname = hiera('nodo::subsystem::mail::hostname')
+ tunnel::autossh::mail { "$mail_hostname":
+ sshport => hiera('nodo::subsystem::mail::ssh_port'),
+ }
+ }
+ 'postfix': { }
+ '','exim',default: { include exim::tls }
+ }
+}
diff --git a/manifests/subsystem/sshd.pp b/manifests/subsystem/sshd.pp
new file mode 100644
index 0000000..80c6747
--- /dev/null
+++ b/manifests/subsystem/sshd.pp
@@ -0,0 +1,29 @@
+class nodo::subsystem::sshd {
+ # SSH Server
+ #
+ # We need to restrict listen address by default so multiple
+ # instances can live together in the same physical host.
+ #
+ class { 'sshd':
+ manage_nagios => hiera('nodo::subsystem::sshd::manage_nagios', false),
+ listen_address => hiera('nodo::subsystem::sshd::listen_address', [ "${::ipaddress}", '127.0.0.1' ]),
+ password_authentication => hiera('nodo::subsystem::sshd::password_authentication', 'yes'),
+ shared_ip => hiera('nodo::subsystem::sshd::shared_ip', 'yes'),
+ tcp_forwarding => hiera('nodo::subsystem::sshd::tcp_forwarding', 'yes'),
+ hardened_ssl => hiera('nodo::subsystem::sshd::hardened_ssl', 'yes'),
+ print_motd => hiera('nodo::subsystem::sshd::print_motd', 'no'),
+ ports => hiera('nodo::subsystem::sshd::ports', [ 22 ]),
+ use_pam => hiera('nodo::subsystem::sshd::use_pam', 'no'),
+ }
+
+ # Add the localhost ssh key, useful when one needs
+ # to ssh to localhost.
+ sshkey { [ 'localhost', '127.0.0.1' ]:
+ type => ssh-rsa,
+ key => $::sshrsakey,
+ ensure => $::sshrsakey ? {
+ '' => absent,
+ default => present,
+ },
+ }
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-11-04 00:12:21 +0000