]> git.donarmstrong.com Git - dsa-puppet.git/blob - modules/ferm/manifests/init.pp
projects / dsa-puppet.git / blob
? search:


44872de480c73198ddf799c7acf675f43da67b39
[dsa-puppet.git] / modules / ferm / manifests / init.pp
1 class ferm {
2         # realize (i.e. enable) all @ferm::rule virtual resources
3         Ferm::Rule <| |>
4
5         File { mode => '0400' }
6
7         package { 'ferm':
8                 ensure => installed
9         }
10         package { 'ulogd':
11                 ensure => installed
12         }
13
14         service { 'ferm':
15                 hasstatus   => false,
16                 status      => '/bin/true',
17         }
18
19         $munin_ips = split(regsubst($v4ips, '([^,]+)', 'ip_\1', 'G'), ',')
20
21         munin::check { $munin_ips: script => 'ip_', }
22
23         if $v6ips {
24                 $munin6_ips = split(regsubst($v6ips, '([^,]+)', 'ip_\1', 'G'), ',')
25                 munin::check { $munin6_ips: script => 'ip_', }
26         }
27
28         # get rid of old stuff
29         $munin6_ip6s = split(regsubst($v6ips, '([^,]+)', 'ip6_\1', 'G'), ',')
30         munin::check { $munin6_ip6s: ensure => absent }
31
32         file { '/etc/ferm':
33                 ensure  => directory,
34                 notify  => Service['ferm'],
35                 require => Package['ferm'],
36                 mode    => '0755'
37         }
38         file { '/etc/ferm/dsa.d':
39                 ensure => directory,
40                 purge   => true,
41                 force   => true,
42                 recurse => true,
43                 source  => 'puppet:///files/empty/',
44         }
45         file { '/etc/ferm/conf.d':
46                 ensure => directory,
47         }
48         file { '/etc/default/ferm':
49                 source  => 'puppet:///modules/ferm/ferm.default',
50                 require => Package['ferm'],
51                 notify  => Service['ferm'],
52         }
53         file { '/etc/ferm/ferm.conf':
54                 source  => 'puppet:///modules/ferm/ferm.conf',
55         }
56         file { '/etc/ferm/conf.d/me.conf':
57                 content => template('ferm/me.conf.erb'),
58         }
59         file { '/etc/ferm/conf.d/defs.conf':
60                 content => template('ferm/defs.conf.erb'),
61         }
62         file { '/etc/ferm/conf.d/interfaces.conf':
63                 content => template('ferm/interfaces.conf.erb'),
64         }
65         file { '/etc/logrotate.d/ulogd':
66                 source => 'puppet:///modules/ferm/logrotate-ulogd',
67                 require => Package['debian.org'],
68         }
69
70         if getfromhash($site::nodeinfo, 'buildd') {
71                 file { '/etc/ferm/conf.d/load_ftp_conntrack.conf':
72                         source => 'puppet:///modules/ferm/conntrack_ftp.conf',
73                 }
74         }
75
76 }
Unnamed repository; edit this file 'description' to name the repository.