Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Change tabs with spaces.

  • Loading branch information...
commit 175e1ef2fbbc9c6882bfffe826509bd1516c01ad 1 parent d6021ea
@timstoop timstoop authored
Showing with 6,082 additions and 6,082 deletions.
  1. +4 −4 kbp_acpi/manifests/init.pp
  2. +26 −26 kbp_activemq/manifests/init.pp
  3. +116 −116 kbp_apache/manifests/init.pp
  4. +177 −177 kbp_apache_new/manifests/init.pp
  5. +12 −12 kbp_approx/manifests/init.pp
  6. +22 −22 kbp_apt/manifests/init.pp
  7. +12 −12 kbp_arpwatch/manifests/init.pp
  8. +17 −17 kbp_asterisk/manifests/init.pp
  9. +16 −16 kbp_avahi/manifests/init.pp
  10. +7 −7 kbp_backup/manifests/init.pp
  11. +259 −259 kbp_base/manifests/init.pp
  12. +18 −18 kbp_bind/manifests/init.pp
  13. +8 −8 kbp_bip/manifests/init.pp
  14. +42 −42 kbp_cassandra/manifests/init.pp
  15. +186 −186 kbp_debian/manifests/init.pp
  16. +75 −75 kbp_dell/manifests/init.pp
  17. +11 −11 kbp_dhcp/manifests/init.pp
  18. +12 −12 kbp_dovecot/manifests/init.pp
  19. +40 −40 kbp_drbd/manifests/init.pp
  20. +149 −149 kbp_ferm/manifests/init.pp
  21. +28 −28 kbp_git/manifests/init.pp
  22. +100 −100 kbp_glassfish/manifests/init.pp
  23. +104 −104 kbp_haproxy/manifests/init.pp
  24. +47 −47 kbp_heartbeat/manifests/init.pp
  25. +32 −32 kbp_hetzner/manifests/init.pp
  26. +1,319 −1,319 kbp_icinga/manifests/init.pp
  27. +3 −3 kbp_kumihatch/manifests/init.pp
  28. +8 −8 kbp_kvm/manifests/init.pp
  29. +45 −45 kbp_lamp/manifests/init.pp
  30. +50 −50 kbp_libvirt/manifests/init.pp
  31. +60 −60 kbp_loadbalancer/manifests/init.pp
  32. +26 −26 kbp_localbackup/manifests/init.pp
  33. +4 −4 kbp_logrotate/manifests/init.pp
  34. +42 −42 kbp_mailscanner/manifests/init.pp
  35. +434 −434 kbp_monitoring/manifests/init.pp
  36. +182 −182 kbp_munin/manifests/init.pp
  37. +157 −157 kbp_mysql/manifests/init.pp
  38. +3 −3 kbp_nagios/manifests/init.pp
  39. +6 −6 kbp_nagios/manifests/nrpe.pp
  40. +3 −3 kbp_nagios/manifests/nsca.pp
  41. +3 −3 kbp_nagios/manifests/plugins.pp
  42. +47 −47 kbp_nagios/manifests/server.pp
  43. +59 −59 kbp_nfs/manifests/client.pp
  44. +31 −31 kbp_nfs/manifests/server.pp
  45. +25 −25 kbp_nsca/manifests/init.pp
  46. +2 −2 kbp_nullmailer/manifests/init.pp
  47. +28 −28 kbp_ocfs2/manifests/init.pp
  48. +41 −41 kbp_openldap/manifests/init.pp
  49. +35 −35 kbp_openvpn/manifests/init.pp
  50. +9 −9 kbp_p910nd/manifests/init.pp
  51. +78 −78 kbp_pacemaker/manifests/init.pp
  52. +49 −49 kbp_php/manifests/init.pp
  53. +17 −17 kbp_php5_xdebug/manifests/init.pp
  54. +3 −3 kbp_phpldapadmin/manifests/init.pp
  55. +36 −36 kbp_physical/manifests/init.pp
  56. +35 −35 kbp_postfix/manifests/init.pp
  57. +7 −7 kbp_powerdns/manifests/init.pp
  58. +57 −57 kbp_puppet/manifests/init.pp
  59. +391 −391 kbp_puppet/manifests/master.pp
  60. +406 −406 kbp_puppetmaster/manifests/init.pp
  61. +28 −28 kbp_rabbitmq/manifests/init.pp
  62. +6 −6 kbp_rails/manifests/init.pp
  63. +4 −4 kbp_s3fs/manifests/init.pp
  64. +23 −23 kbp_samba/manifests/init.pp
  65. +66 −66 kbp_smokeping/manifests/init.pp
  66. +15 −15 kbp_sphinxsearch/manifests/init.pp
  67. +19 −19 kbp_ssh/manifests/init.pp
  68. +10 −10 kbp_stunnel/manifests/init.pp
  69. +63 −63 kbp_subversion/manifests/init.pp
  70. +3 −3 kbp_sudo/manifests/init.pp
  71. +20 −20 kbp_sunmq/manifests/init.pp
  72. +10 −10 kbp_sysctl/manifests/init.pp
  73. +100 −100 kbp_syslog/manifests/init.pp
  74. +10 −10 kbp_time/manifests/init.pp
  75. +77 −77 kbp_tomcat/manifests/init.pp
  76. +80 −80 kbp_trending/manifests/init.pp
  77. +8 −8 kbp_twenty-five_mail/manifests/init.pp
  78. +8 −8 kbp_user/manifests/init.pp
  79. +8 −8 kbp_varnish/manifests/init.pp
  80. +43 −43 kbp_webalizer/manifests/init.pp
  81. +8 −8 kbp_xen-domu-ntp/manifests/init.pp
  82. +29 −29 kbp_xen/manifests/init.pp
  83. +9 −9 kbp_xvfb/manifests/init.pp
  84. +214 −214 kbp_zope/manifests/init.pp
View
8 kbp_acpi/manifests/init.pp
@@ -3,12 +3,12 @@
# Class: kbp_acpi
#
# Actions:
-# Undocumented
+# Undocumented
#
# Depends:
-# Undocumented
-# gen_puppet
+# Undocumented
+# gen_puppet
#
class kbp_acpi {
- include gen_acpi
+ include gen_acpi
}
View
52 kbp_activemq/manifests/init.pp
@@ -3,37 +3,37 @@
# Class: kbp_activemq
#
# Actions:
-# Undocumented
+# Undocumented
#
# Depends:
-# Undocumented
-# gen_puppet
+# Undocumented
+# gen_puppet
#
class kbp_activemq {
- include gen_activemq
- include kbp_ferm
+ include gen_activemq
+ include kbp_ferm
- kfile {
- "/etc/activemq/activemq.xml":
- source => "kbp_activemq/activemq.xml",
- notify => Exec["/bin/rm -Rf /var/lib/activemq/*"],
- require => Package["activemq"];
- "/etc/activemq/jetty.xml":
- source => "kbp_activemq/jetty.xml",
- notify => Exec["reload-activemq"],
- require => Package["activemq"];
- }
+ kfile {
+ "/etc/activemq/activemq.xml":
+ source => "kbp_activemq/activemq.xml",
+ notify => Exec["/bin/rm -Rf /var/lib/activemq/*"],
+ require => Package["activemq"];
+ "/etc/activemq/jetty.xml":
+ source => "kbp_activemq/jetty.xml",
+ notify => Exec["reload-activemq"],
+ require => Package["activemq"];
+ }
- exec { "/bin/rm -Rf /var/lib/activemq/*":
- refreshonly => true,
- notify => Service["activemq"],
- }
+ exec { "/bin/rm -Rf /var/lib/activemq/*":
+ refreshonly => true,
+ notify => Service["activemq"],
+ }
- # Open the management port
- gen_ferm::rule { "Connections to admin port":
- dport => "8161",
- proto => "tcp",
- saddr => "${fqdn}",
- action => "ACCEPT",
- }
+ # Open the management port
+ gen_ferm::rule { "Connections to admin port":
+ dport => "8161",
+ proto => "tcp",
+ saddr => "${fqdn}",
+ action => "ACCEPT",
+ }
}
View
232 kbp_apache/manifests/init.pp
@@ -3,158 +3,158 @@
# Class: kbp_apache
#
# Actions:
-# Undocumented
+# Undocumented
#
# Depends:
-# Undocumented
-# gen_puppet
+# Undocumented
+# gen_puppet
#
class kbp_apache inherits apache {
- include kbp_munin::client::apache
-
- gen_ferm::rule {
- "HTTP connections":
- proto => "tcp",
- dport => "80",
- action => "ACCEPT";
- "HTTPS connections":
- proto => "tcp",
- dport => "443",
- action => "ACCEPT";
- }
-
- kfile {
- "/etc/apache2/mods-available/deflate.conf":
- source => "kbp_apache/mods-available/deflate.conf",
- require => Package["apache2"],
- notify => Exec["reload-apache2"];
- "/etc/apache2/conf.d/security":
- source => "kbp_apache/conf.d/security",
- require => Package["apache2"],
- notify => Exec["reload-apache2"];
- }
-
- gen_logrotate::rotate { "apache2":
- logs => "/var/log/apache2/*.log",
- options => ["weekly", "rotate 52", "missingok", "notifempty", "create 640 root adm", "compress", "delaycompress", "sharedscripts", "dateext"],
- postrotate => "/etc/init.d/apache2 reload > /dev/null",
- require => Package["apache2"];
- }
-
- apache::module { "deflate":
- ensure => present,
- }
-
- @kpackage { "php5-gd":
- ensure => latest,
- require => Package["apache2"],
- notify => Exec["reload-apache2"];
- }
-
- kbp_monitoring::http { "http_${fqdn}":; }
+ include kbp_munin::client::apache
+
+ gen_ferm::rule {
+ "HTTP connections":
+ proto => "tcp",
+ dport => "80",
+ action => "ACCEPT";
+ "HTTPS connections":
+ proto => "tcp",
+ dport => "443",
+ action => "ACCEPT";
+ }
+
+ kfile {
+ "/etc/apache2/mods-available/deflate.conf":
+ source => "kbp_apache/mods-available/deflate.conf",
+ require => Package["apache2"],
+ notify => Exec["reload-apache2"];
+ "/etc/apache2/conf.d/security":
+ source => "kbp_apache/conf.d/security",
+ require => Package["apache2"],
+ notify => Exec["reload-apache2"];
+ }
+
+ gen_logrotate::rotate { "apache2":
+ logs => "/var/log/apache2/*.log",
+ options => ["weekly", "rotate 52", "missingok", "notifempty", "create 640 root adm", "compress", "delaycompress", "sharedscripts", "dateext"],
+ postrotate => "/etc/init.d/apache2 reload > /dev/null",
+ require => Package["apache2"];
+ }
+
+ apache::module { "deflate":
+ ensure => present,
+ }
+
+ @kpackage { "php5-gd":
+ ensure => latest,
+ require => Package["apache2"],
+ notify => Exec["reload-apache2"];
+ }
+
+ kbp_monitoring::http { "http_${fqdn}":; }
}
# Class: kbp_apache::passenger
#
# Actions:
-# Undocumented
+# Undocumented
#
# Depends:
-# Undocumented
-# gen_puppet
+# Undocumented
+# gen_puppet
#
class kbp_apache::passenger {
- include kbp_apache
- include kbp_apache::ssl
- include kbp_monitoring::passenger::queue
+ include kbp_apache
+ include kbp_apache::ssl
+ include kbp_monitoring::passenger::queue
- kpackage { "libapache2-mod-passenger":
- ensure => latest;
- }
+ kpackage { "libapache2-mod-passenger":
+ ensure => latest;
+ }
- apache::module { "passenger":
- require => Kpackage["libapache2-mod-passenger"],
- }
+ apache::module { "passenger":
+ require => Kpackage["libapache2-mod-passenger"],
+ }
}
class kbp_apache::php {
- include kbp_apache
- include gen_base::libapache2-mod-php5
+ include kbp_apache
+ include gen_base::libapache2-mod-php5
}
# Class: kbp_apache::ssl
#
# Actions:
-# Undocumented
+# Undocumented
#
# Depends:
-# Undocumented
-# gen_puppet
+# Undocumented
+# gen_puppet
#
class kbp_apache::ssl {
- apache::module { "ssl":; }
+ apache::module { "ssl":; }
}
# Define: kbp_apache::site
#
# Parameters:
-# priority
-# Undocumented
-# ensure
-# Undocumented
-# max_check_attempts
-# For overriding the default max_check_attempts of the service
+# priority
+# Undocumented
+# ensure
+# Undocumented
+# max_check_attempts
+# For overriding the default max_check_attempts of the service
#
# Actions:
-# Undocumented
+# Undocumented
#
# Depends:
-# Undocumented
-# gen_puppet
+# Undocumented
+# gen_puppet
#
define kbp_apache::site($ensure="present", $priority="", $auth=false, $max_check_attempts=false, $monitor_path=false, $monitor_response=false,
- $monitor_probe=false, $monitor=true, $smokeping=true) {
- $dontmonitor = ["default","default-ssl","localhost"]
-
- if $ensure == "present" and $monitor and ! ($name in $dontmonitor) {
- kbp_monitoring::site { "${name}":
- max_check_attempts => $max_check_attempts ? {
- false => undef,
- default => $max_check_attempts,
- },
- auth => $auth ? {
- false => undef,
- default => $auth,
- },
- path => $monitor_path ? {
- false => undef,
- default => $monitor_path,
- },
- response => $monitor_response ? {
- false => undef,
- default => $monitor_response,
- };
- }
-
- if $smokeping {
- kbp_smokeping::target { "${name}":
- probe => $monitor_probe ? {
- false => $auth ? {
- false => undef,
- true => "FPing",
- },
- default => $monitor_probe,
- },
- path => $monitor_path ? {
- false => undef,
- default => $monitor_path,
- };
- }
- }
- }
-
- apache::site { "${name}":
- ensure => $ensure,
- priority => $priority;
- }
+ $monitor_probe=false, $monitor=true, $smokeping=true) {
+ $dontmonitor = ["default","default-ssl","localhost"]
+
+ if $ensure == "present" and $monitor and ! ($name in $dontmonitor) {
+ kbp_monitoring::site { "${name}":
+ max_check_attempts => $max_check_attempts ? {
+ false => undef,
+ default => $max_check_attempts,
+ },
+ auth => $auth ? {
+ false => undef,
+ default => $auth,
+ },
+ path => $monitor_path ? {
+ false => undef,
+ default => $monitor_path,
+ },
+ response => $monitor_response ? {
+ false => undef,
+ default => $monitor_response,
+ };
+ }
+
+ if $smokeping {
+ kbp_smokeping::target { "${name}":
+ probe => $monitor_probe ? {
+ false => $auth ? {
+ false => undef,
+ true => "FPing",
+ },
+ default => $monitor_probe,
+ },
+ path => $monitor_path ? {
+ false => undef,
+ default => $monitor_path,
+ };
+ }
+ }
+ }
+
+ apache::site { "${name}":
+ ensure => $ensure,
+ priority => $priority;
+ }
}
View
354 kbp_apache_new/manifests/init.pp
@@ -3,250 +3,250 @@
# Class: kbp_apache
#
# Actions:
-# Undocumented
+# Undocumented
#
# Depends:
-# Undocumented
-# gen_puppet
+# Undocumented
+# gen_puppet
#
class kbp_apache_new {
- include gen_apache
- include kbp_munin::client::apache
-
- kfile {
- "/etc/apache2/mods-available/deflate.conf":
- source => "kbp_apache/mods-available/deflate.conf",
- require => Package["apache2"],
- notify => Exec["reload-apache2"];
- "/etc/apache2/conf.d/security":
- source => "kbp_apache/conf.d/security",
- require => Package["apache2"],
- notify => Exec["reload-apache2"];
- "/srv/www":
- ensure => directory;
- }
-
- gen_logrotate::rotate { "apache2":
- logs => "/var/log/apache2/*.log",
- options => ["weekly", "rotate 52", "missingok", "notifempty", "create 640 root adm", "compress", "delaycompress", "sharedscripts", "dateext"],
- postrotate => "/etc/init.d/apache2 reload > /dev/null",
- require => Package["apache2"];
- }
-
- kbp_apache_new::module { ["deflate","rewrite"]:; }
-
- @kpackage { "php5-gd":
- ensure => latest,
- require => Package["apache2"],
- notify => Exec["reload-apache2"];
- }
-
- kbp_monitoring::http { "http_${fqdn}":; }
+ include gen_apache
+ include kbp_munin::client::apache
+
+ kfile {
+ "/etc/apache2/mods-available/deflate.conf":
+ source => "kbp_apache/mods-available/deflate.conf",
+ require => Package["apache2"],
+ notify => Exec["reload-apache2"];
+ "/etc/apache2/conf.d/security":
+ source => "kbp_apache/conf.d/security",
+ require => Package["apache2"],
+ notify => Exec["reload-apache2"];
+ "/srv/www":
+ ensure => directory;
+ }
+
+ gen_logrotate::rotate { "apache2":
+ logs => "/var/log/apache2/*.log",
+ options => ["weekly", "rotate 52", "missingok", "notifempty", "create 640 root adm", "compress", "delaycompress", "sharedscripts", "dateext"],
+ postrotate => "/etc/init.d/apache2 reload > /dev/null",
+ require => Package["apache2"];
+ }
+
+ kbp_apache_new::module { ["deflate","rewrite"]:; }
+
+ @kpackage { "php5-gd":
+ ensure => latest,
+ require => Package["apache2"],
+ notify => Exec["reload-apache2"];
+ }
+
+ kbp_monitoring::http { "http_${fqdn}":; }
}
# Class: kbp_apache::passenger
#
# Actions:
-# Undocumented
+# Undocumented
#
# Depends:
-# Undocumented
-# gen_puppet
+# Undocumented
+# gen_puppet
#
class kbp_apache_new::passenger {
- include kbp_apache_new
- include gen_base::libapache2-mod-passenger
- include kbp_apache_new::module::passenger
- include kbp_monitoring::passenger::queue
+ include kbp_apache_new
+ include gen_base::libapache2-mod-passenger
+ include kbp_apache_new::module::passenger
+ include kbp_monitoring::passenger::queue
}
class kbp_apache_new::php {
- include gen_base::libapache2-mod-php5
+ include gen_base::libapache2-mod-php5
}
# Class: kbp_apache::ssl
#
# Actions:
-# Undocumented
+# Undocumented
#
# Depends:
-# Undocumented
-# gen_puppet
+# Undocumented
+# gen_puppet
#
class kbp_apache_new::ssl {
- kfile { "/etc/apache2/ssl":
- ensure => directory,
- require => Package["apache2"];
- }
-
- gen_ferm::rule { "HTTPS connections":
- proto => "tcp",
- dport => "443",
- action => "ACCEPT";
- }
-
- kbp_apache_new::module { "ssl":; }
+ kfile { "/etc/apache2/ssl":
+ ensure => directory,
+ require => Package["apache2"];
+ }
+
+ gen_ferm::rule { "HTTPS connections":
+ proto => "tcp",
+ dport => "443",
+ action => "ACCEPT";
+ }
+
+ kbp_apache_new::module { "ssl":; }
}
# Class: kbp_apache::module::passenger
#
# Actions:
-# Undocumented
+# Undocumented
#
# Depends:
-# Undocumented
-# gen_puppet
+# Undocumented
+# gen_puppet
#
class kbp_apache_new::module::passenger {
- kbp_apache_new::module { "passenger":
- require => Kpackage["libapache2-mod-passenger"];
- }
+ kbp_apache_new::module { "passenger":
+ require => Kpackage["libapache2-mod-passenger"];
+ }
}
class kbp_apache_new::module::dav {
- kbp_apache_new::module { "dav":; }
+ kbp_apache_new::module { "dav":; }
}
class kbp_apache_new::module::dav_fs {
- kbp_apache_new::module { "dav_fs":; }
+ kbp_apache_new::module { "dav_fs":; }
}
define kbp_apache_new::cgi($documentroot) {
- include gen_base::libapache2-mod-fcgid
+ include gen_base::libapache2-mod-fcgid
- kfile { "/etc/apache2/vhost-additions/${name}/enable-cgi":
- content => template("kbp_apache_new/vhost-additions/enable_cgi"),
- notify => Exec["reload-apache2"];
- }
+ kfile { "/etc/apache2/vhost-additions/${name}/enable-cgi":
+ content => template("kbp_apache_new/vhost-additions/enable_cgi"),
+ notify => Exec["reload-apache2"];
+ }
}
define kbp_apache_new::php_cgi($documentroot) {
- include gen_base::php5-cgi
- include gen_base::php-apc
+ include gen_base::php5-cgi
+ include gen_base::php-apc
- kbp_apache_new::cgi { $name:
- documentroot => $documentroot;
- }
+ kbp_apache_new::cgi { $name:
+ documentroot => $documentroot;
+ }
- Package <| title == "gen_base::libapache2-mod-php5" |> {
- ensure => purged,
- notify => Exec["reload-apache2"],
- }
+ Package <| title == "gen_base::libapache2-mod-php5" |> {
+ ensure => purged,
+ notify => Exec["reload-apache2"],
+ }
}
# Define: kbp_apache::site
#
# Parameters:
-# priority
-# Undocumented
-# ensure
-# Undocumented
-# max_check_attempts
-# For overriding the default max_check_attempts of the service
+# priority
+# Undocumented
+# ensure
+# Undocumented
+# max_check_attempts
+# For overriding the default max_check_attempts of the service
#
# Actions:
-# Undocumented
+# Undocumented
#
# Depends:
-# Undocumented
-# gen_puppet
+# Undocumented
+# gen_puppet
#
define kbp_apache_new::site($ensure="present", $serveralias=false, $documentroot="/srv/www/${name}", $create_documentroot=true, $address=false, $address6=false,
- $port=false, $make_default=false, $ssl=false, $key=false, $cert=false, $intermediate=false,
- $redirect_non_ssl=true, $auth=false, $max_check_attempts=false, $monitor_path=false, $monitor_response=false, $monitor_probe=false,
- $monitor=true, $smokeping=true, $php=false) {
- include kbp_apache_new
- if $ssl or $key or $cert or $intermediate {
- include kbp_apache_new::ssl
- }
-
- $temp_name = $port ? {
- false => $name,
- default => "${name}_${port}",
- }
- if $key or $cert or $intermediate or $ssl {
- $full_name = regsubst($temp_name,'^([^_]*)$','\1_443')
- } else {
- $full_name = regsubst($temp_name,'^([^_]*)$','\1_80')
- }
- $real_name = regsubst($full_name,'^(.*)_(.*)$','\1')
- $real_port = regsubst($full_name,'^(.*)_(.*)$','\2')
- $dontmonitor = ["default","default-ssl","localhost"]
-
- gen_apache::site { $name:
- ensure => $ensure,
- serveralias => $serveralias,
- documentroot => $documentroot,
- address => $address,
- address6 => $address6,
- port => $port,
- make_default => $make_default,
- ssl => $ssl,
- key => $key,
- cert => $cert,
- intermediate => $intermediate,
- redirect_non_ssl => $redirect_non_ssl;
- }
-
- if $php {
- kbp_apache_new::php_cgi { $full_name:
- documentroot => $documentroot;
- }
- }
-
- if $ensure == "present" and $monitor and ! ($name in $dontmonitor) {
- kbp_monitoring::site { $name:
- max_check_attempts => $max_check_attempts,
- auth => $auth,
- path => $monitor_path,
- response => $monitor_response;
- }
-
- if $smokeping {
- kbp_smokeping::target { $name:
- probe => $monitor_probe ? {
- false => $auth ? {
- false => undef,
- true => "FPing",
- },
- default => $monitor_probe,
- },
- path => $monitor_path;
- }
- }
- }
-
- if $ssl or $key or $cert or $intermediate {
- kbp_monitoring::sslcert { $real_name:
- path => "/etc/ssl/certs/${real_name}.pem";
- }
- }
-
- if ! defined(Gen_ferm::Rule["HTTP connections on ${real_port}"]) {
- gen_ferm::rule { "HTTP connections on ${real_port}":
- proto => "tcp",
- dport => $real_port,
- action => "ACCEPT";
- }
- }
+ $port=false, $make_default=false, $ssl=false, $key=false, $cert=false, $intermediate=false,
+ $redirect_non_ssl=true, $auth=false, $max_check_attempts=false, $monitor_path=false, $monitor_response=false, $monitor_probe=false,
+ $monitor=true, $smokeping=true, $php=false) {
+ include kbp_apache_new
+ if $ssl or $key or $cert or $intermediate {
+ include kbp_apache_new::ssl
+ }
+
+ $temp_name = $port ? {
+ false => $name,
+ default => "${name}_${port}",
+ }
+ if $key or $cert or $intermediate or $ssl {
+ $full_name = regsubst($temp_name,'^([^_]*)$','\1_443')
+ } else {
+ $full_name = regsubst($temp_name,'^([^_]*)$','\1_80')
+ }
+ $real_name = regsubst($full_name,'^(.*)_(.*)$','\1')
+ $real_port = regsubst($full_name,'^(.*)_(.*)$','\2')
+ $dontmonitor = ["default","default-ssl","localhost"]
+
+ gen_apache::site { $name:
+ ensure => $ensure,
+ serveralias => $serveralias,
+ documentroot => $documentroot,
+ address => $address,
+ address6 => $address6,
+ port => $port,
+ make_default => $make_default,
+ ssl => $ssl,
+ key => $key,
+ cert => $cert,
+ intermediate => $intermediate,
+ redirect_non_ssl => $redirect_non_ssl;
+ }
+
+ if $php {
+ kbp_apache_new::php_cgi { $full_name:
+ documentroot => $documentroot;
+ }
+ }
+
+ if $ensure == "present" and $monitor and ! ($name in $dontmonitor) {
+ kbp_monitoring::site { $name:
+ max_check_attempts => $max_check_attempts,
+ auth => $auth,
+ path => $monitor_path,
+ response => $monitor_response;
+ }
+
+ if $smokeping {
+ kbp_smokeping::target { $name:
+ probe => $monitor_probe ? {
+ false => $auth ? {
+ false => undef,
+ true => "FPing",
+ },
+ default => $monitor_probe,
+ },
+ path => $monitor_path;
+ }
+ }
+ }
+
+ if $ssl or $key or $cert or $intermediate {
+ kbp_monitoring::sslcert { $real_name:
+ path => "/etc/ssl/certs/${real_name}.pem";
+ }
+ }
+
+ if ! defined(Gen_ferm::Rule["HTTP connections on ${real_port}"]) {
+ gen_ferm::rule { "HTTP connections on ${real_port}":
+ proto => "tcp",
+ dport => $real_port,
+ action => "ACCEPT";
+ }
+ }
}
define kbp_apache_new::module {
- gen_apache::module { $name:; }
+ gen_apache::module { $name:; }
}
define kbp_apache_new::forward_vhost ($forward, $ensure="present", $serveralias=false) {
- gen_apache::forward_vhost { $name:
- forward => $forward,
- ensure => $ensure,
- serveralias => $serveralias;
- }
+ gen_apache::forward_vhost { $name:
+ forward => $forward,
+ ensure => $ensure,
+ serveralias => $serveralias;
+ }
}
define kbp_apache_new::vhost_addition($ensure="present", $content=false, $source=false) {
- gen_apache::vhost_addition { $name:
- ensure => $ensure,
- content => $content,
- source => $source;
- }
+ gen_apache::vhost_addition { $name:
+ ensure => $ensure,
+ content => $content,
+ source => $source;
+ }
}
View
24 kbp_approx/manifests/init.pp
@@ -3,22 +3,22 @@
# Class: kbp_approx
#
# Actions:
-# Undocumented
+# Undocumented
#
# Depends:
-# Undocumented
-# gen_puppet
+# Undocumented
+# gen_puppet
#
class kbp_approx {
- include approx
+ include approx
- Kfile <| title == "/etc/approx/approx.conf" |> {
- source => "kbp_approx/approx.conf",
- }
+ Kfile <| title == "/etc/approx/approx.conf" |> {
+ source => "kbp_approx/approx.conf",
+ }
- gen_ferm::rule { "APT proxy":
- proto => "tcp",
- dport => "9999",
- action => "ACCEPT";
- }
+ gen_ferm::rule { "APT proxy":
+ proto => "tcp",
+ dport => "9999",
+ action => "ACCEPT";
+ }
}
View
44 kbp_apt/manifests/init.pp
@@ -3,32 +3,32 @@
# Class: kbp_apt
#
# Actions:
-# Undocumented
+# Undocumented
#
# Depends:
-# Undocumented
-# gen_puppet
+# Undocumented
+# gen_puppet
#
class kbp_apt {
- include gen_apt
+ include gen_apt
- # Keys for backports, kumina, cassandra, ksplice, jenkins, rabbitmq (in this order)
- gen_apt::key { ["16BA136C","498B91E6","8D77295D","B6D4038E","D50582E6","056E8E56"]:; }
+ # Keys for backports, kumina, cassandra, ksplice, jenkins, rabbitmq (in this order)
+ gen_apt::key { ["16BA136C","498B91E6","8D77295D","B6D4038E","D50582E6","056E8E56"]:; }
- gen_apt::cron_apt::config {
- # First, update the package list and don't mail us. A second run is done to see if there are packages to be installed
- # Because puppet could have updated them in the meantime.
- "update":
- mailon => "", # Don't send mail
- mailto => "reports",
- crontime => "0 20 * * *", # 8 in the evening
- configfile => "/etc/cron-apt/config";
- # Now mail if we need to upgrade packages by hand
- "mail for manual upgrade":
- mailon => "upgrade",
- mailto => "reports",
- crontime => "0 4 * * *", # 4 in the morning
- apt_options => "-V",
- configfile => "/etc/cron-apt/config-mail";
- }
+ gen_apt::cron_apt::config {
+ # First, update the package list and don't mail us. A second run is done to see if there are packages to be installed
+ # Because puppet could have updated them in the meantime.
+ "update":
+ mailon => "", # Don't send mail
+ mailto => "reports",
+ crontime => "0 20 * * *", # 8 in the evening
+ configfile => "/etc/cron-apt/config";
+ # Now mail if we need to upgrade packages by hand
+ "mail for manual upgrade":
+ mailon => "upgrade",
+ mailto => "reports",
+ crontime => "0 4 * * *", # 4 in the morning
+ apt_options => "-V",
+ configfile => "/etc/cron-apt/config-mail";
+ }
}
View
24 kbp_arpwatch/manifests/init.pp
@@ -3,22 +3,22 @@
# Class: kbp_arpwatch
#
# Actions:
-# Undocumented
+# Undocumented
#
# Depends:
-# Undocumented
-# gen_puppet
+# Undocumented
+# gen_puppet
#
class kbp_arpwatch {
- include arpwatch
+ include arpwatch
- Kfile <| title == "/etc/default/arpwatch" |> {
- source => "kbp_arpwatch/arpwatch",
- }
+ Kfile <| title == "/etc/default/arpwatch" |> {
+ source => "kbp_arpwatch/arpwatch",
+ }
- kbp_icinga::service { "arpwatch":
- service_description => "Arpwatch daemon",
- check_command => "check_arpwatch",
- nrpe => true;
- }
+ kbp_icinga::service { "arpwatch":
+ service_description => "Arpwatch daemon",
+ check_command => "check_arpwatch",
+ nrpe => true;
+ }
}
View
34 kbp_asterisk/manifests/init.pp
@@ -3,27 +3,27 @@
# Class: kbp_asterisk::server
#
# Actions:
-# Undocumented
+# Undocumented
#
# Depends:
-# Undocumented
-# gen_puppet
+# Undocumented
+# gen_puppet
#
class kbp_asterisk::server {
- include asterisk::server
- include kbp_monitoring::asterisk
+ include asterisk::server
+ include kbp_monitoring::asterisk
- gen_ferm::rule { "SIP connections":
- proto => "udp",
- dport => "(sip 15000:15100)",
- action => "ACCEPT";
- }
+ gen_ferm::rule { "SIP connections":
+ proto => "udp",
+ dport => "(sip 15000:15100)",
+ action => "ACCEPT";
+ }
- @@gen_ferm::rule { "Asterisk CDR logging from ${fqdn}_v4":
- saddr => "81.30.39.28",
- proto => "tcp",
- dport => 3306,
- action => "ACCEPT",
- tag => "mysql_asterisk";
- }
+ @@gen_ferm::rule { "Asterisk CDR logging from ${fqdn}_v4":
+ saddr => "81.30.39.28",
+ proto => "tcp",
+ dport => 3306,
+ action => "ACCEPT",
+ tag => "mysql_asterisk";
+ }
}
View
32 kbp_avahi/manifests/init.pp
@@ -3,25 +3,25 @@
# Class: kbp_avahi::daemon
#
# Actions:
-# Undocumented
+# Undocumented
#
# Depends:
-# Undocumented
-# gen_puppet
+# Undocumented
+# gen_puppet
#
class kbp_avahi::daemon {
- include avahi::daemon
+ include avahi::daemon
- gen_ferm::rule {
- "MDNS traffic_v4":
- proto => "udp",
- dport => "5353",
- daddr => "244.0.0.251",
- action => "ACCEPT";
- "MDNS traffic_v6":
- proto => "udp",
- dport => "5353",
- daddr => "ff02::fb",
- action => "ACCEPT";
- }
+ gen_ferm::rule {
+ "MDNS traffic_v4":
+ proto => "udp",
+ dport => "5353",
+ daddr => "244.0.0.251",
+ action => "ACCEPT";
+ "MDNS traffic_v6":
+ proto => "udp",
+ dport => "5353",
+ daddr => "ff02::fb",
+ action => "ACCEPT";
+ }
}
View
14 kbp_backup/manifests/init.pp
@@ -1,9 +1,9 @@
class kbp_backup::client($method="offsite") {
- case $method {
- "offsite": { include offsitebackup::client }
- "local": { include localbackup::client }
- default: {
- fail { "Invalid method (${method}) for kbp_backup::client":; }
- }
- }
+ case $method {
+ "offsite": { include offsitebackup::client }
+ "local": { include localbackup::client }
+ default: {
+ fail { "Invalid method (${method}) for kbp_backup::client":; }
+ }
+ }
}
View
518 kbp_base/manifests/init.pp
@@ -3,284 +3,284 @@
# Class: kbp_base
#
# Actions:
-# Undocumented
+# Undocumented
#
# Depends:
-# Undocumented
-# gen_puppet
+# Undocumented
+# gen_puppet
#
class kbp_base {
- include kbp_base::wanted_packages
- include gen_base::dnsutils
- include gen_base::wget
- include lvm
- include sysctl
- include kbp_acpi
- include kbp_apt
- include kbp_monitoring::client
- include kbp_puppet
- include kbp_ssh
- include kbp_sysctl
- include kbp_time
- include kbp_vim
- if $is_virtual == "false" {
- include kbp_physical
- }
- if $fqdn != "puppetmaster.kumina.nl" {
- include kbp_puppet::default_config
- }
-
- # Needed by elinks
- include gen_base::libmozjs2d
-
- if versioncmp($lsbdistrelease, 6) >= 0 { # Squeeze
- # Needed by grub2
- include gen_base::libfreetype6
- }
-
- gen_sudo::rule {
- "User root has total control":
- entity => "root",
- as_user => "ALL",
- command => "ALL",
- password_required => true;
- "Kumina default rule":
- entity => "%root",
- as_user => "ALL",
- command => "ALL",
- password_required => true;
- }
-
- concat { "/etc/ssh/kumina.keys":
- owner => "root",
- group => "root",
- mode => 0644,
- }
-
- # Force fsck on boot to repair the file system if it is inconsistent,
- # so we don't have to open the console and run fsck by hand
- augeas { "/etc/default/rcS":
- context => "/files/etc/default/rcS",
- changes => "set FSCKFIX yes";
- }
-
- # Add the Kumina group and users
- # XXX Needs to do a groupmod when a group with gid already exists.
- group { "kumina":
- ensure => present,
- gid => 10000,
- }
-
- # Set the LAST_UID in /etc/adduser.conf to 9999, so automatically created users will have a UID below 10k
- augeas { "/etc/adduser.conf":
- lens => "Shellvars.lns",
- incl => "/etc/adduser.conf",
- force => true,
- changes => 'set LAST_UID 9999';
- }
-
- kbp_base::staff_user {
- "tim":
- fullname => "Tim Stoop",
- uid => 10001,
- password_hash => "BOGUS",
- sshkeys => "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcRYiKZ1yPUU8+oRaDI/TyRSyFu2fwbknvr/Q3rwbQZm2K8iTfY4/WUeu/oSZOnCn5uoNjGax88RZx92DK0yYpOHtUwG/nShtTwte0Mx4zW8Sfq343OPle2b2gp/0V6dx1Nq21rmQrh0Ql23Thmi33cmKUvPgwYXvsIKfM68J2bG9+hIiucQX0AY7oH8UCX6uJmjOB2nPBsCMAmBHLsfV9LTvSobYAJLEt0m2wV+BqPZW5zLj7HyrGCDa5+85EB4MuQsiYuVdAjQJ3JF/FD0w7LrtuwhKZuS/Qwn4vXah1FlTBlIfw6IxWrQ0+CBCx4h/E4lbxgLTHCB4sanhUGKQtVV1/CFEA9GYCtDbNepFmjuZM1IubarpJmMicOebIW6yT9/035jKuS+nJG2xOLfV4MNPDkuAwqgg1DJ1JmqpG8y1+rHuswbXhlxlfKw/SEooH6I8NDv+TxHSkyo5siacNRsfQ8rQf9fKJdhD0twZuOZU8Zz9wpFz6VCYMkgKp05U= smartcard Tim Stoop\n";
- "pieter":
- fullname => "Pieter Lexis",
- uid => 10005,
- password_hash => "BOGUS",
- sshkeys => "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCitP9QOGYxCEqueFl/FC+K7o4hjA5zqG+oMirkqxE0EOX6VgwbigvIfzHnUI/LPkDCinhZGnFyfrTkvepcf6Bhtml3ex3lU2HvAiwVfrf/PWeNeg+MUYo7QGpqRUpC+qE82Epe8f0CLpwYo9Bzk4k4Toc1ZMvHUFzSOEBSe9tUetGmP7AGK/WDGJ5hc07XYV1/W3CAGO8XnhIS3/WdDS8D65iOXNQbwrndIfDn2Y3bWfd4qtx+KdY3+LU+6QKPS9Pdl5iYpWw3gln6NMoG8VDCaCNsr9qFNPOD26ninAGkzv31l59xIS94knutgCsov5KdxEWkd49m0ts5L+H9kZ+sznCr4I1Ng3CghABSU9gK7qnQbQR8PlM+eetyzrEFqHYApioyC2xAYJ+D6f65E7WadZBX5DZpqVEYZmw3d3rN49JI9DYlimUKA0Mu7KVfAURZ/3uir3HPZ0tBcyfqKEfT50Nqew92idjnoO191+lyvXXoiAc65EC/y5Ze8ZZ3pfU= pieter@kumina.nl\n";
- "rutger":
- fullname => "Rutger Spiertz",
- uid => 10003,
- password_hash => "BOGUS",
- sshkeys => "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCMZBz0sRqmfs4QT4dXVQeMIc+PdDChsjSUQv+SkN//z+igMw6qe5acC8EXUk5CR7VfaOjttp+sgoOxsvFPdFnrcozUsssnUynfVQ4GHCpDu0iOoUtz+WuGGonauAimhFsO2apkYLlO2qipt/z6B+bPQsbOxIVLpLLCa1kFKux7Td4vGddxbCxtFECd/4QUuS42G5q8nET3cdiqHM+QHXs1bnOqa6nxOxhnKX1jlqPT5nwdd8pI+RChGcjD4UofL9IYtz+Nd8wZi/h0tcOUh/ORV1bpJFwTCdWwaQ7Z7bf2Aanzn6iJz14nM0n19EOdvcB5NS/1mE54U9S3qJN+fQT3bOm47R07BIXmCEah6uZUAezkzsnXAsntgn2YDZFhjX+6Xd0iALAlhOyOMVfjJ0cq/qv1WhqScyOOETZhwOjLm4lewigpRnctJBt87p8MArPTBbJJA4TayC9eP6IfZ6plu0Be+W+xvrh/ga3oxMiyg6LWCf2yeTRUut7aIyswxY8= rutger@kumina.nl\n";
- "ed":
- fullname => "Ed Schouten",
- uid => 10004,
- password_hash => "BOGUS",
- shell => "zsh",
- sshkeys => "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXah/YknMvN7CCOAK642FZfnXYVZ2uYZsy532v8pOISzH9W8mJ4FqBi0g1oAFhTZs0VNc9ouNfMDG178LSITL+ui/6T9exOEd4a0pCXuArVFmc5EVEUl3F+/qZPcOnWs7e3KaiV1dGLYDI0LhdG9ataHHR3sSPI/YAhroDLDTSVqFURXL7eyqR/aEv7nPEkY4zhQQzTECSQdadwEtGnovjNNL2aEj8rVVle5lVjbSk4N7x0ixyb4eTPB1z5FnwAlVkxHhTnsxTK28ulkrVCgKE30KS97dRG/EjA81pOzajRYTyLztqSkJnpKpL/lPfUCG7VkNfQKF+0O/KRhUfr2zb cardno:00050000057D\n";
- "thomas":
- fullname => "Thomas Ronner",
- uid => 10006,
- password_hash => "BOGUS",
- sshkeys => "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCSqpjh3qeW8bXvyy1eej+2ief63+4Vr6I7D+cz9UHFXwSA+/q4Aiz5PxVmsTBWvYqo8QQJAlQy4c861WSnMU73Vg9srjBbryGJNHt4DNfnEK2XnOsA246ifwSMXoW2W/cE1gfq6HRR9uL3+ysM9jRYfBvuKuGYb8+3WOdjia6W0CHsHcnhOVVBzfvhekbya9xsROT2cN1/c57JjM+9L3VTiYhLzRBNHKyAkazlpBM6d6A2u+Tq99ovEI2gqrPxsnLqaubGWz1/OdeNCM50pvwi3XCjPJU2jRPUOqpZa0NodOXcpRw44vHAdzwCk3qINWuXhDg0NiXMZ2SU/VDBF4DcjEQiwERyagYStWPuvwcHYw6Yy0GTvESTjZ8eQQg9MrwClo18zcnsirgZSP31Untt5SpvwnVcwZyRrw0i3VVW9nmlxfzbNPXid2VO4SDQ4+8D4zf6ozlumWb1RlafHtKNcI55r3lGoJwKB1NAfTE/cKm1pU1Y5gBBtI85yPCv30k= cardno:000500000C24\n";
- }
-
- # Packages we like and want :)
- kpackage {
- ["bash","binutils","console-tools","zsh"]:
- ensure => installed;
- ["hidesvn","bash-completion","bc","tcptraceroute","diffstat","host","whois","pwgen"]:
- ensure => latest;
- }
-
- # We run Ksplice, so always install the latest debian kernel
- include gen_base::linux-base
- class { "gen_base::linux-image":
- version => $kernelrelease;
- }
-
- include gen_base::base-files
-
- if versioncmp($lsbdistrelease, 6.0) < 0 {
- kpackage { "tcptrack":
- ensure => latest,
- }
- }
-
- kfile {
- "/etc/motd.tail":
- source => "kbp_base/motd.tail";
- "/etc/console-tools/config":
- source => "kbp_base/console-tools/config",
- require => Package["console-tools"];
- }
-
- exec {
- "uname -snrvm | tee /var/run/motd ; cat /etc/motd.tail >> /var/run/motd":
- refreshonly => true,
- path => ["/usr/bin", "/bin"],
- require => File["/etc/motd.tail"],
- subscribe => File["/etc/motd.tail"];
- }
+ include kbp_base::wanted_packages
+ include gen_base::dnsutils
+ include gen_base::wget
+ include lvm
+ include sysctl
+ include kbp_acpi
+ include kbp_apt
+ include kbp_monitoring::client
+ include kbp_puppet
+ include kbp_ssh
+ include kbp_sysctl
+ include kbp_time
+ include kbp_vim
+ if $is_virtual == "false" {
+ include kbp_physical
+ }
+ if $fqdn != "puppetmaster.kumina.nl" {
+ include kbp_puppet::default_config
+ }
+
+ # Needed by elinks
+ include gen_base::libmozjs2d
+
+ if versioncmp($lsbdistrelease, 6) >= 0 { # Squeeze
+ # Needed by grub2
+ include gen_base::libfreetype6
+ }
+
+ gen_sudo::rule {
+ "User root has total control":
+ entity => "root",
+ as_user => "ALL",
+ command => "ALL",
+ password_required => true;
+ "Kumina default rule":
+ entity => "%root",
+ as_user => "ALL",
+ command => "ALL",
+ password_required => true;
+ }
+
+ concat { "/etc/ssh/kumina.keys":
+ owner => "root",
+ group => "root",
+ mode => 0644,
+ }
+
+ # Force fsck on boot to repair the file system if it is inconsistent,
+ # so we don't have to open the console and run fsck by hand
+ augeas { "/etc/default/rcS":
+ context => "/files/etc/default/rcS",
+ changes => "set FSCKFIX yes";
+ }
+
+ # Add the Kumina group and users
+ # XXX Needs to do a groupmod when a group with gid already exists.
+ group { "kumina":
+ ensure => present,
+ gid => 10000,
+ }
+
+ # Set the LAST_UID in /etc/adduser.conf to 9999, so automatically created users will have a UID below 10k
+ augeas { "/etc/adduser.conf":
+ lens => "Shellvars.lns",
+ incl => "/etc/adduser.conf",
+ force => true,
+ changes => 'set LAST_UID 9999';
+ }
+
+ kbp_base::staff_user {
+ "tim":
+ fullname => "Tim Stoop",
+ uid => 10001,
+ password_hash => "BOGUS",
+ sshkeys => "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcRYiKZ1yPUU8+oRaDI/TyRSyFu2fwbknvr/Q3rwbQZm2K8iTfY4/WUeu/oSZOnCn5uoNjGax88RZx92DK0yYpOHtUwG/nShtTwte0Mx4zW8Sfq343OPle2b2gp/0V6dx1Nq21rmQrh0Ql23Thmi33cmKUvPgwYXvsIKfM68J2bG9+hIiucQX0AY7oH8UCX6uJmjOB2nPBsCMAmBHLsfV9LTvSobYAJLEt0m2wV+BqPZW5zLj7HyrGCDa5+85EB4MuQsiYuVdAjQJ3JF/FD0w7LrtuwhKZuS/Qwn4vXah1FlTBlIfw6IxWrQ0+CBCx4h/E4lbxgLTHCB4sanhUGKQtVV1/CFEA9GYCtDbNepFmjuZM1IubarpJmMicOebIW6yT9/035jKuS+nJG2xOLfV4MNPDkuAwqgg1DJ1JmqpG8y1+rHuswbXhlxlfKw/SEooH6I8NDv+TxHSkyo5siacNRsfQ8rQf9fKJdhD0twZuOZU8Zz9wpFz6VCYMkgKp05U= smartcard Tim Stoop\n";
+ "pieter":
+ fullname => "Pieter Lexis",
+ uid => 10005,
+ password_hash => "BOGUS",
+ sshkeys => "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCitP9QOGYxCEqueFl/FC+K7o4hjA5zqG+oMirkqxE0EOX6VgwbigvIfzHnUI/LPkDCinhZGnFyfrTkvepcf6Bhtml3ex3lU2HvAiwVfrf/PWeNeg+MUYo7QGpqRUpC+qE82Epe8f0CLpwYo9Bzk4k4Toc1ZMvHUFzSOEBSe9tUetGmP7AGK/WDGJ5hc07XYV1/W3CAGO8XnhIS3/WdDS8D65iOXNQbwrndIfDn2Y3bWfd4qtx+KdY3+LU+6QKPS9Pdl5iYpWw3gln6NMoG8VDCaCNsr9qFNPOD26ninAGkzv31l59xIS94knutgCsov5KdxEWkd49m0ts5L+H9kZ+sznCr4I1Ng3CghABSU9gK7qnQbQR8PlM+eetyzrEFqHYApioyC2xAYJ+D6f65E7WadZBX5DZpqVEYZmw3d3rN49JI9DYlimUKA0Mu7KVfAURZ/3uir3HPZ0tBcyfqKEfT50Nqew92idjnoO191+lyvXXoiAc65EC/y5Ze8ZZ3pfU= pieter@kumina.nl\n";
+ "rutger":
+ fullname => "Rutger Spiertz",
+ uid => 10003,
+ password_hash => "BOGUS",
+ sshkeys => "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCMZBz0sRqmfs4QT4dXVQeMIc+PdDChsjSUQv+SkN//z+igMw6qe5acC8EXUk5CR7VfaOjttp+sgoOxsvFPdFnrcozUsssnUynfVQ4GHCpDu0iOoUtz+WuGGonauAimhFsO2apkYLlO2qipt/z6B+bPQsbOxIVLpLLCa1kFKux7Td4vGddxbCxtFECd/4QUuS42G5q8nET3cdiqHM+QHXs1bnOqa6nxOxhnKX1jlqPT5nwdd8pI+RChGcjD4UofL9IYtz+Nd8wZi/h0tcOUh/ORV1bpJFwTCdWwaQ7Z7bf2Aanzn6iJz14nM0n19EOdvcB5NS/1mE54U9S3qJN+fQT3bOm47R07BIXmCEah6uZUAezkzsnXAsntgn2YDZFhjX+6Xd0iALAlhOyOMVfjJ0cq/qv1WhqScyOOETZhwOjLm4lewigpRnctJBt87p8MArPTBbJJA4TayC9eP6IfZ6plu0Be+W+xvrh/ga3oxMiyg6LWCf2yeTRUut7aIyswxY8= rutger@kumina.nl\n";
+ "ed":
+ fullname => "Ed Schouten",
+ uid => 10004,
+ password_hash => "BOGUS",
+ shell => "zsh",
+ sshkeys => "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXah/YknMvN7CCOAK642FZfnXYVZ2uYZsy532v8pOISzH9W8mJ4FqBi0g1oAFhTZs0VNc9ouNfMDG178LSITL+ui/6T9exOEd4a0pCXuArVFmc5EVEUl3F+/qZPcOnWs7e3KaiV1dGLYDI0LhdG9ataHHR3sSPI/YAhroDLDTSVqFURXL7eyqR/aEv7nPEkY4zhQQzTECSQdadwEtGnovjNNL2aEj8rVVle5lVjbSk4N7x0ixyb4eTPB1z5FnwAlVkxHhTnsxTK28ulkrVCgKE30KS97dRG/EjA81pOzajRYTyLztqSkJnpKpL/lPfUCG7VkNfQKF+0O/KRhUfr2zb cardno:00050000057D\n";
+ "thomas":
+ fullname => "Thomas Ronner",
+ uid => 10006,
+ password_hash => "BOGUS",
+ sshkeys => "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCSqpjh3qeW8bXvyy1eej+2ief63+4Vr6I7D+cz9UHFXwSA+/q4Aiz5PxVmsTBWvYqo8QQJAlQy4c861WSnMU73Vg9srjBbryGJNHt4DNfnEK2XnOsA246ifwSMXoW2W/cE1gfq6HRR9uL3+ysM9jRYfBvuKuGYb8+3WOdjia6W0CHsHcnhOVVBzfvhekbya9xsROT2cN1/c57JjM+9L3VTiYhLzRBNHKyAkazlpBM6d6A2u+Tq99ovEI2gqrPxsnLqaubGWz1/OdeNCM50pvwi3XCjPJU2jRPUOqpZa0NodOXcpRw44vHAdzwCk3qINWuXhDg0NiXMZ2SU/VDBF4DcjEQiwERyagYStWPuvwcHYw6Yy0GTvESTjZ8eQQg9MrwClo18zcnsirgZSP31Untt5SpvwnVcwZyRrw0i3VVW9nmlxfzbNPXid2VO4SDQ4+8D4zf6ozlumWb1RlafHtKNcI55r3lGoJwKB1NAfTE/cKm1pU1Y5gBBtI85yPCv30k= cardno:000500000C24\n";
+ }
+
+ # Packages we like and want :)
+ kpackage {
+ ["bash","binutils","console-tools","zsh"]:
+ ensure => installed;
+ ["hidesvn","bash-completion","bc","tcptraceroute","diffstat","host","whois","pwgen"]:
+ ensure => latest;
+ }
+
+ # We run Ksplice, so always install the latest debian kernel
+ include gen_base::linux-base
+ class { "gen_base::linux-image":
+ version => $kernelrelease;
+ }
+
+ include gen_base::base-files
+
+ if versioncmp($lsbdistrelease, 6.0) < 0 {
+ kpackage { "tcptrack":
+ ensure => latest,
+ }
+ }
+
+ kfile {
+ "/etc/motd.tail":
+ source => "kbp_base/motd.tail";
+ "/etc/console-tools/config":
+ source => "kbp_base/console-tools/config",
+ require => Package["console-tools"];
+ }
+
+ exec {
+ "uname -snrvm | tee /var/run/motd ; cat /etc/motd.tail >> /var/run/motd":
+ refreshonly => true,
+ path => ["/usr/bin", "/bin"],
+ require => File["/etc/motd.tail"],
+ subscribe => File["/etc/motd.tail"];
+ }
}
# Class: kbp_base::environment
#
# Actions:
-# Undocumented
+# Undocumented
#
# Depends:
-# Undocumented
-# gen_puppet
+# Undocumented
+# gen_puppet
#
class kbp_base::environment {
- include kbp_monitoring::environment
- include kbp_user::environment
+ include kbp_monitoring::environment
+ include kbp_user::environment
- @@kbp_smokeping::environment { "${environment}":; }
+ @@kbp_smokeping::environment { "${environment}":; }
- kbp_smokeping::targetgroup { "${environment}":; }
+ kbp_smokeping::targetgroup { "${environment}":; }
}
class kbp_base::wanted_packages {
- include gen_base::libpam-modules
- include gen_base::libpam-runtime
- include gen_base::libpam0g
- include gen_base::realpath
+ include gen_base::libpam-modules
+ include gen_base::libpam-runtime
+ include gen_base::libpam0g
+ include gen_base::realpath
}
define kbp_base::staff_user($ensure = "present", $fullname, $uid, $password_hash, $sshkeys = "", $shell = "bash") {
- $username = $name
- user { "$username":
- comment => $fullname,
- ensure => $ensure,
- gid => "kumina",
- uid => $uid,
- groups => ["adm", "staff", "root"],
- membership => minimum,
- shell => "/bin/$shell",
- home => "/home/$username",
- require => [File["/etc/skel/.bash_profile"], Package[$shell]],
- password => $password_hash,
- }
-
- if $ensure == "present" {
- kfile { "/home/$username":
- ensure => directory,
- mode => 750,
- owner => "$username",
- group => "kumina",
- require => [User["$username"], Group["kumina"]],
- }
-
- kfile { "/home/$username/.ssh":
- ensure => directory,
- mode => 700,
- owner => "$username",
- group => "kumina",
- require => File["/home/$username"],
- }
-
- kfile { "/home/$username/.ssh/authorized_keys":
- ensure => present,
- content => "$sshkeys",
- owner => "$username",
- group => "kumina",
- require => File["/home/$username"],
- }
-
- concat::add_content { "Add $username to Kumina SSH keyring":
- target => "/etc/ssh/kumina.keys",
- content => "# $fullname <$username@kumina.nl>\n$sshkeys",
- }
-
- kfile { "/home/$username/.${shell}rc":
- ensure => present,
- content => template("kbp_base/home/$username/.${shell}rc"),
- owner => "$username",
- group => "kumina",
- require => File["/home/$username"],
- }
-
- kfile { "/home/$username/.bash_profile":
- ensure => present,
- source => "kbp_base/home/$username/.bash_profile",
- owner => "$username",
- group => "kumina",
- require => File["/home/$username"],
- }
-
- kfile { "/home/$username/.bash_aliases":
- ensure => present,
- source => "kbp_base/home/$username/.bash_aliases",
- owner => "$username",
- group => "kumina",
- require => File["/home/$username"],
- }
-
- kfile { "/home/$username/.darcs":
- ensure => directory,
- mode => 755,
- owner => "$username",
- group => "kumina",
- require => File["/home/$username"],
- }
-
- kfile { "/home/$username/.tmp":
- ensure => directory,
- mode => 755,
- owner => "$username",
- group => "kumina",
- require => File["/home/$username"],
- }
-
- kfile { "/home/$username/.darcs/author":
- ensure => present,
- content => "$fullname <$username@kumina.nl>\n",
- group => "kumina",
- require => File["/home/$username/.darcs"],
- }
-
- kfile { "/home/$username/.gitconfig":
- ensure => present,
- content => template("kbp_base/git/.gitconfig"),
- group => "kumina";
- }
-
- kfile { "/home/$username/.reportbugrc":
- ensure => present,
- content => "REPORTBUGEMAIL=$username@kumina.nl\n",
- group => "kumina";
- }
- } else {
- kfile { "/home/$username":
- ensure => absent,
- force => true,
- recurse => true,
- }
- }
- }
+ $username = $name
+ user { "$username":
+ comment => $fullname,
+ ensure => $ensure,
+ gid => "kumina",
+ uid => $uid,
+ groups => ["adm", "staff", "root"],
+ membership => minimum,
+ shell => "/bin/$shell",
+ home => "/home/$username",
+ require => [File["/etc/skel/.bash_profile"], Package[$shell]],
+ password => $password_hash,
+ }
+
+ if $ensure == "present" {
+ kfile { "/home/$username":
+ ensure => directory,
+ mode => 750,
+ owner => "$username",
+ group => "kumina",
+ require => [User["$username"], Group["kumina"]],
+ }
+
+ kfile { "/home/$username/.ssh":
+ ensure => directory,
+ mode => 700,
+ owner => "$username",
+ group => "kumina",
+ require => File["/home/$username"],
+ }
+
+ kfile { "/home/$username/.ssh/authorized_keys":
+ ensure => present,
+ content => "$sshkeys",
+ owner => "$username",
+ group => "kumina",
+ require => File["/home/$username"],
+ }
+
+ concat::add_content { "Add $username to Kumina SSH keyring":
+ target => "/etc/ssh/kumina.keys",
+ content => "# $fullname <$username@kumina.nl>\n$sshkeys",
+ }
+
+ kfile { "/home/$username/.${shell}rc":
+ ensure => present,
+ content => template("kbp_base/home/$username/.${shell}rc"),
+ owner => "$username",
+ group => "kumina",
+ require => File["/home/$username"],
+ }
+
+ kfile { "/home/$username/.bash_profile":
+ ensure => present,
+ source => "kbp_base/home/$username/.bash_profile",
+ owner => "$username",
+ group => "kumina",
+ require => File["/home/$username"],
+ }
+
+ kfile { "/home/$username/.bash_aliases":
+ ensure => present,
+ source => "kbp_base/home/$username/.bash_aliases",
+ owner => "$username",
+ group => "kumina",
+ require => File["/home/$username"],
+ }
+
+ kfile { "/home/$username/.darcs":
+ ensure => directory,
+ mode => 755,
+ owner => "$username",
+ group => "kumina",
+ require => File["/home/$username"],
+ }
+
+ kfile { "/home/$username/.tmp":
+ ensure => directory,
+ mode => 755,
+ owner => "$username",
+ group => "kumina",
+ require => File["/home/$username"],
+ }
+
+ kfile { "/home/$username/.darcs/author":
+ ensure => present,
+ content => "$fullname <$username@kumina.nl>\n",
+ group => "kumina",
+ require => File["/home/$username/.darcs"],
+ }
+
+ kfile { "/home/$username/.gitconfig":
+ ensure => present,
+ content => template("kbp_base/git/.gitconfig"),
+ group => "kumina";
+ }
+
+ kfile { "/home/$username/.reportbugrc":
+ ensure => present,
+ content => "REPORTBUGEMAIL=$username@kumina.nl\n",
+ group => "kumina";
+ }
+ } else {
+ kfile { "/home/$username":
+ ensure => absent,
+ force => true,
+ recurse => true,
+ }
+ }
+ }
View
36 kbp_bind/manifests/init.pp
@@ -3,28 +3,28 @@
# Class: kbp_bind
#
# Actions:
-# Undocumented
+# Undocumented
#
# Depends:
-# Undocumented
-# gen_puppet
+# Undocumented
+# gen_puppet
#
class kbp_bind inherits bind {
- class { "kbp_trending::bind9":
- method => "munin"
- }
+ class { "kbp_trending::bind9":
+ method => "munin"
+ }
- gen_ferm::rule { "DNS connections":
- proto => "(tcp udp)",
- dport => 53,
- action => "ACCEPT";
- }
+ gen_ferm::rule { "DNS connections":
+ proto => "(tcp udp)",
+ dport => 53,
+ action => "ACCEPT";
+ }
- @@gen_ferm::rule { "Allow AXFR transfers from ${fqdn}":
- saddr => $fqdn,
- proto => "(tcp udp)",
- dport => 53,
- action => "ACCEPT",
- tag => "bind_${environment}";
- }
+ @@gen_ferm::rule { "Allow AXFR transfers from ${fqdn}":
+ saddr => $fqdn,
+ proto => "(tcp udp)",
+ dport => 53,
+ action => "ACCEPT",
+ tag => "bind_${environment}";
+ }
}
View
16 kbp_bip/manifests/init.pp
@@ -3,16 +3,16 @@
# Class: kbp_bip
#
# Actions:
-# Undocumented
+# Undocumented
#
# Depends:
-# Undocumented
-# gen_puppet
+# Undocumented
+# gen_puppet
#
class kbp_bip {
- gen_ferm::rule { "IRC/Bip connections":
- proto => "tcp",
- dport => "(6667 7000 7778)",
- action => "ACCEPT";
- }
+ gen_ferm::rule { "IRC/Bip connections":
+ proto => "tcp",
+ dport => "(6667 7000 7778)",
+ action => "ACCEPT";
+ }
}
View
84 kbp_cassandra/manifests/init.pp
@@ -3,66 +3,66 @@
# Class: kbp_cassandra::client
#
# Parameters:
-# customtag
-# Undocumented
+# customtag
+# Undocumented
#
# Actions:
-# Undocumented
+# Undocumented
#
# Depends:
-# Undocumented
-# gen_puppet
+# Undocumented
+# gen_puppet
#
class kbp_cassandra::client($customtag="cassandra_${environment}") {
- @@gen_ferm::rule { "Cassandra connections from ${fqdn}":
- saddr => $fqdn,
- proto => "tcp",
- dport => 9160,
- action => "ACCEPT",
- tag => $customtag;
- }
+ @@gen_ferm::rule { "Cassandra connections from ${fqdn}":
+ saddr => $fqdn,
+ proto => "tcp",
+ dport => 9160,
+ action => "ACCEPT",
+ tag => $customtag;
+ }
}
# Class: kbp_cassandra::server
#
# Parameters:
-# java_monitoring
-# Undocumented
-# servicegroups
-# Undocumented
-# sms
-# Undocumented
-# customtag
-# Undocumented
+# java_monitoring
+# Undocumented
+# servicegroups
+# Undocumented
+# sms
+# Undocumented
+# customtag
+# Undocumented
#
# Actions:
-# Undocumented
+# Undocumented
#
# Depends:
-# Undocumented
-# gen_puppet
+# Undocumented
+# gen_puppet
#
class kbp_cassandra::server($customtag="cassandra_${environment}", $java_monitoring=false, $servicegroups=false, $sms=true) {
- include kbp_monitoring::cassandra
+ include kbp_monitoring::cassandra
- @@gen_ferm::rule { "Internal Cassandra connections from ${fqdn}":
- saddr => $fqdn,
- proto => "tcp",
- dport => 7000,
- action => "ACCEPT",
- tag => $customtag;
- }
+ @@gen_ferm::rule { "Internal Cassandra connections from ${fqdn}":
+ saddr => $fqdn,
+ proto => "tcp",
+ dport => 7000,
+ action => "ACCEPT",
+ tag => $customtag;
+ }
- Gen_ferm::Rule <<| tag == $customtag |>>
- Gen_ferm::Rule <<| tag == "cassandra_monitoring" |>>
+ Gen_ferm::Rule <<| tag == $customtag |>>
+ Gen_ferm::Rule <<| tag == "cassandra_monitoring" |>>
- if $java_monitoring {
- kbp_monitoring::java { "cassandra_8080":
- servicegroups => $servicegroups ? {
- false => undef,
- default => $servicegroups,
- },
- sms => $sms;
- }
- }
+ if $java_monitoring {
+ kbp_monitoring::java { "cassandra_8080":
+ servicegroups => $servicegroups ? {
+ false => undef,
+ default => $servicegroups,
+ },
+ sms => $sms;
+ }
+ }
}
View
372 kbp_debian/manifests/init.pp
@@ -3,11 +3,11 @@
# Class: kbp_debian::etch
#
# Actions:
-# Undocumented
+# Undocumented
#
# Depends:
-# Undocumented
-# gen_puppet
+# Undocumented
+# gen_puppet
#
class kbp_debian::etch {
}
@@ -15,209 +15,209 @@
# Class: kbp_debian::lenny
#
# Actions:
-# Undocumented
+# Undocumented
#
# Depends:
-# Undocumented
-# gen_puppet
+# Undocumented
+# gen_puppet
#
class kbp_debian::lenny {
- # Don't pull in Recommends or Suggests dependencies when installing
- # packages with apt.
- kfile {
- "/etc/apt/apt.conf.d/no-recommends":
- content => "APT::Install-Recommends \"false\";\n";
- "/etc/apt/apt.conf.d/no-suggests":
- content => "APT::Install-Suggests \"false\";\n";
- }
-
- gen_apt::source {
- "${lsbdistcodename}-volatile":
- comment => "Repository for volatile packages in $lsbdistcodename, such as SpamAssassin and Clamav",
- sourcetype => "deb",
- uri => "$aptproxy/debian-volatile/",
- distribution => "${lsbdistcodename}/volatile",
- components => "main";
- }
-
- kpackage { "mailx":
- ensure => installed
- }
-
- # Package which makes sure the installed Backports.org repository key is
- # up-to-date.
- kpackage { "debian-backports-keyring":
- ensure => installed,
- }
+ # Don't pull in Recommends or Suggests dependencies when installing
+ # packages with apt.
+ kfile {
+ "/etc/apt/apt.conf.d/no-recommends":
+ content => "APT::Install-Recommends \"false\";\n";
+ "/etc/apt/apt.conf.d/no-suggests":
+ content => "APT::Install-Suggests \"false\";\n";
+ }
+
+ gen_apt::source {
+ "${lsbdistcodename}-volatile":
+ comment => "Repository for volatile packages in $lsbdistcodename, such as SpamAssassin and Clamav",
+ sourcetype => "deb",
+ uri => "$aptproxy/debian-volatile/",
+ distribution => "${lsbdistcodename}/volatile",
+ components => "main";
+ }
+
+ kpackage { "mailx":
+ ensure => installed
+ }
+
+ # Package which makes sure the installed Backports.org repository key is
+ # up-to-date.
+ kpackage { "debian-backports-keyring":
+ ensure => installed,
+ }
}
# Class: kbp_debian::squeeze
#
# Actions:
-# Undocumented
+# Undocumented
#
# Depends:
-# Undocumented
-# gen_puppet
+# Undocumented
+# gen_puppet
#
class kbp_debian::squeeze {
- # Don't pull in Recommends or Suggests dependencies when installing
- # packages with apt.
- kfile {
- "/etc/apt/apt.conf.d/no-recommends":
- content => "APT::Install-Recommends \"false\";\n";
- "/etc/apt/apt.conf.d/no-suggests":
- content => "APT::Install-Suggests \"false\";\n";
- }
-
- gen_apt::source {
- "${lsbdistcodename}-updates":
- comment => "Repository for update packages in $lsbdistcodename, such as SpamAssassin and Clamav",
- sourcetype => "deb",
- uri => "$aptproxy/debian/",
- distribution => "${lsbdistcodename}-updates",
- components => "main";
- }
-
- kpackage { "bsd-mailx":
- ensure => installed;
- }
+ # Don't pull in Recommends or Suggests dependencies when installing
+ # packages with apt.
+ kfile {
+ "/etc/apt/apt.conf.d/no-recommends":
+ content => "APT::Install-Recommends \"false\";\n";
+ "/etc/apt/apt.conf.d/no-suggests":
+ content => "APT::Install-Suggests \"false\";\n";
+ }
+
+ gen_apt::source {
+ "${lsbdistcodename}-updates":
+ comment => "Repository for update packages in $lsbdistcodename, such as SpamAssassin and Clamav",
+ sourcetype => "deb",
+ uri => "$aptproxy/debian/",
+ distribution => "${lsbdistcodename}-updates",
+ components => "main";
+ }
+
+ kpackage { "bsd-mailx":
+ ensure => installed;
+ }
}
# Class: kbp_debian
#
# Actions:
-# Undocumented
+# Undocumented
#
# Depends:
-# Undocumented
-# gen_puppet
+# Undocumented
+# gen_puppet
#
class kbp_debian inherits kbp_base {
- $aptproxy = "http://apt-proxy.sys.kumina.nl:9999"
-
- include "kbp_debian::$lsbdistcodename"
- include rng-tools
-
- define check_alternatives($linkto) {
- exec { "/usr/sbin/update-alternatives --set $name $linkto":
- unless => "/bin/sh -c '[ -L /etc/alternatives/$name ] && [ /etc/alternatives/$name -ef $linkto ]'"
- }
- }
-
- # Packages we want to have installed
- $wantedpackages = ["openssh-server", "less", "lftp", "screen", "file", "debsums", "dlocate", "gnupg",
- "ucf", "elinks", "reportbug", "tree", "netcat", "openssh-client", "tcpdump", "iproute", "acl",
- "psmisc", "udev", "lsof", "bzip2", "strace", "pinfo", "lsb-release", "ethtool", "socat", "make", "nscd"]
- kpackage { $wantedpackages:
- ensure => installed;
- }
-
- kpackage { "ca-certificates":
- ensure => latest;
- }
-
- # Packages we do not need, thank you very much!
- $unwantedpackages = ["pidentd", "dhcp3-client", "dhcp3-common", "dictionaries-common", "doc-linux-text", "doc-debian",
- "iamerican", "ibritish", "ispell", "laptop-detect", "libident", "mpack", "mtools", "popularity-contest", "procmail", "tcsh",
- "w3m", "wamerican", "ppp", "pppoe", "pppoeconf", "at", "mdetect", "tasksel", "aptitude"]
-
- kpackage { $unwantedpackages:
- ensure => absent;
- }
-
- # Local timezone
- kpackage { "tzdata":
- ensure => latest,
- }
-
- kfile {
- "/etc/timezone":
- content => "Europe/Amsterdam\n",
- require => Package["tzdata"];
- "/etc/localtime":
- ensure => link,
- target => "/usr/share/zoneinfo/Europe/Amsterdam",
- require => Package["tzdata"];
- }
-
- # Ensure /tmp always has the correct permissions. (It's a common
- # mistake to forget to do a chmod 1777 /tmp when /tmp is moved to its
- # own filesystem.)
- kfile { "/tmp":
- mode => 1777,
- }
-
- service { "ssh":
- ensure => running,
- require => Package["openssh-server"],
- }
-
- # We want to use pinfo as infobrowser, so when the symlink is not
- # pointing towards pinfo, we need to run update-alternatives
- check_alternatives { "infobrowser":
- linkto => "/usr/bin/pinfo",
- require => Package["pinfo"]
- }
-
- kfile { "/etc/skel/.bash_profile":
- source => "kbp_debian/skel/bash_profile";
- }
-
- kpackage {
- "adduser":;
- "locales":
- require => File["/var/cache/debconf/locales.preseed"],
- responsefile => "/var/cache/debconf/locales.preseed",
- ensure => installed;
- }
-
- kfile {
- "/var/cache/debconf/locales.preseed":
- source => "kbp_debian/locales.preseed";
- }
-
- gen_apt::source {
- "${lsbdistcodename}-base":
- comment => "The main repository for the installed Debian release: $lsbdistdescription.",
- sourcetype => "deb",
- uri => "$aptproxy/debian/",
- distribution => "${lsbdistcodename}",
- components => "main non-free";
- "${lsbdistcodename}-security":
- comment => "Security updates for $lsbdistcodename.",
- sourcetype => "deb",
- uri => "$aptproxy/security/",
- distribution => "${lsbdistcodename}/updates",
- components => "main";
- "${lsbdistcodename}-backports":
- comment => "Repository for packages which have been backported to $lsbdistcodename.",
- sourcetype => "deb",
- uri => "$aptproxy/backports",
- distribution => "${lsbdistcodename}-backports",
- components => "main contrib non-free",
- require => Gen_apt::Key["16BA136C"];
- "kumina":
- comment => "Local repository, for packages maintained by Kumina.",
- sourcetype => "deb",
- uri => "$aptproxy/kumina/",
- distribution => "${lsbdistcodename}-kumina",
- components => "main",
- require => Gen_apt::Key["498B91E6"];
- }
-
- # Package which makes sure the installed Kumina repository key is up-to-date.
- kpackage { "kumina-archive-keyring":
- ensure => latest;
- }
-
- gen_apt::preference { "all":
- package => "*",
- repo => "${lsbdistcodename}-kumina";
- }
-
- # TODO: move to appropriate modules (ticket 588)
- if $lsbdistcodename == "lenny" {
- gen_apt::preference { ["libvirt-bin","virtinst","libvirt-doc","libvirt0","virt-manager","libasound2","libbrlapi0.5","kvm","rake","python-django","varnish","linux-image-2.6-amd64","firmware-bnx2","drbd8-utils","heartbeat","python-support"]:; }
- }
+ $aptproxy = "http://apt-proxy.sys.kumina.nl:9999"
+
+ include "kbp_debian::$lsbdistcodename"
+ include rng-tools
+
+ define check_alternatives($linkto) {
+ exec { "/usr/sbin/update-alternatives --set $name $linkto":
+ unless => "/bin/sh -c '[ -L /etc/alternatives/$name ] && [ /etc/alternatives/$name -ef $linkto ]'"
+ }
+ }
+
+ # Packages we want to have installed
+ $wantedpackages = ["openssh-server", "less", "lftp", "screen", "file", "debsums", "dlocate", "gnupg",
+ "ucf", "elinks", "reportbug", "tree", "netcat", "openssh-client", "tcpdump", "iproute", "acl",
+ "psmisc", "udev", "lsof", "bzip2", "strace", "pinfo", "lsb-release", "ethtool", "socat", "make", "nscd"]
+ kpackage { $wantedpackages:
+ ensure => installed;
+ }
+
+ kpackage { "ca-certificates":
+ ensure => latest;
+ }
+
+ # Packages we do not need, thank you very much!
+ $unwantedpackages = ["pidentd", "dhcp3-client", "dhcp3-common", "dictionaries-common", "doc-linux-text", "doc-debian",
+ "iamerican", "ibritish", "ispell", "laptop-detect", "libident", "mpack", "mtools", "popularity-contest", "procmail", "tcsh",
+ "w3m", "wamerican", "ppp", "pppoe", "pppoeconf", "at", "mdetect", "tasksel", "aptitude"]
+
+ kpackage { $unwantedpackages:
+ ensure => absent;
+ }
+
+ # Local timezone
+ kpackage { "tzdata":
+ ensure => latest,
+ }
+
+ kfile {
+ "/etc/timezone":
+ content => "Europe/Amsterdam\n",
+ require => Package["tzdata"];
+ "/etc/localtime":
+ ensure => link,
+ target => "/usr/share/zoneinfo/Europe/Amsterdam",
+ require => Package["tzdata"];
+ }
+