]> git.donarmstrong.com Git - dsa-puppet.git/blob - modules/ferm/manifests/init.pp
projects / dsa-puppet.git / blob
? search:


904d83a9a21bc261c8b99345866fc66f87c1dedd
[dsa-puppet.git] / modules / ferm / manifests / init.pp
1 # = Class: ferm
2 #
3 # This class installs ferm and sets up rules
4 #
5 # == Sample Usage:
6 #
7 #   include ferm
8 #
9 class ferm {
10         # realize (i.e. enable) all @ferm::rule virtual resources
11         Ferm::Rule <| |>
12
13         File { mode => '0400' }
14
15         package { 'ferm':
16                 ensure => installed
17         }
18         package { 'ulogd':
19                 ensure => installed
20         }
21
22         service { 'ferm':
23                 hasstatus   => false,
24                 status      => '/bin/true',
25         }
26
27         $munin_ips = split(regsubst($::v4ips, '([^,]+)', 'ip_\1', 'G'), ',')
28
29         munin::check { $munin_ips: script => 'ip_', }
30
31         if $v6ips {
32                 $munin6_ips = split(regsubst($::v6ips, '([^,]+)', 'ip_\1', 'G'), ',')
33                 munin::ipv6check { $munin6_ips: }
34         }
35
36         # get rid of old stuff
37         $munin6_ip6s = split(regsubst($::v6ips, '([^,]+)', 'ip6_\1', 'G'), ',')
38         munin::check { $munin6_ip6s: ensure => absent }
39
40         file { '/etc/ferm':
41                 ensure  => directory,
42                 notify  => Service['ferm'],
43                 require => Package['ferm'],
44                 mode    => '0755'
45         }
46         file { '/etc/ferm/dsa.d':
47                 ensure => directory,
48                 mode   => '0555',
49                 purge   => true,
50                 force   => true,
51                 recurse => true,
52                 source  => 'puppet:///files/empty/',
53         }
54         file { '/etc/ferm/conf.d':
55                 ensure => directory,
56                 mode   => '0555',
57                 purge   => true,
58                 force   => true,
59                 recurse => true,
60                 source  => 'puppet:///files/empty/',
61         }
62         file { '/etc/default/ferm':
63                 source  => 'puppet:///modules/ferm/ferm.default',
64                 require => Package['ferm'],
65                 notify  => Service['ferm'],
66                 mode    => '0444',
67         }
68         file { '/etc/ferm/ferm.conf':
69                 source  => 'puppet:///modules/ferm/ferm.conf',
70                 notify  => Service['ferm'],
71         }
72         file { '/etc/ferm/conf.d/me.conf':
73                 content => template('ferm/me.conf.erb'),
74                 notify  => Service['ferm'],
75         }
76         file { '/etc/ferm/conf.d/defs.conf':
77                 content => template('ferm/defs.conf.erb'),
78                 notify  => Service['ferm'],
79         }
80         file { '/etc/ferm/conf.d/interfaces.conf':
81                 content => template('ferm/interfaces.conf.erb'),
82                 notify  => Service['ferm'],
83         }
84         file { '/etc/logrotate.d/ulogd':
85                 source  => 'puppet:///modules/ferm/logrotate-ulogd',
86                 mode    => '0444',
87                 require => Package['debian.org'],
88         }
89
90 }
Unnamed repository; edit this file 'description' to name the repository.