Mercurial > repos > other > Puppet

comparison manifests/templates.pp @ 449:4a6ad700cded

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update config for real Raspberry Pi host * Add node config * Change Amavis setup because of Ubuntu differences * Change secondary IP address setup because Ubuntu still uses older networking approach * Make Postfix config more flexible
author IBBoard <dev@ibboard.co.uk>
date Wed, 26 Jul 2023 15:30:19 +0100
parents 460bf6514bd8
children dc725b618258
comparison
equal deleted inserted replaced
448:460bf6514bd8 449:4a6ad700cded
60 } 60 }
61 } 61 }
62 62
63 class basevpsnode ( 63 class basevpsnode (
64 $primary_ip, 64 $primary_ip,
65 $gateway_ip = undef,
65 $proxy_4to6_ip_prefix = undef, 66 $proxy_4to6_ip_prefix = undef,
66 $proxy_upstream = undef, 67 $proxy_upstream = undef,
67 $nat64_ranges = [], 68 $nat64_ranges = [],
68 $mailserver, 69 $mailserver,
69 $imapserver, 70 $imapserver,
87 ensure => present, 88 ensure => present,
88 content => "${lo_ip} localhost\n${primary_ip} ${fqdn}", 89 content => "${lo_ip} localhost\n${primary_ip} ${fqdn}",
89 } 90 }
90 91
91 if $proxy_4to6_ip_prefix != undef { 92 if $proxy_4to6_ip_prefix != undef {
92 # …:1 to …:9 for websites, …:10 for mail 93 if $operatingsystem == 'Ubuntu' {
93 $ipv6_addresses = Integer[1, 10].map |$octet| { "$proxy_4to6_ip_prefix:$octet" } 94 # Ubuntu can't parse the existing file, so we need to brute-force it with a template
94 95 file { "/etc/network/interfaces.d/eth0":
95 $ipv6_secondaries = join($ipv6_addresses, " ") 96 content => epp('privat/eth0.epp',
96 97 {
97 augeas {'IPv6 secondary addresses': 98 default_address => $primary_ip,
98 context => "/files/etc/sysconfig/network-scripts/ifcfg-eth0", 99 gateway_address => $gateway_ip,
99 changes => "set IPV6ADDR_SECONDARIES '\"$ipv6_secondaries\"'", 100 prefix_address => $proxy_4to6_ip_prefix,
101 }
102 ),
103 }
104
105 # # …:1 to …:9 for websites, …:10 for mail
106 # Integer[1, 10].each |$octet| {
107 # augeas { "IPv6 secondary address $octet":
108 # context => "/files/etc/network/interfaces.d/eth0",
109 # changes => [
110 # "set auto[child::1 = 'eth0:$octet']/1 eth0:$octet",
111 # "set no-auto-down[child::1 = 'eth0:$octet']/1 eth0:$octet",
112 # "set iface[. = 'eth0:$octet'] eth0:$octet",
113 # "set iface[. = 'eth0:$octet']/family inet6",
114 # "set iface[. = 'eth0:$octet']/method static",
115 # "set iface[. = 'eth0:$octet']/address $proxy_4to6_ip_prefix:$octet",
116 # "set iface[. = 'eth0:$octet']/netmask 64",
117 #
118 # ],
119 # }
120 # }
121 }
122 else {
123 # …:1 to …:9 for websites, …:10 for mail
124 $ipv6_addresses = Integer[1, 10].map |$octet| { "$proxy_4to6_ip_prefix:$octet" }
125 $ipv6_secondaries = join($ipv6_addresses, " ")
126
127 augeas {'IPv6 secondary addresses':
128 context => "/files/etc/sysconfig/network-scripts/ifcfg-eth0",
129 changes => "set IPV6ADDR_SECONDARIES '\"$ipv6_secondaries\"'",
130 }
100 } 131 }
101 } 132 }
102 133
103 require repos 134 require repos
104 include basenode 135 include basenode
227 "puppet:///common/unbound.conf", 258 "puppet:///common/unbound.conf",
228 ], 259 ],
229 require => Package['unbound'], 260 require => Package['unbound'],
230 notify => Service['unbound'], 261 notify => Service['unbound'],
231 } 262 }
232 file { '/etc/NetworkManager/conf.d': 263 file { ['/etc/NetworkManager', '/etc/NetworkManager/conf.d']:
233 ensure => directory 264 ensure => directory
234 } 265 }
235 file { '/etc/NetworkManager/conf.d/local-dns-resolver.conf': 266 file { '/etc/NetworkManager/conf.d/local-dns-resolver.conf':
236 ensure => present, 267 ensure => present,
237 content => "[main] 268 content => "[main]
339 package { $packages: 370 package { $packages:
340 ensure => installed; 371 ensure => installed;
341 } 372 }
342 if $osfamily == 'RedHat' { 373 if $osfamily == 'RedHat' {
343 package { 'yum-utils': 374 package { 'yum-utils':
375 ensure => installed
376 }
377 }
378 elsif $osfamily == 'Debian' {
379 package { 'dnsutils':
344 ensure => installed 380 ensure => installed
345 } 381 }
346 } 382 }
347 } 383 }
348 384
640 } 676 }
641 } 677 }
642 678
643 class ibboardvpsnode ( 679 class ibboardvpsnode (
644 $primary_ip, 680 $primary_ip,
681 $gateway_ip = undef,
645 $proxy_4to6_ip_prefix = undef, 682 $proxy_4to6_ip_prefix = undef,
646 $proxy_upstream = undef, 683 $proxy_upstream = undef,
647 $nat64_ranges = [], 684 $nat64_ranges = [],
648 $mailserver, 685 $mailserver,
649 $imapserver, 686 $imapserver,
650 $mailrelays = [], 687 $mailrelays = [],
651 $firewall_cmd = 'iptables', 688 $firewall_cmd = 'iptables',
652 ){ 689 ){
653 class { 'basevpsnode': 690 class { 'basevpsnode':
654 primary_ip => $primary_ip, 691 primary_ip => $primary_ip,
692 gateway_ip => $gateway_ip,
655 proxy_4to6_ip_prefix => $proxy_4to6_ip_prefix, 693 proxy_4to6_ip_prefix => $proxy_4to6_ip_prefix,
656 proxy_upstream => $proxy_upstream, 694 proxy_upstream => $proxy_upstream,
657 nat64_ranges => $nat64_ranges, 695 nat64_ranges => $nat64_ranges,
658 mailserver => $mailserver, 696 mailserver => $mailserver,
659 imapserver => $imapserver, 697 imapserver => $imapserver,
912 # Unspecified SpamAssassin config dependencies that started 950 # Unspecified SpamAssassin config dependencies that started
913 # showing up as errors in our logs 951 # showing up as errors in our logs
914 if $osfamily == 'RedHat' { 952 if $osfamily == 'RedHat' {
915 $spamassassin_deps = ['perl-File-MimeInfo'] 953 $spamassassin_deps = ['perl-File-MimeInfo']
916 $spamassassin_dir = '/etc/mail/spamassassin/' 954 $spamassassin_dir = '/etc/mail/spamassassin/'
917 $amavis_dir = '/etc/amavisd/' 955 $amavis_config = '/etc/amavisd/amavisd.conf'
956 $amavis_rundir = '/var/run/amavisd'
957 $amavis_spooldir = '/var/spool/amavisd'
958 $amavis_quarantinedir = '$HOME_DIR/quarantine'
918 $amavis_service = 'amavisd' 959 $amavis_service = 'amavisd'
919 # CentOS has a Clam service, but we call on demand (Ubuntu doesn't have a service) 960 # CentOS has a Clam service, but we call on demand (Ubuntu doesn't have a service)
920 service { 'clamd@amavisd': 961 service { 'clamd@amavisd':
921 ensure => 'stopped', 962 ensure => 'stopped',
922 enable=> 'mask', 963 enable=> 'mask',
923 } 964 }
924 } 965 }
925 elsif $osfamily == 'Debian' { 966 elsif $osfamily == 'Debian' {
926 $spamassassin_deps = ['libfile-mimeinfo-perl'] 967 $spamassassin_deps = ['libfile-mimeinfo-perl']
927 $spamassassin_dir = '/etc/spamassassin/' 968 $spamassassin_dir = '/etc/spamassassin/'
928 $amavis_dir = '/etc/amavis/' 969 $amavis_config = '/etc/amavis/conf.d/60-puppeted'
970 $amavis_rundir = '/var/run/amavis'
971 $amavis_spooldir = '/var/lib/amavis'
972 $amavis_quarantinedir = '$HOME_DIR/virusmails'
929 $amavis_service = 'amavis' 973 $amavis_service = 'amavis'
930 } 974 }
931 package { $spamassassin_deps: 975 package { $spamassassin_deps:
932 ensure => installed, 976 ensure => installed,
933 } 977 }
937 } 981 }
938 service { $amavis_service: 982 service { $amavis_service:
939 ensure => 'running', 983 ensure => 'running',
940 enable => 'true', 984 enable => 'true',
941 } 985 }
942 file { "${amavis_dir}amavisd.conf": 986 file { $amavis_config:
943 ensure => present, 987 ensure => present,
944 source => 'puppet:///private/postfix/amavisd.conf', 988 content => epp('privat/postfix/amavis.conf.epp',
989 {
990 fqdn => $::fqdn,
991 rundir => $amavis_rundir,
992 spooldir => $amavis_spooldir,
993 quarantinedir => $amavis_quarantinedir,
994 }
995 ),
945 tag => 'av', 996 tag => 'av',
946 } 997 }
947 file { "${spamassassin_dir}local.cf": 998 file { "${spamassassin_dir}local.cf":
948 ensure => present, 999 ensure => present,
949 source => 'puppet:///private/postfix/spamassassin-local.cf', 1000 source => 'puppet:///private/postfix/spamassassin-local.cf',