From: Martin Zobel-Helas <zobel@debian.org>
Date: Thu, 26 Aug 2010 22:10:54 +0000 (+0200)
Subject: Merge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa... 
X-Git-Url: https://git.donarmstrong.com/?a=commitdiff_plain;h=70a9bda9ef6e5fa2cebded47c59a11a2592c5511;hp=6218c7c72655ea8a332fc634727efc3188d5502b;p=dsa-puppet.git

Merge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet
---

diff --git a/manifests/site.pp b/manifests/site.pp
index c43378fd..d4f7b84a 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -86,17 +86,12 @@ node default {
         bartok,franck,liszt,master,ries,samosa,schein,spohr,steffani:   { include named::recursor }
     }
 
-    case $hostname {
-        paganini: {}
-        default: {
-             case $kernel {
-                 Linux: {
-                     include ferm
-                 }
-             }
-         }
+    case $kernel {
+        Linux: {
+            include ferm
+            include ferm::per-host
+        }
     }
-    include ferm::per-host
 
     case $hostname {
         beethoven,ravel,spohr: {
@@ -115,3 +110,7 @@ node default {
     }
     include samhain
 }
+
+# vim:set et:
+# vim:set sts=4 ts=4:
+# vim:set shiftwidth=4:
diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp
index fb88994c..62866e69 100644
--- a/modules/apache2/manifests/init.pp
+++ b/modules/apache2/manifests/init.pp
@@ -18,8 +18,8 @@ class apache2 {
             }
 
             file { "/etc/php5/conf.d/suhosin.ini":
-                source  => [ "puppet:///apache2/per-host/$fqdn/etc/php5/conf.d/suhosin.ini",
-                             "puppet:///apache2/common/etc/php5/conf.d/suhosin.ini" ],
+                source  => [ "puppet:///modules/apache2/per-host/$fqdn/etc/php5/conf.d/suhosin.ini",
+                             "puppet:///modules/apache2/common/etc/php5/conf.d/suhosin.ini" ],
                 require => Package["apache2", "php5-suhosin"],
                 notify  => Exec["force-reload-apache2"];
             }
@@ -86,18 +86,18 @@ class apache2 {
             require => Package["apache2"],
                         notify  => Exec["reload-apache2"];
         "/etc/apache2/conf.d/security":
-            source  => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/conf.d/security",
-                         "puppet:///apache2/common/etc/apache2/conf.d/security" ],
+            source  => [ "puppet:///modules/apache2/per-host/$fqdn/etc/apache2/conf.d/security",
+                         "puppet:///modules/apache2/common/etc/apache2/conf.d/security" ],
             require => Package["apache2"],
             notify  => Exec["reload-apache2"];
         "/etc/apache2/conf.d/local-serverinfo":
-            source  => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/conf.d/local-serverinfo",
-                         "puppet:///apache2/common/etc/apache2/conf.d/local-serverinfo" ],
+            source  => [ "puppet:///modules/apache2/per-host/$fqdn/etc/apache2/conf.d/local-serverinfo",
+                         "puppet:///modules/apache2/common/etc/apache2/conf.d/local-serverinfo" ],
             require => Package["apache2"],
             notify  => Exec["reload-apache2"];
         "/etc/apache2/conf.d/server-status":
-            source  => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/conf.d/server-status",
-                         "puppet:///apache2/common/etc/apache2/conf.d/server-status" ],
+            source  => [ "puppet:///modules/apache2/per-host/$fqdn/etc/apache2/conf.d/server-status",
+                         "puppet:///modules/apache2/common/etc/apache2/conf.d/server-status" ],
             require => Package["apache2"],
             notify  => Exec["reload-apache2"];
 
@@ -107,8 +107,8 @@ class apache2 {
             notify  => Exec["reload-apache2"];
 
         "/etc/logrotate.d/apache2":
-            source  => [ "puppet:///apache2/per-host/$fqdn/etc/logrotate.d/apache2",
-                         "puppet:///apache2/common/etc/logrotate.d/apache2" ];
+            source  => [ "puppet:///modules/apache2/per-host/$fqdn/etc/logrotate.d/apache2",
+                         "puppet:///modules/apache2/common/etc/logrotate.d/apache2" ];
 
         "/srv/www":
             mode    => 755,
@@ -137,69 +137,79 @@ class apache2 {
             refreshonly => true;
     }
 
-    @ferm::rule { "dsa-http-limit":
-        prio            => "20",
-        description     => "limit HTTP DOS",
-        chain           => 'http_limit',
-        rule            => '
-                            mod limit limit-burst 60 limit 15/minute jump ACCEPT;
-                            jump DROP;
-                           '
-    }
-    @ferm::rule { "dsa-http-soso":
-        prio            => "21",
-        description     => "slow yahoo spider",
-        chain           => 'limit_sosospider',
-        rule            => '
-                            mod connlimit connlimit-above 2 connlimit-mask 21 jump DROP;
-                            jump http_limit;
-                           '
-    }
-    @ferm::rule { "dsa-http-yahoo":
-        prio            => "21",
-        description     => "slow yahoo spider",
-        chain           => 'limit_yahoo',
-        rule            => '
-                            mod connlimit connlimit-above 2 connlimit-mask 16 jump DROP;
-                            jump http_limit;
-                           '
-    }
-    @ferm::rule { "dsa-http-bing":
-        prio            => "21",
-        description     => "slow bing spider",
-        chain           => 'limit_bing',
-        rule            => '
-                            mod connlimit connlimit-above 2 connlimit-mask 16 jump DROP;
-                            jump http_limit;
-                           '
-    }
-    @ferm::rule { "dsa-http-rules":
-        prio            => "22",
-        description     => "http subchain",
-        chain           => 'http',
-        rule            => '
-                            saddr ( 74.6.22.182 74.6.18.240 ) jump limit_yahoo;
-                            saddr 124.115.0.0/21 jump limit_sosospider;
-                            saddr (65.52.0.0/14 207.46.0.0/16) jump limit_bing;
-
-                            mod recent name HTTPDOS update seconds 1800 jump log_or_drop;
-                            mod hashlimit hashlimit-name HTTPDOS hashlimit-mode srcip hashlimit-burst 600 hashlimit 30/minute jump ACCEPT;
-                            mod recent name HTTPDOS set jump log_or_drop;
-                           '
-    }
     case $hostname {
-        sibelius,stabile: {
+        busoni,duarte,holter,lindberg,master,merkel,powell,rore: {
+            @ferm::rule { "dsa-http-limit":
+                prio            => "20",
+                description     => "limit HTTP DOS",
+                chain           => 'http_limit',
+                rule            => '
+                                    mod limit limit-burst 60 limit 15/minute jump ACCEPT;
+                                    jump DROP;
+                                   '
+            }
+            @ferm::rule { "dsa-http-soso":
+                prio            => "21",
+                description     => "slow soso spider",
+                chain           => 'limit_sosospider',
+                rule            => '
+                                    mod connlimit connlimit-above 2 connlimit-mask 21 jump DROP;
+                                    jump http_limit;
+                                   '
+            }
+            @ferm::rule { "dsa-http-yahoo":
+                prio            => "21",
+                description     => "slow yahoo spider",
+                chain           => 'limit_yahoo',
+                rule            => '
+                                    mod connlimit connlimit-above 2 connlimit-mask 16 jump DROP;
+                                    jump http_limit;
+                                   '
+            }
+            @ferm::rule { "dsa-http-google":
+                prio            => "21",
+                description     => "slow google spider",
+                chain           => 'limit_google',
+                rule            => '
+                                    mod connlimit connlimit-above 2 connlimit-mask 19 jump DROP;
+                                    jump http_limit;
+                                   '
+            }
+            @ferm::rule { "dsa-http-bing":
+                prio            => "21",
+                description     => "slow bing spider",
+                chain           => 'limit_bing',
+                rule            => '
+                                    mod connlimit connlimit-above 2 connlimit-mask 16 jump DROP;
+                                    jump http_limit;
+                                   '
+            }
+            @ferm::rule { "dsa-http-rules":
+                prio            => "22",
+                description     => "http subchain",
+                chain           => 'http',
+                rule            => '
+                                    saddr ( 74.6.22.182 74.6.18.240 67.195.0.0/16 ) jump limit_yahoo;
+                                    saddr 124.115.0.0/21 jump limit_sosospider;
+                                    saddr (65.52.0.0/14 207.46.0.0/16) jump limit_bing;
+                                    saddr (66.249.64.0/19) jump limit_google;
+
+                                    mod recent name HTTPDOS update seconds 1800 jump log_or_drop;
+                                    mod hashlimit hashlimit-name HTTPDOS hashlimit-mode srcip hashlimit-burst 600 hashlimit 30/minute jump ACCEPT;
+                                    mod recent name HTTPDOS set jump log_or_drop;
+                                   '
+            }
             @ferm::rule { "dsa-http":
                 prio            => "23",
                 description     => "Allow web access",
-                rule            => "&SERVICE(tcp, (http https))"
+                rule            => "proto tcp dport (http https) jump http;"
             }
         }
         default: {
             @ferm::rule { "dsa-http":
                 prio            => "23",
                 description     => "Allow web access",
-                rule            => "proto tcp dport (http https) jump http;"
+                rule            => "&SERVICE(tcp, (http https))"
             }
         }
     }
diff --git a/modules/apache2/manifests/security_mirror.pp b/modules/apache2/manifests/security_mirror.pp
index bdc3bcce..fba5ad47 100644
--- a/modules/apache2/manifests/security_mirror.pp
+++ b/modules/apache2/manifests/security_mirror.pp
@@ -1,8 +1,8 @@
 class apache2::security_mirror inherits apache2 {
     file {
         "/etc/apache2/sites-available/security.debian.org":
-            source  => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/sites-available/security.debian.org",
-                         "puppet:///apache2/common/etc/apache2/sites-available/security.debian.org" ];
+            source  => [ "puppet:///modules/apache2/per-host/$fqdn/etc/apache2/sites-available/security.debian.org",
+                         "puppet:///modules/apache2/common/etc/apache2/sites-available/security.debian.org" ];
 
     }
 
diff --git a/modules/apt-keys/manifests/init.pp b/modules/apt-keys/manifests/init.pp
index df616881..c296ec55 100644
--- a/modules/apt-keys/manifests/init.pp
+++ b/modules/apt-keys/manifests/init.pp
@@ -7,12 +7,12 @@ class apt-keys {
             ;
 
         "/etc/apt/trusted-keys.d/backports.org.asc":
-            source  => "puppet:///apt-keys/backports.org.asc",
+            source  => "puppet:///modules/apt-keys/backports.org.asc",
             mode    => 664,
             notify  => Exec["apt-keys-update"],
             ;
         "/etc/apt/trusted-keys.d/db.debian.org.asc":
-            source  => "puppet:///apt-keys/db.debian.org.asc",
+            source  => "puppet:///modules/apt-keys/db.debian.org.asc",
             mode    => 664,
             notify  => Exec["apt-keys-update"],
             ;
diff --git a/modules/buildd/manifests/init.pp b/modules/buildd/manifests/init.pp
index 16f84415..b5ec5806 100644
--- a/modules/buildd/manifests/init.pp
+++ b/modules/buildd/manifests/init.pp
@@ -15,16 +15,16 @@ class buildd {
              ;
        
         "/etc/apt/trusted-keys.d/buildd.debian.org.asc":
-             source  => "puppet:///buildd/buildd.debian.org.asc",
+             source  => "puppet:///modules/buildd/buildd.debian.org.asc",
              mode    => 664,
              notify  => Exec["apt-keys-update"],
              ;
         "/etc/schroot/mount-defaults":
-             source  => "puppet:///buildd/mount-defaults",
+             source  => "puppet:///modules/buildd/mount-defaults",
              require => Package["sbuild"]
              ;
         "/etc/cron.d/dsa-buildd":
-             source => "puppet:///buildd/cron.d-dsa-buildd",
+             source => "puppet:///modules/buildd/cron.d-dsa-buildd",
              require => Package["cron"]
              ;
     }
diff --git a/modules/clamav/manifests/init.pp b/modules/clamav/manifests/init.pp
index 6f42e1ac..c2bd0d10 100644
--- a/modules/clamav/manifests/init.pp
+++ b/modules/clamav/manifests/init.pp
@@ -7,11 +7,11 @@ class clamav {
     file {
         "/etc/clamav-unofficial-sigs.dsa.conf":
             require => Package["clamav-unofficial-sigs"],
-            source  => [ "puppet:///clamav/clamav-unofficial-sigs.dsa.conf" ]
+            source  => [ "puppet:///modules/clamav/clamav-unofficial-sigs.dsa.conf" ]
             ;
         "/etc/clamav-unofficial-sigs.conf":
             require => Package["clamav-unofficial-sigs"],
-            source  => [ "puppet:///clamav/clamav-unofficial-sigs.conf" ]
+            source  => [ "puppet:///modules/clamav/clamav-unofficial-sigs.conf" ]
             ;
     }
 }
diff --git a/modules/debian-org/misc/local.yaml b/modules/debian-org/misc/local.yaml
index bbb1572f..6e98dec2 100644
--- a/modules/debian-org/misc/local.yaml
+++ b/modules/debian-org/misc/local.yaml
@@ -71,7 +71,6 @@ nameinfo:
   poulenc.debian.org: Francis Jean Marcel Poulenc (January 7, 1899 - January 30, 1963)
   powell.debian.org: Andrew Powell (b. April 18th, 1949)
   praetorius.debian.org: Hieronymus Praetorius (August 10th, 1560 - January 27th, 1629)
-  puccini.debian.org: Giacomo Antonio Domenico Michele Secondo Maria Puccini (December 22nd, 1858 - November 29th, 1924)
   raff.debian.org: Joseph Joachim Raff (May 27th, 1822 - June 24th or 25th, 1882)
   rautavaara.debian.org: Einojuhani Rautavaara (born October 9th, 1928)
   ravel.debian.org: Joseph-Maurice Ravel (March 7th, 1875 - December 28th, 1937)
@@ -192,7 +191,6 @@ host_settings:
     - porpora.debian.org
     - poulenc.debian.org
     - praetorius.debian.org
-    - puccini.debian.org
     - rem.debian.org
     - schroeder.debian.org
     - spontini.debian.org
@@ -277,7 +275,6 @@ host_settings:
     porpora.debian.org: mailout.debian.org
     poulenc.debian.org: mailout.debian.org
     praetorius.debian.org: mailout.debian.org
-    puccini.debian.org: mailout.debian.org
     raff.debian.org: mailout.debian.org
     rautavaara.debian.org: mailout.debian.org
     rem.debian.org: mailout.debian.org
@@ -320,7 +317,6 @@ host_settings:
   no_munin:
     - agnesi.debian.org
     - allegri.debian.org
-    - byrd.debian.org
     - escher.debian.org
     - fano.debian.org
     - malo.debian.org
diff --git a/modules/exim/manifests/init.pp b/modules/exim/manifests/init.pp
index d7229bcb..5bf93fee 100644
--- a/modules/exim/manifests/init.pp
+++ b/modules/exim/manifests/init.pp
@@ -55,28 +55,28 @@ class exim {
           ;
         "/etc/exim4/host_blacklist":
           require => Package["exim4-daemon-heavy"],
-          source  => [ "puppet:///exim/per-host/$fqdn/host_blacklist",
-                       "puppet:///exim/common/host_blacklist" ]
+          source  => [ "puppet:///modules/exim/per-host/$fqdn/host_blacklist",
+                       "puppet:///modules/exim/common/host_blacklist" ]
           ;
         "/etc/exim4/blacklist":
           require => Package["exim4-daemon-heavy"],
-          source  => [ "puppet:///exim/per-host/$fqdn/blacklist",
-                       "puppet:///exim/common/blacklist" ]
+          source  => [ "puppet:///modules/exim/per-host/$fqdn/blacklist",
+                       "puppet:///modules/exim/common/blacklist" ]
           ;
         "/etc/exim4/callout_users":
           require => Package["exim4-daemon-heavy"],
-          source  => [ "puppet:///exim/per-host/$fqdn/callout_users",
-                       "puppet:///exim/common/callout_users" ]
+          source  => [ "puppet:///modules/exim/per-host/$fqdn/callout_users",
+                       "puppet:///modules/exim/common/callout_users" ]
           ;
         "/etc/exim4/grey_users":
           require => Package["exim4-daemon-heavy"],
-          source  => [ "puppet:///exim/per-host/$fqdn/grey_users",
-                       "puppet:///exim/common/grey_users" ]
+          source  => [ "puppet:///modules/exim/per-host/$fqdn/grey_users",
+                       "puppet:///modules/exim/common/grey_users" ]
           ;
         "/etc/exim4/helo-check":
           require => Package["exim4-daemon-heavy"],
-          source  => [ "puppet:///exim/per-host/$fqdn/helo-check",
-                       "puppet:///exim/common/helo-check" ]
+          source  => [ "puppet:///modules/exim/per-host/$fqdn/helo-check",
+                       "puppet:///modules/exim/common/helo-check" ]
           ;
         "/etc/exim4/locals":
           require => Package["exim4-daemon-heavy"],
@@ -84,18 +84,18 @@ class exim {
           ;
         "/etc/exim4/localusers":
           require => Package["exim4-daemon-heavy"],
-          source  => [ "puppet:///exim/per-host/$fqdn/localusers",
-                       "puppet:///exim/common/localusers" ]
+          source  => [ "puppet:///modules/exim/per-host/$fqdn/localusers",
+                       "puppet:///modules/exim/common/localusers" ]
           ;
         "/etc/exim4/rbllist":
           require => Package["exim4-daemon-heavy"],
-          source  => [ "puppet:///exim/per-host/$fqdn/rbllist",
-                       "puppet:///exim/common/rbllist" ]
+          source  => [ "puppet:///modules/exim/per-host/$fqdn/rbllist",
+                       "puppet:///modules/exim/common/rbllist" ]
           ;
         "/etc/exim4/rhsbllist":
           require => Package["exim4-daemon-heavy"],
-          source  => [ "puppet:///exim/per-host/$fqdn/rhsbllist",
-                       "puppet:///exim/common/rhsbllist" ]
+          source  => [ "puppet:///modules/exim/per-host/$fqdn/rhsbllist",
+                       "puppet:///modules/exim/common/rhsbllist" ]
           ;
         "/etc/exim4/virtualdomains":
           require => Package["exim4-daemon-heavy"],
@@ -103,48 +103,48 @@ class exim {
           ;
         "/etc/exim4/whitelist":
           require => Package["exim4-daemon-heavy"],
-          source  => [ "puppet:///exim/per-host/$fqdn/whitelist",
-                       "puppet:///exim/common/whitelist" ]
+          source  => [ "puppet:///modules/exim/per-host/$fqdn/whitelist",
+                       "puppet:///modules/exim/common/whitelist" ]
           ;
         "/etc/exim4/submission-domains":
           require => Package["exim4-daemon-heavy"],
-          source  => [ "puppet:///exim/per-host/$fqdn/submission-domains",
-                       "puppet:///exim/common/submission-domains" ]
+          source  => [ "puppet:///modules/exim/per-host/$fqdn/submission-domains",
+                       "puppet:///modules/exim/common/submission-domains" ]
           ;
         "/etc/logrotate.d/exim4-base":
           require => Package["exim4-daemon-heavy"],
-          source  => [ "puppet:///exim/per-host/$fqdn/logrotate-exim4-base",
-                       "puppet:///exim/common/logrotate-exim4-base" ]
+          source  => [ "puppet:///modules/exim/per-host/$fqdn/logrotate-exim4-base",
+                       "puppet:///modules/exim/common/logrotate-exim4-base" ]
           ;
         "/etc/logrotate.d/exim4-paniclog":
           require => Package["exim4-daemon-heavy"],
-          source  => [ "puppet:///exim/per-host/$fqdn/logrotate-exim4-paniclog",
-                       "puppet:///exim/common/logrotate-exim4-paniclog" ]
+          source  => [ "puppet:///modules/exim/per-host/$fqdn/logrotate-exim4-paniclog",
+                       "puppet:///modules/exim/common/logrotate-exim4-paniclog" ]
           ;
         "/etc/exim4/ssl/thishost.crt":
           require => Package["exim4-daemon-heavy"],
-          source  => "puppet:///exim/certs/$fqdn.crt",
+          source  => "puppet:///modules/exim/certs/$fqdn.crt",
           owner   => root,
           group   => Debian-exim,
           mode    => 640
           ;
         "/etc/exim4/ssl/thishost.key":
           require => Package["exim4-daemon-heavy"],
-          source  => "puppet:///exim/certs/$fqdn.key",
+          source  => "puppet:///modules/exim/certs/$fqdn.key",
           owner   => root,
           group   => Debian-exim,
           mode    => 640
           ;
         "/etc/exim4/ssl/ca.crt":
           require => Package["exim4-daemon-heavy"],
-          source  => "puppet:///exim/certs/ca.crt",
+          source  => "puppet:///modules/exim/certs/ca.crt",
           owner   => root,
           group   => Debian-exim,
           mode    => 640
           ;
         "/etc/exim4/ssl/ca.crl":
           require => Package["exim4-daemon-heavy"],
-          source  => "puppet:///exim/certs/ca.crl",
+          source  => "puppet:///modules/exim/certs/ca.crl",
           owner   => root,
           group   => Debian-exim,
           mode    => 640
diff --git a/modules/exim/manifests/mx.pp b/modules/exim/manifests/mx.pp
index 3909f9b7..8a81592e 100644
--- a/modules/exim/manifests/mx.pp
+++ b/modules/exim/manifests/mx.pp
@@ -5,15 +5,15 @@ class exim::mx inherits exim {
     file {
         "/etc/exim4/ccTLD.txt":
           require => Package["exim4-daemon-heavy"],
-          source  => [ "puppet:///exim/common/ccTLD.txt" ]
+          source  => [ "puppet:///modules/exim/common/ccTLD.txt" ]
           ;
         "/etc/exim4/surbl_whitelist.txt":
           require => Package["exim4-daemon-heavy"],
-          source  => [ "puppet:///exim/common/surbl_whitelist.txt" ]
+          source  => [ "puppet:///modules/exim/common/surbl_whitelist.txt" ]
           ;
         "/etc/exim4/exim_surbl.pl":
           require => Package["exim4-daemon-heavy"],
-          source  => [ "puppet:///exim/common/exim_surbl.pl" ],
+          source  => [ "puppet:///modules/exim/common/exim_surbl.pl" ],
           notify  => Exec["exim4 restart"]
           ;
     }
diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp
index 467af752..9eec4b8e 100644
--- a/modules/ferm/manifests/init.pp
+++ b/modules/ferm/manifests/init.pp
@@ -1,5 +1,5 @@
 class ferm {
-    define rule($domain="ip", $chain="INPUT", $rule, $description="", $prio="00") {
+    define rule($domain="ip", $table="filter", $chain="INPUT", $rule, $description="", $prio="00") {
         file {
             "/etc/ferm/dsa.d/${prio}_${name}":
                 ensure  => present,
@@ -26,6 +26,7 @@ class ferm {
             force   => true,
             recurse => true,
             source  => "puppet:///files/empty/",
+            notify  => Exec["ferm restart"],
             require => Package["ferm"];
         "/etc/ferm":
             ensure  => directory,
@@ -34,11 +35,11 @@ class ferm {
             ensure => directory,
             require => Package["ferm"];
         "/etc/default/ferm":
-            source  => "puppet:///ferm/ferm.default",
+            source  => "puppet:///modules/ferm/ferm.default",
             require => Package["ferm"],
             notify  => Exec["ferm restart"];
         "/etc/ferm/ferm.conf":
-            source  => "puppet:///ferm/ferm.conf",
+            source  => "puppet:///modules/ferm/ferm.conf",
             require => Package["ferm"],
             mode    => 0400,
             notify  => Exec["ferm restart"];
@@ -58,7 +59,7 @@ class ferm {
             mode    => 0400,
             notify  => Exec["ferm restart"];
         "/etc/logrotate.d/ulogd":
-            source => "puppet:///ferm/logrotate-ulogd",
+            source => "puppet:///modules/ferm/logrotate-ulogd",
             require => Package["logrotate"],
             ;
     }
@@ -73,7 +74,7 @@ class ferm {
         'true': {
             file {
                 "/etc/ferm/conf.d/load_ftp_conntrack.conf":
-                    source => "puppet:///ferm/conntrack_ftp.conf",
+                    source => "puppet:///modules/ferm/conntrack_ftp.conf",
                     require => Package["ferm"],
                     notify  => Exec["ferm restart"];
             }
diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 3e07aecf..ec082c38 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -111,7 +111,7 @@ class ferm::per-host {
 	cilea: {
             file {
                 "/etc/ferm/conf.d/load_sip_conntrack.conf":
-                    source => "puppet:///ferm/conntrack_sip.conf",
+                    source => "puppet:///modules/ferm/conntrack_sip.conf",
                     require => Package["ferm"],
                     notify  => Exec["ferm restart"];
             }
@@ -195,6 +195,30 @@ class ferm::per-host {
             }
         }
     }
+
+    # redirect snapshot into varnish
+    case $hostname {
+        sibelius: {
+            @ferm::rule { "dsa-snapshot-varnish":
+                rule            => '&SERVICE(tcp, 6081)',
+            }
+            @ferm::rule { "dsa-nat-snapshot-varnish":
+                table           => 'nat',
+                chain           => 'PREROUTING',
+                rule            => 'proto tcp daddr 193.62.202.28 dport 80 REDIRECT to-ports 6081',
+            }
+        }
+        stabile: {
+            @ferm::rule { "dsa-snapshot-varnish":
+                rule            => '&SERVICE(tcp, 6081)',
+            }
+            @ferm::rule { "dsa-nat-snapshot-varnish":
+                table           => 'nat',
+                chain           => 'PREROUTING',
+                rule            => 'proto tcp daddr 206.12.19.150 dport 80 REDIRECT to-ports 6081',
+            }
+        }
+    }
 }
 
 # vim:set et:
diff --git a/modules/ferm/templates/ferm-rule.erb b/modules/ferm/templates/ferm-rule.erb
index b3e637a8..ed27c423 100644
--- a/modules/ferm/templates/ferm-rule.erb
+++ b/modules/ferm/templates/ferm-rule.erb
@@ -4,7 +4,9 @@
 ##
 
 domain <%= domain %> {
-        chain <%= chain %> {
-                <%= rule %>;
-        }
+	table <%= table %> {
+		chain <%= chain %> {
+			<%= rule %>;
+		}
+	}
 }
diff --git a/modules/kfreebsd/manifests/init.pp b/modules/kfreebsd/manifests/init.pp
index dff3b1a4..00a7449c 100644
--- a/modules/kfreebsd/manifests/init.pp
+++ b/modules/kfreebsd/manifests/init.pp
@@ -1,7 +1,7 @@
 class kfreebsd {
     file {
         "/etc/cron.d/dsa-killruby":
-            source  => [ "puppet:///kfreebsd/dsa-killruby" ],
+            source  => [ "puppet:///modules/kfreebsd/dsa-killruby" ],
             ;
     }
     sysctl {
diff --git a/modules/monit/manifests/init.pp b/modules/monit/manifests/init.pp
index 06f71a0a..5e8da8c8 100644
--- a/modules/monit/manifests/init.pp
+++ b/modules/monit/manifests/init.pp
@@ -42,14 +42,14 @@ class monit {
           ;
 
         "/etc/monit/monit.d/01puppet":
-          source  => "puppet:///monit/puppet",
+          source  => "puppet:///modules/monit/puppet",
           require => Package["monit"],
           notify  => Exec["monit stop"],
           mode    => 440
           ;
 
         "/etc/monit/monit.d/00debian.org":
-          source  => "puppet:///monit/debianorg",
+          source  => "puppet:///modules/monit/debianorg",
           require => Package["monit"],
           notify  => Exec["monit stop"],
           mode    => 440
diff --git a/modules/motd/templates/motd.erb b/modules/motd/templates/motd.erb
index 37d9b4fe..fbe11801 100644
--- a/modules/motd/templates/motd.erb
+++ b/modules/motd/templates/motd.erb
@@ -28,6 +28,12 @@ if (nodeinfo['ldap'].at(0)) and (nodeinfo['ldap'][0].has_key?('purpose'))
       purp += nodeinfo['ldap'][0]['architecture'][0]
     end
     purp += " porterbox\n"
+    purp += "\n"
+    purp += "See 'dchroot -l' for a list of available chroots.\n"
+    if nodeinfo['ldap'][0].has_key?('admin')
+      purp += "Please contact #{nodeinfo['ldap'][0]['admin'][0]} for install requests,\n"
+      purp += "following the recommendations in <URL:http://dsa.debian.org/doc/install-req/>.\n"
+    end
   else
     purp += ", used for the following services:\n"
     nodeinfo['ldap'][0]['purpose'].sort.each do |l|
@@ -52,3 +58,8 @@ purp
 
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 
+<%
+# vim:set et:
+# vim:set sts=2 ts=2:
+# vim:set shiftwidth=2:
+-%>
diff --git a/modules/nagios/manifests/client.pp b/modules/nagios/manifests/client.pp
index e16e20f8..7393260e 100644
--- a/modules/nagios/manifests/client.pp
+++ b/modules/nagios/manifests/client.pp
@@ -6,16 +6,16 @@ class nagios::client inherits nagios {
 
 	file {
 		"/etc/default/nagios-nrpe-server":
-			source  => [ "puppet:///nagios/per-host/$fqdn/default",
-			             "puppet:///nagios/common/default" ],
+			source  => [ "puppet:///modules/nagios/per-host/$fqdn/default",
+			             "puppet:///modules/nagios/common/default" ],
 			require => Package["nagios-nrpe-server"],
 			notify  => Exec["nagios-nrpe-server restart"];
 		"/etc/default/nagios-nrpe":
 			ensure  => absent,
 			notify  => Exec["nagios-nrpe-server restart"];
 		"/etc/nagios/nrpe.cfg":
-			source  => [ "puppet:///nagios/per-host/$fqdn/nrpe.cfg",
-			             "puppet:///nagios/common/nrpe.cfg" ],
+			source  => [ "puppet:///modules/nagios/per-host/$fqdn/nrpe.cfg",
+			             "puppet:///modules/nagios/common/nrpe.cfg" ],
 			require => Package["nagios-nrpe-server"],
 			notify  => Exec["nagios-nrpe-server restart"];
 		"/etc/nagios/nrpe.d":
@@ -27,13 +27,13 @@ class nagios::client inherits nagios {
 			require => Package["nagios-nrpe-server"],
 			notify  => Exec["nagios-nrpe-server restart"];
 		"/etc/nagios/nrpe.d/nrpe_dsa.cfg":
-			source  => [ "puppet:///nagios/dsa-nagios/generated/nrpe_dsa.cfg" ],
+			source  => [ "puppet:///modules/nagios/dsa-nagios/generated/nrpe_dsa.cfg" ],
 			require => Package["dsa-nagios-checks"],
 			notify  => Exec["nagios-nrpe-server restart"];
 
 		"/etc/nagios/obsolete-packages-ignore":
-			source  => [ "puppet:///nagios/per-host/$fqdn/obsolete-packages-ignore",
-			             "puppet:///nagios/common/obsolete-packages-ignore" ],
+			source  => [ "puppet:///modules/nagios/per-host/$fqdn/obsolete-packages-ignore",
+			             "puppet:///modules/nagios/common/obsolete-packages-ignore" ],
 			require => Package["dsa-nagios-checks"];
 
 		"/etc/nagios/obsolete-packages-ignore.d/hostspecific":
diff --git a/modules/nagios/manifests/server.pp b/modules/nagios/manifests/server.pp
index 3ee3020d..6f90533c 100644
--- a/modules/nagios/manifests/server.pp
+++ b/modules/nagios/manifests/server.pp
@@ -8,16 +8,16 @@ class nagios::server inherits nagios::client {
 
 	file {
 		"/etc/nagios-plugins/config/local-dsa-checkcommands.cfg":
-			source  => [ "puppet:///nagios/dsa-nagios/static/checkcommands.cfg" ],
+			source  => [ "puppet:///modules/nagios/dsa-nagios/static/checkcommands.cfg" ],
 			require => Package["nagios3"],
 			notify  => Exec["nagios3 reload"];
 
 		"/etc/nagios3/cgi.cfg":
-			source  => [ "puppet:///nagios/dsa-nagios/static/cgi.cfg" ],
+			source  => [ "puppet:///modules/nagios/dsa-nagios/static/cgi.cfg" ],
 			require => Package["nagios3"],
 			notify  => Exec["nagios3 reload"];
 		"/etc/nagios3/nagios.cfg":
-			source  => [ "puppet:///nagios/dsa-nagios/static/nagios.cfg" ],
+			source  => [ "puppet:///modules/nagios/dsa-nagios/static/nagios.cfg" ],
 			require => Package["nagios3"],
 			notify  => Exec["nagios3 reload"];
 
@@ -27,48 +27,48 @@ class nagios::server inherits nagios::client {
 			ensure  => directory;
 
 		"/etc/nagios3/puppetconf.d/contacts.cfg":
-			source  => [ "puppet:///nagios/dsa-nagios/static/conf.d/contacts.cfg" ],
+			source  => [ "puppet:///modules/nagios/dsa-nagios/static/conf.d/contacts.cfg" ],
 			require => Package["nagios3"],
 			notify  => Exec["nagios3 reload"];
 		"/etc/nagios3/puppetconf.d/generic-host.cfg":
-			source  => [ "puppet:///nagios/dsa-nagios/static/conf.d/generic-host.cfg" ],
+			source  => [ "puppet:///modules/nagios/dsa-nagios/static/conf.d/generic-host.cfg" ],
 			require => Package["nagios3"],
 			notify  => Exec["nagios3 reload"];
 		"/etc/nagios3/puppetconf.d/generic-service.cfg":
-			source  => [ "puppet:///nagios/dsa-nagios/static/conf.d/generic-service.cfg" ],
+			source  => [ "puppet:///modules/nagios/dsa-nagios/static/conf.d/generic-service.cfg" ],
 			require => Package["nagios3"],
 			notify  => Exec["nagios3 reload"];
 		"/etc/nagios3/puppetconf.d/timeperiods.cfg":
-			source  => [ "puppet:///nagios/dsa-nagios/static/conf.d/timeperiods.cfg" ],
+			source  => [ "puppet:///modules/nagios/dsa-nagios/static/conf.d/timeperiods.cfg" ],
 			require => Package["nagios3"],
 			notify  => Exec["nagios3 reload"];
 
 		"/etc/nagios3/puppetconf.d/auto-dependencies.cfg":
-			source  => [ "puppet:///nagios/dsa-nagios/generated/auto-dependencies.cfg" ],
+			source  => [ "puppet:///modules/nagios/dsa-nagios/generated/auto-dependencies.cfg" ],
 			require => Package["nagios3"],
 			notify  => Exec["nagios3 reload"];
 		"/etc/nagios3/puppetconf.d/auto-hostextinfo.cfg":
-			source  => [ "puppet:///nagios/dsa-nagios/generated/auto-hostextinfo.cfg" ],
+			source  => [ "puppet:///modules/nagios/dsa-nagios/generated/auto-hostextinfo.cfg" ],
 			require => Package["nagios3"],
 			notify  => Exec["nagios3 reload"];
 		"/etc/nagios3/puppetconf.d/auto-hostgroups.cfg":
-			source  => [ "puppet:///nagios/dsa-nagios/generated/auto-hostgroups.cfg" ],
+			source  => [ "puppet:///modules/nagios/dsa-nagios/generated/auto-hostgroups.cfg" ],
 			require => Package["nagios3"],
 			notify  => Exec["nagios3 reload"];
 		"/etc/nagios3/puppetconf.d/auto-hosts.cfg":
-			source  => [ "puppet:///nagios/dsa-nagios/generated/auto-hosts.cfg" ],
+			source  => [ "puppet:///modules/nagios/dsa-nagios/generated/auto-hosts.cfg" ],
 			require => Package["nagios3"],
 			notify  => Exec["nagios3 reload"];
 		"/etc/nagios3/puppetconf.d/auto-serviceextinfo.cfg":
-			source  => [ "puppet:///nagios/dsa-nagios/generated/auto-serviceextinfo.cfg" ],
+			source  => [ "puppet:///modules/nagios/dsa-nagios/generated/auto-serviceextinfo.cfg" ],
 			require => Package["nagios3"],
 			notify  => Exec["nagios3 reload"];
 		"/etc/nagios3/puppetconf.d/auto-servicegroups.cfg":
-			source  => [ "puppet:///nagios/dsa-nagios/generated/auto-servicegroups.cfg" ],
+			source  => [ "puppet:///modules/nagios/dsa-nagios/generated/auto-servicegroups.cfg" ],
 			require => Package["nagios3"],
 			notify  => Exec["nagios3 reload"];
 		"/etc/nagios3/puppetconf.d/auto-services.cfg":
-			source  => [ "puppet:///nagios/dsa-nagios/generated/auto-services.cfg" ],
+			source  => [ "puppet:///modules/nagios/dsa-nagios/generated/auto-services.cfg" ],
 			require => Package["nagios3"],
 			notify  => Exec["nagios3 reload"];
 
diff --git a/modules/nagios/templates/obsolete-packages-ignore.d-hostspecific.erb b/modules/nagios/templates/obsolete-packages-ignore.d-hostspecific.erb
index eadc515a..117cbf89 100644
--- a/modules/nagios/templates/obsolete-packages-ignore.d-hostspecific.erb
+++ b/modules/nagios/templates/obsolete-packages-ignore.d-hostspecific.erb
@@ -10,7 +10,6 @@ when /(bellini|cimarosa).debian.org/:   ignore << "mcelog"
 when "busoni.debian.org":               ignore << %w{libthreads-perl libthreads-shared-perl}
 when "cilea.debian.org":                ignore << "/freeswitch.*/"
 when /draghi.debian.org/:               ignore << %w{userdir-ldap libnet-dns-perl libnet-dns-sec-perl libnet-dns-zone-parser-perl libdns-ruby1.8}
-when /geo[123].debian.org/:             ignore << %w{geoip-database libgeoip1 geoip-bin}
 when /liszt.debian.org/:                ignore << "amavisd-new"
 when /stabile.debian.org/:              ignore << "xfsprogs"
 when /(zandonai|zelenka).debian.org/:   ignore << %w{zabbix-agent rrdcollect}
@@ -23,7 +22,7 @@ when "zee.debian.org":                  ignore << %w{dpkg-dev dpkg}
 end
 
 case fqdn
-when /(draghi|orff|ravel|klecker).debian.org/: ignore << %w{libdns64 bind9 libbind9-60 liblwres60 bind9-host libisccfg60 libisc60 dnsutils bind9utils libisccc60}
+when /(draghi|orff|ravel|klecker|geo[123]).debian.org/: ignore << %w{libdns66 libdns64 bind9 libbind9-60 liblwres60 bind9-host libisccfg60 libisc60 dnsutils bind9utils libisccc60}
 end
 ignore.flatten.join("\n")
 %>
diff --git a/modules/named/files/common/named.conf.debian-zones b/modules/named/files/common/named.conf.debian-zones
index 26d8ec1b..0ac4b645 100644
--- a/modules/named/files/common/named.conf.debian-zones
+++ b/modules/named/files/common/named.conf.debian-zones
@@ -188,4 +188,19 @@ zone "19.12.206.in-addr.arpa" {
 	allow-query { any; };
 	allow-transfer { };
 };
+
+// 0.0.0.4.0.1.6.0.0.f.8.f.7.0.6.2.ip6.arpa - reverse zone for 2607:f8f0:0610:4000::/64 - ubcece6
+zone "0.0.0.4.0.1.6.0.0.f.8.f.7.0.6.2.ip6.arpa" {
+	type slave;
+	notify no;
+	file "db.2607:f8f0:0610:4000";
+	masters {
+		82.195.75.106; // draghi
+		2001:41b8:202:deb:216:36ff:fe40:3906; //draghi
+	};
+	allow-query { any; };
+	allow-transfer { };
+};
+
+
 // vim:set syn=named:
diff --git a/modules/named/manifests/geodns.pp b/modules/named/manifests/geodns.pp
index d8155cdf..76cfe3c6 100644
--- a/modules/named/manifests/geodns.pp
+++ b/modules/named/manifests/geodns.pp
@@ -12,16 +12,16 @@ class named::geodns inherits named {
             notify  => Exec["apt-get update"],
             ;
         "/etc/bind/named.conf.local":
-            source  => [ "puppet:///named/per-host/$fqdn/named.conf.local",
-                         "puppet:///named/common/named.conf.local" ],
+            source  => [ "puppet:///modules/named/per-host/$fqdn/named.conf.local",
+                         "puppet:///modules/named/common/named.conf.local" ],
             require => Package["bind9"],
             notify  => Exec["bind9 restart"],
             owner   => root,
             group   => root,
             ;
         "/etc/bind/named.conf.acl":
-            source  => [ "puppet:///named/per-host/$fqdn/named.conf.acl",
-                         "puppet:///named/common/named.conf.acl" ],
+            source  => [ "puppet:///modules/named/per-host/$fqdn/named.conf.acl",
+                         "puppet:///modules/named/common/named.conf.acl" ],
             require => Package["bind9"],
             notify  => Exec["bind9 restart"],
             owner   => root,
@@ -40,30 +40,30 @@ class named::geodns inherits named {
             mode    => 755,
             ;
         "/etc/bind/geodns/named.conf.geo":
-            source  => [ "puppet:///named/per-host/$fqdn/named.conf.geo",
-                         "puppet:///named/common/named.conf.geo" ],
+            source  => [ "puppet:///modules/named/per-host/$fqdn/named.conf.geo",
+                         "puppet:///modules/named/common/named.conf.geo" ],
             require => Package["bind9"],
             notify  => Exec["bind9 restart"],
             owner   => root,
             group   => root,
             ;
         "/etc/bind/geodns/trigger":
-            source  => [ "puppet:///named/per-host/$fqdn/trigger",
-                         "puppet:///named/common/trigger" ],
+            source  => [ "puppet:///modules/named/per-host/$fqdn/trigger",
+                         "puppet:///modules/named/common/trigger" ],
             owner   => root,
             group   => root,
             mode    => 555,
             ;
         "/etc/ssh/userkeys/geodnssync":
-            source  => [ "puppet:///named/per-host/$fqdn/authorized_keys",
-                         "puppet:///named/common/authorized_keys" ],
+            source  => [ "puppet:///modules/named/per-host/$fqdn/authorized_keys",
+                         "puppet:///modules/named/common/authorized_keys" ],
             owner   => root,
             group   => geodnssync,
             mode    => 440,
             ;
         "/etc/cron.d/dsa-boot-geodnssync":
-            source  => [ "puppet:///named/per-host/$fqdn/cron-geo",
-                         "puppet:///named/common/cron-geo" ],
+            source  => [ "puppet:///modules/named/per-host/$fqdn/cron-geo",
+                         "puppet:///modules/named/common/cron-geo" ],
             owner   => root,
             group   => root,
             ;
diff --git a/modules/named/manifests/secondary.pp b/modules/named/manifests/secondary.pp
index b0868525..4f0494e2 100644
--- a/modules/named/manifests/secondary.pp
+++ b/modules/named/manifests/secondary.pp
@@ -1,8 +1,8 @@
 class named::secondary inherits named {
     file {
         "/etc/bind/named.conf.debian-zones":
-            source  => [ "puppet:///named/per-host/$fqdn/named.conf.debian-zones",
-                         "puppet:///named/common/named.conf.debian-zones" ],
+            source  => [ "puppet:///modules/named/per-host/$fqdn/named.conf.debian-zones",
+                         "puppet:///modules/named/common/named.conf.debian-zones" ],
             notify  => Exec["bind9 reload"];
         "/etc/bind/named.conf.options":
             content => template("named/named.conf.options.erb"),
diff --git a/modules/nfs-server/manifests/init.pp b/modules/nfs-server/manifests/init.pp
index 9a2b92ff..d14a6ca3 100644
--- a/modules/nfs-server/manifests/init.pp
+++ b/modules/nfs-server/manifests/init.pp
@@ -9,15 +9,15 @@ class nfs-server {
 
     file {
         "/etc/default/nfs-common":
-            source  => "puppet:///nfs-server/nfs-common.default",
+            source  => "puppet:///modules/nfs-server/nfs-common.default",
             require => Package["nfs-common"],
             notify  => Exec["nfs-common restart"];
         "/etc/default/nfs-kernel-server":
-            source  => "puppet:///nfs-server/nfs-kernel-server.default",
+            source  => "puppet:///modules/nfs-server/nfs-kernel-server.default",
             require => Package["nfs-kernel-server"],
             notify  => Exec["nfs-kernel-server restart"];
         "/etc/modprobe.d/lockd.local":
-            source  => "puppet:///nfs-server/lockd.local.modprobe";
+            source  => "puppet:///modules/nfs-server/lockd.local.modprobe";
     }
 
     exec {
diff --git a/modules/postgrey/manifests/init.pp b/modules/postgrey/manifests/init.pp
index 227655d3..678665ee 100644
--- a/modules/postgrey/manifests/init.pp
+++ b/modules/postgrey/manifests/init.pp
@@ -3,7 +3,7 @@ class postgrey {
 
     file {
         "/etc/default/postgrey":
-          source  => "puppet:///postgrey/default",
+          source  => "puppet:///modules/postgrey/default",
           require => Package["postgrey"],
           notify  => Exec["postgrey restart"]
           ;
diff --git a/modules/samhain/templates/samhainrc.erb b/modules/samhain/templates/samhainrc.erb
index 89c341f9..b3defd5c 100644
--- a/modules/samhain/templates/samhainrc.erb
+++ b/modules/samhain/templates/samhainrc.erb
@@ -545,7 +545,7 @@ MailSeverity=crit
 PrintSeverity=none
 LogSeverity=info
 SyslogSeverity=alert
-ExportSeverity=none
+#ExportSeverity=none
 
 
 
@@ -612,7 +612,7 @@ ExportSeverity=none
 
 ## Switch on/off
 #
-KernelCheckActive = True
+#KernelCheckActive = True
 
 ## Check interval (seconds); btw., the check is VERY fast
 #
@@ -630,7 +630,7 @@ KernelCheckActive = True
 
 ## Switch on/off
 #
-LoginCheckActive = True
+# LoginCheckActive = True
 
 ## Severity for logins, multiple logins, logouts
 # 
diff --git a/modules/ssh/manifests/init.pp b/modules/ssh/manifests/init.pp
index 98add738..271c8bdf 100644
--- a/modules/ssh/manifests/init.pp
+++ b/modules/ssh/manifests/init.pp
@@ -5,7 +5,7 @@ class ssh {
         }
 
 	file { "/etc/ssh/ssh_config":
-		source  => [ "puppet:///ssh/ssh_config" ],
+		source  => [ "puppet:///modules/ssh/ssh_config" ],
 		require => Package["openssh-client"]
                 ;
 	       "/etc/ssh/sshd_config":
diff --git a/modules/ssl/manifests/init.pp b/modules/ssl/manifests/init.pp
index 81bdb893..391da0a4 100644
--- a/modules/ssl/manifests/init.pp
+++ b/modules/ssl/manifests/init.pp
@@ -32,19 +32,19 @@ class ssl {
           source  => "puppet:///files/empty/"
         ;
         "/etc/ssl/debian/certs/thishost.crt":
-          source  => "puppet:///ssl/clientcerts/$fqdn.client.crt",
+          source  => "puppet:///modules/ssl/clientcerts/$fqdn.client.crt",
           notify  => Exec["c_rehash /etc/ssl/debian/certs"],
           ;
         "/etc/ssl/debian/keys/thishost.key":
-          source  => "puppet:///ssl/clientcerts/$fqdn.key",
+          source  => "puppet:///modules/ssl/clientcerts/$fqdn.key",
           mode    => 640
           ;
         "/etc/ssl/debian/certs/ca.crt":
-          source  => "puppet:///ssl/clientcerts/ca.crt",
+          source  => "puppet:///modules/ssl/clientcerts/ca.crt",
           notify  => Exec["c_rehash /etc/ssl/debian/certs"],
           ;
         "/etc/ssl/debian/crls/ca.crl":
-          source  => "puppet:///ssl/clientcerts/ca.crl",
+          source  => "puppet:///modules/ssl/clientcerts/ca.crl",
           ;
     }
 
diff --git a/modules/sudo/files/common/sudoers b/modules/sudo/files/common/sudoers
index 3d482d74..559ec9b4 100644
--- a/modules/sudo/files/common/sudoers
+++ b/modules/sudo/files/common/sudoers
@@ -57,6 +57,8 @@ nagios		ALL=(ALL)	NOPASSWD: /usr/sbin/hpacucli controller slot=[0129] pd [0-9]\:
 nagios		ALL=(ALL)	NOPASSWD: /usr/sbin/hpacucli controller slot=[0129] pd [0-9][EIC]\:[0-9]\:[0-9] show
 nagios		ALL=(ALL)	NOPASSWD: /usr/sbin/hpacucli controller slot=[0129] pd [0-9][EIC]\:[0-9]\:[0-9][0-9] show
 nagios		ALL=(ALL)	NOPASSWD: /usr/sbin/hpacucli controller slot=[0129] show status
+nagios		franck=(ALL)	NOPASSWD: /usr/sbin/hpacucli controller slot=1 enclosure 1E\:1 show detail
+
 # other raid controllers
 nagios		powell=(ALL)	NOPASSWD: /usr/local/sbin/areca-cli vsf info
 nagios		puccini=(ALL)	NOPASSWD: /usr/local/bin/tw_cli info c0 u0 status
diff --git a/modules/sudo/manifests/init.pp b/modules/sudo/manifests/init.pp
index a3903573..d774a8f6 100644
--- a/modules/sudo/manifests/init.pp
+++ b/modules/sudo/manifests/init.pp
@@ -5,13 +5,13 @@ class sudo {
 		owner   => root,
 		group   => root,
 		mode    => 440,
-		source  => [ "puppet:///sudo/per-host/$fqdn/sudoers",
-		             "puppet:///sudo/common/sudoers" ],
+		source  => [ "puppet:///modules/sudo/per-host/$fqdn/sudoers",
+		             "puppet:///modules/sudo/common/sudoers" ],
 		require => Package["sudo"]
                 ;
 	       "/etc/pam.d/sudo":
-		source  => [ "puppet:///sudo/per-host/$fqdn/pam",
-		             "puppet:///sudo/common/pam" ],
+		source  => [ "puppet:///modules/sudo/per-host/$fqdn/pam",
+		             "puppet:///modules/sudo/common/pam" ],
 		require => Package["sudo"]
                 ;