}
file { "/etc/php5/conf.d/suhosin.ini":
- source => [ "puppet:///apache2/per-host/$fqdn/etc/php5/conf.d/suhosin.ini",
- "puppet:///apache2/common/etc/php5/conf.d/suhosin.ini" ],
+ source => [ "puppet:///modules/apache2/per-host/$fqdn/etc/php5/conf.d/suhosin.ini",
+ "puppet:///modules/apache2/common/etc/php5/conf.d/suhosin.ini" ],
require => Package["apache2", "php5-suhosin"],
notify => Exec["force-reload-apache2"];
}
require => Package["apache2"],
notify => Exec["reload-apache2"];
"/etc/apache2/conf.d/security":
- source => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/conf.d/security",
- "puppet:///apache2/common/etc/apache2/conf.d/security" ],
+ source => [ "puppet:///modules/apache2/per-host/$fqdn/etc/apache2/conf.d/security",
+ "puppet:///modules/apache2/common/etc/apache2/conf.d/security" ],
require => Package["apache2"],
notify => Exec["reload-apache2"];
"/etc/apache2/conf.d/local-serverinfo":
- source => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/conf.d/local-serverinfo",
- "puppet:///apache2/common/etc/apache2/conf.d/local-serverinfo" ],
+ source => [ "puppet:///modules/apache2/per-host/$fqdn/etc/apache2/conf.d/local-serverinfo",
+ "puppet:///modules/apache2/common/etc/apache2/conf.d/local-serverinfo" ],
require => Package["apache2"],
notify => Exec["reload-apache2"];
"/etc/apache2/conf.d/server-status":
- source => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/conf.d/server-status",
- "puppet:///apache2/common/etc/apache2/conf.d/server-status" ],
+ source => [ "puppet:///modules/apache2/per-host/$fqdn/etc/apache2/conf.d/server-status",
+ "puppet:///modules/apache2/common/etc/apache2/conf.d/server-status" ],
require => Package["apache2"],
notify => Exec["reload-apache2"];
notify => Exec["reload-apache2"];
"/etc/logrotate.d/apache2":
- source => [ "puppet:///apache2/per-host/$fqdn/etc/logrotate.d/apache2",
- "puppet:///apache2/common/etc/logrotate.d/apache2" ];
+ source => [ "puppet:///modules/apache2/per-host/$fqdn/etc/logrotate.d/apache2",
+ "puppet:///modules/apache2/common/etc/logrotate.d/apache2" ];
"/srv/www":
mode => 755,
}
@ferm::rule { "dsa-http-soso":
prio => "21",
- description => "slow yahoo spider",
+ description => "slow soso spider",
chain => 'limit_sosospider',
rule => '
mod connlimit connlimit-above 2 connlimit-mask 21 jump DROP;
jump http_limit;
'
}
+ @ferm::rule { "dsa-http-google":
+ prio => "21",
+ description => "slow google spider",
+ chain => 'limit_google',
+ rule => '
+ mod connlimit connlimit-above 2 connlimit-mask 19 jump DROP;
+ jump http_limit;
+ '
+ }
@ferm::rule { "dsa-http-bing":
prio => "21",
description => "slow bing spider",
description => "http subchain",
chain => 'http',
rule => '
- saddr ( 74.6.22.182 74.6.18.240 ) jump limit_yahoo;
+ saddr ( 74.6.22.182 74.6.18.240 67.195.0.0/16 ) jump limit_yahoo;
saddr 124.115.0.0/21 jump limit_sosospider;
saddr (65.52.0.0/14 207.46.0.0/16) jump limit_bing;
+ saddr (66.249.64.0/19) jump limit_google;
mod recent name HTTPDOS update seconds 1800 jump log_or_drop;
mod hashlimit hashlimit-name HTTPDOS hashlimit-mode srcip hashlimit-burst 600 hashlimit 30/minute jump ACCEPT;
class apache2::security_mirror inherits apache2 {
file {
"/etc/apache2/sites-available/security.debian.org":
- source => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/sites-available/security.debian.org",
- "puppet:///apache2/common/etc/apache2/sites-available/security.debian.org" ];
+ source => [ "puppet:///modules/apache2/per-host/$fqdn/etc/apache2/sites-available/security.debian.org",
+ "puppet:///modules/apache2/common/etc/apache2/sites-available/security.debian.org" ];
}
;
"/etc/apt/trusted-keys.d/backports.org.asc":
- source => "puppet:///apt-keys/backports.org.asc",
+ source => "puppet:///modules/apt-keys/backports.org.asc",
mode => 664,
notify => Exec["apt-keys-update"],
;
"/etc/apt/trusted-keys.d/db.debian.org.asc":
- source => "puppet:///apt-keys/db.debian.org.asc",
+ source => "puppet:///modules/apt-keys/db.debian.org.asc",
mode => 664,
notify => Exec["apt-keys-update"],
;
;
"/etc/apt/trusted-keys.d/buildd.debian.org.asc":
- source => "puppet:///buildd/buildd.debian.org.asc",
+ source => "puppet:///modules/buildd/buildd.debian.org.asc",
mode => 664,
notify => Exec["apt-keys-update"],
;
"/etc/schroot/mount-defaults":
- source => "puppet:///buildd/mount-defaults",
+ source => "puppet:///modules/buildd/mount-defaults",
require => Package["sbuild"]
;
"/etc/cron.d/dsa-buildd":
- source => "puppet:///buildd/cron.d-dsa-buildd",
+ source => "puppet:///modules/buildd/cron.d-dsa-buildd",
require => Package["cron"]
;
}
file {
"/etc/clamav-unofficial-sigs.dsa.conf":
require => Package["clamav-unofficial-sigs"],
- source => [ "puppet:///clamav/clamav-unofficial-sigs.dsa.conf" ]
+ source => [ "puppet:///modules/clamav/clamav-unofficial-sigs.dsa.conf" ]
;
"/etc/clamav-unofficial-sigs.conf":
require => Package["clamav-unofficial-sigs"],
- source => [ "puppet:///clamav/clamav-unofficial-sigs.conf" ]
+ source => [ "puppet:///modules/clamav/clamav-unofficial-sigs.conf" ]
;
}
}
;
"/etc/exim4/host_blacklist":
require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/per-host/$fqdn/host_blacklist",
- "puppet:///exim/common/host_blacklist" ]
+ source => [ "puppet:///modules/exim/per-host/$fqdn/host_blacklist",
+ "puppet:///modules/exim/common/host_blacklist" ]
;
"/etc/exim4/blacklist":
require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/per-host/$fqdn/blacklist",
- "puppet:///exim/common/blacklist" ]
+ source => [ "puppet:///modules/exim/per-host/$fqdn/blacklist",
+ "puppet:///modules/exim/common/blacklist" ]
;
"/etc/exim4/callout_users":
require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/per-host/$fqdn/callout_users",
- "puppet:///exim/common/callout_users" ]
+ source => [ "puppet:///modules/exim/per-host/$fqdn/callout_users",
+ "puppet:///modules/exim/common/callout_users" ]
;
"/etc/exim4/grey_users":
require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/per-host/$fqdn/grey_users",
- "puppet:///exim/common/grey_users" ]
+ source => [ "puppet:///modules/exim/per-host/$fqdn/grey_users",
+ "puppet:///modules/exim/common/grey_users" ]
;
"/etc/exim4/helo-check":
require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/per-host/$fqdn/helo-check",
- "puppet:///exim/common/helo-check" ]
+ source => [ "puppet:///modules/exim/per-host/$fqdn/helo-check",
+ "puppet:///modules/exim/common/helo-check" ]
;
"/etc/exim4/locals":
require => Package["exim4-daemon-heavy"],
;
"/etc/exim4/localusers":
require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/per-host/$fqdn/localusers",
- "puppet:///exim/common/localusers" ]
+ source => [ "puppet:///modules/exim/per-host/$fqdn/localusers",
+ "puppet:///modules/exim/common/localusers" ]
;
"/etc/exim4/rbllist":
require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/per-host/$fqdn/rbllist",
- "puppet:///exim/common/rbllist" ]
+ source => [ "puppet:///modules/exim/per-host/$fqdn/rbllist",
+ "puppet:///modules/exim/common/rbllist" ]
;
"/etc/exim4/rhsbllist":
require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/per-host/$fqdn/rhsbllist",
- "puppet:///exim/common/rhsbllist" ]
+ source => [ "puppet:///modules/exim/per-host/$fqdn/rhsbllist",
+ "puppet:///modules/exim/common/rhsbllist" ]
;
"/etc/exim4/virtualdomains":
require => Package["exim4-daemon-heavy"],
;
"/etc/exim4/whitelist":
require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/per-host/$fqdn/whitelist",
- "puppet:///exim/common/whitelist" ]
+ source => [ "puppet:///modules/exim/per-host/$fqdn/whitelist",
+ "puppet:///modules/exim/common/whitelist" ]
;
"/etc/exim4/submission-domains":
require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/per-host/$fqdn/submission-domains",
- "puppet:///exim/common/submission-domains" ]
+ source => [ "puppet:///modules/exim/per-host/$fqdn/submission-domains",
+ "puppet:///modules/exim/common/submission-domains" ]
;
"/etc/logrotate.d/exim4-base":
require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/per-host/$fqdn/logrotate-exim4-base",
- "puppet:///exim/common/logrotate-exim4-base" ]
+ source => [ "puppet:///modules/exim/per-host/$fqdn/logrotate-exim4-base",
+ "puppet:///modules/exim/common/logrotate-exim4-base" ]
;
"/etc/logrotate.d/exim4-paniclog":
require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/per-host/$fqdn/logrotate-exim4-paniclog",
- "puppet:///exim/common/logrotate-exim4-paniclog" ]
+ source => [ "puppet:///modules/exim/per-host/$fqdn/logrotate-exim4-paniclog",
+ "puppet:///modules/exim/common/logrotate-exim4-paniclog" ]
;
"/etc/exim4/ssl/thishost.crt":
require => Package["exim4-daemon-heavy"],
- source => "puppet:///exim/certs/$fqdn.crt",
+ source => "puppet:///modules/exim/certs/$fqdn.crt",
owner => root,
group => Debian-exim,
mode => 640
;
"/etc/exim4/ssl/thishost.key":
require => Package["exim4-daemon-heavy"],
- source => "puppet:///exim/certs/$fqdn.key",
+ source => "puppet:///modules/exim/certs/$fqdn.key",
owner => root,
group => Debian-exim,
mode => 640
;
"/etc/exim4/ssl/ca.crt":
require => Package["exim4-daemon-heavy"],
- source => "puppet:///exim/certs/ca.crt",
+ source => "puppet:///modules/exim/certs/ca.crt",
owner => root,
group => Debian-exim,
mode => 640
;
"/etc/exim4/ssl/ca.crl":
require => Package["exim4-daemon-heavy"],
- source => "puppet:///exim/certs/ca.crl",
+ source => "puppet:///modules/exim/certs/ca.crl",
owner => root,
group => Debian-exim,
mode => 640
file {
"/etc/exim4/ccTLD.txt":
require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/common/ccTLD.txt" ]
+ source => [ "puppet:///modules/exim/common/ccTLD.txt" ]
;
"/etc/exim4/surbl_whitelist.txt":
require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/common/surbl_whitelist.txt" ]
+ source => [ "puppet:///modules/exim/common/surbl_whitelist.txt" ]
;
"/etc/exim4/exim_surbl.pl":
require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/common/exim_surbl.pl" ],
+ source => [ "puppet:///modules/exim/common/exim_surbl.pl" ],
notify => Exec["exim4 restart"]
;
}
ensure => directory,
require => Package["ferm"];
"/etc/default/ferm":
- source => "puppet:///ferm/ferm.default",
+ source => "puppet:///modules/ferm/ferm.default",
require => Package["ferm"],
notify => Exec["ferm restart"];
"/etc/ferm/ferm.conf":
- source => "puppet:///ferm/ferm.conf",
+ source => "puppet:///modules/ferm/ferm.conf",
require => Package["ferm"],
mode => 0400,
notify => Exec["ferm restart"];
mode => 0400,
notify => Exec["ferm restart"];
"/etc/logrotate.d/ulogd":
- source => "puppet:///ferm/logrotate-ulogd",
+ source => "puppet:///modules/ferm/logrotate-ulogd",
require => Package["logrotate"],
;
}
'true': {
file {
"/etc/ferm/conf.d/load_ftp_conntrack.conf":
- source => "puppet:///ferm/conntrack_ftp.conf",
+ source => "puppet:///modules/ferm/conntrack_ftp.conf",
require => Package["ferm"],
notify => Exec["ferm restart"];
}
cilea: {
file {
"/etc/ferm/conf.d/load_sip_conntrack.conf":
- source => "puppet:///ferm/conntrack_sip.conf",
+ source => "puppet:///modules/ferm/conntrack_sip.conf",
require => Package["ferm"],
notify => Exec["ferm restart"];
}
class kfreebsd {
file {
"/etc/cron.d/dsa-killruby":
- source => [ "puppet:///kfreebsd/dsa-killruby" ],
+ source => [ "puppet:///modules/kfreebsd/dsa-killruby" ],
;
}
sysctl {
;
"/etc/monit/monit.d/01puppet":
- source => "puppet:///monit/puppet",
+ source => "puppet:///modules/monit/puppet",
require => Package["monit"],
notify => Exec["monit stop"],
mode => 440
;
"/etc/monit/monit.d/00debian.org":
- source => "puppet:///monit/debianorg",
+ source => "puppet:///modules/monit/debianorg",
require => Package["monit"],
notify => Exec["monit stop"],
mode => 440
file {
"/etc/default/nagios-nrpe-server":
- source => [ "puppet:///nagios/per-host/$fqdn/default",
- "puppet:///nagios/common/default" ],
+ source => [ "puppet:///modules/nagios/per-host/$fqdn/default",
+ "puppet:///modules/nagios/common/default" ],
require => Package["nagios-nrpe-server"],
notify => Exec["nagios-nrpe-server restart"];
"/etc/default/nagios-nrpe":
ensure => absent,
notify => Exec["nagios-nrpe-server restart"];
"/etc/nagios/nrpe.cfg":
- source => [ "puppet:///nagios/per-host/$fqdn/nrpe.cfg",
- "puppet:///nagios/common/nrpe.cfg" ],
+ source => [ "puppet:///modules/nagios/per-host/$fqdn/nrpe.cfg",
+ "puppet:///modules/nagios/common/nrpe.cfg" ],
require => Package["nagios-nrpe-server"],
notify => Exec["nagios-nrpe-server restart"];
"/etc/nagios/nrpe.d":
require => Package["nagios-nrpe-server"],
notify => Exec["nagios-nrpe-server restart"];
"/etc/nagios/nrpe.d/nrpe_dsa.cfg":
- source => [ "puppet:///nagios/dsa-nagios/generated/nrpe_dsa.cfg" ],
+ source => [ "puppet:///modules/nagios/dsa-nagios/generated/nrpe_dsa.cfg" ],
require => Package["dsa-nagios-checks"],
notify => Exec["nagios-nrpe-server restart"];
"/etc/nagios/obsolete-packages-ignore":
- source => [ "puppet:///nagios/per-host/$fqdn/obsolete-packages-ignore",
- "puppet:///nagios/common/obsolete-packages-ignore" ],
+ source => [ "puppet:///modules/nagios/per-host/$fqdn/obsolete-packages-ignore",
+ "puppet:///modules/nagios/common/obsolete-packages-ignore" ],
require => Package["dsa-nagios-checks"];
"/etc/nagios/obsolete-packages-ignore.d/hostspecific":
file {
"/etc/nagios-plugins/config/local-dsa-checkcommands.cfg":
- source => [ "puppet:///nagios/dsa-nagios/static/checkcommands.cfg" ],
+ source => [ "puppet:///modules/nagios/dsa-nagios/static/checkcommands.cfg" ],
require => Package["nagios3"],
notify => Exec["nagios3 reload"];
"/etc/nagios3/cgi.cfg":
- source => [ "puppet:///nagios/dsa-nagios/static/cgi.cfg" ],
+ source => [ "puppet:///modules/nagios/dsa-nagios/static/cgi.cfg" ],
require => Package["nagios3"],
notify => Exec["nagios3 reload"];
"/etc/nagios3/nagios.cfg":
- source => [ "puppet:///nagios/dsa-nagios/static/nagios.cfg" ],
+ source => [ "puppet:///modules/nagios/dsa-nagios/static/nagios.cfg" ],
require => Package["nagios3"],
notify => Exec["nagios3 reload"];
ensure => directory;
"/etc/nagios3/puppetconf.d/contacts.cfg":
- source => [ "puppet:///nagios/dsa-nagios/static/conf.d/contacts.cfg" ],
+ source => [ "puppet:///modules/nagios/dsa-nagios/static/conf.d/contacts.cfg" ],
require => Package["nagios3"],
notify => Exec["nagios3 reload"];
"/etc/nagios3/puppetconf.d/generic-host.cfg":
- source => [ "puppet:///nagios/dsa-nagios/static/conf.d/generic-host.cfg" ],
+ source => [ "puppet:///modules/nagios/dsa-nagios/static/conf.d/generic-host.cfg" ],
require => Package["nagios3"],
notify => Exec["nagios3 reload"];
"/etc/nagios3/puppetconf.d/generic-service.cfg":
- source => [ "puppet:///nagios/dsa-nagios/static/conf.d/generic-service.cfg" ],
+ source => [ "puppet:///modules/nagios/dsa-nagios/static/conf.d/generic-service.cfg" ],
require => Package["nagios3"],
notify => Exec["nagios3 reload"];
"/etc/nagios3/puppetconf.d/timeperiods.cfg":
- source => [ "puppet:///nagios/dsa-nagios/static/conf.d/timeperiods.cfg" ],
+ source => [ "puppet:///modules/nagios/dsa-nagios/static/conf.d/timeperiods.cfg" ],
require => Package["nagios3"],
notify => Exec["nagios3 reload"];
"/etc/nagios3/puppetconf.d/auto-dependencies.cfg":
- source => [ "puppet:///nagios/dsa-nagios/generated/auto-dependencies.cfg" ],
+ source => [ "puppet:///modules/nagios/dsa-nagios/generated/auto-dependencies.cfg" ],
require => Package["nagios3"],
notify => Exec["nagios3 reload"];
"/etc/nagios3/puppetconf.d/auto-hostextinfo.cfg":
- source => [ "puppet:///nagios/dsa-nagios/generated/auto-hostextinfo.cfg" ],
+ source => [ "puppet:///modules/nagios/dsa-nagios/generated/auto-hostextinfo.cfg" ],
require => Package["nagios3"],
notify => Exec["nagios3 reload"];
"/etc/nagios3/puppetconf.d/auto-hostgroups.cfg":
- source => [ "puppet:///nagios/dsa-nagios/generated/auto-hostgroups.cfg" ],
+ source => [ "puppet:///modules/nagios/dsa-nagios/generated/auto-hostgroups.cfg" ],
require => Package["nagios3"],
notify => Exec["nagios3 reload"];
"/etc/nagios3/puppetconf.d/auto-hosts.cfg":
- source => [ "puppet:///nagios/dsa-nagios/generated/auto-hosts.cfg" ],
+ source => [ "puppet:///modules/nagios/dsa-nagios/generated/auto-hosts.cfg" ],
require => Package["nagios3"],
notify => Exec["nagios3 reload"];
"/etc/nagios3/puppetconf.d/auto-serviceextinfo.cfg":
- source => [ "puppet:///nagios/dsa-nagios/generated/auto-serviceextinfo.cfg" ],
+ source => [ "puppet:///modules/nagios/dsa-nagios/generated/auto-serviceextinfo.cfg" ],
require => Package["nagios3"],
notify => Exec["nagios3 reload"];
"/etc/nagios3/puppetconf.d/auto-servicegroups.cfg":
- source => [ "puppet:///nagios/dsa-nagios/generated/auto-servicegroups.cfg" ],
+ source => [ "puppet:///modules/nagios/dsa-nagios/generated/auto-servicegroups.cfg" ],
require => Package["nagios3"],
notify => Exec["nagios3 reload"];
"/etc/nagios3/puppetconf.d/auto-services.cfg":
- source => [ "puppet:///nagios/dsa-nagios/generated/auto-services.cfg" ],
+ source => [ "puppet:///modules/nagios/dsa-nagios/generated/auto-services.cfg" ],
require => Package["nagios3"],
notify => Exec["nagios3 reload"];
when "busoni.debian.org": ignore << %w{libthreads-perl libthreads-shared-perl}
when "cilea.debian.org": ignore << "/freeswitch.*/"
when /draghi.debian.org/: ignore << %w{userdir-ldap libnet-dns-perl libnet-dns-sec-perl libnet-dns-zone-parser-perl libdns-ruby1.8}
-when /geo[123].debian.org/: ignore << %w{geoip-database libgeoip1 geoip-bin}
when /liszt.debian.org/: ignore << "amavisd-new"
when /stabile.debian.org/: ignore << "xfsprogs"
when /(zandonai|zelenka).debian.org/: ignore << %w{zabbix-agent rrdcollect}
end
case fqdn
-when /(draghi|orff|ravel|klecker).debian.org/: ignore << %w{libdns64 bind9 libbind9-60 liblwres60 bind9-host libisccfg60 libisc60 dnsutils bind9utils libisccc60}
+when /(draghi|orff|ravel|klecker|geo[123]).debian.org/: ignore << %w{libdns66 libdns64 bind9 libbind9-60 liblwres60 bind9-host libisccfg60 libisc60 dnsutils bind9utils libisccc60}
end
ignore.flatten.join("\n")
%>
notify => Exec["apt-get update"],
;
"/etc/bind/named.conf.local":
- source => [ "puppet:///named/per-host/$fqdn/named.conf.local",
- "puppet:///named/common/named.conf.local" ],
+ source => [ "puppet:///modules/named/per-host/$fqdn/named.conf.local",
+ "puppet:///modules/named/common/named.conf.local" ],
require => Package["bind9"],
notify => Exec["bind9 restart"],
owner => root,
group => root,
;
"/etc/bind/named.conf.acl":
- source => [ "puppet:///named/per-host/$fqdn/named.conf.acl",
- "puppet:///named/common/named.conf.acl" ],
+ source => [ "puppet:///modules/named/per-host/$fqdn/named.conf.acl",
+ "puppet:///modules/named/common/named.conf.acl" ],
require => Package["bind9"],
notify => Exec["bind9 restart"],
owner => root,
mode => 755,
;
"/etc/bind/geodns/named.conf.geo":
- source => [ "puppet:///named/per-host/$fqdn/named.conf.geo",
- "puppet:///named/common/named.conf.geo" ],
+ source => [ "puppet:///modules/named/per-host/$fqdn/named.conf.geo",
+ "puppet:///modules/named/common/named.conf.geo" ],
require => Package["bind9"],
notify => Exec["bind9 restart"],
owner => root,
group => root,
;
"/etc/bind/geodns/trigger":
- source => [ "puppet:///named/per-host/$fqdn/trigger",
- "puppet:///named/common/trigger" ],
+ source => [ "puppet:///modules/named/per-host/$fqdn/trigger",
+ "puppet:///modules/named/common/trigger" ],
owner => root,
group => root,
mode => 555,
;
"/etc/ssh/userkeys/geodnssync":
- source => [ "puppet:///named/per-host/$fqdn/authorized_keys",
- "puppet:///named/common/authorized_keys" ],
+ source => [ "puppet:///modules/named/per-host/$fqdn/authorized_keys",
+ "puppet:///modules/named/common/authorized_keys" ],
owner => root,
group => geodnssync,
mode => 440,
;
"/etc/cron.d/dsa-boot-geodnssync":
- source => [ "puppet:///named/per-host/$fqdn/cron-geo",
- "puppet:///named/common/cron-geo" ],
+ source => [ "puppet:///modules/named/per-host/$fqdn/cron-geo",
+ "puppet:///modules/named/common/cron-geo" ],
owner => root,
group => root,
;
class named::secondary inherits named {
file {
"/etc/bind/named.conf.debian-zones":
- source => [ "puppet:///named/per-host/$fqdn/named.conf.debian-zones",
- "puppet:///named/common/named.conf.debian-zones" ],
+ source => [ "puppet:///modules/named/per-host/$fqdn/named.conf.debian-zones",
+ "puppet:///modules/named/common/named.conf.debian-zones" ],
notify => Exec["bind9 reload"];
"/etc/bind/named.conf.options":
content => template("named/named.conf.options.erb"),
file {
"/etc/default/nfs-common":
- source => "puppet:///nfs-server/nfs-common.default",
+ source => "puppet:///modules/nfs-server/nfs-common.default",
require => Package["nfs-common"],
notify => Exec["nfs-common restart"];
"/etc/default/nfs-kernel-server":
- source => "puppet:///nfs-server/nfs-kernel-server.default",
+ source => "puppet:///modules/nfs-server/nfs-kernel-server.default",
require => Package["nfs-kernel-server"],
notify => Exec["nfs-kernel-server restart"];
"/etc/modprobe.d/lockd.local":
- source => "puppet:///nfs-server/lockd.local.modprobe";
+ source => "puppet:///modules/nfs-server/lockd.local.modprobe";
}
exec {
file {
"/etc/default/postgrey":
- source => "puppet:///postgrey/default",
+ source => "puppet:///modules/postgrey/default",
require => Package["postgrey"],
notify => Exec["postgrey restart"]
;
PrintSeverity=none
LogSeverity=info
SyslogSeverity=alert
-ExportSeverity=none
+#ExportSeverity=none
## Switch on/off
#
-KernelCheckActive = True
+#KernelCheckActive = True
## Check interval (seconds); btw., the check is VERY fast
#
## Switch on/off
#
-LoginCheckActive = True
+# LoginCheckActive = True
## Severity for logins, multiple logins, logouts
#
}
file { "/etc/ssh/ssh_config":
- source => [ "puppet:///ssh/ssh_config" ],
+ source => [ "puppet:///modules/ssh/ssh_config" ],
require => Package["openssh-client"]
;
"/etc/ssh/sshd_config":
source => "puppet:///files/empty/"
;
"/etc/ssl/debian/certs/thishost.crt":
- source => "puppet:///ssl/clientcerts/$fqdn.client.crt",
+ source => "puppet:///modules/ssl/clientcerts/$fqdn.client.crt",
notify => Exec["c_rehash /etc/ssl/debian/certs"],
;
"/etc/ssl/debian/keys/thishost.key":
- source => "puppet:///ssl/clientcerts/$fqdn.key",
+ source => "puppet:///modules/ssl/clientcerts/$fqdn.key",
mode => 640
;
"/etc/ssl/debian/certs/ca.crt":
- source => "puppet:///ssl/clientcerts/ca.crt",
+ source => "puppet:///modules/ssl/clientcerts/ca.crt",
notify => Exec["c_rehash /etc/ssl/debian/certs"],
;
"/etc/ssl/debian/crls/ca.crl":
- source => "puppet:///ssl/clientcerts/ca.crl",
+ source => "puppet:///modules/ssl/clientcerts/ca.crl",
;
}
owner => root,
group => root,
mode => 440,
- source => [ "puppet:///sudo/per-host/$fqdn/sudoers",
- "puppet:///sudo/common/sudoers" ],
+ source => [ "puppet:///modules/sudo/per-host/$fqdn/sudoers",
+ "puppet:///modules/sudo/common/sudoers" ],
require => Package["sudo"]
;
"/etc/pam.d/sudo":
- source => [ "puppet:///sudo/per-host/$fqdn/pam",
- "puppet:///sudo/common/pam" ],
+ source => [ "puppet:///modules/sudo/per-host/$fqdn/pam",
+ "puppet:///modules/sudo/common/pam" ],
require => Package["sudo"]
;