ensure => file,
}
+Exec {
+ path => "/usr/bin:/usr/sbin:/bin:/sbin"
+}
+
node default {
+ $localinfo = yamlinfo('*', "/etc/puppet/modules/debian-org/misc/local.yaml")
+ $nodeinfo = nodeinfo($fqdn, "/etc/puppet/modules/debian-org/misc/local.yaml")
+ $hoster = whohosts($nodeinfo, "/etc/puppet/modules/debian-org/misc/hoster.yaml")
+ $keyinfo = allnodeinfo("sshRSAHostKey", "ipHostNumber")
+ notice("hoster for ${fqdn} is ${hoster}")
+
+ $mxinfo = allnodeinfo("mXRecord")
+
include munin-node
- include samhain
+ include sudo
+ include ssh
include debian-org
+ include monit
+ include apt-keys
+ include ntp
+
+ include motd
+
+ case $hostname {
+ finzi,fano,fasch,field: { include kfreebsd }
+ }
case $smartarraycontroller {
"true": { include debian-proliant }
- default: {}
+ }
+ case $kvmdomain {
+ "true": { package { acpid: ensure => installed } }
+ }
+ case $mptraid {
+ "true": { include "raidmpt" }
}
case $mta {
- "exim4": { include exim }
- default: {}
+ "exim4": {
+ case extractnodeinfo($nodeinfo, 'heavy_exim') {
+ true: { include exim::mx }
+ default: { include exim }
+ }
+ }
}
- import "nagios"
- include nagios-client
+ case extractnodeinfo($nodeinfo, 'muninmaster') {
+ true: { include munin-node::master }
+ }
- case $hostname {
- spohr: {
- import "nagios"
- include nagios-server
- }
- default: {}
+ case extractnodeinfo($nodeinfo, 'nagiosmaster') {
+ true: { include nagios::server }
+ default: { include nagios::client }
}
case $apache2 {
- "true": { case $hostname {
- "carver": { include apache2 }
- default: {}
- } }
- default: {}
+ "true": {
+ case extractnodeinfo($nodeinfo, 'apache2_security_mirror') {
+ true: { include apache2::security_mirror }
+ default: { include apache2 }
+ }
+ }
+ }
+
+ case extractnodeinfo($nodeinfo, 'buildd') {
+ true: { include buildd }
}
- # test here first
case $hostname {
- handel,geo1,geo2,geo3,wieck,brahms,bartok,spohr,sperger,carver,rore,malo,peri,penalosa,praetorius,schein,villa,lobos,steffani,kassia,pergolesi,lafayette,rem,albeniz,goetz,smetana,allegri,puccini,ball,argento,arcadelt,dijkstra,schumann,caballero,voltaire,pescetti,mundy,agricola,goedel,lebrun,mayer,mayr,merulo,morales,murphy,paer,saens,schroeder,spontini,widor,zelenka,agnesi,piatti: { include sudo }
- default: {}
+ klecker,ravel,senfl,orff: { include named::secondary }
+ geo1,geo2,geo3: { include named::geodns }
+ bartok: { include named::recursor }
}
-}
-node penalosa inherits default {
- include hosts
+ case $hostname {
+ logtest01,geo1,geo2,geo3,bartok,senfl,beethoven,piatti,saens: { include ferm }
+ }
+ case $hostname {
+ piatti: {
+ @ferm::rule { "dsa-udd-stunnel":
+ description => "port 8080 for udd stunnel",
+ rule => "&SERVICE_RANGE(tcp, http-alt, ( 192.25.206.16 70.103.162.29 217.196.43.134 ))"
+ }
+ }
+ senfl: {
+ @ferm::rule { "dsa-rsync":
+ domain => "(ip ip6)",
+ description => "Allow rsync access",
+ rule => "&SERVICE(tcp, 873)"
+ }
+ }
+ saens: {
+ @ferm::rule { "dsa-ftp":
+ domain => "(ip ip6)",
+ description => "Allow ftp access",
+ rule => "&SERVICE(tcp, 21)"
+ }
+ @ferm::rule { "dsa-rsync":
+ domain => "(ip ip6)",
+ description => "Allow rsync access",
+ rule => "&SERVICE(tcp, 873)"
+ }
+ }
+
+ }
+ case $brokenhosts {
+ "true": { include hosts }
+ }
+ case $hoster {
+ "ubcece", "darmstadt", "ftcollins", "grnet": { include resolv }
+ }
+ case $portforwarder_user_exists {
+ "true": { include portforwarder }
+ }
+ include samhain
}
projects / dsa-puppet.git / blobdiff