summaryrefslogtreecommitdiff
path: root/puppet/modules/site_config
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules/site_config')
-rw-r--r--puppet/modules/site_config/lib/facter/ip_interface.rb13
-rw-r--r--puppet/modules/site_config/manifests/caching_resolver.pp41
-rw-r--r--puppet/modules/site_config/manifests/default.pp36
-rw-r--r--puppet/modules/site_config/manifests/hosts.pp22
-rw-r--r--puppet/modules/site_config/manifests/resolvconf.pp24
-rw-r--r--puppet/modules/site_config/manifests/slow.pp6
-rw-r--r--puppet/modules/site_config/manifests/sshd.pp9
-rw-r--r--puppet/modules/site_config/templates/hosts15
8 files changed, 166 insertions, 0 deletions
diff --git a/puppet/modules/site_config/lib/facter/ip_interface.rb b/puppet/modules/site_config/lib/facter/ip_interface.rb
new file mode 100644
index 00000000..45764bfc
--- /dev/null
+++ b/puppet/modules/site_config/lib/facter/ip_interface.rb
@@ -0,0 +1,13 @@
+require 'facter/util/ip'
+
+Facter::Util::IP.get_interfaces.each do |interface|
+ ip = Facter.value("ipaddress_#{interface}")
+ if ip != nil
+ Facter.add("interface_" + ip ) do
+ setcode do
+ interface
+ end
+ end
+ end
+end
+
diff --git a/puppet/modules/site_config/manifests/caching_resolver.pp b/puppet/modules/site_config/manifests/caching_resolver.pp
new file mode 100644
index 00000000..922c394f
--- /dev/null
+++ b/puppet/modules/site_config/manifests/caching_resolver.pp
@@ -0,0 +1,41 @@
+class site_config::caching_resolver {
+
+ # Setup a conf.d directory to place additional unbound configuration files.
+ # There must be at least one file in the directory, or unbound will not start,
+ # so create an empty placeholder to ensure this.
+
+ # Note: the version of unbound we are working with does not accept a wildcard
+ # for an include directive, so we are not able to use this. When we can use
+ # the newer unbound, then we will add 'include: /etc/unbound.d/*' to the
+ # configuration file
+
+ file {
+ '/etc/unbound/conf.d':
+ ensure => directory,
+ owner => root, group => root, mode => '0755',
+ require => Package['unbound'];
+
+ '/etc/unbound/conf.d/placeholder':
+ ensure => present,
+ content => '',
+ owner => root, group => root, mode => '0644';
+ }
+
+ class { 'unbound':
+ root_hints => false,
+ anchor => false,
+ ssl => false,
+ require => File['/etc/unbound/conf.d/placeholder'],
+ settings => {
+ server => {
+ verbosity => '1',
+ interface => [ '127.0.0.1', '::1' ],
+ port => '53',
+ hide-identity => 'yes',
+ hide-version => 'yes',
+ harden-glue => 'yes',
+ access-control => [ '127.0.0.0/8 allow', '::1 allow' ]
+ }
+ }
+ }
+}
diff --git a/puppet/modules/site_config/manifests/default.pp b/puppet/modules/site_config/manifests/default.pp
new file mode 100644
index 00000000..2191e9a1
--- /dev/null
+++ b/puppet/modules/site_config/manifests/default.pp
@@ -0,0 +1,36 @@
+class site_config::default {
+ tag 'leap_base'
+
+ $domain_hash = hiera('domain')
+
+ include concat::setup
+
+ # default class, used by all hosts
+
+ include lsb, git
+
+ # configure apt
+ include site_apt
+
+
+ # configure ssh and include ssh-keys
+ include site_config::sshd
+
+ # configure /etc/resolv.conf
+ include site_config::resolvconf
+
+ # configure caching, local resolver
+ include site_config::caching_resolver
+
+ # configure /etc/hosts
+ class { 'site_config::hosts':
+ stage => initial,
+ }
+
+ package { [ 'etckeeper' ]:
+ ensure => installed,
+ }
+
+ # include basic shorewall config
+ include site_shorewall::defaults
+}
diff --git a/puppet/modules/site_config/manifests/hosts.pp b/puppet/modules/site_config/manifests/hosts.pp
new file mode 100644
index 00000000..6c00f3b6
--- /dev/null
+++ b/puppet/modules/site_config/manifests/hosts.pp
@@ -0,0 +1,22 @@
+class site_config::hosts() {
+
+ $hosts = hiera('hosts','')
+ $hostname = hiera('name')
+
+ $domain_public = $site_config::default::domain_hash['full_suffix']
+
+ file { "/etc/hostname":
+ ensure => present,
+ content => $hostname
+ }
+
+ exec { "/bin/hostname $hostname":
+ subscribe => [ File['/etc/hostname'], File['/etc/hosts'] ],
+ refreshonly => true;
+ }
+
+ file { '/etc/hosts':
+ content => template('site_config/hosts'),
+ mode => '0644', owner => root, group => root;
+ }
+}
diff --git a/puppet/modules/site_config/manifests/resolvconf.pp b/puppet/modules/site_config/manifests/resolvconf.pp
new file mode 100644
index 00000000..d73f0b78
--- /dev/null
+++ b/puppet/modules/site_config/manifests/resolvconf.pp
@@ -0,0 +1,24 @@
+class site_config::resolvconf {
+
+ # bind9 purging can be taken out after some time
+ package { 'bind9':
+ ensure => absent,
+ }
+ file { '/etc/default/bind9':
+ ensure => absent;
+ }
+ file { '/etc/bind/named.conf.options':
+ ensure => absent;
+ }
+
+ $domain_public = $site_config::default::domain_hash['full_suffix']
+
+ # 127.0.0.1: caching-only local bind
+ # 87.118.100.175: http://server.privacyfoundation.de
+ # 62.141.58.13: http://www.privacyfoundation.ch/de/service/server.html
+ class { '::resolvconf':
+ domain => $domain_public,
+ search => $domain_public,
+ nameservers => [ '127.0.0.1', '87.118.100.175', '62.141.58.13' ]
+ }
+}
diff --git a/puppet/modules/site_config/manifests/slow.pp b/puppet/modules/site_config/manifests/slow.pp
new file mode 100644
index 00000000..18b22a9c
--- /dev/null
+++ b/puppet/modules/site_config/manifests/slow.pp
@@ -0,0 +1,6 @@
+class site_config::slow {
+ tag 'leap_slow'
+ class { 'site_apt::dist_upgrade':
+ stage => initial,
+ }
+}
diff --git a/puppet/modules/site_config/manifests/sshd.pp b/puppet/modules/site_config/manifests/sshd.pp
new file mode 100644
index 00000000..944dbce2
--- /dev/null
+++ b/puppet/modules/site_config/manifests/sshd.pp
@@ -0,0 +1,9 @@
+class site_config::sshd {
+ # configure sshd
+ include sshd
+ include site_sshd
+ # no need for configuring authorized_keys as leap_cli cares for that
+ #$ssh_pubkeys=hiera_hash('ssh_pubkeys')
+ #notice($ssh_pubkeys)
+ #create_resources('site_sshd::ssh_key', $ssh_pubkeys)
+}
diff --git a/puppet/modules/site_config/templates/hosts b/puppet/modules/site_config/templates/hosts
new file mode 100644
index 00000000..00cc6a79
--- /dev/null
+++ b/puppet/modules/site_config/templates/hosts
@@ -0,0 +1,15 @@
+# This file is managed by puppet, any changes will be overwritten!
+
+127.0.0.1 localhost
+127.0.1.1 <%= hostname %>.<%= @domain_public %> <%= hostname %>
+
+<%- if hosts.to_s != '' then -%>
+<%= hosts %>
+<% end -%>
+
+# The following lines are desirable for IPv6 capable hosts
+::1 ip6-localhost ip6-loopback
+fe00::0 ip6-localnet
+ff00::0 ip6-mcastprefix
+ff02::1 ip6-allnodes
+ff02::2 ip6-allrouters