bartok,franck,liszt,master,ries,samosa,schein,spohr,steffani: { include named::recursor }
}
- case $hostname {
- paganini: {}
- default: {
- case $kernel {
- Linux: {
- include ferm
- }
- }
- }
+ case $kernel {
+ Linux: {
+ include ferm
+ include ferm::per-host
+ }
}
- include ferm::per-host
case $hostname {
beethoven,ravel,spohr: {
}
include samhain
}
+
+# vim:set et:
+# vim:set sts=4 ts=4:
+# vim:set shiftwidth=4:
}
file { "/etc/php5/conf.d/suhosin.ini":
- source => [ "puppet:///apache2/per-host/$fqdn/etc/php5/conf.d/suhosin.ini",
- "puppet:///apache2/common/etc/php5/conf.d/suhosin.ini" ],
+ source => [ "puppet:///modules/apache2/per-host/$fqdn/etc/php5/conf.d/suhosin.ini",
+ "puppet:///modules/apache2/common/etc/php5/conf.d/suhosin.ini" ],
require => Package["apache2", "php5-suhosin"],
notify => Exec["force-reload-apache2"];
}
require => Package["apache2"],
notify => Exec["reload-apache2"];
"/etc/apache2/conf.d/security":
- source => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/conf.d/security",
- "puppet:///apache2/common/etc/apache2/conf.d/security" ],
+ source => [ "puppet:///modules/apache2/per-host/$fqdn/etc/apache2/conf.d/security",
+ "puppet:///modules/apache2/common/etc/apache2/conf.d/security" ],
require => Package["apache2"],
notify => Exec["reload-apache2"];
"/etc/apache2/conf.d/local-serverinfo":
- source => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/conf.d/local-serverinfo",
- "puppet:///apache2/common/etc/apache2/conf.d/local-serverinfo" ],
+ source => [ "puppet:///modules/apache2/per-host/$fqdn/etc/apache2/conf.d/local-serverinfo",
+ "puppet:///modules/apache2/common/etc/apache2/conf.d/local-serverinfo" ],
require => Package["apache2"],
notify => Exec["reload-apache2"];
"/etc/apache2/conf.d/server-status":
- source => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/conf.d/server-status",
- "puppet:///apache2/common/etc/apache2/conf.d/server-status" ],
+ source => [ "puppet:///modules/apache2/per-host/$fqdn/etc/apache2/conf.d/server-status",
+ "puppet:///modules/apache2/common/etc/apache2/conf.d/server-status" ],
require => Package["apache2"],
notify => Exec["reload-apache2"];
notify => Exec["reload-apache2"];
"/etc/logrotate.d/apache2":
- source => [ "puppet:///apache2/per-host/$fqdn/etc/logrotate.d/apache2",
- "puppet:///apache2/common/etc/logrotate.d/apache2" ];
+ source => [ "puppet:///modules/apache2/per-host/$fqdn/etc/logrotate.d/apache2",
+ "puppet:///modules/apache2/common/etc/logrotate.d/apache2" ];
"/srv/www":
mode => 755,
refreshonly => true;
}
- @ferm::rule { "dsa-http-limit":
- prio => "20",
- description => "limit HTTP DOS",
- chain => 'http_limit',
- rule => '
- mod limit limit-burst 60 limit 15/minute jump ACCEPT;
- jump DROP;
- '
- }
- @ferm::rule { "dsa-http-soso":
- prio => "21",
- description => "slow yahoo spider",
- chain => 'limit_sosospider',
- rule => '
- mod connlimit connlimit-above 2 connlimit-mask 21 jump DROP;
- jump http_limit;
- '
- }
- @ferm::rule { "dsa-http-yahoo":
- prio => "21",
- description => "slow yahoo spider",
- chain => 'limit_yahoo',
- rule => '
- mod connlimit connlimit-above 2 connlimit-mask 16 jump DROP;
- jump http_limit;
- '
- }
- @ferm::rule { "dsa-http-bing":
- prio => "21",
- description => "slow bing spider",
- chain => 'limit_bing',
- rule => '
- mod connlimit connlimit-above 2 connlimit-mask 16 jump DROP;
- jump http_limit;
- '
- }
- @ferm::rule { "dsa-http-rules":
- prio => "22",
- description => "http subchain",
- chain => 'http',
- rule => '
- saddr ( 74.6.22.182 74.6.18.240 ) jump limit_yahoo;
- saddr 124.115.0.0/21 jump limit_sosospider;
- saddr (65.52.0.0/14 207.46.0.0/16) jump limit_bing;
-
- mod recent name HTTPDOS update seconds 1800 jump log_or_drop;
- mod hashlimit hashlimit-name HTTPDOS hashlimit-mode srcip hashlimit-burst 600 hashlimit 30/minute jump ACCEPT;
- mod recent name HTTPDOS set jump log_or_drop;
- '
- }
case $hostname {
- sibelius,stabile: {
+ busoni,duarte,holter,lindberg,master,merkel,powell,rore: {
+ @ferm::rule { "dsa-http-limit":
+ prio => "20",
+ description => "limit HTTP DOS",
+ chain => 'http_limit',
+ rule => '
+ mod limit limit-burst 60 limit 15/minute jump ACCEPT;
+ jump DROP;
+ '
+ }
+ @ferm::rule { "dsa-http-soso":
+ prio => "21",
+ description => "slow soso spider",
+ chain => 'limit_sosospider',
+ rule => '
+ mod connlimit connlimit-above 2 connlimit-mask 21 jump DROP;
+ jump http_limit;
+ '
+ }
+ @ferm::rule { "dsa-http-yahoo":
+ prio => "21",
+ description => "slow yahoo spider",
+ chain => 'limit_yahoo',
+ rule => '
+ mod connlimit connlimit-above 2 connlimit-mask 16 jump DROP;
+ jump http_limit;
+ '
+ }
+ @ferm::rule { "dsa-http-google":
+ prio => "21",
+ description => "slow google spider",
+ chain => 'limit_google',
+ rule => '
+ mod connlimit connlimit-above 2 connlimit-mask 19 jump DROP;
+ jump http_limit;
+ '
+ }
+ @ferm::rule { "dsa-http-bing":
+ prio => "21",
+ description => "slow bing spider",
+ chain => 'limit_bing',
+ rule => '
+ mod connlimit connlimit-above 2 connlimit-mask 16 jump DROP;
+ jump http_limit;
+ '
+ }
+ @ferm::rule { "dsa-http-rules":
+ prio => "22",
+ description => "http subchain",
+ chain => 'http',
+ rule => '
+ saddr ( 74.6.22.182 74.6.18.240 67.195.0.0/16 ) jump limit_yahoo;
+ saddr 124.115.0.0/21 jump limit_sosospider;
+ saddr (65.52.0.0/14 207.46.0.0/16) jump limit_bing;
+ saddr (66.249.64.0/19) jump limit_google;
+
+ mod recent name HTTPDOS update seconds 1800 jump log_or_drop;
+ mod hashlimit hashlimit-name HTTPDOS hashlimit-mode srcip hashlimit-burst 600 hashlimit 30/minute jump ACCEPT;
+ mod recent name HTTPDOS set jump log_or_drop;
+ '
+ }
@ferm::rule { "dsa-http":
prio => "23",
description => "Allow web access",
- rule => "&SERVICE(tcp, (http https))"
+ rule => "proto tcp dport (http https) jump http;"
}
}
default: {
@ferm::rule { "dsa-http":
prio => "23",
description => "Allow web access",
- rule => "proto tcp dport (http https) jump http;"
+ rule => "&SERVICE(tcp, (http https))"
}
}
}
class apache2::security_mirror inherits apache2 {
file {
"/etc/apache2/sites-available/security.debian.org":
- source => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/sites-available/security.debian.org",
- "puppet:///apache2/common/etc/apache2/sites-available/security.debian.org" ];
+ source => [ "puppet:///modules/apache2/per-host/$fqdn/etc/apache2/sites-available/security.debian.org",
+ "puppet:///modules/apache2/common/etc/apache2/sites-available/security.debian.org" ];
}
;
"/etc/apt/trusted-keys.d/backports.org.asc":
- source => "puppet:///apt-keys/backports.org.asc",
+ source => "puppet:///modules/apt-keys/backports.org.asc",
mode => 664,
notify => Exec["apt-keys-update"],
;
"/etc/apt/trusted-keys.d/db.debian.org.asc":
- source => "puppet:///apt-keys/db.debian.org.asc",
+ source => "puppet:///modules/apt-keys/db.debian.org.asc",
mode => 664,
notify => Exec["apt-keys-update"],
;
;
"/etc/apt/trusted-keys.d/buildd.debian.org.asc":
- source => "puppet:///buildd/buildd.debian.org.asc",
+ source => "puppet:///modules/buildd/buildd.debian.org.asc",
mode => 664,
notify => Exec["apt-keys-update"],
;
"/etc/schroot/mount-defaults":
- source => "puppet:///buildd/mount-defaults",
+ source => "puppet:///modules/buildd/mount-defaults",
require => Package["sbuild"]
;
"/etc/cron.d/dsa-buildd":
- source => "puppet:///buildd/cron.d-dsa-buildd",
+ source => "puppet:///modules/buildd/cron.d-dsa-buildd",
require => Package["cron"]
;
}
file {
"/etc/clamav-unofficial-sigs.dsa.conf":
require => Package["clamav-unofficial-sigs"],
- source => [ "puppet:///clamav/clamav-unofficial-sigs.dsa.conf" ]
+ source => [ "puppet:///modules/clamav/clamav-unofficial-sigs.dsa.conf" ]
;
"/etc/clamav-unofficial-sigs.conf":
require => Package["clamav-unofficial-sigs"],
- source => [ "puppet:///clamav/clamav-unofficial-sigs.conf" ]
+ source => [ "puppet:///modules/clamav/clamav-unofficial-sigs.conf" ]
;
}
}
poulenc.debian.org: Francis Jean Marcel Poulenc (January 7, 1899 - January 30, 1963)
powell.debian.org: Andrew Powell (b. April 18th, 1949)
praetorius.debian.org: Hieronymus Praetorius (August 10th, 1560 - January 27th, 1629)
- puccini.debian.org: Giacomo Antonio Domenico Michele Secondo Maria Puccini (December 22nd, 1858 - November 29th, 1924)
raff.debian.org: Joseph Joachim Raff (May 27th, 1822 - June 24th or 25th, 1882)
rautavaara.debian.org: Einojuhani Rautavaara (born October 9th, 1928)
ravel.debian.org: Joseph-Maurice Ravel (March 7th, 1875 - December 28th, 1937)
- porpora.debian.org
- poulenc.debian.org
- praetorius.debian.org
- - puccini.debian.org
- rem.debian.org
- schroeder.debian.org
- spontini.debian.org
porpora.debian.org: mailout.debian.org
poulenc.debian.org: mailout.debian.org
praetorius.debian.org: mailout.debian.org
- puccini.debian.org: mailout.debian.org
raff.debian.org: mailout.debian.org
rautavaara.debian.org: mailout.debian.org
rem.debian.org: mailout.debian.org
no_munin:
- agnesi.debian.org
- allegri.debian.org
- - byrd.debian.org
- escher.debian.org
- fano.debian.org
- malo.debian.org
;
"/etc/exim4/host_blacklist":
require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/per-host/$fqdn/host_blacklist",
- "puppet:///exim/common/host_blacklist" ]
+ source => [ "puppet:///modules/exim/per-host/$fqdn/host_blacklist",
+ "puppet:///modules/exim/common/host_blacklist" ]
;
"/etc/exim4/blacklist":
require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/per-host/$fqdn/blacklist",
- "puppet:///exim/common/blacklist" ]
+ source => [ "puppet:///modules/exim/per-host/$fqdn/blacklist",
+ "puppet:///modules/exim/common/blacklist" ]
;
"/etc/exim4/callout_users":
require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/per-host/$fqdn/callout_users",
- "puppet:///exim/common/callout_users" ]
+ source => [ "puppet:///modules/exim/per-host/$fqdn/callout_users",
+ "puppet:///modules/exim/common/callout_users" ]
;
"/etc/exim4/grey_users":
require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/per-host/$fqdn/grey_users",
- "puppet:///exim/common/grey_users" ]
+ source => [ "puppet:///modules/exim/per-host/$fqdn/grey_users",
+ "puppet:///modules/exim/common/grey_users" ]
;
"/etc/exim4/helo-check":
require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/per-host/$fqdn/helo-check",
- "puppet:///exim/common/helo-check" ]
+ source => [ "puppet:///modules/exim/per-host/$fqdn/helo-check",
+ "puppet:///modules/exim/common/helo-check" ]
;
"/etc/exim4/locals":
require => Package["exim4-daemon-heavy"],
;
"/etc/exim4/localusers":
require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/per-host/$fqdn/localusers",
- "puppet:///exim/common/localusers" ]
+ source => [ "puppet:///modules/exim/per-host/$fqdn/localusers",
+ "puppet:///modules/exim/common/localusers" ]
;
"/etc/exim4/rbllist":
require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/per-host/$fqdn/rbllist",
- "puppet:///exim/common/rbllist" ]
+ source => [ "puppet:///modules/exim/per-host/$fqdn/rbllist",
+ "puppet:///modules/exim/common/rbllist" ]
;
"/etc/exim4/rhsbllist":
require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/per-host/$fqdn/rhsbllist",
- "puppet:///exim/common/rhsbllist" ]
+ source => [ "puppet:///modules/exim/per-host/$fqdn/rhsbllist",
+ "puppet:///modules/exim/common/rhsbllist" ]
;
"/etc/exim4/virtualdomains":
require => Package["exim4-daemon-heavy"],
;
"/etc/exim4/whitelist":
require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/per-host/$fqdn/whitelist",
- "puppet:///exim/common/whitelist" ]
+ source => [ "puppet:///modules/exim/per-host/$fqdn/whitelist",
+ "puppet:///modules/exim/common/whitelist" ]
;
"/etc/exim4/submission-domains":
require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/per-host/$fqdn/submission-domains",
- "puppet:///exim/common/submission-domains" ]
+ source => [ "puppet:///modules/exim/per-host/$fqdn/submission-domains",
+ "puppet:///modules/exim/common/submission-domains" ]
;
"/etc/logrotate.d/exim4-base":
require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/per-host/$fqdn/logrotate-exim4-base",
- "puppet:///exim/common/logrotate-exim4-base" ]
+ source => [ "puppet:///modules/exim/per-host/$fqdn/logrotate-exim4-base",
+ "puppet:///modules/exim/common/logrotate-exim4-base" ]
;
"/etc/logrotate.d/exim4-paniclog":
require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/per-host/$fqdn/logrotate-exim4-paniclog",
- "puppet:///exim/common/logrotate-exim4-paniclog" ]
+ source => [ "puppet:///modules/exim/per-host/$fqdn/logrotate-exim4-paniclog",
+ "puppet:///modules/exim/common/logrotate-exim4-paniclog" ]
;
"/etc/exim4/ssl/thishost.crt":
require => Package["exim4-daemon-heavy"],
- source => "puppet:///exim/certs/$fqdn.crt",
+ source => "puppet:///modules/exim/certs/$fqdn.crt",
owner => root,
group => Debian-exim,
mode => 640
;
"/etc/exim4/ssl/thishost.key":
require => Package["exim4-daemon-heavy"],
- source => "puppet:///exim/certs/$fqdn.key",
+ source => "puppet:///modules/exim/certs/$fqdn.key",
owner => root,
group => Debian-exim,
mode => 640
;
"/etc/exim4/ssl/ca.crt":
require => Package["exim4-daemon-heavy"],
- source => "puppet:///exim/certs/ca.crt",
+ source => "puppet:///modules/exim/certs/ca.crt",
owner => root,
group => Debian-exim,
mode => 640
;
"/etc/exim4/ssl/ca.crl":
require => Package["exim4-daemon-heavy"],
- source => "puppet:///exim/certs/ca.crl",
+ source => "puppet:///modules/exim/certs/ca.crl",
owner => root,
group => Debian-exim,
mode => 640
file {
"/etc/exim4/ccTLD.txt":
require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/common/ccTLD.txt" ]
+ source => [ "puppet:///modules/exim/common/ccTLD.txt" ]
;
"/etc/exim4/surbl_whitelist.txt":
require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/common/surbl_whitelist.txt" ]
+ source => [ "puppet:///modules/exim/common/surbl_whitelist.txt" ]
;
"/etc/exim4/exim_surbl.pl":
require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/common/exim_surbl.pl" ],
+ source => [ "puppet:///modules/exim/common/exim_surbl.pl" ],
notify => Exec["exim4 restart"]
;
}
class ferm {
- define rule($domain="ip", $chain="INPUT", $rule, $description="", $prio="00") {
+ define rule($domain="ip", $table="filter", $chain="INPUT", $rule, $description="", $prio="00") {
file {
"/etc/ferm/dsa.d/${prio}_${name}":
ensure => present,
force => true,
recurse => true,
source => "puppet:///files/empty/",
+ notify => Exec["ferm restart"],
require => Package["ferm"];
"/etc/ferm":
ensure => directory,
ensure => directory,
require => Package["ferm"];
"/etc/default/ferm":
- source => "puppet:///ferm/ferm.default",
+ source => "puppet:///modules/ferm/ferm.default",
require => Package["ferm"],
notify => Exec["ferm restart"];
"/etc/ferm/ferm.conf":
- source => "puppet:///ferm/ferm.conf",
+ source => "puppet:///modules/ferm/ferm.conf",
require => Package["ferm"],
mode => 0400,
notify => Exec["ferm restart"];
mode => 0400,
notify => Exec["ferm restart"];
"/etc/logrotate.d/ulogd":
- source => "puppet:///ferm/logrotate-ulogd",
+ source => "puppet:///modules/ferm/logrotate-ulogd",
require => Package["logrotate"],
;
}
'true': {
file {
"/etc/ferm/conf.d/load_ftp_conntrack.conf":
- source => "puppet:///ferm/conntrack_ftp.conf",
+ source => "puppet:///modules/ferm/conntrack_ftp.conf",
require => Package["ferm"],
notify => Exec["ferm restart"];
}
cilea: {
file {
"/etc/ferm/conf.d/load_sip_conntrack.conf":
- source => "puppet:///ferm/conntrack_sip.conf",
+ source => "puppet:///modules/ferm/conntrack_sip.conf",
require => Package["ferm"],
notify => Exec["ferm restart"];
}
}
}
}
+
+ # redirect snapshot into varnish
+ case $hostname {
+ sibelius: {
+ @ferm::rule { "dsa-snapshot-varnish":
+ rule => '&SERVICE(tcp, 6081)',
+ }
+ @ferm::rule { "dsa-nat-snapshot-varnish":
+ table => 'nat',
+ chain => 'PREROUTING',
+ rule => 'proto tcp daddr 193.62.202.28 dport 80 REDIRECT to-ports 6081',
+ }
+ }
+ stabile: {
+ @ferm::rule { "dsa-snapshot-varnish":
+ rule => '&SERVICE(tcp, 6081)',
+ }
+ @ferm::rule { "dsa-nat-snapshot-varnish":
+ table => 'nat',
+ chain => 'PREROUTING',
+ rule => 'proto tcp daddr 206.12.19.150 dport 80 REDIRECT to-ports 6081',
+ }
+ }
+ }
}
# vim:set et:
##
domain <%= domain %> {
- chain <%= chain %> {
- <%= rule %>;
- }
+ table <%= table %> {
+ chain <%= chain %> {
+ <%= rule %>;
+ }
+ }
}
class kfreebsd {
file {
"/etc/cron.d/dsa-killruby":
- source => [ "puppet:///kfreebsd/dsa-killruby" ],
+ source => [ "puppet:///modules/kfreebsd/dsa-killruby" ],
;
}
sysctl {
;
"/etc/monit/monit.d/01puppet":
- source => "puppet:///monit/puppet",
+ source => "puppet:///modules/monit/puppet",
require => Package["monit"],
notify => Exec["monit stop"],
mode => 440
;
"/etc/monit/monit.d/00debian.org":
- source => "puppet:///monit/debianorg",
+ source => "puppet:///modules/monit/debianorg",
require => Package["monit"],
notify => Exec["monit stop"],
mode => 440
purp += nodeinfo['ldap'][0]['architecture'][0]
end
purp += " porterbox\n"
+ purp += "\n"
+ purp += "See 'dchroot -l' for a list of available chroots.\n"
+ if nodeinfo['ldap'][0].has_key?('admin')
+ purp += "Please contact #{nodeinfo['ldap'][0]['admin'][0]} for install requests,\n"
+ purp += "following the recommendations in <URL:http://dsa.debian.org/doc/install-req/>.\n"
+ end
else
purp += ", used for the following services:\n"
nodeinfo['ldap'][0]['purpose'].sort.each do |l|
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
+<%
+# vim:set et:
+# vim:set sts=2 ts=2:
+# vim:set shiftwidth=2:
+-%>
file {
"/etc/default/nagios-nrpe-server":
- source => [ "puppet:///nagios/per-host/$fqdn/default",
- "puppet:///nagios/common/default" ],
+ source => [ "puppet:///modules/nagios/per-host/$fqdn/default",
+ "puppet:///modules/nagios/common/default" ],
require => Package["nagios-nrpe-server"],
notify => Exec["nagios-nrpe-server restart"];
"/etc/default/nagios-nrpe":
ensure => absent,
notify => Exec["nagios-nrpe-server restart"];
"/etc/nagios/nrpe.cfg":
- source => [ "puppet:///nagios/per-host/$fqdn/nrpe.cfg",
- "puppet:///nagios/common/nrpe.cfg" ],
+ source => [ "puppet:///modules/nagios/per-host/$fqdn/nrpe.cfg",
+ "puppet:///modules/nagios/common/nrpe.cfg" ],
require => Package["nagios-nrpe-server"],
notify => Exec["nagios-nrpe-server restart"];
"/etc/nagios/nrpe.d":
require => Package["nagios-nrpe-server"],
notify => Exec["nagios-nrpe-server restart"];
"/etc/nagios/nrpe.d/nrpe_dsa.cfg":
- source => [ "puppet:///nagios/dsa-nagios/generated/nrpe_dsa.cfg" ],
+ source => [ "puppet:///modules/nagios/dsa-nagios/generated/nrpe_dsa.cfg" ],
require => Package["dsa-nagios-checks"],
notify => Exec["nagios-nrpe-server restart"];
"/etc/nagios/obsolete-packages-ignore":
- source => [ "puppet:///nagios/per-host/$fqdn/obsolete-packages-ignore",
- "puppet:///nagios/common/obsolete-packages-ignore" ],
+ source => [ "puppet:///modules/nagios/per-host/$fqdn/obsolete-packages-ignore",
+ "puppet:///modules/nagios/common/obsolete-packages-ignore" ],
require => Package["dsa-nagios-checks"];
"/etc/nagios/obsolete-packages-ignore.d/hostspecific":
file {
"/etc/nagios-plugins/config/local-dsa-checkcommands.cfg":
- source => [ "puppet:///nagios/dsa-nagios/static/checkcommands.cfg" ],
+ source => [ "puppet:///modules/nagios/dsa-nagios/static/checkcommands.cfg" ],
require => Package["nagios3"],
notify => Exec["nagios3 reload"];
"/etc/nagios3/cgi.cfg":
- source => [ "puppet:///nagios/dsa-nagios/static/cgi.cfg" ],
+ source => [ "puppet:///modules/nagios/dsa-nagios/static/cgi.cfg" ],
require => Package["nagios3"],
notify => Exec["nagios3 reload"];
"/etc/nagios3/nagios.cfg":
- source => [ "puppet:///nagios/dsa-nagios/static/nagios.cfg" ],
+ source => [ "puppet:///modules/nagios/dsa-nagios/static/nagios.cfg" ],
require => Package["nagios3"],
notify => Exec["nagios3 reload"];
ensure => directory;
"/etc/nagios3/puppetconf.d/contacts.cfg":
- source => [ "puppet:///nagios/dsa-nagios/static/conf.d/contacts.cfg" ],
+ source => [ "puppet:///modules/nagios/dsa-nagios/static/conf.d/contacts.cfg" ],
require => Package["nagios3"],
notify => Exec["nagios3 reload"];
"/etc/nagios3/puppetconf.d/generic-host.cfg":
- source => [ "puppet:///nagios/dsa-nagios/static/conf.d/generic-host.cfg" ],
+ source => [ "puppet:///modules/nagios/dsa-nagios/static/conf.d/generic-host.cfg" ],
require => Package["nagios3"],
notify => Exec["nagios3 reload"];
"/etc/nagios3/puppetconf.d/generic-service.cfg":
- source => [ "puppet:///nagios/dsa-nagios/static/conf.d/generic-service.cfg" ],
+ source => [ "puppet:///modules/nagios/dsa-nagios/static/conf.d/generic-service.cfg" ],
require => Package["nagios3"],
notify => Exec["nagios3 reload"];
"/etc/nagios3/puppetconf.d/timeperiods.cfg":
- source => [ "puppet:///nagios/dsa-nagios/static/conf.d/timeperiods.cfg" ],
+ source => [ "puppet:///modules/nagios/dsa-nagios/static/conf.d/timeperiods.cfg" ],
require => Package["nagios3"],
notify => Exec["nagios3 reload"];
"/etc/nagios3/puppetconf.d/auto-dependencies.cfg":
- source => [ "puppet:///nagios/dsa-nagios/generated/auto-dependencies.cfg" ],
+ source => [ "puppet:///modules/nagios/dsa-nagios/generated/auto-dependencies.cfg" ],
require => Package["nagios3"],
notify => Exec["nagios3 reload"];
"/etc/nagios3/puppetconf.d/auto-hostextinfo.cfg":
- source => [ "puppet:///nagios/dsa-nagios/generated/auto-hostextinfo.cfg" ],
+ source => [ "puppet:///modules/nagios/dsa-nagios/generated/auto-hostextinfo.cfg" ],
require => Package["nagios3"],
notify => Exec["nagios3 reload"];
"/etc/nagios3/puppetconf.d/auto-hostgroups.cfg":
- source => [ "puppet:///nagios/dsa-nagios/generated/auto-hostgroups.cfg" ],
+ source => [ "puppet:///modules/nagios/dsa-nagios/generated/auto-hostgroups.cfg" ],
require => Package["nagios3"],
notify => Exec["nagios3 reload"];
"/etc/nagios3/puppetconf.d/auto-hosts.cfg":
- source => [ "puppet:///nagios/dsa-nagios/generated/auto-hosts.cfg" ],
+ source => [ "puppet:///modules/nagios/dsa-nagios/generated/auto-hosts.cfg" ],
require => Package["nagios3"],
notify => Exec["nagios3 reload"];
"/etc/nagios3/puppetconf.d/auto-serviceextinfo.cfg":
- source => [ "puppet:///nagios/dsa-nagios/generated/auto-serviceextinfo.cfg" ],
+ source => [ "puppet:///modules/nagios/dsa-nagios/generated/auto-serviceextinfo.cfg" ],
require => Package["nagios3"],
notify => Exec["nagios3 reload"];
"/etc/nagios3/puppetconf.d/auto-servicegroups.cfg":
- source => [ "puppet:///nagios/dsa-nagios/generated/auto-servicegroups.cfg" ],
+ source => [ "puppet:///modules/nagios/dsa-nagios/generated/auto-servicegroups.cfg" ],
require => Package["nagios3"],
notify => Exec["nagios3 reload"];
"/etc/nagios3/puppetconf.d/auto-services.cfg":
- source => [ "puppet:///nagios/dsa-nagios/generated/auto-services.cfg" ],
+ source => [ "puppet:///modules/nagios/dsa-nagios/generated/auto-services.cfg" ],
require => Package["nagios3"],
notify => Exec["nagios3 reload"];
when "busoni.debian.org": ignore << %w{libthreads-perl libthreads-shared-perl}
when "cilea.debian.org": ignore << "/freeswitch.*/"
when /draghi.debian.org/: ignore << %w{userdir-ldap libnet-dns-perl libnet-dns-sec-perl libnet-dns-zone-parser-perl libdns-ruby1.8}
-when /geo[123].debian.org/: ignore << %w{geoip-database libgeoip1 geoip-bin}
when /liszt.debian.org/: ignore << "amavisd-new"
when /stabile.debian.org/: ignore << "xfsprogs"
when /(zandonai|zelenka).debian.org/: ignore << %w{zabbix-agent rrdcollect}
end
case fqdn
-when /(draghi|orff|ravel|klecker).debian.org/: ignore << %w{libdns64 bind9 libbind9-60 liblwres60 bind9-host libisccfg60 libisc60 dnsutils bind9utils libisccc60}
+when /(draghi|orff|ravel|klecker|geo[123]).debian.org/: ignore << %w{libdns66 libdns64 bind9 libbind9-60 liblwres60 bind9-host libisccfg60 libisc60 dnsutils bind9utils libisccc60}
end
ignore.flatten.join("\n")
%>
allow-query { any; };
allow-transfer { };
};
+
+// 0.0.0.4.0.1.6.0.0.f.8.f.7.0.6.2.ip6.arpa - reverse zone for 2607:f8f0:0610:4000::/64 - ubcece6
+zone "0.0.0.4.0.1.6.0.0.f.8.f.7.0.6.2.ip6.arpa" {
+ type slave;
+ notify no;
+ file "db.2607:f8f0:0610:4000";
+ masters {
+ 82.195.75.106; // draghi
+ 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi
+ };
+ allow-query { any; };
+ allow-transfer { };
+};
+
+
// vim:set syn=named:
notify => Exec["apt-get update"],
;
"/etc/bind/named.conf.local":
- source => [ "puppet:///named/per-host/$fqdn/named.conf.local",
- "puppet:///named/common/named.conf.local" ],
+ source => [ "puppet:///modules/named/per-host/$fqdn/named.conf.local",
+ "puppet:///modules/named/common/named.conf.local" ],
require => Package["bind9"],
notify => Exec["bind9 restart"],
owner => root,
group => root,
;
"/etc/bind/named.conf.acl":
- source => [ "puppet:///named/per-host/$fqdn/named.conf.acl",
- "puppet:///named/common/named.conf.acl" ],
+ source => [ "puppet:///modules/named/per-host/$fqdn/named.conf.acl",
+ "puppet:///modules/named/common/named.conf.acl" ],
require => Package["bind9"],
notify => Exec["bind9 restart"],
owner => root,
mode => 755,
;
"/etc/bind/geodns/named.conf.geo":
- source => [ "puppet:///named/per-host/$fqdn/named.conf.geo",
- "puppet:///named/common/named.conf.geo" ],
+ source => [ "puppet:///modules/named/per-host/$fqdn/named.conf.geo",
+ "puppet:///modules/named/common/named.conf.geo" ],
require => Package["bind9"],
notify => Exec["bind9 restart"],
owner => root,
group => root,
;
"/etc/bind/geodns/trigger":
- source => [ "puppet:///named/per-host/$fqdn/trigger",
- "puppet:///named/common/trigger" ],
+ source => [ "puppet:///modules/named/per-host/$fqdn/trigger",
+ "puppet:///modules/named/common/trigger" ],
owner => root,
group => root,
mode => 555,
;
"/etc/ssh/userkeys/geodnssync":
- source => [ "puppet:///named/per-host/$fqdn/authorized_keys",
- "puppet:///named/common/authorized_keys" ],
+ source => [ "puppet:///modules/named/per-host/$fqdn/authorized_keys",
+ "puppet:///modules/named/common/authorized_keys" ],
owner => root,
group => geodnssync,
mode => 440,
;
"/etc/cron.d/dsa-boot-geodnssync":
- source => [ "puppet:///named/per-host/$fqdn/cron-geo",
- "puppet:///named/common/cron-geo" ],
+ source => [ "puppet:///modules/named/per-host/$fqdn/cron-geo",
+ "puppet:///modules/named/common/cron-geo" ],
owner => root,
group => root,
;
class named::secondary inherits named {
file {
"/etc/bind/named.conf.debian-zones":
- source => [ "puppet:///named/per-host/$fqdn/named.conf.debian-zones",
- "puppet:///named/common/named.conf.debian-zones" ],
+ source => [ "puppet:///modules/named/per-host/$fqdn/named.conf.debian-zones",
+ "puppet:///modules/named/common/named.conf.debian-zones" ],
notify => Exec["bind9 reload"];
"/etc/bind/named.conf.options":
content => template("named/named.conf.options.erb"),
file {
"/etc/default/nfs-common":
- source => "puppet:///nfs-server/nfs-common.default",
+ source => "puppet:///modules/nfs-server/nfs-common.default",
require => Package["nfs-common"],
notify => Exec["nfs-common restart"];
"/etc/default/nfs-kernel-server":
- source => "puppet:///nfs-server/nfs-kernel-server.default",
+ source => "puppet:///modules/nfs-server/nfs-kernel-server.default",
require => Package["nfs-kernel-server"],
notify => Exec["nfs-kernel-server restart"];
"/etc/modprobe.d/lockd.local":
- source => "puppet:///nfs-server/lockd.local.modprobe";
+ source => "puppet:///modules/nfs-server/lockd.local.modprobe";
}
exec {
file {
"/etc/default/postgrey":
- source => "puppet:///postgrey/default",
+ source => "puppet:///modules/postgrey/default",
require => Package["postgrey"],
notify => Exec["postgrey restart"]
;
PrintSeverity=none
LogSeverity=info
SyslogSeverity=alert
-ExportSeverity=none
+#ExportSeverity=none
## Switch on/off
#
-KernelCheckActive = True
+#KernelCheckActive = True
## Check interval (seconds); btw., the check is VERY fast
#
## Switch on/off
#
-LoginCheckActive = True
+# LoginCheckActive = True
## Severity for logins, multiple logins, logouts
#
}
file { "/etc/ssh/ssh_config":
- source => [ "puppet:///ssh/ssh_config" ],
+ source => [ "puppet:///modules/ssh/ssh_config" ],
require => Package["openssh-client"]
;
"/etc/ssh/sshd_config":
source => "puppet:///files/empty/"
;
"/etc/ssl/debian/certs/thishost.crt":
- source => "puppet:///ssl/clientcerts/$fqdn.client.crt",
+ source => "puppet:///modules/ssl/clientcerts/$fqdn.client.crt",
notify => Exec["c_rehash /etc/ssl/debian/certs"],
;
"/etc/ssl/debian/keys/thishost.key":
- source => "puppet:///ssl/clientcerts/$fqdn.key",
+ source => "puppet:///modules/ssl/clientcerts/$fqdn.key",
mode => 640
;
"/etc/ssl/debian/certs/ca.crt":
- source => "puppet:///ssl/clientcerts/ca.crt",
+ source => "puppet:///modules/ssl/clientcerts/ca.crt",
notify => Exec["c_rehash /etc/ssl/debian/certs"],
;
"/etc/ssl/debian/crls/ca.crl":
- source => "puppet:///ssl/clientcerts/ca.crl",
+ source => "puppet:///modules/ssl/clientcerts/ca.crl",
;
}
nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=[0129] pd [0-9][EIC]\:[0-9]\:[0-9] show
nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=[0129] pd [0-9][EIC]\:[0-9]\:[0-9][0-9] show
nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=[0129] show status
+nagios franck=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=1 enclosure 1E\:1 show detail
+
# other raid controllers
nagios powell=(ALL) NOPASSWD: /usr/local/sbin/areca-cli vsf info
nagios puccini=(ALL) NOPASSWD: /usr/local/bin/tw_cli info c0 u0 status
owner => root,
group => root,
mode => 440,
- source => [ "puppet:///sudo/per-host/$fqdn/sudoers",
- "puppet:///sudo/common/sudoers" ],
+ source => [ "puppet:///modules/sudo/per-host/$fqdn/sudoers",
+ "puppet:///modules/sudo/common/sudoers" ],
require => Package["sudo"]
;
"/etc/pam.d/sudo":
- source => [ "puppet:///sudo/per-host/$fqdn/pam",
- "puppet:///sudo/common/pam" ],
+ source => [ "puppet:///modules/sudo/per-host/$fqdn/pam",
+ "puppet:///modules/sudo/common/pam" ],
require => Package["sudo"]
;