summaryrefslogtreecommitdiff
path: root/puppet/modules/site_config/manifests
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules/site_config/manifests')
-rw-r--r--puppet/modules/site_config/manifests/eip.pp27
-rw-r--r--puppet/modules/site_config/manifests/init.pp11
-rw-r--r--puppet/modules/site_config/manifests/resolvconf.pp17
-rw-r--r--puppet/modules/site_config/manifests/sshd.pp8
4 files changed, 59 insertions, 4 deletions
diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp
index 56eb1452..95f9dbf4 100644
--- a/puppet/modules/site_config/manifests/eip.pp
+++ b/puppet/modules/site_config/manifests/eip.pp
@@ -1,10 +1,29 @@
class site_config::eip {
include site_openvpn
+ include site_openvpn::keys
- $tor=hiera('tor')
- notice("Tor enabled: $tor")
+ #$tor=hiera('tor')
+ #notice("Tor enabled: $tor")
- $openvpn_configs=hiera('openvpn_server_configs')
- create_resources('site_openvpn::server_config', $openvpn_configs)
+ #$openvpn_configs=hiera('openvpn_server_configs')
+ #create_resources('site_openvpn::server_config', $openvpn_configs)
+
+ site_openvpn::server_config { 'tcp_config':
+ port => '1194',
+ proto => 'tcp',
+ local => $::ipaddress_eth0_1,
+ server => '10.1.0.0 255.255.248.0',
+ push => '"dhcp-option DNS 10.1.0.1"',
+ management => '127.0.0.1 1000'
+ }
+ site_openvpn::server_config { 'udp_config':
+ port => '1194',
+ proto => 'udp',
+ local => $::ipaddress_eth0_1,
+ server => '10.2.0.0 255.255.248.0',
+ push => '"dhcp-option DNS 10.2.0.1"',
+ management => '127.0.0.1 1001'
+ }
+ include site_shorewall::eip
}
diff --git a/puppet/modules/site_config/manifests/init.pp b/puppet/modules/site_config/manifests/init.pp
new file mode 100644
index 00000000..8aa1b54d
--- /dev/null
+++ b/puppet/modules/site_config/manifests/init.pp
@@ -0,0 +1,11 @@
+class site_config {
+ # default class, use by all hosts
+
+ include apt, lsb, git
+
+ # configure ssh and inculde ssh-keys
+ include site_config::sshd
+
+ # configure /etc/resolv.conf
+ include site_config::resolvconf
+}
diff --git a/puppet/modules/site_config/manifests/resolvconf.pp b/puppet/modules/site_config/manifests/resolvconf.pp
new file mode 100644
index 00000000..bd0539b9
--- /dev/null
+++ b/puppet/modules/site_config/manifests/resolvconf.pp
@@ -0,0 +1,17 @@
+class site_config::resolvconf {
+ package { 'bind9':
+ ensure => installed,
+ }
+
+ $domain_hash = hiera('domain')
+ $domain_public = $domain_hash['public']
+
+ # 127.0.0.1: caching-only local bind
+ # 87.118.100.175: http://server.privacyfoundation.de
+ # 62.141.58.13: http://www.privacyfoundation.ch/de/service/server.html
+ class { '::resolvconf':
+ domain => $domain_public,
+ search => $domain_public,
+ nameservers => [ '127.0.0.1', '87.118.100.175', '62.141.58.13' ]
+ }
+}
diff --git a/puppet/modules/site_config/manifests/sshd.pp b/puppet/modules/site_config/manifests/sshd.pp
new file mode 100644
index 00000000..4834bb6f
--- /dev/null
+++ b/puppet/modules/site_config/manifests/sshd.pp
@@ -0,0 +1,8 @@
+class site_config::sshd {
+ # configure ssh and inculde ssh-keys
+ include sshd
+ $ssh_pubkeys=hiera_hash('ssh_pubkeys')
+ include site_sshd
+ notice($ssh_pubkeys)
+ create_resources('site_sshd::ssh_key', $ssh_pubkeys)
+}