modules/ferm/manifests/init.pp

   1 class ferm {
   2         define rule($domain="ip", $chain="INPUT", $rule, $description="", $prio="00") {
   3                 file { "/etc/ferm/dsa.d/${prio}_${name}":
   4                         ensure  => present,
   5                         owner   => root,
   6                         group   => root,
   7                         mode    => 0400,
   8                         content => template("ferm/ferm-rule.erb"),
   9                         notify  => Exec["ferm restart"],
  10                 }
  11         }
  12
  13         # realize (i.e. enable) all @ferm::rule virtual resources
  14         Ferm::Rule <| |>
  15
  16         package {
  17                 ferm: ensure => installed;
  18                 ulogd: ensure => installed;
  19         }
  20
  21         file {
  22                 "/etc/ferm/dsa.d":
  23                         ensure => directory,
  24                         purge   => true,
  25                         force   => true,
  26                         recurse => true,
  27                         source  => "puppet:///files/empty/",
  28                         require => Package["ferm"];
  29                 "/etc/ferm/conf.d":
  30                         ensure => directory,
  31                         require => Package["ferm"];
  32                 "/etc/default/ferm":
  33                         source  => "puppet:///ferm/ferm.default",
  34                         require => Package["ferm"],
  35                         notify  => Exec["ferm restart"];
  36                 "/etc/ferm/ferm.conf":
  37                         source  => "puppet:///ferm/ferm.conf",
  38                         require => Package["ferm"],
  39                         mode    => 0400,
  40                         notify  => Exec["ferm restart"];
  41                 "/etc/ferm/conf.d/me.conf":
  42                         content => template("ferm/me.conf.erb"),
  43                         require => Package["ferm"],
  44                         mode    => 0400,
  45                         notify  => Exec["ferm restart"];
  46                 "/etc/ferm/conf.d/defs.conf":
  47                         content => template("ferm/defs.conf.erb"),
  48                         require => Package["ferm"],
  49                         mode    => 0400,
  50                         notify  => Exec["ferm restart"];
  51                 "/etc/ferm/conf.d/interfaces.conf":
  52                         content => template("ferm/interfaces.conf.erb"),
  53                         require => Package["ferm"],
  54                         mode    => 0400,
  55                         notify  => Exec["ferm restart"];
  56         }
  57
  58         $munin_ips = split(regsubst($v4ips, '([^,]+)', 'ip_\1', 'G'), ',')
  59
  60         activate_munin_check {
  61             $munin_ips: script => "ip_";
  62         }
  63
  64         exec { "ferm restart":
  65                 command     => "/etc/init.d/ferm restart",
  66                 refreshonly => true,
  67         }
  68
  69 }