summaryrefslogtreecommitdiff
path: root/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'puppet')
-rw-r--r--puppet/modules/site_check_mk/files/agent/logwatch/syslog/openvpn.cfg7
-rw-r--r--puppet/modules/site_check_mk/manifests/agent/openvpn.pp10
-rw-r--r--puppet/modules/site_config/manifests/packages/base.pp1
-rw-r--r--puppet/modules/site_openvpn/manifests/init.pp3
-rw-r--r--puppet/modules/site_postfix/manifests/mx/reserved_aliases.pp12
5 files changed, 28 insertions, 5 deletions
diff --git a/puppet/modules/site_check_mk/files/agent/logwatch/syslog/openvpn.cfg b/puppet/modules/site_check_mk/files/agent/logwatch/syslog/openvpn.cfg
new file mode 100644
index 00000000..d58e876d
--- /dev/null
+++ b/puppet/modules/site_check_mk/files/agent/logwatch/syslog/openvpn.cfg
@@ -0,0 +1,7 @@
+# ignore openvpn TLS initialization errors when clients
+# suddenly hangup before properly establishing
+# a tls connection
+ I ovpn-.*TLS Error: Unroutable control packet received from
+ I ovpn-.*TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
+ I ovpn-.*TLS Error: TLS handshake failed
+
diff --git a/puppet/modules/site_check_mk/manifests/agent/openvpn.pp b/puppet/modules/site_check_mk/manifests/agent/openvpn.pp
new file mode 100644
index 00000000..919a408d
--- /dev/null
+++ b/puppet/modules/site_check_mk/manifests/agent/openvpn.pp
@@ -0,0 +1,10 @@
+class site_check_mk::agent::openvpn {
+
+ # check syslog
+ concat::fragment { 'syslog_openpvn':
+ source => 'puppet:///modules/site_check_mk/agent/logwatch/syslog/openvpn.cfg',
+ target => '/etc/check_mk/logwatch.d/syslog.cfg',
+ order => '02';
+ }
+
+}
diff --git a/puppet/modules/site_config/manifests/packages/base.pp b/puppet/modules/site_config/manifests/packages/base.pp
index 28aa4dbb..ae47963c 100644
--- a/puppet/modules/site_config/manifests/packages/base.pp
+++ b/puppet/modules/site_config/manifests/packages/base.pp
@@ -1,5 +1,6 @@
class site_config::packages::base {
+
# base set of packages that we want to have installed everywhere
package { [ 'etckeeper', 'screen', 'less', 'ntp' ]:
ensure => installed,
diff --git a/puppet/modules/site_openvpn/manifests/init.pp b/puppet/modules/site_openvpn/manifests/init.pp
index 42146741..4c2a3967 100644
--- a/puppet/modules/site_openvpn/manifests/init.pp
+++ b/puppet/modules/site_openvpn/manifests/init.pp
@@ -213,4 +213,7 @@ class site_openvpn {
target => '/etc/default/openvpn',
order => 10;
}
+
+ include site_check_mk::agent::openvpn
+
}
diff --git a/puppet/modules/site_postfix/manifests/mx/reserved_aliases.pp b/puppet/modules/site_postfix/manifests/mx/reserved_aliases.pp
index aea66f78..83e27376 100644
--- a/puppet/modules/site_postfix/manifests/mx/reserved_aliases.pp
+++ b/puppet/modules/site_postfix/manifests/mx/reserved_aliases.pp
@@ -1,11 +1,13 @@
+# Defines which mail addresses shouldn't be available and where they should fwd
class site_postfix::mx::reserved_aliases {
postfix::mailalias {
- [ 'postmaster', 'hostmaster', 'domainadmin', 'certmaster', 'ssladmin',
- 'arin-admin', 'administrator', 'webmaster', 'www-data', 'www',
- 'nobody', 'sys', 'postgresql', 'mysql', 'bin', 'cron', 'lp', 'games',
- 'maildrop', 'abuse', 'noc', 'security', 'usenet', 'news', 'uucp',
- 'ftp' ]:
+ [ 'abuse', 'admin', 'arin-admin', 'administrator', 'bin', 'cron',
+ 'certmaster', 'domainadmin', 'games', 'ftp', 'hostmaster', 'lp',
+ 'maildrop', 'mysql', 'news', 'nobody', 'noc', 'postmaster', 'postgresql',
+ 'security', 'ssladmin', 'sys', 'usenet', 'uucp', 'webmaster', 'www',
+ 'www-data',
+ ]:
ensure => present,
recipient => 'root'
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-05 07:42:24 +0000