summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--puppet/modules/site_postfix/manifests/mx/smtp_tls.pp3
-rw-r--r--puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp3
-rw-r--r--puppet/modules/site_sshd/manifests/authorized_keys.pp32
-rw-r--r--puppet/modules/site_stunnel/manifests/override_service.pp5
4 files changed, 26 insertions, 17 deletions
diff --git a/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp b/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp
index b27c0e3c..c93c3ba2 100644
--- a/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp
+++ b/puppet/modules/site_postfix/manifests/mx/smtp_tls.pp
@@ -1,3 +1,4 @@
+# configure smtp tls
class site_postfix::mx::smtp_tls {
include site_config::x509::ca
@@ -24,7 +25,7 @@ class site_postfix::mx::smtp_tls {
'smtp_tls_fingerprint_digest':
value => 'sha1';
'smtp_tls_session_cache_database':
- value => 'btree:${data_directory}/smtp_cache';
+ value => "btree:\${data_directory}/smtp_cache";
# see issue #4011
'smtp_tls_protocols':
value => '!SSLv2, !SSLv3';
diff --git a/puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp b/puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp
index 02a59942..66297f55 100644
--- a/puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp
+++ b/puppet/modules/site_postfix/manifests/mx/smtpd_tls.pp
@@ -1,3 +1,4 @@
+# configure smtpd tls
class site_postfix::mx::smtpd_tls {
include x509::variables
@@ -19,7 +20,7 @@ class site_postfix::mx::smtpd_tls {
'smtpd_tls_eecdh_grade':
value => 'ultra';
'smtpd_tls_session_cache_database':
- value => 'btree:${data_directory}/smtpd_scache';
+ value => "btree:\${data_directory}/smtpd_scache";
# see issue #4011
'smtpd_tls_mandatory_protocols':
value => '!SSLv2, !SSLv3';
diff --git a/puppet/modules/site_sshd/manifests/authorized_keys.pp b/puppet/modules/site_sshd/manifests/authorized_keys.pp
index 90a33d8d..a1fde3f6 100644
--- a/puppet/modules/site_sshd/manifests/authorized_keys.pp
+++ b/puppet/modules/site_sshd/manifests/authorized_keys.pp
@@ -1,20 +1,22 @@
+# We want to purge unmanaged keys from the authorized_keys file so that only
+# keys added in the provider are valid. Any manually added keys will be
+# overridden.
+#
+# In order to do this, we have to use a custom define to deploy the
+# authorized_keys file because puppet's internal resource doesn't allow
+# purging before populating this file.
+#
+# See the following for more information:
+# https://tickets.puppetlabs.com/browse/PUP-1174
+# https://leap.se/code/issues/2990
+# https://leap.se/code/issues/3010
+#
define site_sshd::authorized_keys ($keys, $ensure = 'present', $home = '') {
- # We want to purge unmanaged keys from the authorized_keys file so that only
- # keys added in the provider are valid. Any manually added keys will be
- # overridden.
- #
- # In order to do this, we have to use a custom define to deploy the
- # authorized_keys file because puppet's internal resource doesn't allow
- # purging before populating this file.
- #
- # See the following for more information:
- # https://tickets.puppetlabs.com/browse/PUP-1174
- # https://leap.se/code/issues/2990
- # https://leap.se/code/issues/3010
- #
# This line allows default homedir based on $title variable.
# If $home is empty, the default is used.
$homedir = $home ? {'' => "/home/${title}", default => $home}
+ $owner = $ensure ? {'present' => $title, default => undef }
+ $group = $ensure ? {'present' => $title, default => undef }
file {
"${homedir}/.ssh":
ensure => 'directory',
@@ -23,8 +25,8 @@ define site_sshd::authorized_keys ($keys, $ensure = 'present', $home = '') {
mode => '0700';
"${homedir}/.ssh/authorized_keys":
ensure => $ensure,
- owner => $ensure ? {'present' => $title, default => undef },
- group => $ensure ? {'present' => $title, default => undef },
+ owner => $owner,
+ group => $group,
mode => '0600',
require => File["${homedir}/.ssh"],
content => template('site_sshd/authorized_keys.erb');
diff --git a/puppet/modules/site_stunnel/manifests/override_service.pp b/puppet/modules/site_stunnel/manifests/override_service.pp
index 96187048..435b9aa0 100644
--- a/puppet/modules/site_stunnel/manifests/override_service.pp
+++ b/puppet/modules/site_stunnel/manifests/override_service.pp
@@ -1,4 +1,9 @@
+# override stunnel::debian defaults
+#
+# ignore puppet lint error about inheriting from different namespace
+# lint:ignore:inherits_across_namespaces
class site_stunnel::override_service inherits stunnel::debian {
+# lint:endignore
include site_config::x509::cert
include site_config::x509::key