diff options
Diffstat (limited to 'puppet/modules/site_config/manifests')
-rw-r--r-- | puppet/modules/site_config/manifests/eip.pp | 27 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/init.pp | 11 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/resolvconf.pp | 17 | ||||
-rw-r--r-- | puppet/modules/site_config/manifests/sshd.pp | 8 |
4 files changed, 59 insertions, 4 deletions
diff --git a/puppet/modules/site_config/manifests/eip.pp b/puppet/modules/site_config/manifests/eip.pp index 56eb1452..95f9dbf4 100644 --- a/puppet/modules/site_config/manifests/eip.pp +++ b/puppet/modules/site_config/manifests/eip.pp @@ -1,10 +1,29 @@ class site_config::eip { include site_openvpn + include site_openvpn::keys - $tor=hiera('tor') - notice("Tor enabled: $tor") + #$tor=hiera('tor') + #notice("Tor enabled: $tor") - $openvpn_configs=hiera('openvpn_server_configs') - create_resources('site_openvpn::server_config', $openvpn_configs) + #$openvpn_configs=hiera('openvpn_server_configs') + #create_resources('site_openvpn::server_config', $openvpn_configs) + + site_openvpn::server_config { 'tcp_config': + port => '1194', + proto => 'tcp', + local => $::ipaddress_eth0_1, + server => '10.1.0.0 255.255.248.0', + push => '"dhcp-option DNS 10.1.0.1"', + management => '127.0.0.1 1000' + } + site_openvpn::server_config { 'udp_config': + port => '1194', + proto => 'udp', + local => $::ipaddress_eth0_1, + server => '10.2.0.0 255.255.248.0', + push => '"dhcp-option DNS 10.2.0.1"', + management => '127.0.0.1 1001' + } + include site_shorewall::eip } diff --git a/puppet/modules/site_config/manifests/init.pp b/puppet/modules/site_config/manifests/init.pp new file mode 100644 index 00000000..8aa1b54d --- /dev/null +++ b/puppet/modules/site_config/manifests/init.pp @@ -0,0 +1,11 @@ +class site_config { + # default class, use by all hosts + + include apt, lsb, git + + # configure ssh and inculde ssh-keys + include site_config::sshd + + # configure /etc/resolv.conf + include site_config::resolvconf +} diff --git a/puppet/modules/site_config/manifests/resolvconf.pp b/puppet/modules/site_config/manifests/resolvconf.pp new file mode 100644 index 00000000..bd0539b9 --- /dev/null +++ b/puppet/modules/site_config/manifests/resolvconf.pp @@ -0,0 +1,17 @@ +class site_config::resolvconf { + package { 'bind9': + ensure => installed, + } + + $domain_hash = hiera('domain') + $domain_public = $domain_hash['public'] + + # 127.0.0.1: caching-only local bind + # 87.118.100.175: http://server.privacyfoundation.de + # 62.141.58.13: http://www.privacyfoundation.ch/de/service/server.html + class { '::resolvconf': + domain => $domain_public, + search => $domain_public, + nameservers => [ '127.0.0.1', '87.118.100.175', '62.141.58.13' ] + } +} diff --git a/puppet/modules/site_config/manifests/sshd.pp b/puppet/modules/site_config/manifests/sshd.pp new file mode 100644 index 00000000..4834bb6f --- /dev/null +++ b/puppet/modules/site_config/manifests/sshd.pp @@ -0,0 +1,8 @@ +class site_config::sshd { + # configure ssh and inculde ssh-keys + include sshd + $ssh_pubkeys=hiera_hash('ssh_pubkeys') + include site_sshd + notice($ssh_pubkeys) + create_resources('site_sshd::ssh_key', $ssh_pubkeys) +} |