tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' of https://bitbucket.org/tmakinen/puppet

Browse source
This commit is contained in:
Lari Huttunen 2013-02-28 16:35:46 +01:00
commit 2217bca3a1
42 changed files with 622 additions and 130 deletions
Download patch file Download diff file Expand all files Collapse all files

14
Makefile
View file

@ -1,12 +1,16 @@
MODULES := $(shell find * -type d -prune)
MODULES = $(shell find */manifests/init.pp | sed -e 's/^\([^\/]*\).*/\1/') MANIFESTS := $(shell find . -name \*.pp)
MANIFESTS = $(shell find . -name \*.pp) MODULESDIR := /etc/puppet/modules-$(shell date +%Y-%m-%d)
TARFLAGS = --owner=root --group=root --mode g-w,o=g --exclude=.git --exclude=rdoc
all: puppet-modules.tar.gz all: puppet-modules.tar.gz
puppet-modules.tar.gz: $(MODULES) LICENSE CREDITS Makefile.inc puppet-modules.tar.gz: $(MODULES) LICENSE CREDITS Makefile.inc
umask 022 ; tar zcvf $@ --owner=root --group=root \ umask 022 ; tar zcvf $@ $(TARFLAGS) $^
--mode g-w,o=g --exclude=.git --exclude=rdoc $^
install: $(MODULES) LICENSE CREDITS Makefile.inc
@umask 022 ; mkdir -p $(MODULESDIR) && \
tar cf - $(TARFLAGS) $^ | tar xvf - -C $(MODULESDIR)
check: check:
@which puppet > /dev/null 2>&1 || ( \ @which puppet > /dev/null 2>&1 || ( \

81
abusehelper/files/botnet.init Normal file
View file

@ -0,0 +1,81 @@
#!/bin/sh
# chkconfig: 2345 85 60
# description: AbuseHelper botnets
# processname: botnet
### BEGIN INIT INFO
# Provides: botnet
# Required-Start: $local_fs $network $syslog
# Should-Start:
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: AbuseHelper botnets
# Description: AbuseHelper botnets
### END INIT INFO
if [ $(id -u) != "0" ]; then
echo "This script must be run with root privileges." && exit 1
fi
if [ -s /etc/default/botnet ]; then
. /etc/default/botnet
elif [ -s /etc/sysconfig/botnet ]; then
. /etc/sysconfig/botnet
fi
if [ -z "${BOTUSER}" ]; then
echo "$0: no BOTUSER defined"
exit 1
fi
if [ -z "${BOTNETS}" ]; then
echo "$0: no BOTNETS defined"
exit 1
fi
start_botnets() {
for botnet in ${BOTNETS}; do
echo -n "${botnet}: "
test -d ${botnet} || { echo "No such directory."; continue; }
su -s /bin/sh - ${BOTUSER} \
-c "umask 007 ; cd ${botnet} && botnet start ."
done
}
stop_botnets() {
for botnet in ${BOTNETS}; do
echo -n "${botnet}: "
test -d ${botnet} || { echo "No such directory."; continue; }
su -s /bin/sh - ${BOTUSER} \
-c "umask 007 ; cd ${botnet} && botnet stop ."
done
}
restart_botnets() {
for botnet in ${BOTNETS}; do
echo -n "${botnet}: "
test -d ${botnet} || { echo "No such directory."; continue; }
su -s /bin/sh - ${BOTUSER} \
-c "umask 007 ; cd ${botnet} && botnet restart ."
done
}
case "$1" in
start)
start_botnets
;;
stop)
stop_botnets
;;
restart)
restart_botnets
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
;;
esac
exit 0

53
abusehelper/manifests/init.pp
View file

@ -1,4 +1,12 @@
# Install abusehelper from svn. # Install abusehelper.
#
# === Global variables
#
# $abusehelper_botnets
# Array of botnet paths to start at boot.
#
# $abusehelper_user
# User botnets run as. Defaults to 'abusehel'.
# #
class abusehelper { class abusehelper {
@ -105,4 +113,47 @@ class abusehelper {
} }
} }
if !$abusehelper_user {
$abusehelper_user = "abusehel"
}
if $abusehelper_botnets {
file { "/etc/sysconfig/botnet":
ensure => present,
name => $::operatingsystem ? {
"debian" => "/etc/default/botnet",
"ubuntu" => "/etc/default/botnet",
default => "/etc/sysconfig/botnet",
},
mode => "0644",
owner => "root",
group => "root",
content => template("abusehelper/botnet.sysconfig.erb"),
before => Service["botnet"],
}
file { "/etc/init.d/botnet":
ensure => present,
mode => "0755",
owner => "root",
group => "root",
source => "puppet:///modules/abusehelper/botnet.init",
notify => Exec["add-service-botnet"],
}
exec { "add-service-botnet":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => $::operatingsystem ? {
"debian" => "update-rc.d botnet defaults",
"ubuntu" => "update-rc.d botnet defaults",
default => "chkconfig --add botnet",
},
refreshonly => true,
before => Service["botnet"],
}
service { "botnet":
enable => true,
}
}
} }

2
abusehelper/templates/botnet.sysconfig.erb Normal file
View file

@ -0,0 +1,2 @@
BOTUSER="<%= abusehelper_user %>"
BOTNETS="<%= abusehelper_botnets.join(" ") %>"

2
apache/files/mod_wsgi.conf Normal file
View file

@ -0,0 +1,2 @@
LoadModule wsgi_module modules/mod_wsgi.so
WSGISocketPrefix /var/run/mod_wsgi/wsgi

8
apache/manifests/debian.pp
View file

@ -180,7 +180,8 @@ class apache::debian::sslserver inherits apache::debian::common {
} }
define apache::debian::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain) { define apache::debian::sslsite($first, $ipaddr, $root,
$ssl_cert, $ssl_key, $ssl_chain) {
if $name == "default" { if $name == "default" {
$site_fqdn = $homename $site_fqdn = $homename
@ -253,8 +254,13 @@ define apache::debian::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain)
} }
} }
if $first == true {
$site_conf = "/etc/apache2/sites-enabled/00-${site_fqdn}-ssl.conf"
$site_confdir = "/etc/apache2/sites-enabled/00-${site_fqdn}-ssl.d"
} else {
$site_conf = "/etc/apache2/sites-enabled/${site_fqdn}-ssl.conf" $site_conf = "/etc/apache2/sites-enabled/${site_fqdn}-ssl.conf"
$site_confdir = "/etc/apache2/sites-enabled/${site_fqdn}-ssl.d" $site_confdir = "/etc/apache2/sites-enabled/${site_fqdn}-ssl.d"
}
file { $site_conf: file { $site_conf:
ensure => present, ensure => present,

21
apache/manifests/init.pp
View file

@ -81,10 +81,17 @@ class apache::common {
group => "root", group => "root",
seltype => "httpd_rotatelogs_exec_t", seltype => "httpd_rotatelogs_exec_t",
} }
if $::operatingsystem == "Fedora" and $::operatingsystemrelease > 17 {
selinux::manage_fcontext { "/usr/sbin/www-logrotate.sh":
type => "httpd_rotatelogs_exec_t",
before => File["/usr/local/sbin/www-logrotate.sh"],
}
} else {
selinux::manage_fcontext { "/usr/local/sbin/www-logrotate.sh": selinux::manage_fcontext { "/usr/local/sbin/www-logrotate.sh":
type => "httpd_rotatelogs_exec_t", type => "httpd_rotatelogs_exec_t",
before => File["/usr/local/sbin/www-logrotate.sh"], before => File["/usr/local/sbin/www-logrotate.sh"],
} }
}
cron { "www-logrotate": cron { "www-logrotate":
ensure => present, ensure => present,
@ -248,6 +255,9 @@ class apache::sslserver::listen {
# #
# $name: # $name:
# FQDN of virtual host. # FQDN of virtual host.
# $first:
# Bool for whether this is the first (default) vhost
# when using NameVirtualHost. Defaults to false.
# $ipaddr: # $ipaddr:
# IP address of virtual host. Defaults to _default_. # IP address of virtual host. Defaults to _default_.
# $root: # $root:
@ -267,7 +277,7 @@ class apache::sslserver::listen {
# ssl_key => "puppet:///path/to/www.example.com.key", # ssl_key => "puppet:///path/to/www.example.com.key",
# } # }
# #
define apache::sslsite($ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="", $ssl_chain="") { define apache::sslsite($first=false, $ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="", $ssl_chain="") {
include apache::sslserver::listen include apache::sslserver::listen
@ -275,6 +285,7 @@ define apache::sslsite($ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="",
"debian","ubuntu": { "debian","ubuntu": {
$apache_ssldir = "/etc/ssl" $apache_ssldir = "/etc/ssl"
apache::debian::sslsite { $name: apache::debian::sslsite { $name:
first => $first,
ipaddr => $ipaddr, ipaddr => $ipaddr,
root => $root, root => $root,
ssl_cert => $ssl_cert, ssl_cert => $ssl_cert,
@ -286,6 +297,7 @@ define apache::sslsite($ipaddr="_default_", $root="", $ssl_cert="", $ssl_key="",
"centos","redhat","fedora": { "centos","redhat","fedora": {
$apache_ssldir = "/etc/pki/tls" $apache_ssldir = "/etc/pki/tls"
apache::redhat::sslsite { $name: apache::redhat::sslsite { $name:
first => $first,
ipaddr => $ipaddr, ipaddr => $ipaddr,
root => $root, root => $root,
ssl_cert => $ssl_cert, ssl_cert => $ssl_cert,
@ -674,8 +686,15 @@ class apache::mod::wsgi {
} }
"centos","redhat","fedora": { "centos","redhat","fedora": {
apache::configfile { "wsgi.conf": apache::configfile { "wsgi.conf":
source => "puppet:///modules/apache/mod_wsgi.conf",
require => Package["mod_wsgi"], require => Package["mod_wsgi"],
} }
file { "/var/run/mod_wsgi":
ensure => directory,
mode => "0755",
owner => "root",
group => "root",
}
} }
default: { default: {
fail("Apache module not supported in ${::operatingsystem}.") fail("Apache module not supported in ${::operatingsystem}.")

19
apache/manifests/redhat.pp
View file

@ -76,8 +76,9 @@ define apache::redhat::site($aliases, $root, $redirect) {
file { "/srv/www/log/http/${site_fqdn}": file { "/srv/www/log/http/${site_fqdn}":
ensure => directory, ensure => directory,
mode => "0755", mode => "0755",
owner => root, owner => "root",
group => root, group => "root",
seltype => "httpd_log_t",
before => File[$site_conf], before => File[$site_conf],
} }
} }
@ -176,6 +177,12 @@ class apache::redhat::sslserver {
mode => "0755", mode => "0755",
owner => "root", owner => "root",
group => "root", group => "root",
notify => Exec["chkconfig --add httpsd"],
}
exec { "chkconfig --add httpsd":
user => "root",
path => "/bin:/usr/bin:/sbin:/usr/sbin",
refreshonly => true,
before => Service["httpsd"], before => Service["httpsd"],
} }
} }
@ -212,7 +219,8 @@ class apache::redhat::sslserver {
} }
define apache::redhat::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain) { define apache::redhat::sslsite($first, $ipaddr, $root,
$ssl_cert, $ssl_key, $ssl_chain) {
if $name == "default" { if $name == "default" {
$site_fqdn = $homename $site_fqdn = $homename
@ -286,8 +294,13 @@ define apache::redhat::sslsite($ipaddr, $root, $ssl_cert, $ssl_key, $ssl_chain)
} }
} }
if $first == true {
$site_conf = "/etc/httpd/site.https.d/00-${site_fqdn}.conf"
$site_confdir = "/etc/httpd/site.https.d/00-${site_fqdn}.d"
} else {
$site_conf = "/etc/httpd/site.https.d/${site_fqdn}.conf" $site_conf = "/etc/httpd/site.https.d/${site_fqdn}.conf"
$site_confdir = "/etc/httpd/site.https.d/${site_fqdn}.d" $site_confdir = "/etc/httpd/site.https.d/${site_fqdn}.d"
}
file { $site_conf: file { $site_conf:
ensure => present, ensure => present,

4
apache/templates/httpsd.conf.erb
View file

@ -145,6 +145,9 @@ MaxRequestsPerChild 0
# Example: # Example:
# LoadModule foo_module modules/mod_foo.so # LoadModule foo_module modules/mod_foo.so
# #
<% if operatingsystem == 'Fedora' and operatingsystemrelease.to_i > 17 -%>
Include conf.modules.d/*.conf
<% else -%>
LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so LoadModule authn_file_module modules/mod_authn_file.so
@ -199,6 +202,7 @@ LoadModule mem_cache_module modules/mod_mem_cache.so
<% end -%> <% end -%>
LoadModule cgi_module modules/mod_cgi.so LoadModule cgi_module modules/mod_cgi.so
LoadModule version_module modules/mod_version.so LoadModule version_module modules/mod_version.so
<% end -%>
# #
# The following modules are not loaded by default: # The following modules are not loaded by default:

4
apache/templates/ssl.conf.erb
View file

@ -3,7 +3,7 @@ LoadModule ssl_module modules/mod_ssl.so
</IfModule> </IfModule>
Listen 443 Listen 443
<% if ['CentOS','RedHat'].index(operatingsystem) or operatingsystem == 'Fedora' -%> <% if ['Fedora','CentOS','RedHat'].index(operatingsystem) -%>
## ##
## SSL Global Context ## SSL Global Context
## ##
@ -30,11 +30,13 @@ SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300 SSLSessionCacheTimeout 300
<% unless operatingsystem == 'Fedora' and operatingsystemrelease.to_i > 17 -%>
# Semaphore: # Semaphore:
# Configure the path to the mutual exclusion semaphore the # Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization. # SSL engine uses internally for inter-process synchronization.
SSLMutex default SSLMutex default
<% end -%>
# Pseudo Random Number Generator (PRNG): # Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the # Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality. # SSL library. The seed data should be of good random quality.

2
dns/files/named.conf.options
View file

@ -1,7 +1,7 @@
options { options {
listen-on { any; }; listen-on { any; };
listen-on-v6 { none; }; listen-on-v6 { any; };
allow-query { any; }; allow-query { any; };
allow-recursion { trusted; }; allow-recursion { trusted; };

4
dns/manifests/init.pp
View file

@ -371,6 +371,10 @@ define dns::zone($role = "master", $master = "", $slaves = [], $forwarders = [],
"master" => File["${dns::server::chroot}${zonedir}/db.${zonefile}"], "master" => File["${dns::server::chroot}${zonedir}/db.${zonefile}"],
default => undef, default => undef,
}, },
require => $::operatingsystem ? {
"openbsd" => undef,
default => Package["bind"],
},
} }
} }
} }

6
etherpadlite/README.CentOS Normal file
View file

@ -0,0 +1,6 @@
yum install v8-devel openssl-devel zlib-devel
mkdir /usr/local/src/nodejs && cd /usr/local/src/nodejs
wget http://nodejs.org/dist/node-latest.tar.gz
tar xzvf node-latest.tar.gz && cd node-v*
./configure --shared-v8 --shared-openssl --shared-zlib
make install

14
firewall/manifests/init.pp
View file

@ -111,6 +111,17 @@ class firewall::common::iptables {
} }
$ip6states = versioncmp($::kernelversion, "2.6.20") $ip6states = versioncmp($::kernelversion, "2.6.20")
if $::operatingsystem == "Fedora" and $::operatingsystemrelease > 17 {
package { "firewall-config":
ensure => absent,
before => Package["firewalld"],
}
package { "firewalld":
ensure => absent,
before => Package["iptables"],
}
}
package { "iptables": package { "iptables":
ensure => installed, ensure => installed,
name => $::operatingsystem ? { name => $::operatingsystem ? {
@ -119,7 +130,8 @@ class firewall::common::iptables {
"debian" => [ "iptables", "iptables-persistent" ], "debian" => [ "iptables", "iptables-persistent" ],
"fedora" => $::operatingsystemrelease ? { "fedora" => $::operatingsystemrelease ? {
/^1[0-5]/ => [ "iptables", "iptables-ipv6" ], /^1[0-5]/ => [ "iptables", "iptables-ipv6" ],
default => "iptables", /^1[6-7]/ => "iptables",
default => [ "iptables", "iptables-services" ],
}, },
"ubuntu" => [ "iptables", "iptables-persistent" ], "ubuntu" => [ "iptables", "iptables-persistent" ],
}, },

10
git/manifests/init.pp
View file

@ -36,6 +36,7 @@ class git::server {
ensure => directory, ensure => directory,
mode => "0755", mode => "0755",
owner => "root", owner => "root",
seltype => "git_system_content_t",
group => "root", group => "root",
} }
file { "/srv/git": file { "/srv/git":
@ -49,22 +50,15 @@ class git::server {
mode => "0755", mode => "0755",
owner => "root", owner => "root",
group => "root", group => "root",
seltype => "httpd_sys_content_t",
} }
} }
if "${selinux}" == "true" {
selinux::manage_fcontext { "/srv/git(/.*)?":
type => "httpd_sys_content_t",
before => File["/srv/git"],
}
if $git_datadir { if $git_datadir {
selinux::manage_fcontext { "${git_datadir}(/.*)?": selinux::manage_fcontext { "${git_datadir}(/.*)?":
type => "httpd_sys_content_t", type => "git_system_content_t",
before => File[$git_datadir], before => File[$git_datadir],
} }
} }
}
} }

4
kerberos/manifests/init.pp
View file

@ -74,6 +74,8 @@ class kerberos::client {
# #
class kerberos::auth { class kerberos::auth {
include pam::common
include kerberos::client include kerberos::client
$kdclist = inline_template('<%= kerberos_kdc.join(" ") -%>') $kdclist = inline_template('<%= kerberos_kdc.join(" ") -%>')
@ -86,7 +88,7 @@ class kerberos::auth {
path => "/bin:/usr/bin:/sbin:/usr/sbin", path => "/bin:/usr/bin:/sbin:/usr/sbin",
unless => "egrep '^USEKERBEROS=yes\$' /etc/sysconfig/authconfig", unless => "egrep '^USEKERBEROS=yes\$' /etc/sysconfig/authconfig",
before => Class["kerberos::client"], before => Class["kerberos::client"],
require => Package["pam_krb5"], require => Package["authconfig", "pam_krb5"],
} }
} }
default: { default: {

51
ldap/manifests/init.pp
View file

@ -14,6 +14,8 @@
# #
class ldap::auth inherits ldap::client { class ldap::auth inherits ldap::client {
include pam::common
tag("bootstrap") tag("bootstrap")
$ldap_uri = inline_template('<%= ldap_server.join(" ") -%>') $ldap_uri = inline_template('<%= ldap_server.join(" ") -%>')
@ -31,7 +33,7 @@ class ldap::auth inherits ldap::client {
before => [ Augeas["nslcd-conf"], before => [ Augeas["nslcd-conf"],
Augeas["pam-ldap-conf"], Augeas["pam-ldap-conf"],
File["/etc/openldap/ldap.conf"], ], File["/etc/openldap/ldap.conf"], ],
require => Package["nss-pam-ldapd"], require => Package["authconfig", "nss-pam-ldapd"],
} }
augeas { "nslcd-conf": augeas { "nslcd-conf":
changes => [ "set pagesize 500", changes => [ "set pagesize 500",
@ -69,7 +71,7 @@ class ldap::auth inherits ldap::client {
unless => 'cat /etc/sysconfig/authconfig | egrep "^USELDAPAUTH=yes$|^USELDAP=yes$" | wc -l | egrep "^2$"', unless => 'cat /etc/sysconfig/authconfig | egrep "^USELDAPAUTH=yes$|^USELDAP=yes$" | wc -l | egrep "^2$"',
before => [ Augeas["pam-ldap-conf"], before => [ Augeas["pam-ldap-conf"],
File["/etc/openldap/ldap.conf"], ], File["/etc/openldap/ldap.conf"], ],
require => Package["nss_ldap"], require => Package["authconfig", "nss_ldap"],
} }
augeas { "pam-ldap-conf": augeas { "pam-ldap-conf":
context => "/files/etc/ldap.conf", context => "/files/etc/ldap.conf",
@ -100,7 +102,7 @@ class ldap::auth inherits ldap::client {
path => "/bin:/usr/bin:/sbin:/usr/sbin", path => "/bin:/usr/bin:/sbin:/usr/sbin",
unless => 'cat /etc/sysconfig/authconfig | egrep "^USELDAPAUTH=yes$|^USELDAP=yes$" | wc -l | egrep "^2$"', unless => 'cat /etc/sysconfig/authconfig | egrep "^USELDAPAUTH=yes$|^USELDAP=yes$" | wc -l | egrep "^2$"',
before => Augeas["sssd-conf"], before => Augeas["sssd-conf"],
require => [ Package["sssd"], Package["pam_ldap"], ], require => Package["authconfig", "sssd", "pam_ldap"],
} }
augeas { "sssd-conf": augeas { "sssd-conf":
changes => [ changes => [
@ -363,7 +365,7 @@ class ldap::server {
command => "usermod -a -G ssl-cert openldap", command => "usermod -a -G ssl-cert openldap",
unless => "id -n -G openldap | grep '\\bssl-cert\\b'", unless => "id -n -G openldap | grep '\\bssl-cert\\b'",
require => Package["openldap-server"], require => Package["openldap-server"],
before => Service["slapd"], before => Exec["slaptest"],
} }
} }
"fedora": { "fedora": {
@ -422,7 +424,7 @@ class ldap::server {
default => "root", default => "root",
}, },
require => Package["openldap-server"], require => Package["openldap-server"],
notify => Service["slapd"], notify => Exec["slaptest"],
} }
file { "${ssl::private}/slapd.key": file { "${ssl::private}/slapd.key":
ensure => present, ensure => present,
@ -431,7 +433,7 @@ class ldap::server {
owner => "root", owner => "root",
group => $group, group => $group,
require => Package["openldap-server"], require => Package["openldap-server"],
notify => Service["slapd"], notify => Exec["slaptest"],
} }
file { "slapd.conf": file { "slapd.conf":
@ -441,7 +443,7 @@ class ldap::server {
mode => "0640", mode => "0640",
owner => "root", owner => "root",
group => $group, group => $group,
notify => Service["slapd"], notify => Exec["slaptest"],
require => Package["openldap-server"], require => Package["openldap-server"],
} }
file { "${config}/slapd.conf.d": file { "${config}/slapd.conf.d":
@ -466,7 +468,7 @@ class ldap::server {
mode => "0644", mode => "0644",
owner => "root", owner => "root",
group => "root", group => "root",
notify => Service["slapd"], notify => Exec["slaptest"],
require => Package["openldap-server"], require => Package["openldap-server"],
} }
} }
@ -477,12 +479,20 @@ class ldap::server {
mode => "0644", mode => "0644",
owner => "root", owner => "root",
group => "root", group => "root",
notify => Service["slapd"], notify => Exec["slaptest"],
require => Package["openldap-server"], require => Package["openldap-server"],
} }
} }
} }
exec { "slaptest":
command => "slaptest",
path => "/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin",
refreshonly => true,
require => File["${config}/slapd.conf.d"],
notify => Service["slapd"],
}
service { "slapd": service { "slapd":
name => $service_name, name => $service_name,
start => $::operatingsystem ? { start => $::operatingsystem ? {
@ -560,7 +570,7 @@ class ldap::server {
path => "/bin:/usr/bin:/sbin:/usr/sbin", path => "/bin:/usr/bin:/sbin:/usr/sbin",
refreshonly => true, refreshonly => true,
require => File["${config}/slapd.conf.d"], require => File["${config}/slapd.conf.d"],
notify => Service["slapd"], notify => Exec["slaptest"],
} }
ldap::server::schema { [ "core", "cosine", "ppolicy", ]: ldap::server::schema { [ "core", "cosine", "ppolicy", ]:
idx => 10, idx => 10,
@ -572,13 +582,13 @@ class ldap::server {
owner => "root", owner => "root",
group => $group, group => $group,
require => Exec["generate-slapd-database-config"], require => Exec["generate-slapd-database-config"],
notify => Service["slapd"], notify => Exec["slaptest"],
} }
exec { "generate-slapd-database-config": exec { "generate-slapd-database-config":
command => "find ${config}/slapd.conf.d/db.*.conf -exec echo 'include {}' \\; > ${config}/slapd.conf.d/database.conf", command => "find ${config}/slapd.conf.d/db.*.conf -exec echo 'include {}' \\; > ${config}/slapd.conf.d/database.conf",
path => "/bin:/usr/bin:/sbin:/usr/sbin", path => "/bin:/usr/bin:/sbin:/usr/sbin",
refreshonly => true, refreshonly => true,
notify => Service["slapd"], notify => Exec["slaptest"],
} }
} }
@ -601,6 +611,9 @@ class ldap::server {
# Password for uid=replicator,cn=config,${name} user on master. # Password for uid=replicator,cn=config,${name} user on master.
# Only needed for slave databases. # Only needed for slave databases.
# #
# $rid:
# Replica ID. Must be unique per replica per database.
#
# $moduleoptions: # $moduleoptions:
# Options for overlay modules. # Options for overlay modules.
# #
@ -610,10 +623,16 @@ class ldap::server {
# moduleoptions => [ "smbkrb5pwd-enable=samba", ] # moduleoptions => [ "smbkrb5pwd-enable=samba", ]
# } # }
# #
define ldap::server::database($aclsource = "", $master = "", $syncpw = "", $moduleoptions = []) { define ldap::server::database($aclsource = "", $master = "", $syncpw = "", $rid = "", $moduleoptions = []) {
include ldap::server include ldap::server
if $rid == "" {
$rid_real = fqdn_rand(999)
} else {
$rid_real = $rid
}
file { "${ldap::server::config}/slapd.conf.d/db.${name}.conf": file { "${ldap::server::config}/slapd.conf.d/db.${name}.conf":
ensure => present, ensure => present,
content => template("ldap/slapd-database.conf.erb"), content => template("ldap/slapd-database.conf.erb"),
@ -636,7 +655,7 @@ define ldap::server::database($aclsource = "", $master = "", $syncpw = "", $modu
mode => "0640", mode => "0640",
owner => "root", owner => "root",
group => $ldap::server::group, group => $ldap::server::group,
notify => Service["slapd"], notify => Exec["slaptest"],
} }
file { "${ldap::server::config}/slapd.conf.d/index.${name}.conf": file { "${ldap::server::config}/slapd.conf.d/index.${name}.conf":
@ -647,7 +666,7 @@ define ldap::server::database($aclsource = "", $master = "", $syncpw = "", $modu
mode => "0640", mode => "0640",
owner => "root", owner => "root",
group => $ldap::server::group, group => $ldap::server::group,
notify => Service["slapd"], notify => Exec["slaptest"],
} }
file { "/srv/ldap/${name}": file { "/srv/ldap/${name}":
@ -672,7 +691,7 @@ define ldap::server::database($aclsource = "", $master = "", $syncpw = "", $modu
}, },
seltype => "slapd_db_t", seltype => "slapd_db_t",
require => File["/srv/ldap/${name}"], require => File["/srv/ldap/${name}"],
before => Service["slapd"], before => Exec["slaptest"],
} }
} }

6
ldap/templates/slapd-database.conf.erb
View file

@ -36,11 +36,11 @@ directory /srv/ldap/<%= name %>
<% if master != "" -%> <% if master != "" -%>
# replication # replication
syncrepl rid=2 syncrepl rid=<%= rid_real %>
provider=<%= master %> provider=<%= master %>
type=refreshAndPersist type=refreshAndPersist
retry="10 10 60 +" retry="10 10 60 +"
searchbase="<%= ldap_basedn %>" searchbase="<%= name %>"
filter="(objectClass=*)" filter="(objectClass=*)"
scope="sub" scope="sub"
sizelimit=500000 sizelimit=500000
@ -48,7 +48,7 @@ syncrepl rid=2
schemachecking="off" schemachecking="off"
bindmethod="simple" bindmethod="simple"
tls_reqcert="never" tls_reqcert="never"
binddn="uid=replicator,cn=config,<%= ldap_basedn %>" binddn="uid=replicator,cn=config,<%= name %>"
credentials="<%= syncpw %>" credentials="<%= syncpw %>"
updateref <%= master %> updateref <%= master %>
<% end -%> <% end -%>

2
ldap/templates/slapd.conf.erb
View file

@ -42,7 +42,7 @@ moduleload <%= name %>.la
TLSCertificateFile <%= scope.lookupvar('ssl::certs') %>/slapd.crt TLSCertificateFile <%= scope.lookupvar('ssl::certs') %>/slapd.crt
TLSCertificateKeyFile <%= scope.lookupvar('ssl::private') %>/slapd.key TLSCertificateKeyFile <%= scope.lookupvar('ssl::private') %>/slapd.key
TLSCACertificatePath <%= scope.lookupvar('ldap::server::config') %>/cacerts TLSCACertificatePath <%= scope.lookupvar('ldap::server::config') %>/cacerts
TLSVerifyClient never TLSVerifyClient try
# include database configs # include database configs
include <%= scope.lookupvar('ldap::server::config') %>/slapd.conf.d/database.conf include <%= scope.lookupvar('ldap::server::config') %>/slapd.conf.d/database.conf

16
logwatch/manifests/init.pp Normal file
View file

@ -0,0 +1,16 @@
# Install logwatch.
#
class logwatch {
case $::kernel {
"linux": {
package { "logwatch":
ensure => installed,
}
}
default: {
fail("logwatch not supported on ${::kernel}")
}
}
}

0
motd/files/empty Normal file
View file

29
motd/manifests/init.pp Normal file
View file

@ -0,0 +1,29 @@
# Deploy motd file to server
#
class motd {
case $::operatingsystem {
"ubuntu": {
package { "update-motd":
ensure => absent,
}
}
}
file { "/etc/motd":
ensure => present,
source => [
"puppet:///files/motd/motd.${::homename}",
"puppet:///files/motd/motd",
"puppet:///modules/motd/empty",
],
mode => "0644",
owner => "root",
group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
}
}

9
munin/files/munin-node.logrotate Normal file
View file

@ -0,0 +1,9 @@
/var/log/munin-node/munin-node.log {
daily
missingok
rotate 7
compress
copytruncate
notifempty
create 644 root root
}

28
munin/manifests/init.pp
View file

@ -61,6 +61,19 @@ class munin::node {
notify => Service["munin-node"], notify => Service["munin-node"],
} }
# Temporary fix for broken config
case $::operatingsystem {
"centos","fedora","redhat": {
file { "/etc/logrotate.d/munin-node":
ensure => present,
mode => "0644",
owner => "root",
group => "root",
source => "puppet:///modules/munin/munin-node.logrotate",
}
}
}
} }
@ -231,11 +244,11 @@ class munin::server {
mode => "0775", mode => "0775",
owner => "munin", owner => "munin",
group => $apache::sslserver::group, group => $apache::sslserver::group,
seltype => "httpd_munin_rw_content_t", seltype => "httpd_sys_rw_content_t",
require => Package["munin"], require => Package["munin"],
} }
selinux::manage_fcontext { "/var/cache/munin(/.*)?": selinux::manage_fcontext { "/var/cache/munin(/.*)?":
type => "httpd_munin_rw_content_t", type => "httpd_sys_rw_content_t",
before => File["/var/cache/munin"], before => File["/var/cache/munin"],
} }
mount { "/var/cache/munin": mount { "/var/cache/munin":
@ -249,12 +262,11 @@ class munin::server {
require => File["/var/cache/munin"], require => File["/var/cache/munin"],
} }
file { [ "/var/log/munin/munin-cgi-graph.log", file { "/var/log/munin":
"/var/log/munin/munin-cgi-html.log", ]: ensure => directory,
ensure => present, mode => "0775",
mode => "0664", owner => $apache::sslserver::user,
owner => "munin", group => "munin",
group => $apache::sslserver::group,
require => Package["munin"], require => Package["munin"],
} }
file { "/etc/logrotate.d/munin-cgi": file { "/etc/logrotate.d/munin-cgi":

4
munin/templates/munin-cgi.logrotate.erb
View file

@ -4,7 +4,7 @@
rotate 7 rotate 7
compress compress
notifempty notifempty
create 0664 munin <%= scope.lookupvar('apache::sslserver::group') %> create 0640 <%= scope.lookupvar('apache::sslserver::user') %> munin
} }
/var/log/munin/munin-cgi-html.log { /var/log/munin/munin-cgi-html.log {
@ -13,5 +13,5 @@
rotate 7 rotate 7
compress compress
notifempty notifempty
create 0664 munin <%= scope.lookupvar('apache::sslserver::group') %> create 0640 <%= scope.lookupvar('apache::sslserver::user') %> munin
} }

11
munin/templates/munin-node.conf.erb
View file

@ -3,11 +3,15 @@
# #
log_level 4 log_level 4
<% if ['CentOS','Fedora','RedHat'].index(operatingsystem) -%>
log_file /var/log/munin-node/munin-node.log
<% else -%>
log_file /var/log/munin/munin-node.log log_file /var/log/munin/munin-node.log
<% end -%>
pid_file /var/run/munin/munin-node.pid pid_file /var/run/munin/munin-node.pid
background 1 background 1
setseid 1 setsid 1
user root user root
<% if operatingsystem == "OpenBSD" -%> <% if operatingsystem == "OpenBSD" -%>
@ -15,10 +19,8 @@ group wheel
<% else -%> <% else -%>
group root group root
<% end -%> <% end -%>
setsid yes
# Regexps for files to ignore # Regexps for files to ignore
ignore_file ~$ ignore_file ~$
ignore_file \.bak$ ignore_file \.bak$
ignore_file %$ ignore_file %$
@ -29,7 +31,6 @@ ignore_file \.pod$
# Set this if the client doesn't report the correct hostname when # Set this if the client doesn't report the correct hostname when
# telnetting to localhost, port 4949 # telnetting to localhost, port 4949
# #
#host_name ppc3.fedora.redhat.com
host_name <%= homename %> host_name <%= homename %>
# A list of addresses that are allowed to connect. This must be a # A list of addresses that are allowed to connect. This must be a
@ -41,8 +42,6 @@ allow <%= munin_allow %>
# Which address to bind to; # Which address to bind to;
host <%= ipaddress %> host <%= ipaddress %>
# host 127.0.0.1
# And which port # And which port
port 4949 port 4949

4
netcat/manifests/init.pp
View file

@ -7,6 +7,10 @@ class netcat {
package { "netcat": package { "netcat":
name => $::operatingsystem ? { name => $::operatingsystem ? {
"ubuntu" => "netcat", "ubuntu" => "netcat",
"fedora" => $::operatingsystemrelease ? {
/^1[0-7]/ => "nc",
default => "nmap-ncat",
},
default => "nc", default => "nc",
}, },
ensure => present, ensure => present,

18
network/manifests/init.pp
View file

@ -73,7 +73,23 @@ class network::hostname {
group => "root", group => "root",
} }
} }
"centos","redhat","fedora": { "fedora": {
if $::operatingsystemrelease > 17 {
file { "/etc/hostname":
ensure => present,
content => "${homename}\n",
mode => "0644",
owner => "root",
group => "root",
}
} else {
augeas { "set-hostname":
context => "/files/etc/sysconfig/network",
changes => "set HOSTNAME ${homename}",
}
}
}
"centos","redhat": {
augeas { "set-hostname": augeas { "set-hostname":
context => "/files/etc/sysconfig/network", context => "/files/etc/sysconfig/network",
changes => "set HOSTNAME ${homename}", changes => "set HOSTNAME ${homename}",

6
pam/manifests/init.pp
View file

@ -4,6 +4,11 @@
class pam::common { class pam::common {
case $::operatingsystem { case $::operatingsystem {
"centos","redhat","fedora": {
package { "authconfig":
ensure => installed,
}
}
"ubuntu": { "ubuntu": {
package { "libpam-runtime": package { "libpam-runtime":
ensure => installed, ensure => installed,
@ -30,6 +35,7 @@ class pam::mkhomedir {
exec { "authconfig --enablemkhomedir --update": exec { "authconfig --enablemkhomedir --update":
path => "/bin:/usr/bin:/sbin:/usr/sbin", path => "/bin:/usr/bin:/sbin:/usr/sbin",
unless => "egrep '^USEMKHOMEDIR=yes\$' /etc/sysconfig/authconfig", unless => "egrep '^USEMKHOMEDIR=yes\$' /etc/sysconfig/authconfig",
require => Package["authconfig"],
} }
} }
"ubuntu": { "ubuntu": {

2
ruby/manifests/init.pp
View file

@ -52,7 +52,7 @@ class ruby::rails {
} else { } else {
require ruby::rubygems require ruby::rubygems
package { "rubygem-rails": package { "rubygem-rails":
ensure => "2.3.15", ensure => "2.3.17",
name => "rails", name => "rails",
provider => "gem", provider => "gem",
} }

57
sasl/manifests/init.pp
View file

@ -8,10 +8,14 @@ class sasl::client {
"ubuntu" => "sasl2-bin", "ubuntu" => "sasl2-bin",
default => "cyrus-sasl", default => "cyrus-sasl",
}, },
flavor => $::operatingsystem ? {
"openbsd" => "ldap",
default => undef,
},
ensure => installed, ensure => installed,
} }
if $kerberos_realm { if $kerberos_realm and $::operatingsystem != "OpenBSD" {
package { "cyrus-sasl-gssapi": package { "cyrus-sasl-gssapi":
name => $::operatingsystem ? { name => $::operatingsystem ? {
"ubuntu" => "libsasl2-modules-gssapi-mit", "ubuntu" => "libsasl2-modules-gssapi-mit",
@ -42,28 +46,49 @@ class sasl::saslauthd {
"ldap": { "ldap": {
include ldap::client include ldap::client
case $::operatingsystem {
"centos","fedora","redhat": {
augeas { "set-saslauthd-mech": augeas { "set-saslauthd-mech":
context => "/files/etc/sysconfig/saslauthd", context => "/files/etc/sysconfig/saslauthd",
changes => "set MECH ldap", changes => "set MECH ldap",
notify => Service["saslauthd"], notify => Service["saslauthd"],
} }
}
"openbsd": {
Service["saslauthd"] {
start => "/usr/local/sbin/saslauthd -a ldap",
}
}
}
file { "/etc/saslauthd.conf": file { "/etc/saslauthd.conf":
ensure => present, ensure => present,
mode => 0644, mode => "0644",
owner => "root", owner => "root",
group => "root", group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
content => template("sasl/saslauthd.conf.ldap.erb"), content => template("sasl/saslauthd.conf.ldap.erb"),
notify => Service["saslauthd"], notify => Service["saslauthd"],
} }
} }
"kerberos5": { "kerberos5": {
case $::operatingsystem {
"centos","fedora","redhat": {
augeas { "set-saslauthd-mech": augeas { "set-saslauthd-mech":
context => "/files/etc/sysconfig/saslauthd", context => "/files/etc/sysconfig/saslauthd",
changes => "set MECH kerberos5", changes => "set MECH kerberos5",
notify => Service["saslauthd"], notify => Service["saslauthd"],
} }
} }
"openbsd": {
Service["saslauthd"] {
start => "/usr/local/sbin/saslauthd -a kerberos5",
}
}
}
}
default: { default: {
fail("Unknown mechanism ${saslauthd_mech} for sasl::saslauthd") fail("Unknown mechanism ${saslauthd_mech} for sasl::saslauthd")
} }
@ -78,13 +103,16 @@ class sasl::saslauthd {
ensure => present, ensure => present,
mode => "0644", mode => "0644",
owner => "root", owner => "root",
group => "root", group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
require => Exec["generate-sasldb2"], require => Exec["generate-sasldb2"],
before => Service["saslauthd"], before => Service["saslauthd"],
} }
exec { "generate-sasldb2": exec { "generate-sasldb2":
command => "saslpasswd2 -d foobar ; true", command => "saslpasswd2 -d foobar ; true",
path => "/bin:/usr/bin:/sbin:/usr/sbin", path => "/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin",
creates => "/etc/sasldb2", creates => "/etc/sasldb2",
} }
@ -104,10 +132,20 @@ class sasl::saslauthd {
# #
define sasl::saslauthd::service() { define sasl::saslauthd::service() {
case $architecture { case $::operatingsystem {
"centos","fedora","redhat": {
case $::architecture {
"i386": { $libdir = "/usr/lib/sasl2" } "i386": { $libdir = "/usr/lib/sasl2" }
"x86_64": { $libdir = "/usr/lib64/sasl2" } "x86_64": { $libdir = "/usr/lib64/sasl2" }
default: { fail("Unknown architecture ${architecture}") } default: { fail("Unknown architecture ${::architecture}") }
}
}
"openbsd": {
$libdir = "/usr/local/lib/sasl2"
}
default: {
fail("sasl not supported on ${::operatingsystem}")
}
} }
file { "${libdir}/${name}.conf": file { "${libdir}/${name}.conf":
@ -118,7 +156,10 @@ define sasl::saslauthd::service() {
"puppet:///modules/sasl/service.conf", ], "puppet:///modules/sasl/service.conf", ],
mode => "0644", mode => "0644",
owner => "root", owner => "root",
group => "root", group => $::operatingsystem ? {
"openbsd" => "wheel",
default => "root",
},
require => Service["saslauthd"], require => Service["saslauthd"],
} }

8
selinux/files/restorecond.conf Normal file
View file

@ -0,0 +1,8 @@
/etc/services
/etc/resolv.conf
/etc/samba/secrets.tdb
/etc/mtab
/var/run/utmp
/var/log/wtmp
/root/*
/root/.ssh/*

28
selinux/manifests/init.pp
View file

@ -92,6 +92,34 @@ class selinux::tools {
} }
# Enable restorecond service.
#
class selinux::restorecond {
if $::selinux == "true" {
file { "/etc/selinux/restorecond.conf":
ensure => present,
mode => "0644",
owner => "root",
group => "root",
seltype => "selinux_config_t",
source => [
"puppet:///files/selinux/restorecond.conf.${homename}",
"puppet:///files/selinux/restorecond.conf",
"puppet:///modules/selinux/restorecond.conf",
],
notify => Service["restorecond"],
}
service { "restorecond":
ensure => running,
enable => true,
}
}
}
# Set SELinux boolean value # Set SELinux boolean value
# #
# === Parameters # === Parameters

8
sendmail/manifests/init.pp
View file

@ -263,6 +263,7 @@ class sendmail::server inherits sendmail::common {
default => "/etc/aliases", default => "/etc/aliases",
}, },
source => [ source => [
"puppet:///files/mail/aliases.${fqdn}",
"puppet:///files/mail/aliases", "puppet:///files/mail/aliases",
"puppet:///modules/sendmail/aliases", "puppet:///modules/sendmail/aliases",
], ],
@ -279,6 +280,7 @@ class sendmail::server inherits sendmail::common {
file { "/etc/mail/access": file { "/etc/mail/access":
ensure => present, ensure => present,
source => [ source => [
"puppet:///files/mail/access.${fqdn}",
"puppet:///files/mail/access", "puppet:///files/mail/access",
"puppet:///modules/sendmail/empty", "puppet:///modules/sendmail/empty",
], ],
@ -297,6 +299,7 @@ class sendmail::server inherits sendmail::common {
file { "/etc/mail/genericstable": file { "/etc/mail/genericstable":
ensure => present, ensure => present,
source => [ source => [
"puppet:///files/mail/genericstable.${fqdn}",
"puppet:///files/mail/genericstable", "puppet:///files/mail/genericstable",
"puppet:///modules/sendmail/empty", "puppet:///modules/sendmail/empty",
], ],
@ -315,6 +318,7 @@ class sendmail::server inherits sendmail::common {
file { "/etc/mail/mailertable": file { "/etc/mail/mailertable":
ensure => present, ensure => present,
source => [ source => [
"puppet:///files/mail/mailertable.${fqdn}",
"puppet:///files/mail/mailertable", "puppet:///files/mail/mailertable",
"puppet:///modules/sendmail/empty", "puppet:///modules/sendmail/empty",
], ],
@ -333,6 +337,7 @@ class sendmail::server inherits sendmail::common {
file { "/etc/mail/virtusertable": file { "/etc/mail/virtusertable":
ensure => present, ensure => present,
source => [ source => [
"puppet:///files/mail/virtusertable.${fqdn}",
"puppet:///files/mail/virtusertable", "puppet:///files/mail/virtusertable",
"puppet:///modules/sendmail/empty", "puppet:///modules/sendmail/empty",
], ],
@ -351,8 +356,9 @@ class sendmail::server inherits sendmail::common {
file { "/etc/mail/local-host-names": file { "/etc/mail/local-host-names":
ensure => present, ensure => present,
source => [ source => [
"puppet:///files/mail/local-host-names.${fqdn}",
"puppet:///files/mail/local-host-names", "puppet:///files/mail/local-host-names",
"puppet:///modules/sendmail/local-host-names", "puppet:///modules/sendmail/empty",
], ],
mode => "0644", mode => "0644",
owner => "root", owner => "root",

7
ssh/manifests/init.pp
View file

@ -12,11 +12,16 @@ class ssh::known_hosts {
}, },
} }
$aliases = merge(inline_template("<%= homename.split('.')[0] %>"),
$::ipaddress,
$::ipaddress6,
$::ec2_public_ipv4)
@@sshkey { $homename: @@sshkey { $homename:
ensure => present, ensure => present,
type => rsa, type => rsa,
key => $sshrsakey, key => $sshrsakey,
host_aliases => inline_template("<%= homename.split('.')[0] %>"), host_aliases => $aliases,
require => File["/etc/ssh/ssh_known_hosts"], require => File["/etc/ssh/ssh_known_hosts"],
} }

4
syslog/manifests/init.pp
View file

@ -184,6 +184,10 @@ class syslog::client::rsyslog {
}, },
default => undef, default => undef,
}, },
hasrestart => $::operatingsystem ? {
"fedora" => true,
default => false,
},
require => File["/var/log/all.log"], require => File["/var/log/all.log"],
} }

25
tftp/manifests/init.pp
View file

@ -39,23 +39,30 @@ class tftp::server {
} }
case $::operatingsystem { case $::operatingsystem {
debian,fedora,ubuntu: { "debian","fedora","ubuntu": {
file { "/var/lib/tftpboot": $tftpdir = "/var/lib/tftpboot"
ensure => link, }
target => "/srv/tftpboot", "centos","redhat": {
force => true, case $::operatingsystemrelease {
require => File["/srv/tftpboot"], /^[45]\./: {
$tftpdir = "/tftpboot"
}
default: {
$tftpdir = "/var/lib/tftpboot"
}
} }
} }
default: { default: {
file { "/tftpboot": $tftpdir = "/tftpboot"
}
}
file { $tftpdir:
ensure => link, ensure => link,
target => "/srv/tftpboot", target => "/srv/tftpboot",
force => true, force => true,
require => File["/srv/tftpboot"], require => File["/srv/tftpboot"],
} }
}
}
if "${selinux}" == "true" { if "${selinux}" == "true" {
selinux::manage_fcontext { "/srv/tftpboot(/.*)?": selinux::manage_fcontext { "/srv/tftpboot(/.*)?":

20
util/lib/puppet/parser/functions/merge.rb Normal file
View file

@ -0,0 +1,20 @@
module Puppet::Parser::Functions
newfunction(:merge, :type => :rvalue) do |args|
if args.length < 2
raise Puppet::ParseError, ("merge(): wrong number of arguments (#{args.length}; must be at least 2)")
end
ret = []
args.each do |arg|
next if arg == ""
if arg.is_a?(Array)
ret.concat(arg)
else
ret.concat([arg])
end
end
ret
end
end

1
vsroom/manifests/init.pp
View file

@ -40,6 +40,7 @@ class vsroom::collab {
mode => "0660", mode => "0660",
owner => "collab", owner => "collab",
group => "collab", group => "collab",
seltype => "httpd_sys_rw_content_t",
source => "${vsroom::common::htdocs}/common/auth_credentials.php", source => "${vsroom::common::htdocs}/common/auth_credentials.php",
require => [ require => [
File["/srv/wikis/collab/htdocs"], File["/srv/wikis/collab/htdocs"],

2
wiki/Makefile
View file

@ -4,7 +4,7 @@ GWIKIBRANCH = default
GWIKISOURCE = https://bitbucket.org/clarifiednetworks/graphingwiki/get/$(GWIKIBRANCH).tar.gz GWIKISOURCE = https://bitbucket.org/clarifiednetworks/graphingwiki/get/$(GWIKIBRANCH).tar.gz
GWIKITARGET = graphingwiki-$(GWIKIBRANCH)-$(TIMESTAMP).tar.gz GWIKITARGET = graphingwiki-$(GWIKIBRANCH)-$(TIMESTAMP).tar.gz
MOINVERSION = 1.9.4 MOINVERSION = 1.9.6
MOINSOURCE = http://static.moinmo.in/files/moin-$(MOINVERSION).tar.gz MOINSOURCE = http://static.moinmo.in/files/moin-$(MOINVERSION).tar.gz
MOINTARGET = moin-$(MOINVERSION).tar.gz MOINTARGET = moin-$(MOINVERSION).tar.gz

30
yum/files/keys/rpmfusion-free-fedora-18.key Normal file
View file

@ -0,0 +1,30 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.18 (GNU/Linux)
mQINBE80KI8BEADWbPfx0Ql0Rip3+SZ3k+/Yw/gXBH7GdwLhnwwFjEDJfBHdUFkR
1GHQtKH7qtdyqASkPRfGQqBoDY49jssrgv4FIh9nrE8u1HpN5YhVNT0zbvGORKiS
01U75N7FjgKR+8/deUo1MBFdy7vsfvL2obW6FE5y1Lr9QRaLfVN+C9rPDB6ITcak
VIqvL2jKa//YzIZ0JYlYumbGyhuV0fDrSmkOTruXBgtATO1DtwlCsMshp9sMT+8L
W2BAURtR1yVEnXy1YEVhdkdDuX/DAbZhWdz5swAQaPEr6GVByXfwDB8Fe8D/0RUo
BQG2KBc8JqQF5HSDz5rdlKZ20U6VyR1Ihl9G3l26CWdF1iTljUHl8FIDRv+WefbJ
rvBO76mAilBnl0NCHM2AR4npvIlN8/Dd84q1Ti0OW/QugKMECelMO0ykYVYVUmwr
JUGKuSe3wxuW813N3VEaYOmhx6P+x5X3yKuKo8O1+duJZGPDV94veY6f3JijgA2j
s0pgxIjUzJ8C09z0P+vLKwtVo4VMPqhBhxk1bcrUT4t8QGtQHuS7IwXYQqd32xTM
kBrbFqegPO7dOzOLmw52o9fgHwRxL1owgYzn3uYXCzgnQYKdGgzX9QrlkuhgqLY8
G7SR6FDdONGFE1s+looZpV/bHf2MKKLUQEUPkdIS46oRxKUNsxyAn5QZDwARAQAB
tFNSUE0gRnVzaW9uIGZyZWUgcmVwb3NpdG9yeSBmb3IgRmVkb3JhICgxOCkgPHJw
bWZ1c2lvbi1idWlsZHN5c0BsaXN0cy5ycG1mdXNpb24ub3JnPokCOAQTAQIAIgUC
TzQojwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQNjOZFJguCnyGBxAA
x4hWU52Si0/bx9TzCCjsPmuMXb6b+0wUtqRfKtsCmRmOPUok2d1/XkyX7hJ7XHV7
bkV+pab0ohL7DWj1Y9mRJeG6X9yRi45vP52DoWkOpoMOV9LDivsQ3BfYwxb7NriF
cI8Gq5Qec7M8JqLVk91Fve4h97rOSZlNIZfoybVOC0lpFeT6n3J/YYb1HMUtn/cu
YwOCpvWrn6/FS6bO7jCGEidogAZkGkEAKUBOD9PbiWe+Od439a7j/PzxU795nvPt
nfDab52zXxv4dCHBxcP3cyjC83+23QvMlkJkPF3J74atIP78jEcb45e8SuCTL/4W
gQBaW3RqDr5CvIuksb6dDeWGzq8+214lvrCI4kQH3RWgbS4xi+a9OdicPWtnFF68
/ORsbFMIvMXFT5Zmhpx28OlALryiYTL9jkwqMP1S0q3JgfT4adrruc4/C/MrN1aQ
xh3wbfqT7xB0/GWKojjgRpsZ56fMUmaB2AwwlwBSpxqHTqCSkJOl1jQuvv+pNMAz
/qNooUzu9Z1kPDKtDYl0dK9kUHw5vkXn2MjOXFGLBMoXbDxxzbgJMR45/L/jCK3Q
8Cko+IaW14lSoiyQVoAikCfizAnAV+08dp/a4UK2haZd+/Xl7dKDpNSnQhOTQCoL
BpbgafmDVWWbv10cPHFCfq29RBpAaQwck2WFNF39nR8=
=53Ne
-----END PGP PUBLIC KEY BLOCK-----

30
yum/files/keys/rpmfusion-nonfree-fedora-18.key Normal file
View file

@ -0,0 +1,30 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.18 (GNU/Linux)
mQINBE80KM8BEADL982y29MH1JB8tjaglrY1H08bHAZqkeg+fsrPnk5PokXuNiK8
9i5iMRklyHTlLJRFen8OupJ+laXAnIhzH3CBaSU4vBw0PvvhdvtTEkVe5nEIiWON
ptkAYsXzFMT6ZD0tM1ef3DB2l00g+rf9ySEqBpRhP1ccLwtVFSRJk3vMWgs1SAi8
M7gdrEm07d1rNK4umB4UkOvJMe87Hd63sMF6PCfSkXDPEF9Pe+tltNNvPdA/dWO3
3QY1o4NU4m0Dwh2NWNj9YKxjSGkYzOmDslSccXkeJJKySWYmHPwiIvt5nMuSXlOi
F9eNSXqMQb0qLcKJWMBovTgJWMR9CTgEtU7lAXafzZ4ePJY5uNFJ4F86slFkjgpN
DZZGFJNhDUz6TpixwxrYPV8hiUqLUlatcFrpn5vjTZpsw8gELSGCjeojI7R0qkmq
T6atgrZbLn3aJAPtOV4aVJgO2s1ATSrZWGVUAzQ+98dZM9Ys/N9EFxip6jeabwri
3AivulncY6k6XhKroQp2DTtupXB+nN+aGxaz+o2InuTJ83YaB1Zz6uU924gsHiyj
/VU7hJ4RTJq1DEhTZJ9YYqPT3fkQgA5UIebpwQhMMkWq4/YO/d/QdUAhXNJr8eDP
1VsJe13Wu8Q9I4Nlr8kWZczDnUcDipu2hpuSPDtSuEuMdO6nRyXMw9XTWQARAQAB
tFZSUE0gRnVzaW9uIG5vbmZyZWUgcmVwb3NpdG9yeSBmb3IgRmVkb3JhICgxOCkg
PHJwbWZ1c2lvbi1idWlsZHN5c0BsaXN0cy5ycG1mdXNpb24ub3JnPokCOAQTAQIA
IgUCTzQozwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQkM4JS+MbMMok
oA//TC+/0+qslxOVmGdWtZoDvndwRTnCATWiH4UoKLlyCG9DaWZMjle3Pt85bEzZ
/cWaIzy6zZHxuYKZ8rHElhloBx8WARVPl+DRNcV4AFXMuNNckKu82YKE3Ti/G/PL
42RpT/qgR7bgdAeru3KGMBd6Qq8iroUmqzshlEdYF4i+jXOQiD629XuzsqDw4IxZ
zN6/NPgFduy6z9t4NN4lu329H+JBQHfb7TR4lh3liqcKInF0y9XOKFxzgUXahr23
WWeSKboebHsdRtmoySYk6zAV45LOck+frzqD9qEiVysGeuw1eSFHjRMT+0TVsAoH
Bot5RoyYkF/zw9bUikCJQJ+c+gOs6EXIQO1HVdgpNRjJj3901dvaBcDpI6OX6eQP
IBLqbN6Es/uZhB4yclpHyuHQcKDnawyh5fe+5BEm4jPB9AcbvawBLrMxZMAoQVjq
zqnCkAoo66/OYeBEZYtSXRxw8VV2p0yMkZcR1IpRNYBNcnLDqFZLLJeRCYMR2UDa
hoYgIX/6t9UD0HjjBRQUlHtq9NDR3LOspmbaX39yd3dPlLbrgV5ALGD11NYvB8YG
bDI/13D5K6Ti2VgArxZqv4HOWkHwkOlUl4KnkVXTdUZDefzo6ix5sObV54l9zbaJ
FNy46lt3bTn8oI9PEsxrxC7VUXgOH3kg2G07IytyWy0FJB8=
=+k17
-----END PGP PUBLIC KEY BLOCK-----