]> git.donarmstrong.com Git - dsa-puppet.git/blob - modules/ferm/manifests/init.pp
projects / dsa-puppet.git / blob
? search:


048ce4e0db4857d8b44ba52efb4788e00174772c
[dsa-puppet.git] / modules / ferm / manifests / init.pp
1 class ferm {
2         # realize (i.e. enable) all @ferm::rule virtual resources
3         Ferm::Rule <| |>
4
5         File { mode => '0400' }
6
7         package { 'ferm':
8                 ensure => installed
9         }
10         package { 'ulogd':
11                 ensure => installed
12         }
13
14         service { 'ferm':
15                 hasstatus   => false,
16                 status      => '/bin/true',
17         }
18
19         $munin_ips = split(regsubst($v4ips, '([^,]+)', 'ip_\1', 'G'), ',')
20
21         munin::check { $munin_ips: script => 'ip_', }
22
23         if $v6ips {
24                 $munin6_ips = split(regsubst($v6ips, '([^,]+)', 'ip_\1', 'G'), ',')
25                 munin::ipv6check { $munin6_ips: }
26         }
27
28         # get rid of old stuff
29         $munin6_ip6s = split(regsubst($v6ips, '([^,]+)', 'ip6_\1', 'G'), ',')
30         munin::check { $munin6_ip6s: ensure => absent }
31
32         file { '/etc/ferm':
33                 ensure  => directory,
34                 notify  => Service['ferm'],
35                 require => Package['ferm'],
36                 mode    => '0755'
37         }
38         file { '/etc/ferm/dsa.d':
39                 ensure => directory,
40                 mode   => '0555',
41                 purge   => true,
42                 force   => true,
43                 recurse => true,
44                 source  => 'puppet:///files/empty/',
45         }
46         file { '/etc/ferm/conf.d':
47                 ensure => directory,
48                 mode   => '0555',
49         }
50         file { '/etc/default/ferm':
51                 source  => 'puppet:///modules/ferm/ferm.default',
52                 require => Package['ferm'],
53                 notify  => Service['ferm'],
54                 mode    => '0444',
55         }
56         file { '/etc/ferm/ferm.conf':
57                 source  => 'puppet:///modules/ferm/ferm.conf',
58                 notify  => Service['ferm'],
59         }
60         file { '/etc/ferm/conf.d/me.conf':
61                 content => template('ferm/me.conf.erb'),
62                 notify  => Service['ferm'],
63         }
64         file { '/etc/ferm/conf.d/defs.conf':
65                 content => template('ferm/defs.conf.erb'),
66                 notify  => Service['ferm'],
67         }
68         file { '/etc/ferm/conf.d/interfaces.conf':
69                 content => template('ferm/interfaces.conf.erb'),
70                 notify  => Service['ferm'],
71         }
72         file { '/etc/logrotate.d/ulogd':
73                 source  => 'puppet:///modules/ferm/logrotate-ulogd',
74                 mode    => '0444',
75                 require => Package['debian.org'],
76         }
77
78         if getfromhash($site::nodeinfo, 'buildd') {
79                 file { '/etc/ferm/conf.d/load_ftp_conntrack.conf':
80                         source => 'puppet:///modules/ferm/conntrack_ftp.conf',
81                         notify  => Service['ferm'],
82                 }
83         }
84
85 }
Unnamed repository; edit this file 'description' to name the repository.