other/Puppet: manifests/templates.pp annotate

annotate manifests/templates.pp @ 148:d9fcabc75a1e puppet-3.6

Fix pip installations We didn't specify Pip package before so we couldn't bootstrap from cold. Also, and Pip is too clever. If package name is wrong but close enough, Pip installs it anyway but next run Puppet can't find the package because of typo and tells Pip to install it again!

author	IBBoard <dev@ibboard.co.uk>
date	Sun, 26 Mar 2017 16:12:57 +0100
parents	6cb6dc1f74d4
children	060f81349dd6

rev	line source
32 6bbc86f6cee5 Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start) IBBoard <dev@ibboard.co.uk> parents: 25 diff changeset	1 # Make sure packages come after their repos
6bbc86f6cee5 Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start) IBBoard <dev@ibboard.co.uk> parents: 25 diff changeset	2 YumRepo<\| \|> -> Package<\| \|>
6bbc86f6cee5 Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start) IBBoard <dev@ibboard.co.uk> parents: 25 diff changeset	3
6bbc86f6cee5 Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start) IBBoard <dev@ibboard.co.uk> parents: 25 diff changeset	4 # Make sure all files are in place before starting services
6bbc86f6cee5 Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start) IBBoard <dev@ibboard.co.uk> parents: 25 diff changeset	5 File<\| \|> -> Service<\| \|>
6bbc86f6cee5 Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start) IBBoard <dev@ibboard.co.uk> parents: 25 diff changeset	6
6bbc86f6cee5 Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start) IBBoard <dev@ibboard.co.uk> parents: 25 diff changeset	7
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	8 class basenode {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	9 $os = $operatingsystem
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	10 $osver = "v${operatingsystemrelease}"
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	11 include sudo
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	12
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	13 include defaultusers
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	14 include logwatch
24 204330fea19a Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings) IBBoard <dev@ibboard.co.uk> parents: 18 diff changeset	15
204330fea19a Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings) IBBoard <dev@ibboard.co.uk> parents: 18 diff changeset	16 file { '/etc/puppet/hiera.yaml':
204330fea19a Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings) IBBoard <dev@ibboard.co.uk> parents: 18 diff changeset	17 ensure => present,
204330fea19a Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings) IBBoard <dev@ibboard.co.uk> parents: 18 diff changeset	18 content => "---
204330fea19a Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings) IBBoard <dev@ibboard.co.uk> parents: 18 diff changeset	19 :backends: yaml
204330fea19a Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings) IBBoard <dev@ibboard.co.uk> parents: 18 diff changeset	20 :yaml:
204330fea19a Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings) IBBoard <dev@ibboard.co.uk> parents: 18 diff changeset	21 :datadir: /var/lib/hiera
204330fea19a Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings) IBBoard <dev@ibboard.co.uk> parents: 18 diff changeset	22 :hierarchy: common
204330fea19a Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings) IBBoard <dev@ibboard.co.uk> parents: 18 diff changeset	23 :logger: console",
204330fea19a Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings) IBBoard <dev@ibboard.co.uk> parents: 18 diff changeset	24 }
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	25 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	26
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	27 class basevpsnode (
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	28 $primary_ip,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	29 $secondary_ip,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	30 $mailserver,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	31 $imapserver,
35 1bb941522ebf Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables) IBBoard <dev@ibboard.co.uk> parents: 32 diff changeset	32 $firewall_cmd = 'iptables',
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	33 ) {
44 546dfa011f58 Remove "puppet" host name because we don't need it IBBoard <dev@ibboard.co.uk> parents: 18 diff changeset	34
40 222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	35 if $firewall_cmd == 'iptables' {
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	36 include vpsfirewall
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	37 }
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	38
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	39 #VPS is a self-mastered Puppet machine, so bodge a Hosts file
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	40 file { '/etc/hosts':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	41 ensure => present,
44 546dfa011f58 Remove "puppet" host name because we don't need it IBBoard <dev@ibboard.co.uk> parents: 18 diff changeset	42 content => "127.0.0.1 localhost
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	43 $primary_ip ${fqdn}",
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	44 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	45
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	46 require repos
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	47 include basenode
41 765bf01c2044 Load custom "private" rules/config IBBoard <dev@ibboard.co.uk> parents: 40 diff changeset	48 include private
100 fd3446c3b7b9 Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs) IBBoard <dev@ibboard.co.uk> parents: 99 diff changeset	49 include dnsresolver
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	50 include ssh::server
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	51 include vcs::server
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	52 include vcs::client
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	53 class { 'webserver':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	54 primary_ip => $primary_ip,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	55 secondary_ip => $secondary_ip,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	56 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	57 include cronjobs
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	58 include logrotate
35 1bb941522ebf Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables) IBBoard <dev@ibboard.co.uk> parents: 32 diff changeset	59 class { 'fail2ban':
1bb941522ebf Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables) IBBoard <dev@ibboard.co.uk> parents: 32 diff changeset	60 firewall_cmd => $firewall_cmd,
1bb941522ebf Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables) IBBoard <dev@ibboard.co.uk> parents: 32 diff changeset	61 }
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	62 include tools
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	63 class { 'email':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	64 mailserver => $mailserver,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	65 imapserver => $imapserver,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	66 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	67 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	68
100 fd3446c3b7b9 Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs) IBBoard <dev@ibboard.co.uk> parents: 99 diff changeset	69 ## Classes to allow facet behaviour using preconfigured setups of classes
fd3446c3b7b9 Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs) IBBoard <dev@ibboard.co.uk> parents: 99 diff changeset	70
40 222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	71 class vpsfirewall {
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	72 resources { "firewall":
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	73 purge => false,
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	74 }
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	75 firewallchain { 'INPUT:filter:IPv4':
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	76 purge => true,
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	77 ignore => [
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	78 '-j f2b-[^ ]+$',
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	79 '^(:\|-A )f2b-',
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	80 '--comment "Great Firewall of China"',
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	81 '--comment "Do not purge',
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	82 ],
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	83 }
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	84 Firewall {
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	85 before => Class['my_fw::post'],
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	86 require => Class['my_fw::pre'],
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	87 }
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	88 class { ['my_fw::pre', 'my_fw::post']: }
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	89 class { 'firewall': }
64 3bb824dabaae Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons) IBBoard <dev@ibboard.co.uk> parents: 61 diff changeset	90 firewall { '010 Whitelist Googlebot':
3bb824dabaae Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons) IBBoard <dev@ibboard.co.uk> parents: 61 diff changeset	91 source => '66.249.64.0/19',
91 61a79ae833cb Follow the documentation properly and specify dport, not just port IBBoard <dev@ibboard.co.uk> parents: 87 diff changeset	92 dport => [80,443],
64 3bb824dabaae Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons) IBBoard <dev@ibboard.co.uk> parents: 61 diff changeset	93 proto => tcp,
3bb824dabaae Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons) IBBoard <dev@ibboard.co.uk> parents: 61 diff changeset	94 action => accept,
3bb824dabaae Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons) IBBoard <dev@ibboard.co.uk> parents: 61 diff changeset	95 }
122 033282abfc28 Blacklist more spamming IPs (with a ######.info domain) IBBoard <dev@ibboard.co.uk> parents: 118 diff changeset	96 firewall { '099 Blacklist spammers 1':
91 61a79ae833cb Follow the documentation properly and specify dport, not just port IBBoard <dev@ibboard.co.uk> parents: 87 diff changeset	97 source => '146.0.229.80/28',
61a79ae833cb Follow the documentation properly and specify dport, not just port IBBoard <dev@ibboard.co.uk> parents: 87 diff changeset	98 dport => [465, 25],
61a79ae833cb Follow the documentation properly and specify dport, not just port IBBoard <dev@ibboard.co.uk> parents: 87 diff changeset	99 proto => tcp,
61a79ae833cb Follow the documentation properly and specify dport, not just port IBBoard <dev@ibboard.co.uk> parents: 87 diff changeset	100 action => 'reject',
61a79ae833cb Follow the documentation properly and specify dport, not just port IBBoard <dev@ibboard.co.uk> parents: 87 diff changeset	101 }
122 033282abfc28 Blacklist more spamming IPs (with a ######.info domain) IBBoard <dev@ibboard.co.uk> parents: 118 diff changeset	102 firewall { '099 Blacklist spammers 2':
033282abfc28 Blacklist more spamming IPs (with a ######.info domain) IBBoard <dev@ibboard.co.uk> parents: 118 diff changeset	103 source => '89.43.62.0/24',
033282abfc28 Blacklist more spamming IPs (with a ######.info domain) IBBoard <dev@ibboard.co.uk> parents: 118 diff changeset	104 dport => [465, 25],
033282abfc28 Blacklist more spamming IPs (with a ######.info domain) IBBoard <dev@ibboard.co.uk> parents: 118 diff changeset	105 proto => tcp,
033282abfc28 Blacklist more spamming IPs (with a ######.info domain) IBBoard <dev@ibboard.co.uk> parents: 118 diff changeset	106 action => 'reject',
033282abfc28 Blacklist more spamming IPs (with a ######.info domain) IBBoard <dev@ibboard.co.uk> parents: 118 diff changeset	107 }
139 abaf384dc939 Block another annoying IP with a firewall rule IBBoard <dev@ibboard.co.uk> parents: 137 diff changeset	108 # German server that did 5000+ HEAD requests in <10 days to "/" on one site
abaf384dc939 Block another annoying IP with a firewall rule IBBoard <dev@ibboard.co.uk> parents: 137 diff changeset	109 firewall { '099 Blacklist spammers 3':
abaf384dc939 Block another annoying IP with a firewall rule IBBoard <dev@ibboard.co.uk> parents: 137 diff changeset	110 source => '78.47.182.152',
abaf384dc939 Block another annoying IP with a firewall rule IBBoard <dev@ibboard.co.uk> parents: 137 diff changeset	111 dport => [465, 25],
abaf384dc939 Block another annoying IP with a firewall rule IBBoard <dev@ibboard.co.uk> parents: 137 diff changeset	112 proto => tcp,
abaf384dc939 Block another annoying IP with a firewall rule IBBoard <dev@ibboard.co.uk> parents: 137 diff changeset	113 action => 'reject',
abaf384dc939 Block another annoying IP with a firewall rule IBBoard <dev@ibboard.co.uk> parents: 137 diff changeset	114 }
118 f0a86e36d33f Ban IODC bot, because they can't behave and don't have robots.txt instructions IBBoard <dev@ibboard.co.uk> parents: 110 diff changeset	115 firewall { '099 Blacklist IODC bot':
f0a86e36d33f Ban IODC bot, because they can't behave and don't have robots.txt instructions IBBoard <dev@ibboard.co.uk> parents: 110 diff changeset	116 # IODC bot makes too many bad requests, and contact form is broken
f0a86e36d33f Ban IODC bot, because they can't behave and don't have robots.txt instructions IBBoard <dev@ibboard.co.uk> parents: 110 diff changeset	117 # They don't publish a robots.txt name, so firewall it!
f0a86e36d33f Ban IODC bot, because they can't behave and don't have robots.txt instructions IBBoard <dev@ibboard.co.uk> parents: 110 diff changeset	118 source => '86.153.145.149',
f0a86e36d33f Ban IODC bot, because they can't behave and don't have robots.txt instructions IBBoard <dev@ibboard.co.uk> parents: 110 diff changeset	119 dport => [ 80, 443 ],
f0a86e36d33f Ban IODC bot, because they can't behave and don't have robots.txt instructions IBBoard <dev@ibboard.co.uk> parents: 110 diff changeset	120 proto => tcp,
f0a86e36d33f Ban IODC bot, because they can't behave and don't have robots.txt instructions IBBoard <dev@ibboard.co.uk> parents: 110 diff changeset	121 action => 'reject',
137 4f9bc88a426a Firewall Baidu's new Brazillian IP range for being to agressive IBBoard <dev@ibboard.co.uk> parents: 134 diff changeset	122 }
4f9bc88a426a Firewall Baidu's new Brazillian IP range for being to agressive IBBoard <dev@ibboard.co.uk> parents: 134 diff changeset	123 firewall { '099 Blacklist Baidu Brazil':
4f9bc88a426a Firewall Baidu's new Brazillian IP range for being to agressive IBBoard <dev@ibboard.co.uk> parents: 134 diff changeset	124 #Baidu got a Brazilian netblock and are hitting us hard
4f9bc88a426a Firewall Baidu's new Brazillian IP range for being to agressive IBBoard <dev@ibboard.co.uk> parents: 134 diff changeset	125 #Baidu doesn't honour "crawl-delay" in robots.txt
4f9bc88a426a Firewall Baidu's new Brazillian IP range for being to agressive IBBoard <dev@ibboard.co.uk> parents: 134 diff changeset	126 #Baidu gets firewalled
4f9bc88a426a Firewall Baidu's new Brazillian IP range for being to agressive IBBoard <dev@ibboard.co.uk> parents: 134 diff changeset	127 source => '131.161.8.0/22',
4f9bc88a426a Firewall Baidu's new Brazillian IP range for being to agressive IBBoard <dev@ibboard.co.uk> parents: 134 diff changeset	128 dport => [ 80, 443 ],
4f9bc88a426a Firewall Baidu's new Brazillian IP range for being to agressive IBBoard <dev@ibboard.co.uk> parents: 134 diff changeset	129 proto => tcp,
4f9bc88a426a Firewall Baidu's new Brazillian IP range for being to agressive IBBoard <dev@ibboard.co.uk> parents: 134 diff changeset	130 action => 'reject',
4f9bc88a426a Firewall Baidu's new Brazillian IP range for being to agressive IBBoard <dev@ibboard.co.uk> parents: 134 diff changeset	131 }
40 222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	132 firewallchain { 'GREATFIREWALLOFCHINA:filter:IPv4':
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	133 ensure => present,
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	134 }
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	135 firewall { '050 Check our Great Firewall Against China':
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	136 chain => 'INPUT',
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	137 jump => 'GREATFIREWALLOFCHINA',
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	138 }
64 3bb824dabaae Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons) IBBoard <dev@ibboard.co.uk> parents: 61 diff changeset	139 firewallchain { 'Fail2Ban:filter:IPv4':
3bb824dabaae Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons) IBBoard <dev@ibboard.co.uk> parents: 61 diff changeset	140 ensure => present,
3bb824dabaae Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons) IBBoard <dev@ibboard.co.uk> parents: 61 diff changeset	141 }
3bb824dabaae Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons) IBBoard <dev@ibboard.co.uk> parents: 61 diff changeset	142 firewall { '060 Check Fail2Ban':
3bb824dabaae Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons) IBBoard <dev@ibboard.co.uk> parents: 61 diff changeset	143 chain => 'INPUT',
3bb824dabaae Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons) IBBoard <dev@ibboard.co.uk> parents: 61 diff changeset	144 jump => 'Fail2Ban',
3bb824dabaae Make sure Fail2Ban rules are in right order (using separate chain) and whitelist Googlebot (which keeps hitting Script Kiddy targets for unknown reasons) IBBoard <dev@ibboard.co.uk> parents: 61 diff changeset	145 }
40 222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	146 firewall { '100 allow https and http':
91 61a79ae833cb Follow the documentation properly and specify dport, not just port IBBoard <dev@ibboard.co.uk> parents: 87 diff changeset	147 dport => [80, 443],
40 222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	148 proto => tcp,
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	149 action => accept,
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	150 }
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	151 firewall { '101 allow SMTP':
91 61a79ae833cb Follow the documentation properly and specify dport, not just port IBBoard <dev@ibboard.co.uk> parents: 87 diff changeset	152 dport => [25, 465],
40 222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	153 proto => tcp,
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	154 action => accept,
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	155 }
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	156 firewall { '102 allow IMAPS':
91 61a79ae833cb Follow the documentation properly and specify dport, not just port IBBoard <dev@ibboard.co.uk> parents: 87 diff changeset	157 dport => 993,
40 222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	158 proto => tcp,
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	159 action => accept,
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	160 }
45 175d4f9cd747 Tweak wording for accuracy IBBoard <dev@ibboard.co.uk> parents: 41 diff changeset	161 # Note: SSH port will be managed separately as we
40 222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	162 # put it on a different port to hide from script kiddy noise
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	163 }
222904296578 Add firewall handling when we run without APF IBBoard <dev@ibboard.co.uk> parents: 38 diff changeset	164
100 fd3446c3b7b9 Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs) IBBoard <dev@ibboard.co.uk> parents: 99 diff changeset	165 class dnsresolver {
fd3446c3b7b9 Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs) IBBoard <dev@ibboard.co.uk> parents: 99 diff changeset	166 package { 'bind':
fd3446c3b7b9 Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs) IBBoard <dev@ibboard.co.uk> parents: 99 diff changeset	167 ensure => present,
fd3446c3b7b9 Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs) IBBoard <dev@ibboard.co.uk> parents: 99 diff changeset	168 }
fd3446c3b7b9 Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs) IBBoard <dev@ibboard.co.uk> parents: 99 diff changeset	169
fd3446c3b7b9 Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs) IBBoard <dev@ibboard.co.uk> parents: 99 diff changeset	170 service { 'named':
fd3446c3b7b9 Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs) IBBoard <dev@ibboard.co.uk> parents: 99 diff changeset	171 ensure => running,
fd3446c3b7b9 Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs) IBBoard <dev@ibboard.co.uk> parents: 99 diff changeset	172 enable => true,
fd3446c3b7b9 Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs) IBBoard <dev@ibboard.co.uk> parents: 99 diff changeset	173 }
fd3446c3b7b9 Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs) IBBoard <dev@ibboard.co.uk> parents: 99 diff changeset	174
fd3446c3b7b9 Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs) IBBoard <dev@ibboard.co.uk> parents: 99 diff changeset	175 file { '/etc/NetworkManager/conf.d/local-dns-resolver.conf':
fd3446c3b7b9 Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs) IBBoard <dev@ibboard.co.uk> parents: 99 diff changeset	176 ensure => present,
fd3446c3b7b9 Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs) IBBoard <dev@ibboard.co.uk> parents: 99 diff changeset	177 content => "[main]
fd3446c3b7b9 Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs) IBBoard <dev@ibboard.co.uk> parents: 99 diff changeset	178 dns=none",
fd3446c3b7b9 Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs) IBBoard <dev@ibboard.co.uk> parents: 99 diff changeset	179 }
fd3446c3b7b9 Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs) IBBoard <dev@ibboard.co.uk> parents: 99 diff changeset	180
101 a48b6011a084 Stop Bind trying IPv6, as we only have a link-local IP IBBoard <dev@ibboard.co.uk> parents: 100 diff changeset	181 file { '/etc/sysconfig/named':
a48b6011a084 Stop Bind trying IPv6, as we only have a link-local IP IBBoard <dev@ibboard.co.uk> parents: 100 diff changeset	182 ensure => present,
a48b6011a084 Stop Bind trying IPv6, as we only have a link-local IP IBBoard <dev@ibboard.co.uk> parents: 100 diff changeset	183 content => 'OPTIONS="-4"',
a48b6011a084 Stop Bind trying IPv6, as we only have a link-local IP IBBoard <dev@ibboard.co.uk> parents: 100 diff changeset	184 }
a48b6011a084 Stop Bind trying IPv6, as we only have a link-local IP IBBoard <dev@ibboard.co.uk> parents: 100 diff changeset	185
100 fd3446c3b7b9 Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs) IBBoard <dev@ibboard.co.uk> parents: 99 diff changeset	186 file { '/etc/resolv.conf':
fd3446c3b7b9 Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs) IBBoard <dev@ibboard.co.uk> parents: 99 diff changeset	187 ensure => present,
fd3446c3b7b9 Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs) IBBoard <dev@ibboard.co.uk> parents: 99 diff changeset	188 content => "nameserver 127.0.0.1"
fd3446c3b7b9 Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs) IBBoard <dev@ibboard.co.uk> parents: 99 diff changeset	189 }
fd3446c3b7b9 Set up a recursive localhost-only Bind server (assuming RH's safe and sane default configs) IBBoard <dev@ibboard.co.uk> parents: 99 diff changeset	190 }
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	191
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	192 class repos {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	193 yumrepo { 'epel':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	194 mirrorlist => 'https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	195 descr => "Extra Packages for Enterprise Linux",
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	196 enabled => 1,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	197 failovermethod => 'priority',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	198 gpgcheck => 1,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	199 gpgkey => 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	200 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	201 file { '/etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	202 ensure => present,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	203 source => 'puppet:///common/RPM-GPG-KEY-EPEL-6'
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	204 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	205 yumrepo { 'ibboard':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	206 baseurl => 'http://download.opensuse.org/repositories/home:/IBBoard:/server/CentOS_CentOS-$releasever/',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	207 descr => 'IBBoard Server',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	208 enabled => 1,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	209 gpgcheck => 1,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	210 gpgkey => 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-IBBoard-OBS',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	211 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	212 file { '/etc/pki/rpm-gpg/RPM-GPG-KEY-IBBoard-OBS':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	213 ensure => present,
32 6bbc86f6cee5 Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start) IBBoard <dev@ibboard.co.uk> parents: 25 diff changeset	214 source => 'puppet:///common/RPM-GPG-KEY-IBBoard-OBS',
6bbc86f6cee5 Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start) IBBoard <dev@ibboard.co.uk> parents: 25 diff changeset	215 before => YumRepo['ibboard'],
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	216 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	217 yumrepo { 'webtatic':
54 30f56d6f9d33 Make Webtatic distro-specific using built-in Yum variable IBBoard <dev@ibboard.co.uk> parents: 48 diff changeset	218 mirrorlist => 'http://mirror.webtatic.com/yum/el$releasever/$basearch/mirrorlist',
110 be2b30b17a4c Switch to PHP 7 from Webtatic IBBoard <dev@ibboard.co.uk> parents: 108 diff changeset	219 descr => "Webtatic Packages for Enterprise Linux",
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	220 enabled => 1,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	221 failovermethod => 'priority',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	222 gpgcheck => 1,
108 5c6edfab92d6 Swap Webtatic to new GPG key IBBoard <dev@ibboard.co.uk> parents: 103 diff changeset	223 gpgkey => 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-webtatic-el7',
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	224 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	225 file { '/etc/pki/rpm-gpg/RPM-GPG-KEY-webtatic-andy':
108 5c6edfab92d6 Swap Webtatic to new GPG key IBBoard <dev@ibboard.co.uk> parents: 103 diff changeset	226 ensure => absent,
5c6edfab92d6 Swap Webtatic to new GPG key IBBoard <dev@ibboard.co.uk> parents: 103 diff changeset	227 }
5c6edfab92d6 Swap Webtatic to new GPG key IBBoard <dev@ibboard.co.uk> parents: 103 diff changeset	228 file { '/etc/pki/rpm-gpg/RPM-GPG-KEY-webtatic-el7':
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	229 ensure => present,
108 5c6edfab92d6 Swap Webtatic to new GPG key IBBoard <dev@ibboard.co.uk> parents: 103 diff changeset	230 source => 'puppet:///common/RPM-GPG-KEY-webtatic-el7',
32 6bbc86f6cee5 Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start) IBBoard <dev@ibboard.co.uk> parents: 25 diff changeset	231 before => YumRepo['webtatic'],
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	232 }
148 d9fcabc75a1e Fix pip installations IBBoard <dev@ibboard.co.uk> parents: 147 diff changeset	233
d9fcabc75a1e Fix pip installations IBBoard <dev@ibboard.co.uk> parents: 147 diff changeset	234 # Install Pip and symlink it so we can use it as a package provider
d9fcabc75a1e Fix pip installations IBBoard <dev@ibboard.co.uk> parents: 147 diff changeset	235 package { 'python2-pip':
d9fcabc75a1e Fix pip installations IBBoard <dev@ibboard.co.uk> parents: 147 diff changeset	236 ensure => installed;
d9fcabc75a1e Fix pip installations IBBoard <dev@ibboard.co.uk> parents: 147 diff changeset	237 }
d9fcabc75a1e Fix pip installations IBBoard <dev@ibboard.co.uk> parents: 147 diff changeset	238 ->
d9fcabc75a1e Fix pip installations IBBoard <dev@ibboard.co.uk> parents: 147 diff changeset	239 file { '/usr/bin/pip-python':
d9fcabc75a1e Fix pip installations IBBoard <dev@ibboard.co.uk> parents: 147 diff changeset	240 ensure => link,
d9fcabc75a1e Fix pip installations IBBoard <dev@ibboard.co.uk> parents: 147 diff changeset	241 target => '/usr/bin/pip',
d9fcabc75a1e Fix pip installations IBBoard <dev@ibboard.co.uk> parents: 147 diff changeset	242 } -> Package <\| provider == 'pip' \|>
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	243 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	244
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	245 class tools {
99 a0b9a810cf7d Patch isn't a standard package on a minimal install. Make sure we have it. IBBoard <dev@ibboard.co.uk> parents: 97 diff changeset	246 $packages = [ 'sqlite', 'bash-completion', 'nano', 'bzip2', 'mlocate', 'patch' ]
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	247 package { $packages:
131 0dd899a10ee1 Change all "latest" packages to "installed" IBBoard <dev@ibboard.co.uk> parents: 129 diff changeset	248 ensure => installed;
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	249 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	250 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	251
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	252 class logrotate {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	253 package { 'logrotate':
131 0dd899a10ee1 Change all "latest" packages to "installed" IBBoard <dev@ibboard.co.uk> parents: 129 diff changeset	254 ensure => installed;
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	255 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	256 file { '/etc/logrotate.d/httpd':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	257 ensure => present,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	258 source => 'puppet:///common/logrotate-httpd',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	259 require => Package['logrotate'],
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	260 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	261 file { '/etc/logrotate.d/trac':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	262 ensure => present,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	263 source => 'puppet:///common/logrotate-trac',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	264 require => Package['logrotate'],
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	265 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	266 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	267
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	268 class logwatch {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	269 package { 'logwatch':
131 0dd899a10ee1 Change all "latest" packages to "installed" IBBoard <dev@ibboard.co.uk> parents: 129 diff changeset	270 ensure => installed;
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	271 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	272 File {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	273 ensure => present,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	274 require => Package['logwatch'],
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	275 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	276 file { '/etc/cron.daily/0logwatch':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	277 source => 'puppet:///common/0logwatch';
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	278 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	279 file { '/etc/logwatch/scripts/shared/':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	280 ensure => directory,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	281 }
66 e424cd208b99 Update/fix Fail2Ban parsing in Logwatch IBBoard <dev@ibboard.co.uk> parents: 59 diff changeset	282 file { '/etc/logwatch/scripts/services/fail2ban':
e424cd208b99 Update/fix Fail2Ban parsing in Logwatch IBBoard <dev@ibboard.co.uk> parents: 59 diff changeset	283 source => 'puppet:///common/logwatch/services-fail2ban',
e424cd208b99 Update/fix Fail2Ban parsing in Logwatch IBBoard <dev@ibboard.co.uk> parents: 59 diff changeset	284 }
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	285 file { '/etc/logwatch/scripts/services/http-error':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	286 source => 'puppet:///common/logwatch/http-error',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	287 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	288 file { '/etc/logwatch/scripts/services/php':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	289 source => 'puppet:///common/logwatch/scripts_php',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	290 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	291 file { '/etc/logwatch/scripts/services/mysql':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	292 source => 'puppet:///common/logwatch/scripts_mysql',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	293 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	294 file { '/etc/logwatch/scripts/services/dovecot':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	295 source => 'puppet:///common/logwatch/dovecot',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	296 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	297 file { '/etc/logwatch/scripts/services/postfix':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	298 source => 'puppet:///common/logwatch/postfix',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	299 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	300 file { '/etc/logwatch/scripts/shared/applyhttperrordate':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	301 source => 'puppet:///common/logwatch/applyhttperrordate',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	302 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	303 file { '/etc/logwatch/conf/logwatch.conf':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	304 content => 'Detail = Med',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	305 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	306 file { '/etc/logwatch/conf/logfiles/http.conf':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	307 content => 'LogFile = apache/access_*.log',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	308 }
126 8316d4e55e92 Fix Apache 2.4 Logwatch support IBBoard <dev@ibboard.co.uk> parents: 125 diff changeset	309 file { '/etc/logwatch/conf/logfiles/http-error-24.conf':
8316d4e55e92 Fix Apache 2.4 Logwatch support IBBoard <dev@ibboard.co.uk> parents: 125 diff changeset	310 source => 'puppet:///common/logwatch/log-http-error.conf',
8316d4e55e92 Fix Apache 2.4 Logwatch support IBBoard <dev@ibboard.co.uk> parents: 125 diff changeset	311 }
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	312 file { '/etc/logwatch/conf/logfiles/http-error.conf':
126 8316d4e55e92 Fix Apache 2.4 Logwatch support IBBoard <dev@ibboard.co.uk> parents: 125 diff changeset	313 ensure=> absent,
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	314 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	315 file { '/etc/logwatch/conf/services/http-error.conf':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	316 source => 'puppet:///common/logwatch/services-http-error.conf',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	317 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	318 file { '/etc/logwatch/conf/logfiles/php.conf':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	319 source => 'puppet:///common/logwatch/logfiles_php.conf',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	320 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	321 file { '/etc/logwatch/conf/services/php.conf':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	322 source => 'puppet:///common/logwatch/services_php.conf',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	323 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	324 file { '/etc/logwatch/conf/logfiles/mysql.conf':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	325 source => 'puppet:///common/logwatch/logfiles_mysql.conf',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	326 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	327 file { '/etc/logwatch/conf/services/mysql.conf':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	328 source => 'puppet:///common/logwatch/services_mysql.conf',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	329 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	330 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	331
35 1bb941522ebf Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables) IBBoard <dev@ibboard.co.uk> parents: 32 diff changeset	332 class fail2ban (
1bb941522ebf Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables) IBBoard <dev@ibboard.co.uk> parents: 32 diff changeset	333 $firewall_cmd,
1bb941522ebf Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables) IBBoard <dev@ibboard.co.uk> parents: 32 diff changeset	334 ) {
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	335 package { 'fail2ban':
131 0dd899a10ee1 Change all "latest" packages to "installed" IBBoard <dev@ibboard.co.uk> parents: 129 diff changeset	336 ensure => installed,
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	337 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	338 service { 'fail2ban':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	339 ensure => running,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	340 enable => true
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	341 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	342 File {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	343 ensure => present,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	344 require => Package['fail2ban'],
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	345 notify => Service['fail2ban'],
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	346 }
67 4be7f49debc2 "Already Banned" is actually at NOTICE IBBoard <dev@ibboard.co.uk> parents: 66 diff changeset	347 file { '/etc/fail2ban/fail2ban.local':
4be7f49debc2 "Already Banned" is actually at NOTICE IBBoard <dev@ibboard.co.uk> parents: 66 diff changeset	348 source => 'puppet:///common/fail2ban/fail2ban.local',
4be7f49debc2 "Already Banned" is actually at NOTICE IBBoard <dev@ibboard.co.uk> parents: 66 diff changeset	349 }
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	350 file { '/etc/fail2ban/jail.local':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	351 source => 'puppet:///common/fail2ban/jail.local',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	352 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	353 file { '/etc/fail2ban/action.d/apf.conf':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	354 source => 'puppet:///common/fail2ban/apf.conf',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	355 }
55 ce8eaaca6a34 Update firewalling so that we block the right ports when using iptables directly IBBoard <dev@ibboard.co.uk> parents: 54 diff changeset	356
ce8eaaca6a34 Update firewalling so that we block the right ports when using iptables directly IBBoard <dev@ibboard.co.uk> parents: 54 diff changeset	357 if $firewall_cmd == 'iptables' {
ce8eaaca6a34 Update firewalling so that we block the right ports when using iptables directly IBBoard <dev@ibboard.co.uk> parents: 54 diff changeset	358 $firewall_ban_cmd = 'iptables-multiport'
ce8eaaca6a34 Update firewalling so that we block the right ports when using iptables directly IBBoard <dev@ibboard.co.uk> parents: 54 diff changeset	359 } else {
ce8eaaca6a34 Update firewalling so that we block the right ports when using iptables directly IBBoard <dev@ibboard.co.uk> parents: 54 diff changeset	360 $firewall_ban_cmd = $firewall_cmd
ce8eaaca6a34 Update firewalling so that we block the right ports when using iptables directly IBBoard <dev@ibboard.co.uk> parents: 54 diff changeset	361 }
ce8eaaca6a34 Update firewalling so that we block the right ports when using iptables directly IBBoard <dev@ibboard.co.uk> parents: 54 diff changeset	362
35 1bb941522ebf Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables) IBBoard <dev@ibboard.co.uk> parents: 32 diff changeset	363 file { '/etc/fail2ban/action.d/firewall-ban.conf':
1bb941522ebf Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables) IBBoard <dev@ibboard.co.uk> parents: 32 diff changeset	364 ensure => link,
55 ce8eaaca6a34 Update firewalling so that we block the right ports when using iptables directly IBBoard <dev@ibboard.co.uk> parents: 54 diff changeset	365 target => "/etc/fail2ban/action.d/${firewall_ban_cmd}.conf",
35 1bb941522ebf Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables) IBBoard <dev@ibboard.co.uk> parents: 32 diff changeset	366 }
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	367 file { '/etc/fail2ban/filter.d/ibb-apache-exploits-instaban.conf':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	368 source => 'puppet:///common/fail2ban/ibb-apache-exploits-instaban.conf',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	369 }
6 b7c30595c97a Add "Shellshock" exploit Fail2ban rule IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	370 file { '/etc/fail2ban/filter.d/ibb-apache-shellshock.conf':
b7c30595c97a Add "Shellshock" exploit Fail2ban rule IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	371 source => 'puppet:///common/fail2ban/ibb-apache-shellshock.conf',
b7c30595c97a Add "Shellshock" exploit Fail2ban rule IBBoard <dev@ibboard.co.uk> parents: 0 diff changeset	372 }
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	373 file { '/etc/fail2ban/filter.d/ibb-repeat-offender.conf':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	374 source => 'puppet:///common/fail2ban/ibb-repeat-offender.conf',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	375 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	376 file { '/etc/fail2ban/filter.d/ibb-postfix-spammers.conf':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	377 source => 'puppet:///common/fail2ban/ibb-postfix-spammers.conf',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	378 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	379 file { '/etc/fail2ban/filter.d/ibb-postfix-malicious.conf':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	380 source => 'puppet:///common/fail2ban/ibb-postfix-malicious.conf',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	381 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	382 file { '/etc/fail2ban/filter.d/ibb-postfix.conf':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	383 source => 'puppet:///common/fail2ban/ibb-postfix.conf',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	384 }
32 6bbc86f6cee5 Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start) IBBoard <dev@ibboard.co.uk> parents: 25 diff changeset	385 # Because one of our rules checks fail2ban's log, but the service dies without the file
6bbc86f6cee5 Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start) IBBoard <dev@ibboard.co.uk> parents: 25 diff changeset	386 file { '/var/log/fail2ban.log':
6bbc86f6cee5 Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start) IBBoard <dev@ibboard.co.uk> parents: 25 diff changeset	387 ensure => present,
6bbc86f6cee5 Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start) IBBoard <dev@ibboard.co.uk> parents: 25 diff changeset	388 owner => 'root',
6bbc86f6cee5 Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start) IBBoard <dev@ibboard.co.uk> parents: 25 diff changeset	389 group => 'root',
6bbc86f6cee5 Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start) IBBoard <dev@ibboard.co.uk> parents: 25 diff changeset	390 mode => '0600',
6bbc86f6cee5 Tidy up ordering and dependencies (including making sure we have a necessary file for Fail2Ban to start) IBBoard <dev@ibboard.co.uk> parents: 25 diff changeset	391 }
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	392 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	393
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	394 #Our web server with our configs, not just a stock one
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	395 class webserver (
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	396 $primary_ip,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	397 $secondary_ip,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	398 ) {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	399 #Setup base website parameters
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	400 class { 'website':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	401 base_dir => '/srv/sites',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	402 primary_ip => $primary_ip,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	403 secondary_ip => $secondary_ip,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	404 default_owner => $defaultusers::default_user,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	405 default_group => $defaultusers::default_user,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	406 default_tld => 'co.uk',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	407 default_extra_tlds => [ 'com' ],
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	408 }
110 be2b30b17a4c Switch to PHP 7 from Webtatic IBBoard <dev@ibboard.co.uk> parents: 108 diff changeset	409
be2b30b17a4c Switch to PHP 7 from Webtatic IBBoard <dev@ibboard.co.uk> parents: 108 diff changeset	410 # Use Webtatic's PHP 7
be2b30b17a4c Switch to PHP 7 from Webtatic IBBoard <dev@ibboard.co.uk> parents: 108 diff changeset	411 $php_suffix = '70w'
be2b30b17a4c Switch to PHP 7 from Webtatic IBBoard <dev@ibboard.co.uk> parents: 108 diff changeset	412
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	413 #Configure the PHP version to use
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	414 class { 'website::php':
110 be2b30b17a4c Switch to PHP 7 from Webtatic IBBoard <dev@ibboard.co.uk> parents: 108 diff changeset	415 suffix => $php_suffix,
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	416 opcache => 'opcache',
69 565b788f7ac1 Allow for specifying extra PHP packages (e.g. to enable Posix) IBBoard <dev@ibboard.co.uk> parents: 67 diff changeset	417 extras => [ 'process' ],
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	418 }
24 204330fea19a Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings) IBBoard <dev@ibboard.co.uk> parents: 18 diff changeset	419
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	420 #Setup MySQL, using (private) templates to make sure that we set non-std passwords and a default user
24 204330fea19a Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings) IBBoard <dev@ibboard.co.uk> parents: 18 diff changeset	421
204330fea19a Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings) IBBoard <dev@ibboard.co.uk> parents: 18 diff changeset	422 if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, 7) >= 0 {
204330fea19a Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings) IBBoard <dev@ibboard.co.uk> parents: 18 diff changeset	423 $mysqlpackage = 'mariadb'
204330fea19a Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings) IBBoard <dev@ibboard.co.uk> parents: 18 diff changeset	424 $mysqlsuffix = ''
48 5cdc1c96c477 Add SELinux support for website content IBBoard <dev@ibboard.co.uk> parents: 45 diff changeset	425
74 c2e5027202e2 Add missing dependency for Trac Subversion support on CentOS 7 IBBoard <dev@ibboard.co.uk> parents: 72 diff changeset	426 $extra_packages = [
c2e5027202e2 Add missing dependency for Trac Subversion support on CentOS 7 IBBoard <dev@ibboard.co.uk> parents: 72 diff changeset	427 'policycoreutils-python', # Required for SELinux
77 eea672621e7f Add required package for email SPF checking IBBoard <dev@ibboard.co.uk> parents: 76 diff changeset	428 'subversion-python', #Required for Trac
78 cbe27a97bcd1 Fix typo (missing single quote) IBBoard <dev@ibboard.co.uk> parents: 77 diff changeset	429 'perl-Sys-Syslog', #Required for Perl SPF checking
74 c2e5027202e2 Add missing dependency for Trac Subversion support on CentOS 7 IBBoard <dev@ibboard.co.uk> parents: 72 diff changeset	430 ]
c2e5027202e2 Add missing dependency for Trac Subversion support on CentOS 7 IBBoard <dev@ibboard.co.uk> parents: 72 diff changeset	431
c2e5027202e2 Add missing dependency for Trac Subversion support on CentOS 7 IBBoard <dev@ibboard.co.uk> parents: 72 diff changeset	432 package { $extra_packages:
c2e5027202e2 Add missing dependency for Trac Subversion support on CentOS 7 IBBoard <dev@ibboard.co.uk> parents: 72 diff changeset	433 ensure => installed
c2e5027202e2 Add missing dependency for Trac Subversion support on CentOS 7 IBBoard <dev@ibboard.co.uk> parents: 72 diff changeset	434 }
24 204330fea19a Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings) IBBoard <dev@ibboard.co.uk> parents: 18 diff changeset	435 }
204330fea19a Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings) IBBoard <dev@ibboard.co.uk> parents: 18 diff changeset	436 else {
204330fea19a Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings) IBBoard <dev@ibboard.co.uk> parents: 18 diff changeset	437 $mysqlpackage = 'mysql'
204330fea19a Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings) IBBoard <dev@ibboard.co.uk> parents: 18 diff changeset	438 $mysqlsuffix = '55w'
204330fea19a Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings) IBBoard <dev@ibboard.co.uk> parents: 18 diff changeset	439 }
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	440 class { 'website::mysql':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	441 mysqluser => template('defaultusers/mysql-user'),
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	442 mysqlpassword => template('defaultusers/mysql-password'),
24 204330fea19a Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings) IBBoard <dev@ibboard.co.uk> parents: 18 diff changeset	443 mysqlprefix => $mysqlpackage,
204330fea19a Use MariaDB on CentOS7 and manage hiera.yaml (to avoid warnings) IBBoard <dev@ibboard.co.uk> parents: 18 diff changeset	444 mysqlsuffix => $mysqlsuffix,
110 be2b30b17a4c Switch to PHP 7 from Webtatic IBBoard <dev@ibboard.co.uk> parents: 108 diff changeset	445 phpsuffix => $php_suffix,
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	446 phpmysqlsuffix => 'nd'
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	447 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	448 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	449
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	450 class ibboardvpsnode (
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	451 $primary_ip,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	452 $secondary_ip,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	453 $mailserver,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	454 $imapserver,
35 1bb941522ebf Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables) IBBoard <dev@ibboard.co.uk> parents: 32 diff changeset	455 $firewall_cmd = 'iptables',
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	456 ){
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	457 class { 'basevpsnode':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	458 primary_ip => $primary_ip,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	459 secondary_ip => $secondary_ip,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	460 mailserver => $mailserver,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	461 imapserver => $imapserver,
35 1bb941522ebf Handle differences in firewalling between ASO (using APF) and most other hosts (using iptables) IBBoard <dev@ibboard.co.uk> parents: 32 diff changeset	462 firewall_cmd => $firewall_cmd,
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	463 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	464
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	465 # Common modules used by multiple sites (mod_auth_basic is safe because we HTTPS all the things)
146 816e35f86a5d Remove mod_auth_token and replace with mod_xsendfile IBBoard <dev@ibboard.co.uk> parents: 145 diff changeset	466 $mods = [ 'auth_basic',
816e35f86a5d Remove mod_auth_token and replace with mod_xsendfile IBBoard <dev@ibboard.co.uk> parents: 145 diff changeset	467 'authn_file',
816e35f86a5d Remove mod_auth_token and replace with mod_xsendfile IBBoard <dev@ibboard.co.uk> parents: 145 diff changeset	468 'authz_user',
816e35f86a5d Remove mod_auth_token and replace with mod_xsendfile IBBoard <dev@ibboard.co.uk> parents: 145 diff changeset	469 'deflate',
816e35f86a5d Remove mod_auth_token and replace with mod_xsendfile IBBoard <dev@ibboard.co.uk> parents: 145 diff changeset	470 'xsendfile'
816e35f86a5d Remove mod_auth_token and replace with mod_xsendfile IBBoard <dev@ibboard.co.uk> parents: 145 diff changeset	471 ]
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	472 apache::mod {
146 816e35f86a5d Remove mod_auth_token and replace with mod_xsendfile IBBoard <dev@ibboard.co.uk> parents: 145 diff changeset	473 $mods:;
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	474 }
25 13adb555a7e2 Use "<IfVersion>" to handle auth differences between 2.2 and 2.4 IBBoard <dev@ibboard.co.uk> parents: 24 diff changeset	475 if $operatingsystem == 'CentOS' and versioncmp($operatingsystemrelease, 7) >= 0 {
13adb555a7e2 Use "<IfVersion>" to handle auth differences between 2.2 and 2.4 IBBoard <dev@ibboard.co.uk> parents: 24 diff changeset	476 apache::mod {
13adb555a7e2 Use "<IfVersion>" to handle auth differences between 2.2 and 2.4 IBBoard <dev@ibboard.co.uk> parents: 24 diff changeset	477 'authn_core':;
13adb555a7e2 Use "<IfVersion>" to handle auth differences between 2.2 and 2.4 IBBoard <dev@ibboard.co.uk> parents: 24 diff changeset	478 }
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	479 }
146 816e35f86a5d Remove mod_auth_token and replace with mod_xsendfile IBBoard <dev@ibboard.co.uk> parents: 145 diff changeset	480 $apache_packages = [ 'mod_xsendfile' ]
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	481 package { $apache_packages:
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	482 ensure => present;
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	483 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	484
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	485 #Configure our sites, using templates for the custom fragments where the extra content is too long
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	486 include adminsite
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	487 website::https::multitld { 'www.ibboard':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	488 custom_fragment => template("private/apache/ibboard.fragment"),
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	489 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	490 include hiveworldterrasite
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	491 include glittergothsite
145 88f38ef7359f Add BDStrike domains IBBoard <dev@ibboard.co.uk> parents: 142 diff changeset	492 include bdstrikesite
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	493 include devsite
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	494 website::https::multitld { 'www.abiknight':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	495 custom_fragment => "$website::htmlphpfragment
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	496 ErrorDocument 404 /error.php",
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	497 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	498 website::https::multitld { 'www.gracebertram':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	499 main_tld => 'com',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	500 extra_tlds => [ 'co.uk' ],
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	501 docroot_owner => $defaultusers::secondary_user,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	502 docroot_group => 'editors',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	503 custom_fragment => template("private/apache/gracebertram.fragment"),
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	504 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	505 website::https { 'www.realmrunner.com':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	506 docroot => "${website::basedir}/gracebertram", # Don't give it a separate docroot because it is a redirect via the fragment
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	507 docroot_owner => $defaultusers::secondary_user,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	508 docroot_group => 'editors',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	509 serveraliases => 'realmrunner.com',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	510 custom_fragment => template("private/apache/realmrunner.fragment"),
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	511 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	512 include webmailpimsite
13 db4934b7ab12 Add Liz's site IBBoard <dev@ibboard.co.uk> parents: 9 diff changeset	513 website::http { 'lktutoring.co.uk':
db4934b7ab12 Add Liz's site IBBoard <dev@ibboard.co.uk> parents: 9 diff changeset	514 docroot_owner => $defaultusers::secondary_user,
db4934b7ab12 Add Liz's site IBBoard <dev@ibboard.co.uk> parents: 9 diff changeset	515 docroot_group => 'editors',
db4934b7ab12 Add Liz's site IBBoard <dev@ibboard.co.uk> parents: 9 diff changeset	516 serveraliases => [ 'www.lktutoring.co.uk', 'lktutoring.com', 'www.lktutoring.com' ],
db4934b7ab12 Add Liz's site IBBoard <dev@ibboard.co.uk> parents: 9 diff changeset	517 ensure => 'present',
db4934b7ab12 Add Liz's site IBBoard <dev@ibboard.co.uk> parents: 9 diff changeset	518 custom_fragment => 'Include conf.extra/no-index.conf
db4934b7ab12 Add Liz's site IBBoard <dev@ibboard.co.uk> parents: 9 diff changeset	519 Include conf.custom/filter-core.conf
db4934b7ab12 Add Liz's site IBBoard <dev@ibboard.co.uk> parents: 9 diff changeset	520 Include conf.extra/no-www.conf
db4934b7ab12 Add Liz's site IBBoard <dev@ibboard.co.uk> parents: 9 diff changeset	521 Include conf.extra/no-com.conf
db4934b7ab12 Add Liz's site IBBoard <dev@ibboard.co.uk> parents: 9 diff changeset	522 Include conf.extra/html-php.conf
db4934b7ab12 Add Liz's site IBBoard <dev@ibboard.co.uk> parents: 9 diff changeset	523 #Additional custom fragment
db4934b7ab12 Add Liz's site IBBoard <dev@ibboard.co.uk> parents: 9 diff changeset	524 ErrorDocument 404 /error.php',
db4934b7ab12 Add Liz's site IBBoard <dev@ibboard.co.uk> parents: 9 diff changeset	525 }
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	526 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	527
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	528 class adminsite{
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	529 apache::mod { 'info':; 'status':; 'cgi':; }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	530 website::https::multitld { 'admin.ibboard':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	531 force_no_index => false,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	532 ssl_ca_chain => '',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	533 custom_fragment => template("private/apache/admin.fragment"),
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	534 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	535 cron { 'loadavg':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	536 command => '/usr/local/bin/run-loadavg-logger',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	537 user => apache,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	538 minute => '*/6'
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	539 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	540 cron { 'awstats':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	541 command => '/usr/local/bin/update-awstats > /srv/sites/admin/awstats.log',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	542 user => apache,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	543 hour => '*/6',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	544 minute => '0'
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	545 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	546 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	547
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	548 class hiveworldterrasite {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	549 website::https::multitld { 'www.hiveworldterra':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	550 force_no_www => false,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	551 custom_fragment => template("private/apache/hwt.fragment"),
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	552 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	553 website::https::multitld { 'forums.hiveworldterra':
59 851f7fa888eb Add more complex fragment for Forums to stop hotlinking IBBoard <dev@ibboard.co.uk> parents: 52 diff changeset	554 custom_fragment => template("private/apache/forums.fragment"),
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	555 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	556 website::https::multitld { 'skins.hiveworldterra':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	557 custom_fragment => template("private/apache/skins.fragment"),
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	558 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	559 website::https::redir { 'hiveworldterra.ibboard.co.uk':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	560 redir => 'https://www.hiveworldterra.co.uk/',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	561 docroot => "${website::basedir}/hiveworldterra",
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	562 separate_log => true,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	563 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	564 }
145 88f38ef7359f Add BDStrike domains IBBoard <dev@ibboard.co.uk> parents: 142 diff changeset	565 class bdstrikesite {
88f38ef7359f Add BDStrike domains IBBoard <dev@ibboard.co.uk> parents: 142 diff changeset	566 website::https::multitld { 'www.bdstrike':
88f38ef7359f Add BDStrike domains IBBoard <dev@ibboard.co.uk> parents: 142 diff changeset	567 docroot_owner => $defaultusers::secondary_user,
88f38ef7359f Add BDStrike domains IBBoard <dev@ibboard.co.uk> parents: 142 diff changeset	568 docroot_group => 'editors',
88f38ef7359f Add BDStrike domains IBBoard <dev@ibboard.co.uk> parents: 142 diff changeset	569 }
88f38ef7359f Add BDStrike domains IBBoard <dev@ibboard.co.uk> parents: 142 diff changeset	570 website::https::multitldredir { 'www.strikecreations.co.uk':
88f38ef7359f Add BDStrike domains IBBoard <dev@ibboard.co.uk> parents: 142 diff changeset	571 main_domain => 'bdstrike.co.uk',
88f38ef7359f Add BDStrike domains IBBoard <dev@ibboard.co.uk> parents: 142 diff changeset	572 docroot => "${website::basedir}/bdstrike",
88f38ef7359f Add BDStrike domains IBBoard <dev@ibboard.co.uk> parents: 142 diff changeset	573 docroot_owner => $defaultusers::secondary_user,
88f38ef7359f Add BDStrike domains IBBoard <dev@ibboard.co.uk> parents: 142 diff changeset	574 docroot_group => 'editors',
88f38ef7359f Add BDStrike domains IBBoard <dev@ibboard.co.uk> parents: 142 diff changeset	575 # separate_log => true,
88f38ef7359f Add BDStrike domains IBBoard <dev@ibboard.co.uk> parents: 142 diff changeset	576 }
88f38ef7359f Add BDStrike domains IBBoard <dev@ibboard.co.uk> parents: 142 diff changeset	577 website::https::multitldredir { 'www.strikecreations.com':
88f38ef7359f Add BDStrike domains IBBoard <dev@ibboard.co.uk> parents: 142 diff changeset	578 main_domain => 'bdstrike.co.uk',
88f38ef7359f Add BDStrike domains IBBoard <dev@ibboard.co.uk> parents: 142 diff changeset	579 docroot => "${website::basedir}/bdstrike",
88f38ef7359f Add BDStrike domains IBBoard <dev@ibboard.co.uk> parents: 142 diff changeset	580 docroot_owner => $defaultusers::secondary_user,
88f38ef7359f Add BDStrike domains IBBoard <dev@ibboard.co.uk> parents: 142 diff changeset	581 docroot_group => 'editors',
88f38ef7359f Add BDStrike domains IBBoard <dev@ibboard.co.uk> parents: 142 diff changeset	582 # separate_log => true,
88f38ef7359f Add BDStrike domains IBBoard <dev@ibboard.co.uk> parents: 142 diff changeset	583 }
88f38ef7359f Add BDStrike domains IBBoard <dev@ibboard.co.uk> parents: 142 diff changeset	584 }
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	585 class devsite {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	586 apache::mod {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	587 # mod_wsgi for Python support
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	588 'wsgi':;
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	589 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	590
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	591 include python::venv
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	592
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	593 # Create Python virtualenvs for the dev site apps
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	594 python::venv::isolate {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	595 "/srv/rhodecode/virtualenv":;
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	596 "/srv/trac/virtualenv":;
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	597 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	598
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	599 # Graphviz for Trac "master ticket" graphs
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	600 package { 'graphviz':
131 0dd899a10ee1 Change all "latest" packages to "installed" IBBoard <dev@ibboard.co.uk> parents: 129 diff changeset	601 ensure => installed,
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	602 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	603
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	604 website::https::multitld { 'www.warfoundry':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	605 custom_fragment => template("private/apache/warfoundry.fragment"),
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	606 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	607 website::https::multitld { 'dev.ibboard':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	608 #Make sure we're the first one hit for the tiny fraction of "no support" cases we care about (potentially Python for Mercurial!)
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	609 # http://en.wikipedia.org/wiki/Server_Name_Indication#No_support
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	610 priority => 1,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	611 custom_fragment => template("private/apache/dev.fragment"),
52 be1e9773a12c Mercurial repo versions index.php files etc, so removing index.php breaks things! IBBoard <dev@ibboard.co.uk> parents: 44 diff changeset	612 force_no_index => false,
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	613 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	614 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	615 class glittergothsite {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	616 website::https::multitld { 'www.glittergoth':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	617 ip => $website::secondary_ip,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	618 priority => 1,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	619 ssl_ca_chain => 'glittergoth.ca-bundle',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	620 docroot_owner => $defaultusers::secondary_user,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	621 docroot_group => 'editors',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	622 force_no_index => false,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	623 custom_fragment => template("private/apache/glittergoth.fragment"),
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	624 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	625 website::https { 'test.glittergoth.co.uk':
134 b1815d10eb91 Do not supply incorrect CA chain for GG Test site IBBoard <dev@ibboard.co.uk> parents: 131 diff changeset	626 ssl_ca_chain => '',
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	627 docroot => "${website::basedir}/glittergoth-test",
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	628 docroot_owner => $defaultusers::secondary_user,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	629 docroot_group => 'editors',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	630 ip => $website::secondary_ip,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	631 force_no_index => false,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	632 custom_fragment => template("private/apache/glittergoth-test.fragment"),
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	633 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	634
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	635 # Website specific cron jobs
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	636 cron { 'backupopencart':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	637 command => "/usr/local/bin/backupdb opencart",
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	638 user => 'root',
141 ce6aafd0880b Make GG DB backup less frequent now that site is closing IBBoard <dev@ibboard.co.uk> parents: 140 diff changeset	639 monthday => "*/2",
ce6aafd0880b Make GG DB backup less frequent now that site is closing IBBoard <dev@ibboard.co.uk> parents: 140 diff changeset	640 hour => "4",
ce6aafd0880b Make GG DB backup less frequent now that site is closing IBBoard <dev@ibboard.co.uk> parents: 140 diff changeset	641 minute => "39"
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	642 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	643 cron { 'requestreviews':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	644 command => '/usr/local/bin/request-reviews 2> /srv/sites/admin/request-reviews.log',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	645 user => 'apache',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	646 hour => 4,
103 ba526e874db0 Remove review email, as GG is shutting down IBBoard <dev@ibboard.co.uk> parents: 101 diff changeset	647 minute => 5,
ba526e874db0 Remove review email, as GG is shutting down IBBoard <dev@ibboard.co.uk> parents: 101 diff changeset	648 ensure => absent,
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	649 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	650 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	651
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	652 class webmailpimsite {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	653 # Webmail and Personal Information Management (PIM) sites
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	654 website::https { 'webmail.ibboard.co.uk':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	655 force_no_index => false,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	656 ssl_ca_chain => '',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	657 custom_fragment => template("private/apache/webmail.fragment"),
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	658 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	659 website::https { 'pim.ibboard.co.uk':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	660 force_no_index => false,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	661 lockdown_requests => false,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	662 ssl_ca_chain => '',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	663 custom_fragment => template("private/apache/pim.fragment"),
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	664 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	665 cron { 'owncloudcron':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	666 command => "/usr/local/bin/owncloud-cron",
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	667 user => 'apache',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	668 minute => '*/15',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	669 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	670 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	671
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	672 class email (
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	673 $mailserver,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	674 $imapserver,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	675 ){
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	676 class { 'postfix':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	677 mailserver => $mailserver,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	678 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	679 class { 'dovecot':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	680 imapserver => $imapserver,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	681 }
140 6eef7cec8658 Remove ClamAV from server config IBBoard <dev@ibboard.co.uk> parents: 139 diff changeset	682 package { [ 'amavisd-new' ]:
85 50dd78dbf3db Fight back against spam IBBoard <dev@ibboard.co.uk> parents: 83 diff changeset	683 ensure => installed,
50dd78dbf3db Fight back against spam IBBoard <dev@ibboard.co.uk> parents: 83 diff changeset	684 tag => 'av',
50dd78dbf3db Fight back against spam IBBoard <dev@ibboard.co.uk> parents: 83 diff changeset	685 }
86 4f59d2fcd521 Make sure that Amavis daemon is running so mail gets delivered after reboot! IBBoard <dev@ibboard.co.uk> parents: 85 diff changeset	686 service { 'amavisd':
4f59d2fcd521 Make sure that Amavis daemon is running so mail gets delivered after reboot! IBBoard <dev@ibboard.co.uk> parents: 85 diff changeset	687 ensure => 'running',
4f59d2fcd521 Make sure that Amavis daemon is running so mail gets delivered after reboot! IBBoard <dev@ibboard.co.uk> parents: 85 diff changeset	688 enable => 'true',
4f59d2fcd521 Make sure that Amavis daemon is running so mail gets delivered after reboot! IBBoard <dev@ibboard.co.uk> parents: 85 diff changeset	689 }
85 50dd78dbf3db Fight back against spam IBBoard <dev@ibboard.co.uk> parents: 83 diff changeset	690 file { '/etc/amavisd/amavisd.conf':
50dd78dbf3db Fight back against spam IBBoard <dev@ibboard.co.uk> parents: 83 diff changeset	691 ensure => present,
50dd78dbf3db Fight back against spam IBBoard <dev@ibboard.co.uk> parents: 83 diff changeset	692 source => 'puppet:///private/postfix/amavisd.conf',
50dd78dbf3db Fight back against spam IBBoard <dev@ibboard.co.uk> parents: 83 diff changeset	693 tag => 'av',
50dd78dbf3db Fight back against spam IBBoard <dev@ibboard.co.uk> parents: 83 diff changeset	694 }
142 dae1088dd218 Add OLE detection to SpamAssassin without ClamAV IBBoard <dev@ibboard.co.uk> parents: 141 diff changeset	695 file { '/etc/mail/spamassassin/ole2macro.cf':
dae1088dd218 Add OLE detection to SpamAssassin without ClamAV IBBoard <dev@ibboard.co.uk> parents: 141 diff changeset	696 ensure => present,
dae1088dd218 Add OLE detection to SpamAssassin without ClamAV IBBoard <dev@ibboard.co.uk> parents: 141 diff changeset	697 source => 'puppet:///common/ole2macro.cf',
dae1088dd218 Add OLE detection to SpamAssassin without ClamAV IBBoard <dev@ibboard.co.uk> parents: 141 diff changeset	698 tag => 'av',
dae1088dd218 Add OLE detection to SpamAssassin without ClamAV IBBoard <dev@ibboard.co.uk> parents: 141 diff changeset	699 }
dae1088dd218 Add OLE detection to SpamAssassin without ClamAV IBBoard <dev@ibboard.co.uk> parents: 141 diff changeset	700 file { '/etc/mail/spamassassin/ole2macro.pm':
dae1088dd218 Add OLE detection to SpamAssassin without ClamAV IBBoard <dev@ibboard.co.uk> parents: 141 diff changeset	701 ensure => present,
dae1088dd218 Add OLE detection to SpamAssassin without ClamAV IBBoard <dev@ibboard.co.uk> parents: 141 diff changeset	702 source => 'puppet:///common/spamassassin-vba-macro-master/ole2macro.pm',
dae1088dd218 Add OLE detection to SpamAssassin without ClamAV IBBoard <dev@ibboard.co.uk> parents: 141 diff changeset	703 tag => 'av',
dae1088dd218 Add OLE detection to SpamAssassin without ClamAV IBBoard <dev@ibboard.co.uk> parents: 141 diff changeset	704 }
85 50dd78dbf3db Fight back against spam IBBoard <dev@ibboard.co.uk> parents: 83 diff changeset	705 Package<\| tag == 'av' \|> -> File<\| tag == 'av' \|>
87 6be21a984126 Make sure that config file changes for changes trigger a reload IBBoard <dev@ibboard.co.uk> parents: 86 diff changeset	706 File<\| tag == 'av' \|> {
6be21a984126 Make sure that config file changes for changes trigger a reload IBBoard <dev@ibboard.co.uk> parents: 86 diff changeset	707 notify => Service['amavisd'],
6be21a984126 Make sure that config file changes for changes trigger a reload IBBoard <dev@ibboard.co.uk> parents: 86 diff changeset	708 }
125 ca711ab45f17 Schedule Postwhite to run regularly IBBoard <dev@ibboard.co.uk> parents: 122 diff changeset	709 cron { 'Postwhite':
129 16a931df5fd7 Filter what we see in Postwhite cron output IBBoard <dev@ibboard.co.uk> parents: 128 diff changeset	710 command => "/usr/local/bin/postwhite 2>&1\| grep -vE '^(Starting\|Recursively\|Getting\|Querying\|Removing\|Sorting\|$)'",
125 ca711ab45f17 Schedule Postwhite to run regularly IBBoard <dev@ibboard.co.uk> parents: 122 diff changeset	711 user => 'root',
ca711ab45f17 Schedule Postwhite to run regularly IBBoard <dev@ibboard.co.uk> parents: 122 diff changeset	712 weekday => 0,
128 379089631403 Fix rookie cron mistake - don't run Postwhite EVERY MINUTE! IBBoard <dev@ibboard.co.uk> parents: 126 diff changeset	713 hour => 2,
379089631403 Fix rookie cron mistake - don't run Postwhite EVERY MINUTE! IBBoard <dev@ibboard.co.uk> parents: 126 diff changeset	714 minute => 0,
125 ca711ab45f17 Schedule Postwhite to run regularly IBBoard <dev@ibboard.co.uk> parents: 122 diff changeset	715 }
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	716 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	717
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	718 class cronjobs {
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	719 # Add Mutt for scripts that send emails, but stop it clogging the disk by keeping copies of emails
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	720 package { 'mutt':
131 0dd899a10ee1 Change all "latest" packages to "installed" IBBoard <dev@ibboard.co.uk> parents: 129 diff changeset	721 ensure => installed,
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	722 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	723 file { '/etc/Muttrc.local':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	724 content => 'set copy = no',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	725 require => Package['mutt'],
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	726 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	727
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	728 # General server-wide cron jobs
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	729 Cron { user => 'root' }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	730 cron { 'backupalldbs':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	731 command => "/usr/local/bin/backupalldbs",
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	732 monthday => "*/2",
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	733 hour => "4",
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	734 minute => "9"
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	735 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	736 cron { 'greatfirewallofchina':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	737 command => '/usr/local/bin/update-great-firewall-of-china',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	738 hour => 3,
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	739 minute => 30
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	740 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	741 cron { 'permissions':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	742 command => '/usr/local/bin/set-permissions',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	743 hour => 3,
14 534e584f21ce Tweak time on permission setting script so that it is less likely to clash with LoadAVG run every 6 minutes IBBoard <dev@ibboard.co.uk> parents: 13 diff changeset	744 minute => 2
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	745 }
55 ce8eaaca6a34 Update firewalling so that we block the right ports when using iptables directly IBBoard <dev@ibboard.co.uk> parents: 54 diff changeset	746 # Since we're only managing the local server, use our script that wraps "puppet apply" instead of PuppetMaster
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	747 cron { 'puppet':
79 edd0e9f8af24 Hide extra output from Puppet cron job that later Puppet generates IBBoard <dev@ibboard.co.uk> parents: 78 diff changeset	748 command => '/usr/local/bin/puppet-apply \| grep -v "Compiled catalog for\\|Finished catalog run in"',
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	749 hour => '*/6',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	750 minute => 5
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	751 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	752 cron { 'purgecaches':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	753 command => "/usr/local/bin/purge-caches",
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	754 hour => '4',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	755 minute => '15',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	756 weekday => '1',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	757 }
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	758 # Notify of uncommitted files
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	759 cron { 'check-mercurial-committed':
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	760 command => "/usr/local/bin/check-hg-status",
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	761 hour => '4',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	762 minute => '20',
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	763 weekday => '0-6/3', #Sunday, Wednesday and Saturday morning
956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	764 }
93 74678cd7a200 Run cron job to notify of available updates IBBoard <dev@ibboard.co.uk> parents: 91 diff changeset	765 # Notify of available updates
74678cd7a200 Run cron job to notify of available updates IBBoard <dev@ibboard.co.uk> parents: 91 diff changeset	766 cron { 'check-yum-updates':
96 009a7a75ddfd Remove repo checking cruft from potential Yum Check Update cron job output IBBoard <dev@ibboard.co.uk> parents: 95 diff changeset	767 command => '/usr/bin/yum check-updates \| tail -2 \| grep -Ev "^ \* \w+: \w+"',
93 74678cd7a200 Run cron job to notify of available updates IBBoard <dev@ibboard.co.uk> parents: 91 diff changeset	768 hour => '4',
74678cd7a200 Run cron job to notify of available updates IBBoard <dev@ibboard.co.uk> parents: 91 diff changeset	769 minute => '30',
74678cd7a200 Run cron job to notify of available updates IBBoard <dev@ibboard.co.uk> parents: 91 diff changeset	770 weekday => '0-6/3', #Sunday, Wednesday and Saturday morning
74678cd7a200 Run cron job to notify of available updates IBBoard <dev@ibboard.co.uk> parents: 91 diff changeset	771 }
97 b69e3f6708d6 Add another regular command to check that we've not got services requiring a restart IBBoard <dev@ibboard.co.uk> parents: 96 diff changeset	772 # And check whether anything needs restarting
b69e3f6708d6 Add another regular command to check that we've not got services requiring a restart IBBoard <dev@ibboard.co.uk> parents: 96 diff changeset	773 cron { 'check-needs-restarting':
b69e3f6708d6 Add another regular command to check that we've not got services requiring a restart IBBoard <dev@ibboard.co.uk> parents: 96 diff changeset	774 command => '/usr/bin/needs-restarting\|grep -v "/usr/lib/systemd\\|/usr/sbin/lvmetad\\|/usr/lib/polkit-1/polkitd"',
b69e3f6708d6 Add another regular command to check that we've not got services requiring a restart IBBoard <dev@ibboard.co.uk> parents: 96 diff changeset	775 hour => '4',
b69e3f6708d6 Add another regular command to check that we've not got services requiring a restart IBBoard <dev@ibboard.co.uk> parents: 96 diff changeset	776 minute => '45',
b69e3f6708d6 Add another regular command to check that we've not got services requiring a restart IBBoard <dev@ibboard.co.uk> parents: 96 diff changeset	777 weekday => '0-6/3', #Sunday, Wednesday and Saturday morning
b69e3f6708d6 Add another regular command to check that we've not got services requiring a restart IBBoard <dev@ibboard.co.uk> parents: 96 diff changeset	778 }
0 956e484adc12 Initial public release of Puppet configs IBBoard <dev@ibboard.co.uk> parents: diff changeset	779 }

Mercurial > repos > other > Puppet

annotate manifests/templates.pp @ 148:d9fcabc75a1e puppet-3.6