From 7f86914b9cb237cb1cf8c720f86902bef717cfaa Mon Sep 17 00:00:00 2001 From: Stephen Gran Date: Sun, 7 Mar 2010 12:36:47 +0000 Subject: [PATCH] whitespace nazi Signed-off-by: Stephen Gran --- modules/apache2/manifests/init.pp | 306 ++++++++++--------- modules/apache2/manifests/security_mirror.pp | 21 +- modules/apt-keys/manifests/init.pp | 27 +- modules/buildd/manifests/init.pp | 53 ++-- modules/clamav/manifests/init.pp | 22 +- modules/debian-org/manifests/init.pp | 299 +++++++++--------- modules/exim/manifests/init.pp | 3 + modules/exim/manifests/mx.pp | 3 + modules/ferm/manifests/init.pp | 3 + modules/hosts/manifests/init.pp | 3 + modules/kfreebsd/manifests/init.pp | 2 +- modules/monit/manifests/init.pp | 3 + modules/motd/manifests/init.pp | 3 + modules/munin-node/manifests/init.pp | 3 + modules/munin-node/manifests/master.pp | 3 + modules/nagios/manifests/client.pp | 3 + modules/nagios/manifests/init.pp | 3 + modules/nagios/manifests/server.pp | 3 + modules/named/manifests/geodns.pp | 4 +- modules/named/manifests/init.pp | 4 +- modules/named/manifests/recursor.pp | 3 + modules/named/manifests/secondary.pp | 3 + modules/ntp/manifests/init.pp | 3 + modules/portforwarder/manifests/init.pp | 2 +- modules/postgrey/manifests/init.pp | 3 + modules/raidmpt/manifests/init.pp | 2 +- modules/resolv/manifests/init.pp | 3 + modules/samhain/manifests/init.pp | 3 + modules/ssh/manifests/init.pp | 3 + modules/sudo/manifests/init.pp | 3 + 30 files changed, 441 insertions(+), 358 deletions(-) diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp index d75b970e..3084c114 100644 --- a/modules/apache2/manifests/init.pp +++ b/modules/apache2/manifests/init.pp @@ -1,169 +1,175 @@ class apache2 { - activate_munin_check { - "apache_accesses":; - "apache_processes":; - "apache_volume":; - "apache_servers":; - "ps_apache2": script => "ps_"; - } - - package { - "apache2": ensure => installed; - "logrotate": ensure => installed; - } - - case $php5 { - "true": { package { - "php5-suhosin": ensure => installed; - } - file { "/etc/php5/conf.d/suhosin.ini": - source => [ "puppet:///apache2/per-host/$fqdn/etc/php5/conf.d/suhosin.ini", - "puppet:///apache2/common/etc/php5/conf.d/suhosin.ini" ], - require => Package["apache2", "php5-suhosin"], - notify => Exec["force-reload-apache2"]; - } - } - } + activate_munin_check { + "apache_accesses":; + "apache_processes":; + "apache_volume":; + "apache_servers":; + "ps_apache2": script => "ps_"; + } + package { + "apache2": ensure => installed; + "logrotate": ensure => installed; + } - define activate_apache_site($ensure=present, $site=$name) { - case $site { - "": { $base = $name } - default: { $base = $site } - } + case $php5 { + "true": { + package { + "php5-suhosin": ensure => installed; + } - case $ensure { - present: { - file { "/etc/apache2/sites-enabled/$name": - ensure => "/etc/apache2/sites-available/$base", - require => Package["apache2"], - notify => Exec["reload-apache2"]; - } - } - absent: { - file { "/etc/apache2/sites-enabled/$name": - ensure => $ensure, - notify => Exec["reload-apache2"]; - } - } - default: { err ( "Unknown ensure value: '$ensure'" ) } - } + file { "/etc/php5/conf.d/suhosin.ini": + source => [ "puppet:///apache2/per-host/$fqdn/etc/php5/conf.d/suhosin.ini", + "puppet:///apache2/common/etc/php5/conf.d/suhosin.ini" ], + require => Package["apache2", "php5-suhosin"], + notify => Exec["force-reload-apache2"]; + } } + } - define enable_module($ensure=present) { - case $ensure { - present: { - exec { "/usr/sbin/a2enmod $name": - unless => "/bin/sh -c '[ -L /etc/apache2/mods-enabled/${name}.load ]'", - notify => Exec["force-reload-apache2"], - } - } - absent: { - exec { "/usr/sbin/a2dismod $name": - onlyif => "/bin/sh -c '[ -L /etc/apache2/mods-enabled/${name}.load ]'", - notify => Exec["force-reload-apache2"], - } - } - default: { err ( "Unknown ensure value: '$ensure'" ) } - } - } + define activate_apache_site($ensure=present, $site=$name) { + case $site { + "": { $base = $name } + default: { $base = $site } + } - enable_module { - "info":; - "status":; + case $ensure { + present: { + file { "/etc/apache2/sites-enabled/$name": + ensure => "/etc/apache2/sites-available/$base", + require => Package["apache2"], + notify => Exec["reload-apache2"]; + } + } + absent: { + file { "/etc/apache2/sites-enabled/$name": + ensure => $ensure, + notify => Exec["reload-apache2"]; + } + } + default: { err ( "Unknown ensure value: '$ensure'" ) } } + } - activate_apache_site { - "00-default": site => "default-debian.org"; - "000-default": ensure => absent; + define enable_module($ensure=present) { + case $ensure { + present: { + exec { + "/usr/sbin/a2enmod $name": + unless => "/bin/sh -c '[ -L /etc/apache2/mods-enabled/${name}.load ]'", + notify => Exec["force-reload-apache2"], + } + } + absent: { + exec { + "/usr/sbin/a2dismod $name": + onlyif => "/bin/sh -c '[ -L /etc/apache2/mods-enabled/${name}.load ]'", + notify => Exec["force-reload-apache2"], + } + } + default: { err ( "Unknown ensure value: '$ensure'" ) } } + } - file { - "/etc/apache2/conf.d/ressource-limits": - content => template("apache2/ressource-limits.erb"), - require => Package["apache2"], - notify => Exec["reload-apache2"]; - "/etc/apache2/conf.d/security": - source => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/conf.d/security", - "puppet:///apache2/common/etc/apache2/conf.d/security" ], - require => Package["apache2"], - notify => Exec["reload-apache2"]; - "/etc/apache2/conf.d/local-serverinfo": - source => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/conf.d/local-serverinfo", - "puppet:///apache2/common/etc/apache2/conf.d/local-serverinfo" ], - require => Package["apache2"], - notify => Exec["reload-apache2"]; - "/etc/apache2/conf.d/server-status": - source => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/conf.d/server-status", - "puppet:///apache2/common/etc/apache2/conf.d/server-status" ], - require => Package["apache2"], - notify => Exec["reload-apache2"]; + enable_module { + "info":; + "status":; + } + + activate_apache_site { + "00-default": site => "default-debian.org"; + "000-default": ensure => absent; + } - "/etc/apache2/sites-available/default-debian.org": - content => template("apache2/default-debian.org.erb"), - require => Package["apache2"], + file { + "/etc/apache2/conf.d/ressource-limits": + content => template("apache2/ressource-limits.erb"), + require => Package["apache2"], notify => Exec["reload-apache2"]; + "/etc/apache2/conf.d/security": + source => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/conf.d/security", + "puppet:///apache2/common/etc/apache2/conf.d/security" ], + require => Package["apache2"], + notify => Exec["reload-apache2"]; + "/etc/apache2/conf.d/local-serverinfo": + source => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/conf.d/local-serverinfo", + "puppet:///apache2/common/etc/apache2/conf.d/local-serverinfo" ], + require => Package["apache2"], + notify => Exec["reload-apache2"]; + "/etc/apache2/conf.d/server-status": + source => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/conf.d/server-status", + "puppet:///apache2/common/etc/apache2/conf.d/server-status" ], + require => Package["apache2"], + notify => Exec["reload-apache2"]; - "/etc/logrotate.d/apache2": - source => [ "puppet:///apache2/per-host/$fqdn/etc/logrotate.d/apache2", - "puppet:///apache2/common/etc/logrotate.d/apache2" ]; + "/etc/apache2/sites-available/default-debian.org": + content => template("apache2/default-debian.org.erb"), + require => Package["apache2"], + notify => Exec["reload-apache2"]; - "/srv/www": - mode => 755, - ensure => directory; - "/srv/www/default.debian.org": - mode => 755, - ensure => directory; - "/srv/www/default.debian.org/htdocs": - mode => 755, - ensure => directory; - "/srv/www/default.debian.org/htdocs/index.html": - content => template("apache2/default-index.html"); + "/etc/logrotate.d/apache2": + source => [ "puppet:///apache2/per-host/$fqdn/etc/logrotate.d/apache2", + "puppet:///apache2/common/etc/logrotate.d/apache2" ]; - # sometimes this is a symlink - #"/var/log/apache2": - # mode => 755, - # ensure => directory; - } + "/srv/www": + mode => 755, + ensure => directory; + "/srv/www/default.debian.org": + mode => 755, + ensure => directory; + "/srv/www/default.debian.org/htdocs": + mode => 755, + ensure => directory; + "/srv/www/default.debian.org/htdocs/index.html": + content => template("apache2/default-index.html"); - exec { "reload-apache2": - command => "/etc/init.d/apache2 reload", - refreshonly => true, - } + # sometimes this is a symlink + #"/var/log/apache2": + # mode => 755, + # ensure => directory; + } - exec { "force-reload-apache2": - command => "/etc/init.d/apache2 force-reload", - refreshonly => true, - } - @ferm::rule { "dsa-http-limit": - prio => "20", - description => "limit HTTP DOS", - rule => "chain 'http_limit' { mod limit limit-burst 60 limit 15/minute jump ACCEPT; jump DROP; }" - } - @ferm::rule { "dsa-http-soso": - prio => "21", - description => "slow yahoo spider", - rule => "chain 'limit_sosospider' { mod connlimit connlimit-above 2 connlimit-mask 21 jump DROP; jump http_limit; }" - } - @ferm::rule { "dsa-http-yahoo": - prio => "21", - description => "slow yahoo spider", - rule => "chain 'limit_yahoo' { mod connlimit connlimit-above 2 connlimit-mask 16 jump DROP; jump http_limit; }" - } - @ferm::rule { "dsa-http-rules": - prio => "22", - description => "http subchain", - rule => "chain 'http' { saddr ( 74.6.22.182 74.6.18.240 ) jump limit_yahoo; saddr 124.115.0.0/21 jump limit_sosospider; mod recent name HTTPDOS update seconds 1800 jump log_or_drop; mod hashlimit hashlimit-name HTTPDOS hashlimit-mode srcip hashlimit-burst 600 hashlimit 30/minute jump ACCEPT; mod recent name HTTPDOS set jump log_or_drop; }" - } - @ferm::rule { "dsa-http": - prio => "23", - description => "Allow web access", - rule => "proto tcp dport http jump http;" - } - @ferm::rule { "dsa-http-v6": - domain => "(ip6)", - prio => "23", - description => "Allow web access", - rule => "&SERVICE(tcp, 80)" - } + exec { + "reload-apache2": + command => "/etc/init.d/apache2 reload", + refreshonly => true; + "force-reload-apache2": + command => "/etc/init.d/apache2 force-reload", + refreshonly => true; + } + + @ferm::rule { "dsa-http-limit": + prio => "20", + description => "limit HTTP DOS", + rule => "chain 'http_limit' { mod limit limit-burst 60 limit 15/minute jump ACCEPT; jump DROP; }" + } + @ferm::rule { "dsa-http-soso": + prio => "21", + description => "slow yahoo spider", + rule => "chain 'limit_sosospider' { mod connlimit connlimit-above 2 connlimit-mask 21 jump DROP; jump http_limit; }" + } + @ferm::rule { "dsa-http-yahoo": + prio => "21", + description => "slow yahoo spider", + rule => "chain 'limit_yahoo' { mod connlimit connlimit-above 2 connlimit-mask 16 jump DROP; jump http_limit; }" + } + @ferm::rule { "dsa-http-rules": + prio => "22", + description => "http subchain", + rule => "chain 'http' { saddr ( 74.6.22.182 74.6.18.240 ) jump limit_yahoo; saddr 124.115.0.0/21 jump limit_sosospider; mod recent name HTTPDOS update seconds 1800 jump log_or_drop; mod hashlimit hashlimit-name HTTPDOS hashlimit-mode srcip hashlimit-burst 600 hashlimit 30/minute jump ACCEPT; mod recent name HTTPDOS set jump log_or_drop; }" + } + @ferm::rule { "dsa-http": + prio => "23", + description => "Allow web access", + rule => "proto tcp dport http jump http;" + } + @ferm::rule { "dsa-http-v6": + domain => "(ip6)", + prio => "23", + description => "Allow web access", + rule => "&SERVICE(tcp, 80)" + } } +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: diff --git a/modules/apache2/manifests/security_mirror.pp b/modules/apache2/manifests/security_mirror.pp index 85adcf1d..bdc3bcce 100644 --- a/modules/apache2/manifests/security_mirror.pp +++ b/modules/apache2/manifests/security_mirror.pp @@ -1,15 +1,18 @@ class apache2::security_mirror inherits apache2 { - file { - "/etc/apache2/sites-available/security.debian.org": - source => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/sites-available/security.debian.org", - "puppet:///apache2/common/etc/apache2/sites-available/security.debian.org" ]; + file { + "/etc/apache2/sites-available/security.debian.org": + source => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/sites-available/security.debian.org", + "puppet:///apache2/common/etc/apache2/sites-available/security.debian.org" ]; - } + } - activate_apache_site { - "010-security.debian.org": site => "security.debian.org"; - "security.debian.org": ensure => absent; - } + activate_apache_site { + "010-security.debian.org": site => "security.debian.org"; + "security.debian.org": ensure => absent; + } } +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: diff --git a/modules/apt-keys/manifests/init.pp b/modules/apt-keys/manifests/init.pp index 92966b94..df616881 100644 --- a/modules/apt-keys/manifests/init.pp +++ b/modules/apt-keys/manifests/init.pp @@ -1,21 +1,21 @@ class apt-keys { file { "/etc/apt/trusted-keys.d/": - ensure => directory, - purge => true, - notify => Exec["apt-keys-update"], - ; + ensure => directory, + purge => true, + notify => Exec["apt-keys-update"], + ; "/etc/apt/trusted-keys.d/backports.org.asc": - source => "puppet:///apt-keys/backports.org.asc", - mode => 664, - notify => Exec["apt-keys-update"], - ; + source => "puppet:///apt-keys/backports.org.asc", + mode => 664, + notify => Exec["apt-keys-update"], + ; "/etc/apt/trusted-keys.d/db.debian.org.asc": - source => "puppet:///apt-keys/db.debian.org.asc", - mode => 664, - notify => Exec["apt-keys-update"], - ; + source => "puppet:///apt-keys/db.debian.org.asc", + mode => 664, + notify => Exec["apt-keys-update"], + ; } exec { "apt-keys-update": @@ -24,3 +24,6 @@ class apt-keys { } } +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: diff --git a/modules/buildd/manifests/init.pp b/modules/buildd/manifests/init.pp index 7ddd769c..16f84415 100644 --- a/modules/buildd/manifests/init.pp +++ b/modules/buildd/manifests/init.pp @@ -1,31 +1,34 @@ class buildd { - package { - "sbuild": ensure => installed; - "buildd": ensure => installed; - "buildd-builder-meta": ensure => installed; - "apt-transport-https": ensure => installed; - "debootstrap": ensure => installed; - } - - file { - "/etc/apt/sources.list.d/buildd.list": + package { + "sbuild": ensure => installed; + "buildd": ensure => installed; + "buildd-builder-meta": ensure => installed; + "apt-transport-https": ensure => installed; + "debootstrap": ensure => installed; + } + + file { + "/etc/apt/sources.list.d/buildd.list": content => template("buildd/etc/apt/sources.list.d/buildd.list.erb"), require => Package["apt-transport-https"], notify => Exec["apt-get update"], ; - - "/etc/apt/trusted-keys.d/buildd.debian.org.asc": - source => "puppet:///buildd/buildd.debian.org.asc", - mode => 664, - notify => Exec["apt-keys-update"], - ; - "/etc/schroot/mount-defaults": - source => "puppet:///buildd/mount-defaults", - require => Package["sbuild"] - ; - "/etc/cron.d/dsa-buildd": - source => "puppet:///buildd/cron.d-dsa-buildd", - require => Package["cron"] - ; - } + + "/etc/apt/trusted-keys.d/buildd.debian.org.asc": + source => "puppet:///buildd/buildd.debian.org.asc", + mode => 664, + notify => Exec["apt-keys-update"], + ; + "/etc/schroot/mount-defaults": + source => "puppet:///buildd/mount-defaults", + require => Package["sbuild"] + ; + "/etc/cron.d/dsa-buildd": + source => "puppet:///buildd/cron.d-dsa-buildd", + require => Package["cron"] + ; + } } +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: diff --git a/modules/clamav/manifests/init.pp b/modules/clamav/manifests/init.pp index fa7e17ec..6f42e1ac 100644 --- a/modules/clamav/manifests/init.pp +++ b/modules/clamav/manifests/init.pp @@ -1,17 +1,21 @@ class clamav { - package { "clamav-daemon": ensure => installed; - "clamav-freshclam": ensure => installed; - "clamav-unofficial-sigs": ensure => installed; + package { + "clamav-daemon": ensure => installed; + "clamav-freshclam": ensure => installed; + "clamav-unofficial-sigs": ensure => installed; } file { "/etc/clamav-unofficial-sigs.dsa.conf": - require => Package["clamav-unofficial-sigs"], - source => [ "puppet:///clamav/clamav-unofficial-sigs.dsa.conf" ] - ; + require => Package["clamav-unofficial-sigs"], + source => [ "puppet:///clamav/clamav-unofficial-sigs.dsa.conf" ] + ; "/etc/clamav-unofficial-sigs.conf": - require => Package["clamav-unofficial-sigs"], - source => [ "puppet:///clamav/clamav-unofficial-sigs.conf" ] - ; + require => Package["clamav-unofficial-sigs"], + source => [ "puppet:///clamav/clamav-unofficial-sigs.conf" ] + ; } } +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: diff --git a/modules/debian-org/manifests/init.pp b/modules/debian-org/manifests/init.pp index 3042b183..e8196a70 100644 --- a/modules/debian-org/manifests/init.pp +++ b/modules/debian-org/manifests/init.pp @@ -1,165 +1,168 @@ define sysctl($key, $value, $ensure=present) { - file { "/etc/sysctl.d/$name.conf": - ensure => $ensure, - owner => root, - group => root, - mode => 0644, - content => "$key = $value\n", - notify => Exec["procps restart"], + file { + "/etc/sysctl.d/$name.conf": + ensure => $ensure, + owner => root, + group => root, + mode => 0644, + content => "$key = $value\n", + notify => Exec["procps restart"], } } define set_alternatives($linkto) { - exec { "/usr/sbin/update-alternatives --set $name $linkto": + exec { + "/usr/sbin/update-alternatives --set $name $linkto": unless => "/bin/sh -c '! [ -e $linkto ] || ! [ -e /etc/alternatives/$name ] || ([ -L /etc/alternatives/$name ] && [ /etc/alternatives/$name -ef $linkto ])'" } } class debian-org { - - package { "userdir-ldap": ensure => installed; - "zsh": ensure => installed; - "cron": ensure => installed; - "apt-utils": ensure => installed; - "tcsh": ensure => installed; - "pdksh": ensure => installed; - "ksh": ensure => installed; - "csh": ensure => installed; - "locales-all": ensure => installed; - "libpam-pwdfile": ensure => installed; - "vim": ensure => installed; - "gnupg": ensure => installed; - "bzip2": ensure => installed; - "less": ensure => installed; - "ed": ensure => installed; - "puppet": ensure => installed; - "mtr-tiny": ensure => installed; - "nload": ensure => installed; - "pciutils": ensure => installed; - "dnsutils": ensure => installed; - "bash-completion": ensure => installed; - "libfilesystem-ruby1.8": ensure => installed; - "syslog-ng": ensure => installed; - "sysklogd": ensure => purged; - "klogd": ensure => purged; - "rsyslog": ensure => purged; - } - file { - "/etc/apt/preferences": - source => "puppet:///files/etc/apt/preferences"; - "/etc/apt/sources.list.d/backports.org.list": - content => template("debian-org/etc/apt/sources.list.d/backports.org.list.erb"), - notify => Exec["apt-get update"]; - "/etc/apt/sources.list.d/debian.org.list": - content => template("debian-org/etc/apt/sources.list.d/debian.org.list.erb"), - notify => Exec["apt-get update"]; - "/etc/apt/sources.list.d/security.list": - content => template("debian-org/etc/apt/sources.list.d/security.list.erb"), - notify => Exec["apt-get update"]; - "/etc/apt/sources.list.d/volatile.list": - content => template("debian-org/etc/apt/sources.list.d/volatile.list.erb"), - notify => Exec["apt-get update"]; - "/etc/apt/apt.conf.d/local-recommends": - source => "puppet:///files/etc/apt/apt.conf.d/local-recommends"; - "/etc/apt/apt.conf.d/local-pdiffs": - source => "puppet:///files/etc/apt/apt.conf.d/local-pdiffs"; - "/etc/timezone": - source => "puppet:///files/etc/timezone", - notify => Exec["dpkg-reconfigure tzdata -pcritical -fnoninteractive"]; - "/etc/puppet/puppet.conf": - require => Package["puppet"], - source => "puppet:///files/etc/puppet/puppet.conf" - ; - "/etc/default/puppet": - require => Package["puppet"], - source => "puppet:///files/etc/default/puppet" - ; - - "/etc/syslog-ng/syslog-ng.conf": - content => template("syslog-ng.conf.erb"), - require => Package["syslog-ng"], - notify => Exec["syslog-ng reload"], - ; - "/etc/logrotate.d/syslog-ng": - require => Package["syslog-ng"], - source => "puppet:///files/etc/logrotate.d/syslog-ng", - ; - "/etc/cron.d/dsa-puppet-stuff": - source => "puppet:///files/etc/cron.d/dsa-puppet-stuff", - require => Package["cron"] - ; - "/etc/ldap/ldap.conf": - require => Package["userdir-ldap"], - source => "puppet:///files/etc/ldap/ldap.conf", - ; - "/etc/pam.d/common-session": - require => Package["libpam-pwdfile"], - source => "puppet:///files/etc/pam.d/common-session", - ; - } - case $hostname { + package { + "userdir-ldap": ensure => installed; + "zsh": ensure => installed; + "cron": ensure => installed; + "apt-utils": ensure => installed; + "tcsh": ensure => installed; + "pdksh": ensure => installed; + "ksh": ensure => installed; + "csh": ensure => installed; + "locales-all": ensure => installed; + "libpam-pwdfile": ensure => installed; + "vim": ensure => installed; + "gnupg": ensure => installed; + "bzip2": ensure => installed; + "less": ensure => installed; + "ed": ensure => installed; + "puppet": ensure => installed; + "mtr-tiny": ensure => installed; + "nload": ensure => installed; + "pciutils": ensure => installed; + "dnsutils": ensure => installed; + "bash-completion": ensure => installed; + "libfilesystem-ruby1.8": ensure => installed; + "syslog-ng": ensure => installed; + "sysklogd": ensure => purged; + "klogd": ensure => purged; + "rsyslog": ensure => purged; + } + file { + "/etc/apt/preferences": + source => "puppet:///files/etc/apt/preferences"; + "/etc/apt/sources.list.d/backports.org.list": + content => template("debian-org/etc/apt/sources.list.d/backports.org.list.erb"), + notify => Exec["apt-get update"]; + "/etc/apt/sources.list.d/debian.org.list": + content => template("debian-org/etc/apt/sources.list.d/debian.org.list.erb"), + notify => Exec["apt-get update"]; + "/etc/apt/sources.list.d/security.list": + content => template("debian-org/etc/apt/sources.list.d/security.list.erb"), + notify => Exec["apt-get update"]; + "/etc/apt/sources.list.d/volatile.list": + content => template("debian-org/etc/apt/sources.list.d/volatile.list.erb"), + notify => Exec["apt-get update"]; + "/etc/apt/apt.conf.d/local-recommends": + source => "puppet:///files/etc/apt/apt.conf.d/local-recommends"; + "/etc/apt/apt.conf.d/local-pdiffs": + source => "puppet:///files/etc/apt/apt.conf.d/local-pdiffs"; + "/etc/timezone": + source => "puppet:///files/etc/timezone", + notify => Exec["dpkg-reconfigure tzdata -pcritical -fnoninteractive"]; + "/etc/puppet/puppet.conf": + require => Package["puppet"], + source => "puppet:///files/etc/puppet/puppet.conf" + ; + "/etc/default/puppet": + require => Package["puppet"], + source => "puppet:///files/etc/default/puppet" + ; + + "/etc/syslog-ng/syslog-ng.conf": + content => template("syslog-ng.conf.erb"), + require => Package["syslog-ng"], + notify => Exec["syslog-ng reload"], + ; + "/etc/logrotate.d/syslog-ng": + require => Package["syslog-ng"], + source => "puppet:///files/etc/logrotate.d/syslog-ng", + ; + "/etc/cron.d/dsa-puppet-stuff": + source => "puppet:///files/etc/cron.d/dsa-puppet-stuff", + require => Package["cron"] + ; + "/etc/ldap/ldap.conf": + require => Package["userdir-ldap"], + source => "puppet:///files/etc/ldap/ldap.conf", + ; + "/etc/pam.d/common-session": + require => Package["libpam-pwdfile"], + source => "puppet:///files/etc/pam.d/common-session", + ; + } + case $hostname { handel: { file { - "/etc/puppet/lib": - ensure => directory, - source => "puppet:///files/etc/puppet/lib", - recurse => true, - notify => Exec["puppetmaster restart"]; - } - } - default: {} - } - - # set mmap_min_addr to 4096 to mitigate - # Linux NULL-pointer dereference exploits - sysctl { "mmap_min_addr" : - key => "vm.mmap_min_addr", - value => 4096, - } - - set_alternatives { "editor": - linkto => "/usr/bin/vim.basic", - } - - exec { "syslog-ng reload": - path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin", - refreshonly => true, - } - exec { "dpkg-reconfigure tzdata -pcritical -fnoninteractive": - path => "/usr/bin:/usr/sbin:/bin:/sbin", - refreshonly => true, - } - exec { "apt-get update": - command => 'apt-get update', - path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin", - refreshonly => true - } - exec { "puppetmaster restart": - path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin", - refreshonly => true, - } - exec { "procps restart": - path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin", - refreshonly => true, - } + "/etc/puppet/lib": + ensure => directory, + source => "puppet:///files/etc/puppet/lib", + recurse => true, + notify => Exec["puppetmaster restart"]; + } + } + } + + # set mmap_min_addr to 4096 to mitigate + # Linux NULL-pointer dereference exploits + sysctl { + "mmap_min_addr" : + key => "vm.mmap_min_addr", + value => 4096, + } + + set_alternatives { + "editor": + linkto => "/usr/bin/vim.basic", + } + + exec { + "syslog-ng reload": + path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin", + refreshonly => true; + "dpkg-reconfigure tzdata -pcritical -fnoninteractive": + path => "/usr/bin:/usr/sbin:/bin:/sbin", + refreshonly => true; + "apt-get update": + command => 'apt-get update', + path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin", + refreshonly => true; + "puppetmaster restart": + path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin", + refreshonly => true; + "procps restart": + path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin", + refreshonly => true; + } } class debian-proliant inherits debian-org { - package { - "hpacucli": ensure => installed; - "hp-health": ensure => installed; - "cpqarrayd": ensure => installed; - "arrayprobe": ensure => installed; - } - case $debarchitecture { - "amd64": { - package { "lib32gcc1": ensure => installed; } - } - } - file { - "/etc/apt/sources.list.d/debian.restricted.list": - content => template("debian-org/etc/apt/sources.list.d/debian.restricted.list.erb"), - notify => Exec["apt-get update"]; - } + package { + "hpacucli": ensure => installed; + "hp-health": ensure => installed; + "cpqarrayd": ensure => installed; + "arrayprobe": ensure => installed; + } + case $debarchitecture { + "amd64": { + package { "lib32gcc1": ensure => installed; } + } + } + file { + "/etc/apt/sources.list.d/debian.restricted.list": + content => template("debian-org/etc/apt/sources.list.d/debian.restricted.list.erb"), + notify => Exec["apt-get update"]; + } } +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: diff --git a/modules/exim/manifests/init.pp b/modules/exim/manifests/init.pp index 171e453f..451ae764 100644 --- a/modules/exim/manifests/init.pp +++ b/modules/exim/manifests/init.pp @@ -180,3 +180,6 @@ class exim { rule => "&SERVICE(tcp, 113)" } } +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: diff --git a/modules/exim/manifests/mx.pp b/modules/exim/manifests/mx.pp index ebcbd852..3909f9b7 100644 --- a/modules/exim/manifests/mx.pp +++ b/modules/exim/manifests/mx.pp @@ -32,3 +32,6 @@ class exim::mx inherits exim { } } +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp index b997d608..05c5f798 100644 --- a/modules/ferm/manifests/init.pp +++ b/modules/ferm/manifests/init.pp @@ -67,3 +67,6 @@ class ferm { } } +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: diff --git a/modules/hosts/manifests/init.pp b/modules/hosts/manifests/init.pp index 279da0f4..cdd19017 100644 --- a/modules/hosts/manifests/init.pp +++ b/modules/hosts/manifests/init.pp @@ -5,3 +5,6 @@ class hosts { } } +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: diff --git a/modules/kfreebsd/manifests/init.pp b/modules/kfreebsd/manifests/init.pp index 37d3afa0..686ba167 100644 --- a/modules/kfreebsd/manifests/init.pp +++ b/modules/kfreebsd/manifests/init.pp @@ -6,5 +6,5 @@ class kfreebsd { } } # vim:set et: -# vim:set ts=4: +# vim:set sts=4 ts=4: # vim:set shiftwidth=4: diff --git a/modules/monit/manifests/init.pp b/modules/monit/manifests/init.pp index b7e909d1..cad4319d 100644 --- a/modules/monit/manifests/init.pp +++ b/modules/monit/manifests/init.pp @@ -51,3 +51,6 @@ class monit { } } +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: diff --git a/modules/motd/manifests/init.pp b/modules/motd/manifests/init.pp index a8d35a55..0de49360 100644 --- a/modules/motd/manifests/init.pp +++ b/modules/motd/manifests/init.pp @@ -10,3 +10,6 @@ class motd { refreshonly => true } } +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: diff --git a/modules/munin-node/manifests/init.pp b/modules/munin-node/manifests/init.pp index 59fe205a..cde57774 100644 --- a/modules/munin-node/manifests/init.pp +++ b/modules/munin-node/manifests/init.pp @@ -91,3 +91,6 @@ class munin-node { } } +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: diff --git a/modules/munin-node/manifests/master.pp b/modules/munin-node/manifests/master.pp index cff2941d..23418891 100644 --- a/modules/munin-node/manifests/master.pp +++ b/modules/munin-node/manifests/master.pp @@ -9,3 +9,6 @@ class munin-node::master inherits munin-node { } } +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: diff --git a/modules/nagios/manifests/client.pp b/modules/nagios/manifests/client.pp index 85c471fc..e16e20f8 100644 --- a/modules/nagios/manifests/client.pp +++ b/modules/nagios/manifests/client.pp @@ -55,3 +55,6 @@ class nagios::client inherits nagios { rule => "proto tcp mod state state (NEW) dport (5666) @subchain 'nagios' { saddr (\$HOST_NAGIOS_V6) ACCEPT; }" } } +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: diff --git a/modules/nagios/manifests/init.pp b/modules/nagios/manifests/init.pp index 13c0dc91..4975a413 100644 --- a/modules/nagios/manifests/init.pp +++ b/modules/nagios/manifests/init.pp @@ -3,3 +3,6 @@ class nagios { nagios-nrpe-server: ensure => installed; } } +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: diff --git a/modules/nagios/manifests/server.pp b/modules/nagios/manifests/server.pp index 5cdbc43b..3ee3020d 100644 --- a/modules/nagios/manifests/server.pp +++ b/modules/nagios/manifests/server.pp @@ -79,3 +79,6 @@ class nagios::server inherits nagios::client { refreshonly => true, } } +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: diff --git a/modules/named/manifests/geodns.pp b/modules/named/manifests/geodns.pp index 766c5e55..ad2ed67d 100644 --- a/modules/named/manifests/geodns.pp +++ b/modules/named/manifests/geodns.pp @@ -71,4 +71,6 @@ class named::geodns inherits named { } } -# vim: set fdm=marker ts=8 sw=8 et: +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: diff --git a/modules/named/manifests/init.pp b/modules/named/manifests/init.pp index b5233758..1a22154d 100644 --- a/modules/named/manifests/init.pp +++ b/modules/named/manifests/init.pp @@ -34,4 +34,6 @@ class named { } } -# vim: set fdm=marker ts=8 sw=8 et: +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: diff --git a/modules/named/manifests/recursor.pp b/modules/named/manifests/recursor.pp index 61ca459c..2fc192af 100644 --- a/modules/named/manifests/recursor.pp +++ b/modules/named/manifests/recursor.pp @@ -6,3 +6,6 @@ class named::recursor inherits named { } +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: diff --git a/modules/named/manifests/secondary.pp b/modules/named/manifests/secondary.pp index 87f3d377..582fbea7 100644 --- a/modules/named/manifests/secondary.pp +++ b/modules/named/manifests/secondary.pp @@ -15,3 +15,6 @@ class named::secondary inherits named { } } +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: diff --git a/modules/ntp/manifests/init.pp b/modules/ntp/manifests/init.pp index af086f68..dfc15179 100644 --- a/modules/ntp/manifests/init.pp +++ b/modules/ntp/manifests/init.pp @@ -31,3 +31,6 @@ class ntp { rule => "&SERVICE(udp, 123)" } } +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: diff --git a/modules/portforwarder/manifests/init.pp b/modules/portforwarder/manifests/init.pp index 882bb270..83d11cf6 100644 --- a/modules/portforwarder/manifests/init.pp +++ b/modules/portforwarder/manifests/init.pp @@ -26,5 +26,5 @@ class portforwarder { } } # vim:set et: -# vim:set ts=4: +# vim:set sts=4 ts=4: # vim:set shiftwidth=4: diff --git a/modules/postgrey/manifests/init.pp b/modules/postgrey/manifests/init.pp index bc42e865..227655d3 100644 --- a/modules/postgrey/manifests/init.pp +++ b/modules/postgrey/manifests/init.pp @@ -14,3 +14,6 @@ class postgrey { refreshonly => true, } } +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: diff --git a/modules/raidmpt/manifests/init.pp b/modules/raidmpt/manifests/init.pp index e04cd2f4..814fd5b4 100644 --- a/modules/raidmpt/manifests/init.pp +++ b/modules/raidmpt/manifests/init.pp @@ -17,5 +17,5 @@ class raidmpt { } } # vim:set et: -# vim:set ts=4: +# vim:set sts=4 ts=4: # vim:set shiftwidth=4: diff --git a/modules/resolv/manifests/init.pp b/modules/resolv/manifests/init.pp index e8124231..1934cfa1 100644 --- a/modules/resolv/manifests/init.pp +++ b/modules/resolv/manifests/init.pp @@ -3,3 +3,6 @@ class resolv { content => template("resolv/resolv.conf.erb"); } } +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: diff --git a/modules/samhain/manifests/init.pp b/modules/samhain/manifests/init.pp index 54fd06ff..f32a96bf 100644 --- a/modules/samhain/manifests/init.pp +++ b/modules/samhain/manifests/init.pp @@ -13,4 +13,7 @@ class samhain { refreshonly => true, } } +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: diff --git a/modules/ssh/manifests/init.pp b/modules/ssh/manifests/init.pp index 9d272a22..98add738 100644 --- a/modules/ssh/manifests/init.pp +++ b/modules/ssh/manifests/init.pp @@ -41,3 +41,6 @@ class ssh { rule => "&SERVICE_RANGE(tcp, ssh, \$SSH_V6_SOURCES)" } } +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: diff --git a/modules/sudo/manifests/init.pp b/modules/sudo/manifests/init.pp index 9e1024ce..a3903573 100644 --- a/modules/sudo/manifests/init.pp +++ b/modules/sudo/manifests/init.pp @@ -17,3 +17,6 @@ class sudo { } } +# vim:set et: +# vim:set sts=4 ts=4: +# vim:set shiftwidth=4: -- 2.39.2