diff options
| author | Leif Johansson <leifj@sunet.se> | 2015-05-09 17:08:26 +0200 |
|---|---|---|
| committer | Leif Johansson <leifj@sunet.se> | 2015-05-09 17:08:26 +0200 |
| commit | cd7acf3cd7e6a193791220e59a92b07b301dbdc3 (patch) | |
| tree | 0386232d357da175bcb940d8e8da2c8760fce342 /global/overlay/etc/puppet/modules/sunet/manifests/server.pp | |
| parent | b426d3fae51f9a15bd99a54a67c6878e4b3f9506 (diff) | |
drop old modulessunet-ops-2015-05-09-v12
Diffstat (limited to 'global/overlay/etc/puppet/modules/sunet/manifests/server.pp')
| -rw-r--r-- | global/overlay/etc/puppet/modules/sunet/manifests/server.pp | 91 |
1 files changed, 0 insertions, 91 deletions
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp b/global/overlay/etc/puppet/modules/sunet/manifests/server.pp deleted file mode 100644 index d89302f..0000000 --- a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp +++ /dev/null @@ -1,91 +0,0 @@ -define sunet::server() { - - # fail2ban - class { 'sunet::fail2ban': } - - # Set up encrypted swap - sunet::encrypted_swap { 'sunet_encrypted_swap': } - - # Add prerequisites for ethernet bonding, if physical server - sunet::ethernet_bonding { 'sunet_ethernet_bonding': } - -# Removed until SWAMID hosts can have their ufw module updated / ft -# # Ignore IPv6 multicast -# ufw::deny { 'ignore_v6_multicast': -# ip => 'ff02::1', -# proto => 'any' # 'ufw' has a hard-coded list of protocols, which does not include 'ipv6-icmp' :( -# } - -# # Ignore IPv6 multicast PIM router talk -# ufw::deny { 'ignore_v6_multicast_PIM': -# ip => 'ff02::d', -# proto => 'any' # 'ufw' has a hard-coded list of protocols, which does not include 'ipv6-icmp' :( -# } - - include augeas - augeas { "sshd_config": - context => "/files/etc/ssh/sshd_config", - changes => [ - "set PasswordAuthentication no", - "set X11Forwarding no", - "set LogLevel VERBOSE", # log pubkey used for root login - ], - notify => Service['ssh'], - } -> - file_line { - 'no_sftp_subsystem': - path => '/etc/ssh/sshd_config', - match => 'Subsystem sftp /usr/lib/openssh/sftp-server', - line => '#Subsystem sftp /usr/lib/openssh/sftp-server', - notify => Service['ssh'], - } - - # already declared in puppet-cosmos/manifests/ntp.pp - #service { 'ntp': - # ensure => 'running', - #} - - # Don't use pool.ntp.org servers, but rather DHCP provided NTP servers - line { 'no_pool_ntp_org_servers': - file => '/etc/ntp.conf', - line => '^server .*\.pool\.ntp\.org', - ensure => 'comment', - notify => Service['ntp'], - } - - file { '/var/cache/scriptherder': - ensure => 'directory', - path => '/var/cache/scriptherder', - mode => '1777', # like /tmp, so user-cronjobs can also use scriptherder - } - - -} - -# from http://projects.puppetlabs.com/projects/puppet/wiki/Simple_Text_Patterns/5 -define line($file, $line, $ensure = 'present') { - case $ensure { - default : { err ( "unknown ensure value ${ensure}" ) } - present: { - exec { "/bin/echo '${line}' >> '${file}'": - unless => "/bin/grep -qFx '${line}' '${file}'" - } - } - absent: { - exec { "/usr/bin/perl -ni -e 'print unless /^\\Q${line}\\E\$/' '${file}'": - onlyif => "/bin/grep -qFx '${line}' '${file}'" - } - } - uncomment: { - exec { "/bin/sed -i -e'/${line}/s/^#\\+//' '${file}'": - onlyif => "/bin/grep '${line}' '${file}' | /bin/grep '^#' | /usr/bin/wc -l" - } - } - comment: { - exec { "/bin/sed -i -e'/${line}/s/^\\(.\\+\\)$/#\\1/' '${file}'": - onlyif => "/usr/bin/test `/bin/grep '${line}' '${file}' | /bin/grep -v '^#' | /usr/bin/wc -l` -ne 0" - } - } - } - -} |