Mercurial > repos > other > Puppet
annotate manifests/templates.pp @ 148:d9fcabc75a1e puppet-3.6
Fix pip installations
We didn't specify Pip package before so we couldn't bootstrap from cold.
Also, and Pip is too clever. If package name is wrong but close enough,
Pip installs it anyway but next run Puppet can't find the package
because of typo and tells Pip to install it again!
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Sun, 26 Mar 2017 16:12:57 +0100 |
parents | 6cb6dc1f74d4 |
children | 060f81349dd6 |
rev | line source |
---|---|
32
6bbc86f6cee5
Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start)
IBBoard <dev@ibboard.co.uk>
parents:
25
diff
changeset
|
1 # Make sure packages come after their repos |
6bbc86f6cee5
Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start)
IBBoard <dev@ibboard.co.uk>
parents:
25
diff
changeset
|
2 YumRepo<| |> -> Package<| |> |
6bbc86f6cee5
Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start)
IBBoard <dev@ibboard.co.uk>
parents:
25
diff
changeset
|
3 |
6bbc86f6cee5
Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start)
IBBoard <dev@ibboard.co.uk>
parents:
25
diff
changeset
|
4 # Make sure all files are in place before starting services |
6bbc86f6cee5
Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start)
IBBoard <dev@ibboard.co.uk>
parents:
25
diff
changeset
|
5 File<| |> -> Service<| |> |
6bbc86f6cee5
Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start)
IBBoard <dev@ibboard.co.uk>
parents:
25
diff
changeset
|
6 |
6bbc86f6cee5
Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start)
IBBoard <dev@ibboard.co.uk>
parents:
25
diff
changeset
|
7 |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
8 class basenode { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
9 $os = $operatingsystem |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
10 $osver = "v${operatingsystemrelease}" |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
11 include sudo |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
12 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
13 include defaultusers |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
14 include logwatch |
24
204330fea19a
Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings)
IBBoard <dev@ibboard.co.uk>
parents:
18
diff
changeset
|
15 |
204330fea19a
Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings)
IBBoard <dev@ibboard.co.uk>
parents:
18
diff
changeset
|
16 file { '/etc/puppet/hiera.yaml': |
204330fea19a
Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings)
IBBoard <dev@ibboard.co.uk>
parents:
18
diff
changeset
|
17 ensure => present, |
204330fea19a
Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings)
IBBoard <dev@ibboard.co.uk>
parents:
18
diff
changeset
|
18 content => "--- |
204330fea19a
Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings)
IBBoard <dev@ibboard.co.uk>
parents:
18
diff
changeset
|
19 :backends: yaml |
204330fea19a
Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings)
IBBoard <dev@ibboard.co.uk>
parents:
18
diff
changeset
|
20 :yaml: |
204330fea19a
Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings)
IBBoard <dev@ibboard.co.uk>
parents:
18
diff
changeset
|
21 :datadir: /var/lib/hiera |
204330fea19a
Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings)
IBBoard <dev@ibboard.co.uk>
parents:
18
diff
changeset
|
22 :hierarchy: common |
204330fea19a
Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings)
IBBoard <dev@ibboard.co.uk>
parents:
18
diff
changeset
|
23 :logger: console", |
204330fea19a
Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings)
IBBoard <dev@ibboard.co.uk>
parents:
18
diff
changeset
|
24 } |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
25 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
26 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
27 class basevpsnode ( |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
28 $primary_ip, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
29 $secondary_ip, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
30 $mailserver, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
31 $imapserver, |
35
1bb941522ebf
Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables)
IBBoard <dev@ibboard.co.uk>
parents:
32
diff
changeset
|
32 $firewall_cmd = 'iptables', |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
33 ) { |
44
546dfa011f58
Remove "puppet" host name because we don't need it
IBBoard <dev@ibboard.co.uk>
parents:
18
diff
changeset
|
34 |
40
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
35 if $firewall_cmd == 'iptables' { |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
36 include vpsfirewall |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
37 } |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
38 |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
39 #VPS is a self-mastered Puppet machine, so bodge a Hosts file |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
40 file { '/etc/hosts': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
41 ensure => present, |
44
546dfa011f58
Remove "puppet" host name because we don't need it
IBBoard <dev@ibboard.co.uk>
parents:
18
diff
changeset
|
42 content => "127.0.0.1 localhost |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
43 $primary_ip ${fqdn}", |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
44 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
45 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
46 require repos |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
47 include basenode |
41
765bf01c2044
Load custom "private" rules/config
IBBoard <dev@ibboard.co.uk>
parents:
40
diff
changeset
|
48 include private |
100
fd3446c3b7b9
Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs)
IBBoard <dev@ibboard.co.uk>
parents:
99
diff
changeset
|
49 include dnsresolver |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
50 include ssh::server |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
51 include vcs::server |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
52 include vcs::client |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
53 class { 'webserver': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
54 primary_ip => $primary_ip, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
55 secondary_ip => $secondary_ip, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
56 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
57 include cronjobs |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
58 include logrotate |
35
1bb941522ebf
Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables)
IBBoard <dev@ibboard.co.uk>
parents:
32
diff
changeset
|
59 class { 'fail2ban': |
1bb941522ebf
Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables)
IBBoard <dev@ibboard.co.uk>
parents:
32
diff
changeset
|
60 firewall_cmd => $firewall_cmd, |
1bb941522ebf
Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables)
IBBoard <dev@ibboard.co.uk>
parents:
32
diff
changeset
|
61 } |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
62 include tools |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
63 class { 'email': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
64 mailserver => $mailserver, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
65 imapserver => $imapserver, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
66 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
67 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
68 |
100
fd3446c3b7b9
Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs)
IBBoard <dev@ibboard.co.uk>
parents:
99
diff
changeset
|
69 ## Classes to allow facet behaviour using preconfigured setups of classes |
fd3446c3b7b9
Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs)
IBBoard <dev@ibboard.co.uk>
parents:
99
diff
changeset
|
70 |
40
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
71 class vpsfirewall { |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
72 resources { "firewall": |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
73 purge => false, |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
74 } |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
75 firewallchain { 'INPUT:filter:IPv4': |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
76 purge => true, |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
77 ignore => [ |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
78 '-j f2b-[^ ]+$', |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
79 '^(:|-A )f2b-', |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
80 '--comment "Great Firewall of China"', |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
81 '--comment "Do not purge', |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
82 ], |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
83 } |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
84 Firewall { |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
85 before => Class['my_fw::post'], |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
86 require => Class['my_fw::pre'], |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
87 } |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
88 class { ['my_fw::pre', 'my_fw::post']: } |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
89 class { 'firewall': } |
64
3bb824dabaae
Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents:
61
diff
changeset
|
90 firewall { '010 Whitelist Googlebot': |
3bb824dabaae
Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents:
61
diff
changeset
|
91 source => '66.249.64.0/19', |
91
61a79ae833cb
Follow the documentation properly and specify dport, not just port
IBBoard <dev@ibboard.co.uk>
parents:
87
diff
changeset
|
92 dport => [80,443], |
64
3bb824dabaae
Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents:
61
diff
changeset
|
93 proto => tcp, |
3bb824dabaae
Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents:
61
diff
changeset
|
94 action => accept, |
3bb824dabaae
Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents:
61
diff
changeset
|
95 } |
122
033282abfc28
Blacklist more spamming IPs (with a ######.info domain)
IBBoard <dev@ibboard.co.uk>
parents:
118
diff
changeset
|
96 firewall { '099 Blacklist spammers 1': |
91
61a79ae833cb
Follow the documentation properly and specify dport, not just port
IBBoard <dev@ibboard.co.uk>
parents:
87
diff
changeset
|
97 source => '146.0.229.80/28', |
61a79ae833cb
Follow the documentation properly and specify dport, not just port
IBBoard <dev@ibboard.co.uk>
parents:
87
diff
changeset
|
98 dport => [465, 25], |
61a79ae833cb
Follow the documentation properly and specify dport, not just port
IBBoard <dev@ibboard.co.uk>
parents:
87
diff
changeset
|
99 proto => tcp, |
61a79ae833cb
Follow the documentation properly and specify dport, not just port
IBBoard <dev@ibboard.co.uk>
parents:
87
diff
changeset
|
100 action => 'reject', |
61a79ae833cb
Follow the documentation properly and specify dport, not just port
IBBoard <dev@ibboard.co.uk>
parents:
87
diff
changeset
|
101 } |
122
033282abfc28
Blacklist more spamming IPs (with a ######.info domain)
IBBoard <dev@ibboard.co.uk>
parents:
118
diff
changeset
|
102 firewall { '099 Blacklist spammers 2': |
033282abfc28
Blacklist more spamming IPs (with a ######.info domain)
IBBoard <dev@ibboard.co.uk>
parents:
118
diff
changeset
|
103 source => '89.43.62.0/24', |
033282abfc28
Blacklist more spamming IPs (with a ######.info domain)
IBBoard <dev@ibboard.co.uk>
parents:
118
diff
changeset
|
104 dport => [465, 25], |
033282abfc28
Blacklist more spamming IPs (with a ######.info domain)
IBBoard <dev@ibboard.co.uk>
parents:
118
diff
changeset
|
105 proto => tcp, |
033282abfc28
Blacklist more spamming IPs (with a ######.info domain)
IBBoard <dev@ibboard.co.uk>
parents:
118
diff
changeset
|
106 action => 'reject', |
033282abfc28
Blacklist more spamming IPs (with a ######.info domain)
IBBoard <dev@ibboard.co.uk>
parents:
118
diff
changeset
|
107 } |
139
abaf384dc939
Block another annoying IP with a firewall rule
IBBoard <dev@ibboard.co.uk>
parents:
137
diff
changeset
|
108 # German server that did 5000+ HEAD requests in <10 days to "/" on one site |
abaf384dc939
Block another annoying IP with a firewall rule
IBBoard <dev@ibboard.co.uk>
parents:
137
diff
changeset
|
109 firewall { '099 Blacklist spammers 3': |
abaf384dc939
Block another annoying IP with a firewall rule
IBBoard <dev@ibboard.co.uk>
parents:
137
diff
changeset
|
110 source => '78.47.182.152', |
abaf384dc939
Block another annoying IP with a firewall rule
IBBoard <dev@ibboard.co.uk>
parents:
137
diff
changeset
|
111 dport => [465, 25], |
abaf384dc939
Block another annoying IP with a firewall rule
IBBoard <dev@ibboard.co.uk>
parents:
137
diff
changeset
|
112 proto => tcp, |
abaf384dc939
Block another annoying IP with a firewall rule
IBBoard <dev@ibboard.co.uk>
parents:
137
diff
changeset
|
113 action => 'reject', |
abaf384dc939
Block another annoying IP with a firewall rule
IBBoard <dev@ibboard.co.uk>
parents:
137
diff
changeset
|
114 } |
118
f0a86e36d33f
Ban IODC bot, because they can't behave and don't have robots.txt instructions
IBBoard <dev@ibboard.co.uk>
parents:
110
diff
changeset
|
115 firewall { '099 Blacklist IODC bot': |
f0a86e36d33f
Ban IODC bot, because they can't behave and don't have robots.txt instructions
IBBoard <dev@ibboard.co.uk>
parents:
110
diff
changeset
|
116 # IODC bot makes too many bad requests, and contact form is broken |
f0a86e36d33f
Ban IODC bot, because they can't behave and don't have robots.txt instructions
IBBoard <dev@ibboard.co.uk>
parents:
110
diff
changeset
|
117 # They don't publish a robots.txt name, so firewall it! |
f0a86e36d33f
Ban IODC bot, because they can't behave and don't have robots.txt instructions
IBBoard <dev@ibboard.co.uk>
parents:
110
diff
changeset
|
118 source => '86.153.145.149', |
f0a86e36d33f
Ban IODC bot, because they can't behave and don't have robots.txt instructions
IBBoard <dev@ibboard.co.uk>
parents:
110
diff
changeset
|
119 dport => [ 80, 443 ], |
f0a86e36d33f
Ban IODC bot, because they can't behave and don't have robots.txt instructions
IBBoard <dev@ibboard.co.uk>
parents:
110
diff
changeset
|
120 proto => tcp, |
f0a86e36d33f
Ban IODC bot, because they can't behave and don't have robots.txt instructions
IBBoard <dev@ibboard.co.uk>
parents:
110
diff
changeset
|
121 action => 'reject', |
137
4f9bc88a426a
Firewall Baidu's new Brazillian IP range for being to agressive
IBBoard <dev@ibboard.co.uk>
parents:
134
diff
changeset
|
122 } |
4f9bc88a426a
Firewall Baidu's new Brazillian IP range for being to agressive
IBBoard <dev@ibboard.co.uk>
parents:
134
diff
changeset
|
123 firewall { '099 Blacklist Baidu Brazil': |
4f9bc88a426a
Firewall Baidu's new Brazillian IP range for being to agressive
IBBoard <dev@ibboard.co.uk>
parents:
134
diff
changeset
|
124 #Baidu got a Brazilian netblock and are hitting us hard |
4f9bc88a426a
Firewall Baidu's new Brazillian IP range for being to agressive
IBBoard <dev@ibboard.co.uk>
parents:
134
diff
changeset
|
125 #Baidu doesn't honour "crawl-delay" in robots.txt |
4f9bc88a426a
Firewall Baidu's new Brazillian IP range for being to agressive
IBBoard <dev@ibboard.co.uk>
parents:
134
diff
changeset
|
126 #Baidu gets firewalled |
4f9bc88a426a
Firewall Baidu's new Brazillian IP range for being to agressive
IBBoard <dev@ibboard.co.uk>
parents:
134
diff
changeset
|
127 source => '131.161.8.0/22', |
4f9bc88a426a
Firewall Baidu's new Brazillian IP range for being to agressive
IBBoard <dev@ibboard.co.uk>
parents:
134
diff
changeset
|
128 dport => [ 80, 443 ], |
4f9bc88a426a
Firewall Baidu's new Brazillian IP range for being to agressive
IBBoard <dev@ibboard.co.uk>
parents:
134
diff
changeset
|
129 proto => tcp, |
4f9bc88a426a
Firewall Baidu's new Brazillian IP range for being to agressive
IBBoard <dev@ibboard.co.uk>
parents:
134
diff
changeset
|
130 action => 'reject', |
4f9bc88a426a
Firewall Baidu's new Brazillian IP range for being to agressive
IBBoard <dev@ibboard.co.uk>
parents:
134
diff
changeset
|
131 } |
40
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
132 firewallchain { 'GREATFIREWALLOFCHINA:filter:IPv4': |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
133 ensure => present, |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
134 } |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
135 firewall { '050 Check our Great Firewall Against China': |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
136 chain => 'INPUT', |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
137 jump => 'GREATFIREWALLOFCHINA', |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
138 } |
64
3bb824dabaae
Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents:
61
diff
changeset
|
139 firewallchain { 'Fail2Ban:filter:IPv4': |
3bb824dabaae
Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents:
61
diff
changeset
|
140 ensure => present, |
3bb824dabaae
Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents:
61
diff
changeset
|
141 } |
3bb824dabaae
Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents:
61
diff
changeset
|
142 firewall { '060 Check Fail2Ban': |
3bb824dabaae
Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents:
61
diff
changeset
|
143 chain => 'INPUT', |
3bb824dabaae
Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents:
61
diff
changeset
|
144 jump => 'Fail2Ban', |
3bb824dabaae
Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons)
IBBoard <dev@ibboard.co.uk>
parents:
61
diff
changeset
|
145 } |
40
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
146 firewall { '100 allow https and http': |
91
61a79ae833cb
Follow the documentation properly and specify dport, not just port
IBBoard <dev@ibboard.co.uk>
parents:
87
diff
changeset
|
147 dport => [80, 443], |
40
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
148 proto => tcp, |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
149 action => accept, |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
150 } |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
151 firewall { '101 allow SMTP': |
91
61a79ae833cb
Follow the documentation properly and specify dport, not just port
IBBoard <dev@ibboard.co.uk>
parents:
87
diff
changeset
|
152 dport => [25, 465], |
40
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
153 proto => tcp, |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
154 action => accept, |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
155 } |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
156 firewall { '102 allow IMAPS': |
91
61a79ae833cb
Follow the documentation properly and specify dport, not just port
IBBoard <dev@ibboard.co.uk>
parents:
87
diff
changeset
|
157 dport => 993, |
40
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
158 proto => tcp, |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
159 action => accept, |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
160 } |
45 | 161 # Note: SSH port will be managed separately as we |
40
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
162 # put it on a different port to hide from script kiddy noise |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
163 } |
222904296578
Add firewall handling when we run without APF
IBBoard <dev@ibboard.co.uk>
parents:
38
diff
changeset
|
164 |
100
fd3446c3b7b9
Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs)
IBBoard <dev@ibboard.co.uk>
parents:
99
diff
changeset
|
165 class dnsresolver { |
fd3446c3b7b9
Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs)
IBBoard <dev@ibboard.co.uk>
parents:
99
diff
changeset
|
166 package { 'bind': |
fd3446c3b7b9
Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs)
IBBoard <dev@ibboard.co.uk>
parents:
99
diff
changeset
|
167 ensure => present, |
fd3446c3b7b9
Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs)
IBBoard <dev@ibboard.co.uk>
parents:
99
diff
changeset
|
168 } |
fd3446c3b7b9
Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs)
IBBoard <dev@ibboard.co.uk>
parents:
99
diff
changeset
|
169 |
fd3446c3b7b9
Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs)
IBBoard <dev@ibboard.co.uk>
parents:
99
diff
changeset
|
170 service { 'named': |
fd3446c3b7b9
Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs)
IBBoard <dev@ibboard.co.uk>
parents:
99
diff
changeset
|
171 ensure => running, |
fd3446c3b7b9
Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs)
IBBoard <dev@ibboard.co.uk>
parents:
99
diff
changeset
|
172 enable => true, |
fd3446c3b7b9
Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs)
IBBoard <dev@ibboard.co.uk>
parents:
99
diff
changeset
|
173 } |
fd3446c3b7b9
Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs)
IBBoard <dev@ibboard.co.uk>
parents:
99
diff
changeset
|
174 |
fd3446c3b7b9
Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs)
IBBoard <dev@ibboard.co.uk>
parents:
99
diff
changeset
|
175 file { '/etc/NetworkManager/conf.d/local-dns-resolver.conf': |
fd3446c3b7b9
Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs)
IBBoard <dev@ibboard.co.uk>
parents:
99
diff
changeset
|
176 ensure => present, |
fd3446c3b7b9
Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs)
IBBoard <dev@ibboard.co.uk>
parents:
99
diff
changeset
|
177 content => "[main] |
fd3446c3b7b9
Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs)
IBBoard <dev@ibboard.co.uk>
parents:
99
diff
changeset
|
178 dns=none", |
fd3446c3b7b9
Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs)
IBBoard <dev@ibboard.co.uk>
parents:
99
diff
changeset
|
179 } |
fd3446c3b7b9
Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs)
IBBoard <dev@ibboard.co.uk>
parents:
99
diff
changeset
|
180 |
101
a48b6011a084
Stop Bind trying IPv6, as we only have a link-local IP
IBBoard <dev@ibboard.co.uk>
parents:
100
diff
changeset
|
181 file { '/etc/sysconfig/named': |
a48b6011a084
Stop Bind trying IPv6, as we only have a link-local IP
IBBoard <dev@ibboard.co.uk>
parents:
100
diff
changeset
|
182 ensure => present, |
a48b6011a084
Stop Bind trying IPv6, as we only have a link-local IP
IBBoard <dev@ibboard.co.uk>
parents:
100
diff
changeset
|
183 content => 'OPTIONS="-4"', |
a48b6011a084
Stop Bind trying IPv6, as we only have a link-local IP
IBBoard <dev@ibboard.co.uk>
parents:
100
diff
changeset
|
184 } |
a48b6011a084
Stop Bind trying IPv6, as we only have a link-local IP
IBBoard <dev@ibboard.co.uk>
parents:
100
diff
changeset
|
185 |
100
fd3446c3b7b9
Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs)
IBBoard <dev@ibboard.co.uk>
parents:
99
diff
changeset
|
186 file { '/etc/resolv.conf': |
fd3446c3b7b9
Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs)
IBBoard <dev@ibboard.co.uk>
parents:
99
diff
changeset
|
187 ensure => present, |
fd3446c3b7b9
Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs)
IBBoard <dev@ibboard.co.uk>
parents:
99
diff
changeset
|
188 content => "nameserver 127.0.0.1" |
fd3446c3b7b9
Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs)
IBBoard <dev@ibboard.co.uk>
parents:
99
diff
changeset
|
189 } |
fd3446c3b7b9
Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs)
IBBoard <dev@ibboard.co.uk>
parents:
99
diff
changeset
|
190 } |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
191 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
192 class repos { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
193 yumrepo { 'epel': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
194 mirrorlist => 'https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
195 descr => "Extra Packages for Enterprise Linux", |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
196 enabled => 1, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
197 failovermethod => 'priority', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
198 gpgcheck => 1, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
199 gpgkey => 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
200 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
201 file { '/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
202 ensure => present, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
203 source => 'puppet:///common/RPM-GPG-KEY-EPEL-6' |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
204 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
205 yumrepo { 'ibboard': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
206 baseurl => 'http://download.opensuse.org/repositories/home:/IBBoard:/server/CentOS_CentOS-$releasever/', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
207 descr => 'IBBoard Server', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
208 enabled => 1, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
209 gpgcheck => 1, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
210 gpgkey => 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-IBBoard-OBS', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
211 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
212 file { '/etc/pki/rpm-gpg/RPM-GPG-KEY-IBBoard-OBS': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
213 ensure => present, |
32
6bbc86f6cee5
Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start)
IBBoard <dev@ibboard.co.uk>
parents:
25
diff
changeset
|
214 source => 'puppet:///common/RPM-GPG-KEY-IBBoard-OBS', |
6bbc86f6cee5
Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start)
IBBoard <dev@ibboard.co.uk>
parents:
25
diff
changeset
|
215 before => YumRepo['ibboard'], |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
216 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
217 yumrepo { 'webtatic': |
54
30f56d6f9d33
Make Webtatic distro-specific using built-in Yum variable
IBBoard <dev@ibboard.co.uk>
parents:
48
diff
changeset
|
218 mirrorlist => 'http://mirror.webtatic.com/yum/el$releasever/$basearch/mirrorlist', |
110 | 219 descr => "Webtatic Packages for Enterprise Linux", |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
220 enabled => 1, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
221 failovermethod => 'priority', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
222 gpgcheck => 1, |
108 | 223 gpgkey => 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-webtatic-el7', |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
224 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
225 file { '/etc/pki/rpm-gpg/RPM-GPG-KEY-webtatic-andy': |
108 | 226 ensure => absent, |
227 } | |
228 file { '/etc/pki/rpm-gpg/RPM-GPG-KEY-webtatic-el7': | |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
229 ensure => present, |
108 | 230 source => 'puppet:///common/RPM-GPG-KEY-webtatic-el7', |
32
6bbc86f6cee5
Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start)
IBBoard <dev@ibboard.co.uk>
parents:
25
diff
changeset
|
231 before => YumRepo['webtatic'], |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
232 } |
148 | 233 |
234 # Install Pip and symlink it so we can use it as a package provider | |
235 package { 'python2-pip': | |
236 ensure => installed; | |
237 } | |
238 -> | |
239 file { '/usr/bin/pip-python': | |
240 ensure => link, | |
241 target => '/usr/bin/pip', | |
242 } -> Package <| provider == 'pip' |> | |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
243 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
244 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
245 class tools { |
99
a0b9a810cf7d
Patch isn't a standard package on a minimal install. Make sure we have it.
IBBoard <dev@ibboard.co.uk>
parents:
97
diff
changeset
|
246 $packages = [ 'sqlite', 'bash-completion', 'nano', 'bzip2', 'mlocate', 'patch' ] |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
247 package { $packages: |
131
0dd899a10ee1
Change all "latest" packages to "installed"
IBBoard <dev@ibboard.co.uk>
parents:
129
diff
changeset
|
248 ensure => installed; |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
249 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
250 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
251 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
252 class logrotate { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
253 package { 'logrotate': |
131
0dd899a10ee1
Change all "latest" packages to "installed"
IBBoard <dev@ibboard.co.uk>
parents:
129
diff
changeset
|
254 ensure => installed; |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
255 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
256 file { '/etc/logrotate.d/httpd': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
257 ensure => present, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
258 source => 'puppet:///common/logrotate-httpd', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
259 require => Package['logrotate'], |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
260 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
261 file { '/etc/logrotate.d/trac': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
262 ensure => present, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
263 source => 'puppet:///common/logrotate-trac', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
264 require => Package['logrotate'], |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
265 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
266 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
267 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
268 class logwatch { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
269 package { 'logwatch': |
131
0dd899a10ee1
Change all "latest" packages to "installed"
IBBoard <dev@ibboard.co.uk>
parents:
129
diff
changeset
|
270 ensure => installed; |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
271 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
272 File { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
273 ensure => present, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
274 require => Package['logwatch'], |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
275 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
276 file { '/etc/cron.daily/0logwatch': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
277 source => 'puppet:///common/0logwatch'; |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
278 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
279 file { '/etc/logwatch/scripts/shared/': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
280 ensure => directory, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
281 } |
66
e424cd208b99
Update/fix Fail2Ban parsing in Logwatch
IBBoard <dev@ibboard.co.uk>
parents:
59
diff
changeset
|
282 file { '/etc/logwatch/scripts/services/fail2ban': |
e424cd208b99
Update/fix Fail2Ban parsing in Logwatch
IBBoard <dev@ibboard.co.uk>
parents:
59
diff
changeset
|
283 source => 'puppet:///common/logwatch/services-fail2ban', |
e424cd208b99
Update/fix Fail2Ban parsing in Logwatch
IBBoard <dev@ibboard.co.uk>
parents:
59
diff
changeset
|
284 } |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
285 file { '/etc/logwatch/scripts/services/http-error': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
286 source => 'puppet:///common/logwatch/http-error', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
287 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
288 file { '/etc/logwatch/scripts/services/php': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
289 source => 'puppet:///common/logwatch/scripts_php', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
290 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
291 file { '/etc/logwatch/scripts/services/mysql': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
292 source => 'puppet:///common/logwatch/scripts_mysql', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
293 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
294 file { '/etc/logwatch/scripts/services/dovecot': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
295 source => 'puppet:///common/logwatch/dovecot', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
296 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
297 file { '/etc/logwatch/scripts/services/postfix': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
298 source => 'puppet:///common/logwatch/postfix', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
299 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
300 file { '/etc/logwatch/scripts/shared/applyhttperrordate': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
301 source => 'puppet:///common/logwatch/applyhttperrordate', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
302 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
303 file { '/etc/logwatch/conf/logwatch.conf': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
304 content => 'Detail = Med', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
305 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
306 file { '/etc/logwatch/conf/logfiles/http.conf': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
307 content => 'LogFile = apache/access_*.log', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
308 } |
126
8316d4e55e92
Fix Apache 2.4 Logwatch support
IBBoard <dev@ibboard.co.uk>
parents:
125
diff
changeset
|
309 file { '/etc/logwatch/conf/logfiles/http-error-24.conf': |
8316d4e55e92
Fix Apache 2.4 Logwatch support
IBBoard <dev@ibboard.co.uk>
parents:
125
diff
changeset
|
310 source => 'puppet:///common/logwatch/log-http-error.conf', |
8316d4e55e92
Fix Apache 2.4 Logwatch support
IBBoard <dev@ibboard.co.uk>
parents:
125
diff
changeset
|
311 } |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
312 file { '/etc/logwatch/conf/logfiles/http-error.conf': |
126
8316d4e55e92
Fix Apache 2.4 Logwatch support
IBBoard <dev@ibboard.co.uk>
parents:
125
diff
changeset
|
313 ensure=> absent, |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
314 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
315 file { '/etc/logwatch/conf/services/http-error.conf': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
316 source => 'puppet:///common/logwatch/services-http-error.conf', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
317 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
318 file { '/etc/logwatch/conf/logfiles/php.conf': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
319 source => 'puppet:///common/logwatch/logfiles_php.conf', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
320 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
321 file { '/etc/logwatch/conf/services/php.conf': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
322 source => 'puppet:///common/logwatch/services_php.conf', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
323 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
324 file { '/etc/logwatch/conf/logfiles/mysql.conf': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
325 source => 'puppet:///common/logwatch/logfiles_mysql.conf', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
326 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
327 file { '/etc/logwatch/conf/services/mysql.conf': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
328 source => 'puppet:///common/logwatch/services_mysql.conf', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
329 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
330 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
331 |
35
1bb941522ebf
Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables)
IBBoard <dev@ibboard.co.uk>
parents:
32
diff
changeset
|
332 class fail2ban ( |
1bb941522ebf
Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables)
IBBoard <dev@ibboard.co.uk>
parents:
32
diff
changeset
|
333 $firewall_cmd, |
1bb941522ebf
Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables)
IBBoard <dev@ibboard.co.uk>
parents:
32
diff
changeset
|
334 ) { |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
335 package { 'fail2ban': |
131
0dd899a10ee1
Change all "latest" packages to "installed"
IBBoard <dev@ibboard.co.uk>
parents:
129
diff
changeset
|
336 ensure => installed, |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
337 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
338 service { 'fail2ban': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
339 ensure => running, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
340 enable => true |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
341 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
342 File { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
343 ensure => present, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
344 require => Package['fail2ban'], |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
345 notify => Service['fail2ban'], |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
346 } |
67
4be7f49debc2
"Already Banned" is actually at NOTICE
IBBoard <dev@ibboard.co.uk>
parents:
66
diff
changeset
|
347 file { '/etc/fail2ban/fail2ban.local': |
4be7f49debc2
"Already Banned" is actually at NOTICE
IBBoard <dev@ibboard.co.uk>
parents:
66
diff
changeset
|
348 source => 'puppet:///common/fail2ban/fail2ban.local', |
4be7f49debc2
"Already Banned" is actually at NOTICE
IBBoard <dev@ibboard.co.uk>
parents:
66
diff
changeset
|
349 } |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
350 file { '/etc/fail2ban/jail.local': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
351 source => 'puppet:///common/fail2ban/jail.local', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
352 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
353 file { '/etc/fail2ban/action.d/apf.conf': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
354 source => 'puppet:///common/fail2ban/apf.conf', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
355 } |
55
ce8eaaca6a34
Update firewalling so that we block the right ports when using iptables directly
IBBoard <dev@ibboard.co.uk>
parents:
54
diff
changeset
|
356 |
ce8eaaca6a34
Update firewalling so that we block the right ports when using iptables directly
IBBoard <dev@ibboard.co.uk>
parents:
54
diff
changeset
|
357 if $firewall_cmd == 'iptables' { |
ce8eaaca6a34
Update firewalling so that we block the right ports when using iptables directly
IBBoard <dev@ibboard.co.uk>
parents:
54
diff
changeset
|
358 $firewall_ban_cmd = 'iptables-multiport' |
ce8eaaca6a34
Update firewalling so that we block the right ports when using iptables directly
IBBoard <dev@ibboard.co.uk>
parents:
54
diff
changeset
|
359 } else { |
ce8eaaca6a34
Update firewalling so that we block the right ports when using iptables directly
IBBoard <dev@ibboard.co.uk>
parents:
54
diff
changeset
|
360 $firewall_ban_cmd = $firewall_cmd |
ce8eaaca6a34
Update firewalling so that we block the right ports when using iptables directly
IBBoard <dev@ibboard.co.uk>
parents:
54
diff
changeset
|
361 } |
ce8eaaca6a34
Update firewalling so that we block the right ports when using iptables directly
IBBoard <dev@ibboard.co.uk>
parents:
54
diff
changeset
|
362 |
35
1bb941522ebf
Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables)
IBBoard <dev@ibboard.co.uk>
parents:
32
diff
changeset
|
363 file { '/etc/fail2ban/action.d/firewall-ban.conf': |
1bb941522ebf
Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables)
IBBoard <dev@ibboard.co.uk>
parents:
32
diff
changeset
|
364 ensure => link, |
55
ce8eaaca6a34
Update firewalling so that we block the right ports when using iptables directly
IBBoard <dev@ibboard.co.uk>
parents:
54
diff
changeset
|
365 target => "/etc/fail2ban/action.d/${firewall_ban_cmd}.conf", |
35
1bb941522ebf
Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables)
IBBoard <dev@ibboard.co.uk>
parents:
32
diff
changeset
|
366 } |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
367 file { '/etc/fail2ban/filter.d/ibb-apache-exploits-instaban.conf': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
368 source => 'puppet:///common/fail2ban/ibb-apache-exploits-instaban.conf', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
369 } |
6
b7c30595c97a
Add "Shellshock" exploit Fail2ban rule
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
370 file { '/etc/fail2ban/filter.d/ibb-apache-shellshock.conf': |
b7c30595c97a
Add "Shellshock" exploit Fail2ban rule
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
371 source => 'puppet:///common/fail2ban/ibb-apache-shellshock.conf', |
b7c30595c97a
Add "Shellshock" exploit Fail2ban rule
IBBoard <dev@ibboard.co.uk>
parents:
0
diff
changeset
|
372 } |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
373 file { '/etc/fail2ban/filter.d/ibb-repeat-offender.conf': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
374 source => 'puppet:///common/fail2ban/ibb-repeat-offender.conf', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
375 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
376 file { '/etc/fail2ban/filter.d/ibb-postfix-spammers.conf': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
377 source => 'puppet:///common/fail2ban/ibb-postfix-spammers.conf', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
378 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
379 file { '/etc/fail2ban/filter.d/ibb-postfix-malicious.conf': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
380 source => 'puppet:///common/fail2ban/ibb-postfix-malicious.conf', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
381 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
382 file { '/etc/fail2ban/filter.d/ibb-postfix.conf': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
383 source => 'puppet:///common/fail2ban/ibb-postfix.conf', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
384 } |
32
6bbc86f6cee5
Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start)
IBBoard <dev@ibboard.co.uk>
parents:
25
diff
changeset
|
385 # Because one of our rules checks fail2ban's log, but the service dies without the file |
6bbc86f6cee5
Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start)
IBBoard <dev@ibboard.co.uk>
parents:
25
diff
changeset
|
386 file { '/var/log/fail2ban.log': |
6bbc86f6cee5
Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start)
IBBoard <dev@ibboard.co.uk>
parents:
25
diff
changeset
|
387 ensure => present, |
6bbc86f6cee5
Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start)
IBBoard <dev@ibboard.co.uk>
parents:
25
diff
changeset
|
388 owner => 'root', |
6bbc86f6cee5
Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start)
IBBoard <dev@ibboard.co.uk>
parents:
25
diff
changeset
|
389 group => 'root', |
6bbc86f6cee5
Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start)
IBBoard <dev@ibboard.co.uk>
parents:
25
diff
changeset
|
390 mode => '0600', |
6bbc86f6cee5
Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start)
IBBoard <dev@ibboard.co.uk>
parents:
25
diff
changeset
|
391 } |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
392 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
393 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
394 #Our web server with our configs, not just a stock one |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
395 class webserver ( |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
396 $primary_ip, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
397 $secondary_ip, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
398 ) { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
399 #Setup base website parameters |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
400 class { 'website': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
401 base_dir => '/srv/sites', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
402 primary_ip => $primary_ip, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
403 secondary_ip => $secondary_ip, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
404 default_owner => $defaultusers::default_user, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
405 default_group => $defaultusers::default_user, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
406 default_tld => 'co.uk', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
407 default_extra_tlds => [ 'com' ], |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
408 } |
110 | 409 |
410 # Use Webtatic's PHP 7 | |
411 $php_suffix = '70w' | |
412 | |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
413 #Configure the PHP version to use |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
414 class { 'website::php': |
110 | 415 suffix => $php_suffix, |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
416 opcache => 'opcache', |
69
565b788f7ac1
Allow for specifying extra PHP packages (e.g. to enable Posix)
IBBoard <dev@ibboard.co.uk>
parents:
67
diff
changeset
|
417 extras => [ 'process' ], |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
418 } |
24
204330fea19a
Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings)
IBBoard <dev@ibboard.co.uk>
parents:
18
diff
changeset
|
419 |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
420 #Setup MySQL, using (private) templates to make sure that we set non-std passwords and a default user |
24
204330fea19a
Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings)
IBBoard <dev@ibboard.co.uk>
parents:
18
diff
changeset
|
421 |
204330fea19a
Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings)
IBBoard <dev@ibboard.co.uk>
parents:
18
diff
changeset
|
422 if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, 7) >= 0 { |
204330fea19a
Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings)
IBBoard <dev@ibboard.co.uk>
parents:
18
diff
changeset
|
423 $mysqlpackage = 'mariadb' |
204330fea19a
Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings)
IBBoard <dev@ibboard.co.uk>
parents:
18
diff
changeset
|
424 $mysqlsuffix = '' |
48
5cdc1c96c477
Add SELinux support for website content
IBBoard <dev@ibboard.co.uk>
parents:
45
diff
changeset
|
425 |
74
c2e5027202e2
Add missing dependency for Trac Subversion support on CentOS 7
IBBoard <dev@ibboard.co.uk>
parents:
72
diff
changeset
|
426 $extra_packages = [ |
c2e5027202e2
Add missing dependency for Trac Subversion support on CentOS 7
IBBoard <dev@ibboard.co.uk>
parents:
72
diff
changeset
|
427 'policycoreutils-python', # Required for SELinux |
77
eea672621e7f
Add required package for email SPF checking
IBBoard <dev@ibboard.co.uk>
parents:
76
diff
changeset
|
428 'subversion-python', #Required for Trac |
78 | 429 'perl-Sys-Syslog', #Required for Perl SPF checking |
74
c2e5027202e2
Add missing dependency for Trac Subversion support on CentOS 7
IBBoard <dev@ibboard.co.uk>
parents:
72
diff
changeset
|
430 ] |
c2e5027202e2
Add missing dependency for Trac Subversion support on CentOS 7
IBBoard <dev@ibboard.co.uk>
parents:
72
diff
changeset
|
431 |
c2e5027202e2
Add missing dependency for Trac Subversion support on CentOS 7
IBBoard <dev@ibboard.co.uk>
parents:
72
diff
changeset
|
432 package { $extra_packages: |
c2e5027202e2
Add missing dependency for Trac Subversion support on CentOS 7
IBBoard <dev@ibboard.co.uk>
parents:
72
diff
changeset
|
433 ensure => installed |
c2e5027202e2
Add missing dependency for Trac Subversion support on CentOS 7
IBBoard <dev@ibboard.co.uk>
parents:
72
diff
changeset
|
434 } |
24
204330fea19a
Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings)
IBBoard <dev@ibboard.co.uk>
parents:
18
diff
changeset
|
435 } |
204330fea19a
Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings)
IBBoard <dev@ibboard.co.uk>
parents:
18
diff
changeset
|
436 else { |
204330fea19a
Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings)
IBBoard <dev@ibboard.co.uk>
parents:
18
diff
changeset
|
437 $mysqlpackage = 'mysql' |
204330fea19a
Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings)
IBBoard <dev@ibboard.co.uk>
parents:
18
diff
changeset
|
438 $mysqlsuffix = '55w' |
204330fea19a
Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings)
IBBoard <dev@ibboard.co.uk>
parents:
18
diff
changeset
|
439 } |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
440 class { 'website::mysql': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
441 mysqluser => template('defaultusers/mysql-user'), |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
442 mysqlpassword => template('defaultusers/mysql-password'), |
24
204330fea19a
Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings)
IBBoard <dev@ibboard.co.uk>
parents:
18
diff
changeset
|
443 mysqlprefix => $mysqlpackage, |
204330fea19a
Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings)
IBBoard <dev@ibboard.co.uk>
parents:
18
diff
changeset
|
444 mysqlsuffix => $mysqlsuffix, |
110 | 445 phpsuffix => $php_suffix, |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
446 phpmysqlsuffix => 'nd' |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
447 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
448 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
449 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
450 class ibboardvpsnode ( |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
451 $primary_ip, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
452 $secondary_ip, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
453 $mailserver, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
454 $imapserver, |
35
1bb941522ebf
Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables)
IBBoard <dev@ibboard.co.uk>
parents:
32
diff
changeset
|
455 $firewall_cmd = 'iptables', |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
456 ){ |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
457 class { 'basevpsnode': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
458 primary_ip => $primary_ip, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
459 secondary_ip => $secondary_ip, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
460 mailserver => $mailserver, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
461 imapserver => $imapserver, |
35
1bb941522ebf
Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables)
IBBoard <dev@ibboard.co.uk>
parents:
32
diff
changeset
|
462 firewall_cmd => $firewall_cmd, |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
463 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
464 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
465 # Common modules used by multiple sites (mod_auth_basic is safe because we HTTPS all the things) |
146
816e35f86a5d
Remove mod_auth_token and replace with mod_xsendfile
IBBoard <dev@ibboard.co.uk>
parents:
145
diff
changeset
|
466 $mods = [ 'auth_basic', |
816e35f86a5d
Remove mod_auth_token and replace with mod_xsendfile
IBBoard <dev@ibboard.co.uk>
parents:
145
diff
changeset
|
467 'authn_file', |
816e35f86a5d
Remove mod_auth_token and replace with mod_xsendfile
IBBoard <dev@ibboard.co.uk>
parents:
145
diff
changeset
|
468 'authz_user', |
816e35f86a5d
Remove mod_auth_token and replace with mod_xsendfile
IBBoard <dev@ibboard.co.uk>
parents:
145
diff
changeset
|
469 'deflate', |
816e35f86a5d
Remove mod_auth_token and replace with mod_xsendfile
IBBoard <dev@ibboard.co.uk>
parents:
145
diff
changeset
|
470 'xsendfile' |
816e35f86a5d
Remove mod_auth_token and replace with mod_xsendfile
IBBoard <dev@ibboard.co.uk>
parents:
145
diff
changeset
|
471 ] |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
472 apache::mod { |
146
816e35f86a5d
Remove mod_auth_token and replace with mod_xsendfile
IBBoard <dev@ibboard.co.uk>
parents:
145
diff
changeset
|
473 $mods:; |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
474 } |
25
13adb555a7e2
Use "<IfVersion>" to handle auth differences between 2.2 and 2.4
IBBoard <dev@ibboard.co.uk>
parents:
24
diff
changeset
|
475 if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, 7) >= 0 { |
13adb555a7e2
Use "<IfVersion>" to handle auth differences between 2.2 and 2.4
IBBoard <dev@ibboard.co.uk>
parents:
24
diff
changeset
|
476 apache::mod { |
13adb555a7e2
Use "<IfVersion>" to handle auth differences between 2.2 and 2.4
IBBoard <dev@ibboard.co.uk>
parents:
24
diff
changeset
|
477 'authn_core':; |
13adb555a7e2
Use "<IfVersion>" to handle auth differences between 2.2 and 2.4
IBBoard <dev@ibboard.co.uk>
parents:
24
diff
changeset
|
478 } |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
479 } |
146
816e35f86a5d
Remove mod_auth_token and replace with mod_xsendfile
IBBoard <dev@ibboard.co.uk>
parents:
145
diff
changeset
|
480 $apache_packages = [ 'mod_xsendfile' ] |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
481 package { $apache_packages: |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
482 ensure => present; |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
483 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
484 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
485 #Configure our sites, using templates for the custom fragments where the extra content is too long |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
486 include adminsite |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
487 website::https::multitld { 'www.ibboard': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
488 custom_fragment => template("private/apache/ibboard.fragment"), |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
489 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
490 include hiveworldterrasite |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
491 include glittergothsite |
145 | 492 include bdstrikesite |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
493 include devsite |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
494 website::https::multitld { 'www.abiknight': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
495 custom_fragment => "$website::htmlphpfragment |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
496 ErrorDocument 404 /error.php", |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
497 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
498 website::https::multitld { 'www.gracebertram': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
499 main_tld => 'com', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
500 extra_tlds => [ 'co.uk' ], |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
501 docroot_owner => $defaultusers::secondary_user, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
502 docroot_group => 'editors', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
503 custom_fragment => template("private/apache/gracebertram.fragment"), |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
504 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
505 website::https { 'www.realmrunner.com': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
506 docroot => "${website::basedir}/gracebertram", # Don't give it a separate docroot because it is a redirect via the fragment |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
507 docroot_owner => $defaultusers::secondary_user, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
508 docroot_group => 'editors', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
509 serveraliases => 'realmrunner.com', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
510 custom_fragment => template("private/apache/realmrunner.fragment"), |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
511 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
512 include webmailpimsite |
13 | 513 website::http { 'lktutoring.co.uk': |
514 docroot_owner => $defaultusers::secondary_user, | |
515 docroot_group => 'editors', | |
516 serveraliases => [ 'www.lktutoring.co.uk', 'lktutoring.com', 'www.lktutoring.com' ], | |
517 ensure => 'present', | |
518 custom_fragment => 'Include conf.extra/no-index.conf | |
519 Include conf.custom/filter-core.conf | |
520 Include conf.extra/no-www.conf | |
521 Include conf.extra/no-com.conf | |
522 Include conf.extra/html-php.conf | |
523 #Additional custom fragment | |
524 ErrorDocument 404 /error.php', | |
525 } | |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
526 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
527 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
528 class adminsite{ |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
529 apache::mod { 'info':; 'status':; 'cgi':; } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
530 website::https::multitld { 'admin.ibboard': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
531 force_no_index => false, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
532 ssl_ca_chain => '', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
533 custom_fragment => template("private/apache/admin.fragment"), |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
534 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
535 cron { 'loadavg': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
536 command => '/usr/local/bin/run-loadavg-logger', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
537 user => apache, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
538 minute => '*/6' |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
539 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
540 cron { 'awstats': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
541 command => '/usr/local/bin/update-awstats > /srv/sites/admin/awstats.log', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
542 user => apache, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
543 hour => '*/6', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
544 minute => '0' |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
545 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
546 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
547 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
548 class hiveworldterrasite { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
549 website::https::multitld { 'www.hiveworldterra': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
550 force_no_www => false, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
551 custom_fragment => template("private/apache/hwt.fragment"), |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
552 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
553 website::https::multitld { 'forums.hiveworldterra': |
59
851f7fa888eb
Add more complex fragment for Forums to stop hotlinking
IBBoard <dev@ibboard.co.uk>
parents:
52
diff
changeset
|
554 custom_fragment => template("private/apache/forums.fragment"), |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
555 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
556 website::https::multitld { 'skins.hiveworldterra': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
557 custom_fragment => template("private/apache/skins.fragment"), |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
558 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
559 website::https::redir { 'hiveworldterra.ibboard.co.uk': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
560 redir => 'https://www.hiveworldterra.co.uk/', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
561 docroot => "${website::basedir}/hiveworldterra", |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
562 separate_log => true, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
563 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
564 } |
145 | 565 class bdstrikesite { |
566 website::https::multitld { 'www.bdstrike': | |
567 docroot_owner => $defaultusers::secondary_user, | |
568 docroot_group => 'editors', | |
569 } | |
570 website::https::multitldredir { 'www.strikecreations.co.uk': | |
571 main_domain => 'bdstrike.co.uk', | |
572 docroot => "${website::basedir}/bdstrike", | |
573 docroot_owner => $defaultusers::secondary_user, | |
574 docroot_group => 'editors', | |
575 # separate_log => true, | |
576 } | |
577 website::https::multitldredir { 'www.strikecreations.com': | |
578 main_domain => 'bdstrike.co.uk', | |
579 docroot => "${website::basedir}/bdstrike", | |
580 docroot_owner => $defaultusers::secondary_user, | |
581 docroot_group => 'editors', | |
582 # separate_log => true, | |
583 } | |
584 } | |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
585 class devsite { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
586 apache::mod { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
587 # mod_wsgi for Python support |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
588 'wsgi':; |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
589 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
590 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
591 include python::venv |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
592 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
593 # Create Python virtualenvs for the dev site apps |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
594 python::venv::isolate { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
595 "/srv/rhodecode/virtualenv":; |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
596 "/srv/trac/virtualenv":; |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
597 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
598 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
599 # Graphviz for Trac "master ticket" graphs |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
600 package { 'graphviz': |
131
0dd899a10ee1
Change all "latest" packages to "installed"
IBBoard <dev@ibboard.co.uk>
parents:
129
diff
changeset
|
601 ensure => installed, |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
602 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
603 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
604 website::https::multitld { 'www.warfoundry': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
605 custom_fragment => template("private/apache/warfoundry.fragment"), |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
606 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
607 website::https::multitld { 'dev.ibboard': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
608 #Make sure we're the first one hit for the tiny fraction of "no support" cases we care about (potentially Python for Mercurial!) |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
609 # http://en.wikipedia.org/wiki/Server_Name_Indication#No_support |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
610 priority => 1, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
611 custom_fragment => template("private/apache/dev.fragment"), |
52
be1e9773a12c
Mercurial repo versions index.php files etc, so removing index.php breaks things!
IBBoard <dev@ibboard.co.uk>
parents:
44
diff
changeset
|
612 force_no_index => false, |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
613 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
614 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
615 class glittergothsite { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
616 website::https::multitld { 'www.glittergoth': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
617 ip => $website::secondary_ip, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
618 priority => 1, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
619 ssl_ca_chain => 'glittergoth.ca-bundle', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
620 docroot_owner => $defaultusers::secondary_user, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
621 docroot_group => 'editors', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
622 force_no_index => false, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
623 custom_fragment => template("private/apache/glittergoth.fragment"), |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
624 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
625 website::https { 'test.glittergoth.co.uk': |
134
b1815d10eb91
Do not supply incorrect CA chain for GG Test site
IBBoard <dev@ibboard.co.uk>
parents:
131
diff
changeset
|
626 ssl_ca_chain => '', |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
627 docroot => "${website::basedir}/glittergoth-test", |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
628 docroot_owner => $defaultusers::secondary_user, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
629 docroot_group => 'editors', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
630 ip => $website::secondary_ip, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
631 force_no_index => false, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
632 custom_fragment => template("private/apache/glittergoth-test.fragment"), |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
633 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
634 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
635 # Website specific cron jobs |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
636 cron { 'backupopencart': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
637 command => "/usr/local/bin/backupdb opencart", |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
638 user => 'root', |
141
ce6aafd0880b
Make GG DB backup less frequent now that site is closing
IBBoard <dev@ibboard.co.uk>
parents:
140
diff
changeset
|
639 monthday => "*/2", |
ce6aafd0880b
Make GG DB backup less frequent now that site is closing
IBBoard <dev@ibboard.co.uk>
parents:
140
diff
changeset
|
640 hour => "4", |
ce6aafd0880b
Make GG DB backup less frequent now that site is closing
IBBoard <dev@ibboard.co.uk>
parents:
140
diff
changeset
|
641 minute => "39" |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
642 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
643 cron { 'requestreviews': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
644 command => '/usr/local/bin/request-reviews 2> /srv/sites/admin/request-reviews.log', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
645 user => 'apache', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
646 hour => 4, |
103
ba526e874db0
Remove review email, as GG is shutting down
IBBoard <dev@ibboard.co.uk>
parents:
101
diff
changeset
|
647 minute => 5, |
ba526e874db0
Remove review email, as GG is shutting down
IBBoard <dev@ibboard.co.uk>
parents:
101
diff
changeset
|
648 ensure => absent, |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
649 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
650 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
651 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
652 class webmailpimsite { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
653 # Webmail and Personal Information Management (PIM) sites |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
654 website::https { 'webmail.ibboard.co.uk': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
655 force_no_index => false, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
656 ssl_ca_chain => '', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
657 custom_fragment => template("private/apache/webmail.fragment"), |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
658 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
659 website::https { 'pim.ibboard.co.uk': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
660 force_no_index => false, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
661 lockdown_requests => false, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
662 ssl_ca_chain => '', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
663 custom_fragment => template("private/apache/pim.fragment"), |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
664 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
665 cron { 'owncloudcron': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
666 command => "/usr/local/bin/owncloud-cron", |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
667 user => 'apache', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
668 minute => '*/15', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
669 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
670 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
671 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
672 class email ( |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
673 $mailserver, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
674 $imapserver, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
675 ){ |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
676 class { 'postfix': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
677 mailserver => $mailserver, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
678 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
679 class { 'dovecot': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
680 imapserver => $imapserver, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
681 } |
140
6eef7cec8658
Remove ClamAV from server config
IBBoard <dev@ibboard.co.uk>
parents:
139
diff
changeset
|
682 package { [ 'amavisd-new' ]: |
85 | 683 ensure => installed, |
684 tag => 'av', | |
685 } | |
86
4f59d2fcd521
Make sure that Amavis daemon is running so mail gets delivered after reboot!
IBBoard <dev@ibboard.co.uk>
parents:
85
diff
changeset
|
686 service { 'amavisd': |
4f59d2fcd521
Make sure that Amavis daemon is running so mail gets delivered after reboot!
IBBoard <dev@ibboard.co.uk>
parents:
85
diff
changeset
|
687 ensure => 'running', |
4f59d2fcd521
Make sure that Amavis daemon is running so mail gets delivered after reboot!
IBBoard <dev@ibboard.co.uk>
parents:
85
diff
changeset
|
688 enable => 'true', |
4f59d2fcd521
Make sure that Amavis daemon is running so mail gets delivered after reboot!
IBBoard <dev@ibboard.co.uk>
parents:
85
diff
changeset
|
689 } |
85 | 690 file { '/etc/amavisd/amavisd.conf': |
691 ensure => present, | |
692 source => 'puppet:///private/postfix/amavisd.conf', | |
693 tag => 'av', | |
694 } | |
142
dae1088dd218
Add OLE detection to SpamAssassin without ClamAV
IBBoard <dev@ibboard.co.uk>
parents:
141
diff
changeset
|
695 file { '/etc/mail/spamassassin/ole2macro.cf': |
dae1088dd218
Add OLE detection to SpamAssassin without ClamAV
IBBoard <dev@ibboard.co.uk>
parents:
141
diff
changeset
|
696 ensure => present, |
dae1088dd218
Add OLE detection to SpamAssassin without ClamAV
IBBoard <dev@ibboard.co.uk>
parents:
141
diff
changeset
|
697 source => 'puppet:///common/ole2macro.cf', |
dae1088dd218
Add OLE detection to SpamAssassin without ClamAV
IBBoard <dev@ibboard.co.uk>
parents:
141
diff
changeset
|
698 tag => 'av', |
dae1088dd218
Add OLE detection to SpamAssassin without ClamAV
IBBoard <dev@ibboard.co.uk>
parents:
141
diff
changeset
|
699 } |
dae1088dd218
Add OLE detection to SpamAssassin without ClamAV
IBBoard <dev@ibboard.co.uk>
parents:
141
diff
changeset
|
700 file { '/etc/mail/spamassassin/ole2macro.pm': |
dae1088dd218
Add OLE detection to SpamAssassin without ClamAV
IBBoard <dev@ibboard.co.uk>
parents:
141
diff
changeset
|
701 ensure => present, |
dae1088dd218
Add OLE detection to SpamAssassin without ClamAV
IBBoard <dev@ibboard.co.uk>
parents:
141
diff
changeset
|
702 source => 'puppet:///common/spamassassin-vba-macro-master/ole2macro.pm', |
dae1088dd218
Add OLE detection to SpamAssassin without ClamAV
IBBoard <dev@ibboard.co.uk>
parents:
141
diff
changeset
|
703 tag => 'av', |
dae1088dd218
Add OLE detection to SpamAssassin without ClamAV
IBBoard <dev@ibboard.co.uk>
parents:
141
diff
changeset
|
704 } |
85 | 705 Package<| tag == 'av' |> -> File<| tag == 'av' |> |
87
6be21a984126
Make sure that config file changes for changes trigger a reload
IBBoard <dev@ibboard.co.uk>
parents:
86
diff
changeset
|
706 File<| tag == 'av' |> { |
6be21a984126
Make sure that config file changes for changes trigger a reload
IBBoard <dev@ibboard.co.uk>
parents:
86
diff
changeset
|
707 notify => Service['amavisd'], |
6be21a984126
Make sure that config file changes for changes trigger a reload
IBBoard <dev@ibboard.co.uk>
parents:
86
diff
changeset
|
708 } |
125
ca711ab45f17
Schedule Postwhite to run regularly
IBBoard <dev@ibboard.co.uk>
parents:
122
diff
changeset
|
709 cron { 'Postwhite': |
129
16a931df5fd7
Filter what we see in Postwhite cron output
IBBoard <dev@ibboard.co.uk>
parents:
128
diff
changeset
|
710 command => "/usr/local/bin/postwhite 2>&1| grep -vE '^(Starting|Recursively|Getting|Querying|Removing|Sorting|$)'", |
125
ca711ab45f17
Schedule Postwhite to run regularly
IBBoard <dev@ibboard.co.uk>
parents:
122
diff
changeset
|
711 user => 'root', |
ca711ab45f17
Schedule Postwhite to run regularly
IBBoard <dev@ibboard.co.uk>
parents:
122
diff
changeset
|
712 weekday => 0, |
128
379089631403
Fix rookie cron mistake - don't run Postwhite EVERY MINUTE!
IBBoard <dev@ibboard.co.uk>
parents:
126
diff
changeset
|
713 hour => 2, |
379089631403
Fix rookie cron mistake - don't run Postwhite EVERY MINUTE!
IBBoard <dev@ibboard.co.uk>
parents:
126
diff
changeset
|
714 minute => 0, |
125
ca711ab45f17
Schedule Postwhite to run regularly
IBBoard <dev@ibboard.co.uk>
parents:
122
diff
changeset
|
715 } |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
716 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
717 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
718 class cronjobs { |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
719 # Add Mutt for scripts that send emails, but stop it clogging the disk by keeping copies of emails |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
720 package { 'mutt': |
131
0dd899a10ee1
Change all "latest" packages to "installed"
IBBoard <dev@ibboard.co.uk>
parents:
129
diff
changeset
|
721 ensure => installed, |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
722 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
723 file { '/etc/Muttrc.local': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
724 content => 'set copy = no', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
725 require => Package['mutt'], |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
726 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
727 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
728 # General server-wide cron jobs |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
729 Cron { user => 'root' } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
730 cron { 'backupalldbs': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
731 command => "/usr/local/bin/backupalldbs", |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
732 monthday => "*/2", |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
733 hour => "4", |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
734 minute => "9" |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
735 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
736 cron { 'greatfirewallofchina': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
737 command => '/usr/local/bin/update-great-firewall-of-china', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
738 hour => 3, |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
739 minute => 30 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
740 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
741 cron { 'permissions': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
742 command => '/usr/local/bin/set-permissions', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
743 hour => 3, |
14
534e584f21ce
Tweak time on permission setting script so that it is less likely to clash with LoadAVG run every 6 minutes
IBBoard <dev@ibboard.co.uk>
parents:
13
diff
changeset
|
744 minute => 2 |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
745 } |
55
ce8eaaca6a34
Update firewalling so that we block the right ports when using iptables directly
IBBoard <dev@ibboard.co.uk>
parents:
54
diff
changeset
|
746 # Since we're only managing the local server, use our script that wraps "puppet apply" instead of PuppetMaster |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
747 cron { 'puppet': |
79
edd0e9f8af24
Hide extra output from Puppet cron job that later Puppet generates
IBBoard <dev@ibboard.co.uk>
parents:
78
diff
changeset
|
748 command => '/usr/local/bin/puppet-apply | grep -v "Compiled catalog for\|Finished catalog run in"', |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
749 hour => '*/6', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
750 minute => 5 |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
751 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
752 cron { 'purgecaches': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
753 command => "/usr/local/bin/purge-caches", |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
754 hour => '4', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
755 minute => '15', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
756 weekday => '1', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
757 } |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
758 # Notify of uncommitted files |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
759 cron { 'check-mercurial-committed': |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
760 command => "/usr/local/bin/check-hg-status", |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
761 hour => '4', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
762 minute => '20', |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
763 weekday => '0-6/3', #Sunday, Wednesday and Saturday morning |
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
764 } |
93
74678cd7a200
Run cron job to notify of available updates
IBBoard <dev@ibboard.co.uk>
parents:
91
diff
changeset
|
765 # Notify of available updates |
74678cd7a200
Run cron job to notify of available updates
IBBoard <dev@ibboard.co.uk>
parents:
91
diff
changeset
|
766 cron { 'check-yum-updates': |
96
009a7a75ddfd
Remove repo checking cruft from potential Yum Check Update cron job output
IBBoard <dev@ibboard.co.uk>
parents:
95
diff
changeset
|
767 command => '/usr/bin/yum check-updates | tail -2 | grep -Ev "^ \* \w+: \w+"', |
93
74678cd7a200
Run cron job to notify of available updates
IBBoard <dev@ibboard.co.uk>
parents:
91
diff
changeset
|
768 hour => '4', |
74678cd7a200
Run cron job to notify of available updates
IBBoard <dev@ibboard.co.uk>
parents:
91
diff
changeset
|
769 minute => '30', |
74678cd7a200
Run cron job to notify of available updates
IBBoard <dev@ibboard.co.uk>
parents:
91
diff
changeset
|
770 weekday => '0-6/3', #Sunday, Wednesday and Saturday morning |
74678cd7a200
Run cron job to notify of available updates
IBBoard <dev@ibboard.co.uk>
parents:
91
diff
changeset
|
771 } |
97
b69e3f6708d6
Add another regular command to check that we've not got services requiring a restart
IBBoard <dev@ibboard.co.uk>
parents:
96
diff
changeset
|
772 # And check whether anything needs restarting |
b69e3f6708d6
Add another regular command to check that we've not got services requiring a restart
IBBoard <dev@ibboard.co.uk>
parents:
96
diff
changeset
|
773 cron { 'check-needs-restarting': |
b69e3f6708d6
Add another regular command to check that we've not got services requiring a restart
IBBoard <dev@ibboard.co.uk>
parents:
96
diff
changeset
|
774 command => '/usr/bin/needs-restarting|grep -v "/usr/lib/systemd\|/usr/sbin/lvmetad\|/usr/lib/polkit-1/polkitd"', |
b69e3f6708d6
Add another regular command to check that we've not got services requiring a restart
IBBoard <dev@ibboard.co.uk>
parents:
96
diff
changeset
|
775 hour => '4', |
b69e3f6708d6
Add another regular command to check that we've not got services requiring a restart
IBBoard <dev@ibboard.co.uk>
parents:
96
diff
changeset
|
776 minute => '45', |
b69e3f6708d6
Add another regular command to check that we've not got services requiring a restart
IBBoard <dev@ibboard.co.uk>
parents:
96
diff
changeset
|
777 weekday => '0-6/3', #Sunday, Wednesday and Saturday morning |
b69e3f6708d6
Add another regular command to check that we've not got services requiring a restart
IBBoard <dev@ibboard.co.uk>
parents:
96
diff
changeset
|
778 } |
0
956e484adc12
Initial public release of Puppet configs
IBBoard <dev@ibboard.co.uk>
parents:
diff
changeset
|
779 } |