Skip to content

jtopjian/puppet-bass

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 

bass

This module contains common configurations that can easily be applied to different environments.

It's tuned very specifically to environments that I create, but you might be able to use it in your environment.

Example

Hiera

# Base

## Firewall

site::firewall::policy::ipv4: 'drop'
site::firewall::policy::ipv6: 'drop'
site::firewall::trusted::ipv4:
  - '10.1.0.0/20'
site::firewall::trusted::ipv6:
  - '2605:fd00:4:1000::/64'

## Hosts
site::hosts::ip: "%{::ipaddress6_eth0}"
site::hosts::global: false
site::hosts::static_hosts:
  www.example.com:
    ip: '192.168.255.10'
    host_aliases: ['www', 'www2.example.com', 'www2']

## Packages

site::packages:
  tmux: 'latest'
  git: 'latest'

## Users
site::users:
  root:
    account:
      uid: 0
      gid: 0
      password: '*'
      home: '/root'
    ssh_authorized_users:
      root@puppet.example.com: 'present'
      root@cloud.example.com: 'present'
    ssh_key:
      type: 'rsa'
  jdoe:
    group:
      ensure: 'present'
      gid: 999
    account:
      ensure: 'present'
      managehome: true
      uid: 999
      gid: 999
    ssh_key:
      type: 'rsa'

Puppet

class site::profiles::base {

  # Hiera
  $users                         = hiera_hash('site::users', {})
  $hosts_ip                      = hiera('site::hosts::ip', $::ipaddress_eth0)
  $hosts_global                  = hiera('site::hosts::global', false)
  $hosts_static_hosts            = hiera('site::hosts::static_hosts', {})
  $packages                      = hiera_hash('site::packages', {})
  $packages_gems                 = hiera_hash('site::packages::gems', {})
  $packages_eggs                 = hiera_hash('site::packages::eggs', {})
  $firewall_default_policy_ipv4  = hiera('site::firewall::policy::ipv4', 'drop')
  $firewall_default_policy_ipv6  = hiera('site::firewall::policy::ipv6', 'drop')
  $firewall_purge                = hiera('site::firewall::purge', true)
  $firewall_trusted_ipv4         = hiera_array('site::firewall::trusted::ipv4', [])
  $firewall_trusted_ipv6         = hiera_array('site::firewall::trusted::ipv6', [])
  $firewall_untrusted_ipv4       = hiera_array('site::firewall::untrusted::ipv4', [])
  $firewall_untrusted_ipv6       = hiera_array('site::firewall::untrusted::ipv6', [])
  $firewall_rules                = hiera_hash('site::firewall::rules', {})
  $sysctl_ip_local_reserve_ports = hiera_array('site::network::local_reserve_ports', [])
  $sysctl_settings               = hiera_hash('site::sysctl::settings', {})

  anchor { 'site::profiles::base::begin': } ->
  class { 'bass::users':
    users => $users,
  } ->
  class { 'bass::hosts':
    ip           => $hosts_ip,
    is_global    => $hosts_global,
    static_hosts => $hosts_static_hosts,
  } ->
  class { 'bass::packages':
    packages => $packages,
    gems     => $packages_gems,
    eggs     => $packages_eggs,
  } ->
  class { 'bass::firewall':
    default_policy_ipv4 => $firewall_default_policy_ipv4,
    default_policy_ipv6 => $firewall_default_policy_ipv6,
    purge               => $firewall_purge,
    trusted_ipv4        => $firewall_trusted_ipv4,
    trusted_ipv6        => $firewall_trusted_ipv6,
    untrusted_ipv4      => $firewall_untrusted_ipv4,
    untrusted_ipv6      => $firewall_untrusted_ipv6,
    rules               => $firewall_rules,
  } ->
  class { 'bass::sysctl':
    ip_local_reserve_ports => $sysctl_ip_local_reserve_ports,
    settings               => $sysctl_settings,
  } ->
  class { 'bass::security_updates': } ->
  anchor { 'site::profiles::base::end': }

}

About

commonly used puppet manifests

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages