From: Stephen Gran <steve@lobefin.net>
Date: Mon, 18 Jan 2010 23:15:17 +0000 (+0000)
Subject: fuck, really, stop
X-Git-Url: https://git.donarmstrong.com/?a=commitdiff_plain;h=73a14efeb23db8e87b317c668d856065027b793f;p=dsa-puppet.git

fuck, really, stop

Signed-off-by: Stephen Gran <steve@lobefin.net>
---

diff --git a/modules/ferm/files/defs.conf b/modules/ferm/files/defs.conf
deleted file mode 100644
index 36cd5d4c..00000000
--- a/modules/ferm/files/defs.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-@def &SERVICE($proto, $port) = {
-	domain (ip ip6) chain INPUT proto $proto dport $port ACCEPT;
-}
-
-@def &V4_SERVICE($proto, $port) = {
-	domain ip chain INPUT proto $proto dport $port ACCEPT;
-}
-
-@def &V6_SERVICE($proto, $port) = {
-	domain ip6 chain INPUT proto $proto dport $port ACCEPT;
-}
-
-@def &V4_SERVICE_RANGE($proto, $port, $srange) = {
-	domain ip chain INPUT proto $proto dport $port saddr $srange ACCEPT;
-}
-
-@def &V6_SERVICE_RANGE($proto, $port, $srange) = {
-	domain ip6 chain INPUT proto $proto dport $port saddr $srange ACCEPT;
-}
-
-@def $HOST_MUNIN  = (192.25.206.57 192.25.206.33);
-@def $HOST_NAGIOS = (192.25.206.57 192.25.206.33);
diff --git a/modules/ferm/files/ferm.conf b/modules/ferm/files/ferm.conf
deleted file mode 100644
index 6cd911f9..00000000
--- a/modules/ferm/files/ferm.conf
+++ /dev/null
@@ -1,19 +0,0 @@
-# include some ferm definitions, useful for adding function to abstract stuff
-@include 'defs.conf';
-
-# a simple default and fairly secure policy
-domain (ip ip6) {
-	chain INPUT {
-		policy DROP;
-		mod state state (ESTABLISHED RELATED) ACCEPT;
-		interface lo ACCEPT;
-		proto tcp mod state state NEW !syn DROP;
-		proto icmp ACCEPT;
-	}
-}
-
-# per-host configuration
-@include 'conf.d/';
-
-# managed via puppet
-@include 'dsa.d/';
diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp
deleted file mode 100644
index adf1fc88..00000000
--- a/modules/ferm/manifests/init.pp
+++ /dev/null
@@ -1,63 +0,0 @@
-#
-
-class ferm {
-	package { "ferm" :
-		ensure		=> installed,
-	}
-
-	file { "/etc/ferm/dsa.d" :
-		ensure		=> directory,
-		owner		=> root,
-		group		=> root,
-		mode		=> 0700,
-		require 	=> Package["ferm"],
-	}
-
-	file { "/etc/ferm/conf.d" :
-		ensure		=>directory,
-		owner		=> root,
-		group		=> root,
-		mode		=> 0700,
-		require		=> Package["ferm"],
-	}
-
-	file { "/etc/ferm/ferm.conf" :
-		ensure		=> present,
-		owner		=> root,
-		group		=> root,
-		mode		=> 0600,
-		require		=> Package["ferm"],
-		notify		=> Exec["ferm reload"],
-		source		=> "puppet:///ferm/ferm.conf",
-	}
-
-	file { "/etc/ferm/defs.conf" :
-		ensure		=> present,
-		owner		=> root,
-		group		=> root,
-		mode		=> 0600,
-		require		=> Package["ferm"],
-		notify		=> Exec["ferm reload"],
-		source		=> "puppet:///ferm/defs.conf",
-	}
-
-	exec { "ferm reload":
-		path		=> "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
-		refreshonly	=> true,
-	}
-
-	# used as, e.g.:
-	# ferm::rule { "dsa-ssh":
-	# 	description	=> "Allow SSH from DSA",
-	# 	rule		=> "proto tcp dport ssh saddr 1.2.3.4 ACCEPT"
-	# }
-	define rule($domain="ip", $chain="INPUT", $rule, $description="", $prio="00") {
-		file { "/etc/ferm/dsa.d/${prio}_${name}":
-			ensure	=> present,
-			owner	=> root,
-			group	=> root,
-			mode	=> 0600,
-			content => template("ferm/ferm-rule.erb"),
-		}
-	}
-}
diff --git a/modules/ferm/templates/ferm-rule.erb b/modules/ferm/templates/ferm-rule.erb
deleted file mode 100644
index b3e637a8..00000000
--- a/modules/ferm/templates/ferm-rule.erb
+++ /dev/null
@@ -1,10 +0,0 @@
-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-##
-
-domain <%= domain %> {
-        chain <%= chain %> {
-                <%= rule %>;
-        }
-}