diff --git a/abusesa/files/vsroom-httpd.conf b/abusesa/files/vsroom-httpd.conf
index b74a1ba..d8a0d32 100644
--- a/abusesa/files/vsroom-httpd.conf
+++ b/abusesa/files/vsroom-httpd.conf
@@ -1,3 +1,3 @@
- AllowOverride All
+ AllowOverride FileInfo
diff --git a/abusesa/manifests/init.pp b/abusesa/manifests/init.pp
index 6a8279b..9bf2cb1 100644
--- a/abusesa/manifests/init.pp
+++ b/abusesa/manifests/init.pp
@@ -87,3 +87,24 @@ class abusesa(
}
}
+
+
+# Create AbuseSA htdocs root.
+#
+define abusesa::configwebhost() {
+
+ file { "/srv/www/https/${name}/abusesa":
+ ensure => directory,
+ mode => '0755',
+ owner => 'root',
+ group => 'root',
+ }
+ file { "/srv/www/https/${name}/abusesa/index.html":
+ ensure => present,
+ mode => '0644',
+ owner => 'root',
+ group => 'root',
+ content => '',
+ }
+
+}
diff --git a/abusesa/manifests/live.pp b/abusesa/manifests/live.pp
index 8ce30e6..7c72d79 100644
--- a/abusesa/manifests/live.pp
+++ b/abusesa/manifests/live.pp
@@ -85,13 +85,8 @@ class abusesa::live(
#
define abusesa::live::configwebhost($htdocs) {
- if ! defined(File["/srv/www/https/${name}/abusesa"]) {
- file { "/srv/www/https/${name}/abusesa":
- ensure => directory,
- mode => '0755',
- owner => 'root',
- group => 'root',
- }
+ if ! defined(Abusesa::Configwebhost[$name]) {
+ abusesa::configwebhost { $name: }
}
file { "/srv/www/https/${name}/abusesa/live":
@@ -111,7 +106,7 @@ define abusesa::live::configwebhost($htdocs) {
mode => '0644',
owner => 'root',
group => 'root',
- content => "Redirect permanent /vsroom/ /abusesa/live/\n",
+ content => "RedirectMatch permanent /vsroom/overview/(index\.html)? /abusesa/live/\n",
}
}
diff --git a/abusesa/manifests/search.pp b/abusesa/manifests/search.pp
index 83adfff..d4edd87 100644
--- a/abusesa/manifests/search.pp
+++ b/abusesa/manifests/search.pp
@@ -136,13 +136,8 @@ class abusesa::search(
#
define abusesa::search::configwebhost($htdocs) {
- if ! defined(File["/srv/www/https/${name}/abusesa"]) {
- file { "/srv/www/https/${name}/abusesa":
- ensure => directory,
- mode => '0755',
- owner => 'root',
- group => 'root',
- }
+ if ! defined(Abusesa::Configwebhost[$name]) {
+ abusesa::configwebhost { $name: }
}
file { "/srv/www/https/${name}/abusesa/search":
diff --git a/abusesa/manifests/services.pp b/abusesa/manifests/services.pp
new file mode 100644
index 0000000..1109d16
--- /dev/null
+++ b/abusesa/manifests/services.pp
@@ -0,0 +1,55 @@
+# Configure AbuseSA services.
+#
+class abusesa::services(
+ $allow_dn=undef,
+ $services=[],
+ $socketdir='/var/lib/abuserv/run',
+) {
+
+ include user::system
+ realize(User['abuserv'], Group['abuserv'])
+
+ exec { 'usermod-abusesa-abuserv':
+ path => '/bin:/usr/bin:/sbin:/usr/sbin',
+ command => 'usermod -a -G abuserv abusesa',
+ unless => 'id -n -G abusesa | grep \'\babuserv\b\'',
+ require => [
+ User['abusesa'],
+ Group['abuserv'],
+ ],
+ }
+
+ exec { 'usermod-nginx-abuserv':
+ path => '/bin:/usr/bin:/sbin:/usr/sbin',
+ command => 'usermod -a -G abuserv nginx',
+ unless => 'id -n -G nginx | grep \'\babuserv\b\'',
+ require => [
+ Class['nginx'],
+ Group['abuserv'],
+ ],
+ }
+
+ file { [
+ '/var/lib/abuserv',
+ '/var/lib/abuserv/run',
+ ]:
+ ensure => directory,
+ mode => '2770',
+ owner => 'abuserv',
+ group => 'abuserv',
+ }
+
+ file { '/var/lib/abuserv/.profile':
+ ensure => present,
+ mode => '0600',
+ owner => 'abuserv',
+ group => 'abuserv',
+ content => "umask 007\n",
+ }
+
+ include nginx
+ nginx::config { 'abusesa.conf':
+ content => template('abusesa/services/nginx.conf.erb'),
+ }
+
+}
diff --git a/abusesa/templates/services/nginx.conf.erb b/abusesa/templates/services/nginx.conf.erb
new file mode 100644
index 0000000..227bd1a
--- /dev/null
+++ b/abusesa/templates/services/nginx.conf.erb
@@ -0,0 +1,39 @@
+log_format abusesa '$remote_addr - $http_x_remote_user [$time_local] '
+ '"$request" $status $body_bytes_sent '
+ '"$http_referer" "$http_user_agent" "$ssl_client_s_dn"';
+
+server {
+ listen 8443;
+
+ access_log <%= scope.lookupvar('nginx::logdir') %>/abusesa.log abusesa;
+
+ ssl on;
+ ssl_verify_client on;
+ ssl_certificate <%= @puppet_ssldir %>/certs/<%= @homename %>.pem;
+ ssl_certificate_key <%= @puppet_ssldir %>/private_keys/<%= @homename %>.pem;
+ ssl_client_certificate <%= @puppet_ssldir %>/certs/ca.pem;
+
+ proxy_buffering off;
+
+<% if @allow_dn -%>
+ if ($ssl_client_s_dn != "<%= @allow_dn %>") {
+ return 403;
+ }
+
+<% end -%>
+<% @services.each do |service|
+ dir, sep, sock = service.rpartition('/')
+ dir = @socketdir if dir.empty?
+ sockpath = File.join(dir, sock)
+ location = sock.gsub('.', '/')
+-%>
+ location /<%= location %>/ {
+ proxy_pass http://unix:<%= sockpath %>:/;
+ }
+
+<% end -%>
+ location / {
+ deny all;
+ }
+
+}
diff --git a/apache/manifests/init.pp b/apache/manifests/init.pp
index e400d29..e6d7ff5 100644
--- a/apache/manifests/init.pp
+++ b/apache/manifests/init.pp
@@ -23,6 +23,10 @@ class apache::common {
}
}
+ if ! $apache_maxclients {
+ $apache_maxclients = "256"
+ }
+
if $apache_datadir {
file { $apache_datadir:
ensure => directory,
@@ -227,7 +231,7 @@ define apache::site($aliases="", $root="", $redirect="", $proxy="") {
class apache::sslserver inherits apache::common {
include user::system
-
+
case $::operatingsystem {
"debian","ubuntu": {
include apache::debian::sslserver
@@ -491,6 +495,41 @@ class apache::proxy($port="8080",
}
+# Configure Apache SSLProxy with key authentication.
+#
+class apache::sslproxy(
+ $ssl_key="${::puppet_ssldir}/private_keys/${::homename}.pem",
+ $ssl_cert="${::puppet_ssldir}/certs/${::homename}.pem",
+ $ssl_ca="${::puppet_ssldir}/certs/ca.pem",
+) {
+
+ include ssl
+
+ $ssl_bundle = "${ssl::private}/apache-sslproxy.pem"
+
+ exec { 'generate-sslproxy-pem':
+ path => '/bin:/usr/bin:/sbin:/usr/sbin',
+ command => "/bin/sh -c 'umask 077 ; cat ${ssl_key} ${ssl_cert} > ${ssl_bundle}'",
+ creates => $ssl_bundle,
+ }
+
+ file { $ssl_bundle:
+ ensure => present,
+ mode => '0600',
+ owner => 'root',
+ group => 'root',
+ require => Exec['generate-sslproxy-pem'],
+ }
+
+ apache::configfile { 'sslproxy.conf':
+ http => false,
+ content => template('apache/sslproxy.conf.erb'),
+ require => File[$ssl_bundle],
+ }
+
+}
+
+
# Install mod_auth_kerb.
#
class apache::mod::auth_kerb($servicename=undef) {
diff --git a/apache/templates/apache2.conf.erb b/apache/templates/apache2.conf.erb
index 67d4583..e228886 100644
--- a/apache/templates/apache2.conf.erb
+++ b/apache/templates/apache2.conf.erb
@@ -104,8 +104,8 @@ KeepAliveTimeout 15
StartServers 8
MinSpareServers 5
MaxSpareServers 20
- ServerLimit 256
- MaxClients 256
+ ServerLimit <%= @apache_maxclients %>
+ MaxClients <%= @apache_maxclients %>
MaxRequestsPerChild 4000
diff --git a/apache/templates/httpd.conf.erb b/apache/templates/httpd.conf.erb
index 58df853..4633362 100644
--- a/apache/templates/httpd.conf.erb
+++ b/apache/templates/httpd.conf.erb
@@ -103,8 +103,8 @@ KeepAliveTimeout 15
StartServers 8
MinSpareServers 5
MaxSpareServers 20
-ServerLimit 256
-MaxClients 256
+ServerLimit <%= @apache_maxclients %>
+MaxClients <%= @apache_maxclients %>
MaxRequestsPerChild 4000
diff --git a/apache/templates/httpsd.conf.erb b/apache/templates/httpsd.conf.erb
index 79a5049..0e6956a 100644
--- a/apache/templates/httpsd.conf.erb
+++ b/apache/templates/httpsd.conf.erb
@@ -103,8 +103,8 @@ KeepAliveTimeout 15
StartServers 8
MinSpareServers 5
MaxSpareServers 20
-ServerLimit 256
-MaxClients 256
+ServerLimit <%= @apache_maxclients %>
+MaxClients <%= @apache_maxclients %>
MaxRequestsPerChild 4000
diff --git a/apache/templates/sslproxy.conf.erb b/apache/templates/sslproxy.conf.erb
new file mode 100644
index 0000000..877ffd5
--- /dev/null
+++ b/apache/templates/sslproxy.conf.erb
@@ -0,0 +1,4 @@
+SSLProxyEngine on
+SSLProxyMachineCertificateFile <%= @ssl_bundle %>
+SSLProxyCACertificateFile <%= @ssl_ca %>
+SSLProxyVerify require
diff --git a/cups/manifests/init.pp b/cups/manifests/init.pp
index 59b21ac..b54ae9a 100644
--- a/cups/manifests/init.pp
+++ b/cups/manifests/init.pp
@@ -76,7 +76,14 @@ class cups::server($admin_group=undef, $manager_group=undef,
require ssl
- package { [ "ghostscript", "system-config-printer" ]:
+ package { "system-config-printer":
+ ensure => installed,
+ name => $::operatingsystem ? {
+ "ubuntu" => "system-config-printer-gnome",
+ default => "system-config-printer",
+ },
+ }
+ package { "ghostscript":
ensure => installed,
}
diff --git a/ejabberd/manifests/init.pp b/ejabberd/manifests/init.pp
index 0ddc26a..7db63d9 100644
--- a/ejabberd/manifests/init.pp
+++ b/ejabberd/manifests/init.pp
@@ -1,90 +1,162 @@
# Install ejabberd.
#
-# === Global variables
+# === Parameters
#
-# $ejabberd_hosts:
+# $collab:
+# Boolean for enabling collab integration. Defaults to false.
+#
+# $package:
+# Ejabberd package source. Required for collab integration.
+#
+# $hosts:
# Array of domains serverd by ejabberd. Defaults to [ "$homename" ].
#
-# $ejabberd_admin:
+# $admins:
# Array of users with admin privileges.
#
-# $ejabberd_ssl_key:
-# Path to SSL private key.
+# $webhosts:
+# Array of BOSH virtual hosts.
#
-# $ejabberd_ssl_cert:
-# Path to SSL certificate.
-#
-# $ejabberd_ssl_chain:
-# Path to SSL certificate chain.
-#
-# $ejabberd_muclog_datadir:
-# Path where to store chatroom logs. Disabled by default.
-#
-# $ejabberd_muclog_format:
-# Chatroom log format. Valid values html or plaintext.
-#
-# $ejabberd_auth:
+# $auth:
# Authentication method or array of multiple methods.
# Valid values internal, external or ldap. Defaults to internal.
#
-# $ejabberd_extauth:
+# $extauth:
# Path to external authentication command.
#
-# $ejabberd_ldap_server:
+# $muclog_datadir:
+# Path where to store chatroom logs. Disabled by default.
+#
+# $muclog_format:
+# Chatroom log format. Valid values html or plaintext.
+#
+# $ssl_key:
+# Path to SSL private key.
+#
+# $ssl_cert:
+# Path to SSL certificate.
+#
+# $ssl_chain:
+# Path to SSL certificate chain.
+#
+# $ldap_server:
# Array of LDAP authentication servers.
#
-# $ejabberd_ldap_basedn:
+# $ldap_basedn:
# LDAP base dn.
#
-# $ejabberd_ldap_encrypt:
+# $ldap_encrypt:
# LDAP encryption. Defaults to "tls".
#
-# $ejabberd_ldap_port:
+# $ldap_port:
# LDAP port. Defaults to 636.
#
-# $ejabberd_ldap_uidattr:
+# $ldap_uid:
# LDAP UID attribute. Defaults to "uid".
#
-# $ejabberd_ldap_binddn:
+# $ldap_rootdn:
# Optional bind DN.
#
-# $ejabberd_ldap_bindpw:
+# $ldap_password:
# Bind DN password.
#
-class ejabberd {
+class ejabberd(
+ $collab=false,
+ $package=undef,
+ $hosts=[$::homename],
+ $admins=[],
+ $webhosts=undef,
+ $auth="internal",
+ $extauth=undef,
+ $muclog_datadir=undef,
+ $muclog_format="plaintext",
+ $ssl_key="${::puppet_ssldir}/private_keys/${::homename}.pem",
+ $ssl_cert="${::puppet_ssldir}/certs/${::homename}.pem",
+ $ssl_chain=undef,
+ $ldap_server=undef,
+ $ldap_basedn=undef,
+ $ldap_encrypt="tls",
+ $ldap_port="636",
+ $ldap_uid="uid",
+ $ldap_rootdn=undef,
+ $ldap_password=undef
+) {
+
+ require erlang
include user::system
realize(User["ejabberd"], Group["ejabberd"])
- if !$ejabberd_hosts {
- $ejabberd_hosts = [ $homename ]
- }
- if !$ejabberd_admin {
- $ejabberd_admin = []
- }
- if !$ejabberd_auth {
- $ejabberd_auth = "internal"
+ if ! ($muclog_format in [ "html", "plaintext" ]) {
+ fail("Invalid value ${muclog_format} for muclog_format")
}
- if !$ejabberd_ldap_encrypt {
- $ejabberd_ldap_encrypt = "tls"
- }
- if !$ejabberd_ldap_port {
- $ejabberd_ldap_port = "636"
- }
- if !$ejabberd_ldap_uidattr {
- $ejabberd_ldap_uidattr = "uid"
- }
-
- case $ejabberd_muclog_format {
- "","html","plaintext": { }
+ case $::operatingsystem {
+ "centos","redhat","fedora": {
+ $package_provider = "rpm"
+ }
+ "debian","ubuntu": {
+ $package_provider = "dpkg"
+ }
default: {
- fail("Invalid value ${ejabberd_muclog_format} for \$ejabberd_muclog_format.")
+ fail("ejabberd not supported on ${::operatingsystem}.")
+ }
+ }
+
+ if $package and versioncmp($package, "ejabberd-13.10") >= 0 {
+ $config = "ejabberd.yml"
+ } else {
+ $config = "ejabberd.cfg"
+ }
+
+ if $collab == true {
+ if ! $package {
+ fail("Must define package for collab integration")
+ }
+
+ file { "/usr/local/src/${package}":
+ ensure => present,
+ mode => "0644",
+ owner => "root",
+ group => "root",
+ source => "puppet:///files/packages/${package}",
+ before => Package["ejabberd"],
+ }
+
+ Package["ejabberd"] {
+ provider => $package_provider,
+ source => "/usr/local/src/${package}",
+ }
+
+ exec { "usermod-ejabberd":
+ path => "/bin:/usr/bin:/sbin:/usr/sbin",
+ command => "usermod -a -G collab ejabberd",
+ unless => "id -n -G ejabberd | grep '\\bcollab\\b'",
+ require => [ User["ejabberd"], Group["collab"] ],
+ notify => Service["ejabberd"],
+ }
+
+ Service["ejabberd"] {
+ require => Class["wiki::collab"],
+ }
+
+ if $muclog_datadir {
+ file { $muclog_datadir:
+ ensure => directory,
+ mode => "2770",
+ owner => "collab",
+ group => "collab",
+ require => User["collab"],
+ before => Service["ejabberd"],
+ }
}
}
package { "ejabberd":
- ensure => installed,
+ ensure => $collab ? {
+ true => latest,
+ default => installed,
+ },
require => [ User["ejabberd"], Group["ejabberd"] ],
}
@@ -96,16 +168,9 @@ class ejabberd {
include ssl
- if !$ejabberd_ssl_key {
- $ejabberd_ssl_key = "${puppet_ssldir}/private_keys/${homename}.pem"
- }
- if !$ejabberd_ssl_cert {
- $ejabberd_ssl_cert = "${puppet_ssldir}/certs/${homename}.pem"
- }
-
file { "${ssl::private}/ejabberd.key":
ensure => present,
- source => $ejabberd_ssl_key,
+ source => $ssl_key,
mode => "0600",
owner => "root",
group => "root",
@@ -113,16 +178,16 @@ class ejabberd {
}
file { "${ssl::certs}/ejabberd.crt":
ensure => present,
- source => $ejabberd_ssl_cert,
+ source => $ssl_cert,
mode => "0644",
owner => "root",
group => "root",
notify => Exec["generate-ejabberd-pem"],
}
- if $ejabberd_ssl_chain {
+ if $ssl_chain {
file { "${ssl::certs}/ejabberd.chain.crt":
ensure => present,
- source => $ejabberd_ssl_chain,
+ source => $ssl_chain,
mode => "0644",
owner => "root",
group => "root",
@@ -150,12 +215,12 @@ class ejabberd {
require => Package["ejabberd"],
}
- file { "/etc/ejabberd/ejabberd.cfg":
+ file { "/etc/ejabberd/${config}":
ensure => present,
mode => "0640",
owner => "root",
group => "ejabberd",
- content => template("ejabberd/ejabberd.cfg.erb"),
+ content => template("ejabberd/${config}.erb"),
require => Package["ejabberd"],
notify => Service["ejabberd"],
}
@@ -164,24 +229,17 @@ class ejabberd {
"debian", "ubuntu": {
augeas { "set-ejabberd-default":
context => "/files/etc/default/ejabberd",
- changes => [ "set POLL true",
- "set SMP auto", ],
+ changes => [ "set POLL true", "set SMP auto" ],
+ require => Package["ejabberd"],
notify => Service["ejabberd"],
}
}
+ default: { }
}
$htdocs = "/usr/share/ejabberd/htdocs"
- define configwebhost($htdocs) {
- file { "/srv/www/https/${name}/bosh":
- ensure => link,
- target => $htdocs,
- require => File["/srv/www/https/${name}"],
- }
- }
-
- if $ejabberd_webhosts {
+ if $webhosts {
include apache::mod::proxy
include apache::mod::proxy_http
include apache::mod::rewrite
@@ -199,8 +257,7 @@ class ejabberd {
mode => "0644",
owner => "root",
group => "root",
- source => "puppet:///modules/ejabberd/htaccess",
- require => File[$htdocs],
+ content => template("ejabberd/htaccess.erb"),
}
apache::configfile { "ejabberd.conf":
@@ -213,7 +270,7 @@ class ejabberd {
proto => "tcp",
}
- configwebhost { $ejabberd_webhosts:
+ ejabberd::configwebhost { $webhosts:
htdocs => $htdocs,
}
}
@@ -221,68 +278,13 @@ class ejabberd {
}
-# Install ejabberd with collab customizations.
+# Enable bosh on virtual host.
#
-# === Global variables
-#
-# $ejabberd_package:
-# Name of ejabberd package with collab patches.
-#
-class ejabberd::collab inherits ejabberd {
+define ejabberd::configwebhost($htdocs) {
- if !$ejabberd_package {
- fail("Must define \$ejabberd_package")
- }
-
- exec { "usermod-ejabberd":
- path => "/bin:/usr/bin:/sbin:/usr/sbin",
- command => "usermod -a -G collab ejabberd",
- unless => "id -n -G ejabberd | grep '\\bcollab\\b'",
- require => [ User["ejabberd"], Group["collab"] ],
- }
-
- case $::operatingsystem {
- "centos","redhat","fedora": {
- package { ["erlang", "erlang-esasl"]:
- ensure => installed,
- before => Package["ejabberd"],
- }
- }
- "debian","ubuntu": {
- package { ["erlang", "erlang-base"]:
- ensure => installed,
- before => Package["ejabberd"],
- }
- }
- }
- file { "/usr/local/src/${ejabberd_package}":
- ensure => present,
- mode => "0644",
- owner => "root",
- group => "root",
- source => "puppet:///files/packages/${ejabberd_package}",
- before => Package["ejabberd"],
- }
- Package["ejabberd"] {
- provider => $::operatingsystem ? {
- "centos" => "rpm",
- "redhat" => "rpm",
- "fedora" => "rpm",
- "debian" => "dpkg",
- "ubuntu" => "dpkg",
- },
- source => "/usr/local/src/${ejabberd_package}",
- }
-
- if $ejabberd_muclog_datadir {
- file { $ejabberd_muclog_datadir:
- ensure => directory,
- mode => "2770",
- owner => "collab",
- group => "collab",
- require => User["collab"],
- before => Service["ejabberd"],
- }
+ file { "/srv/www/https/${name}/bosh":
+ ensure => link,
+ target => $htdocs,
}
}
@@ -290,40 +292,35 @@ class ejabberd::collab inherits ejabberd {
# Install ejabberd backup cron script.
#
-# === Global variables
+# === Parameters
#
-# $ejabberd_backup_datadir:
-# Path where to store the backups.
+# $datadir:
+# Path where to store the backups. Defaults to "/srv/ejabberd-backup".
#
-class ejabberd::backup {
+class ejabberd::backup($datadir="/srv/ejabberd-backup") {
- if ! $ejabberd_backup_datadir {
- $ejabberd_backup_datadir = "/srv/ejabberd-backup"
- }
-
- file { $ejabberd_backup_datadir:
- ensure => directory,
- mode => "0700",
- owner => "root",
- group => "root",
+ file { $datadir:
+ ensure => directory,
+ mode => "0700",
+ owner => "root",
+ group => "root",
}
file { "/usr/local/sbin/ejabberd-backup":
ensure => present,
- content => template("ejabberd/ejabberd-backup.erb"),
mode => "0755",
owner => "root",
group => "root",
+ content => template("ejabberd/ejabberd-backup.erb"),
}
cron { "ejabberd-backup":
ensure => present,
command => "/usr/local/sbin/ejabberd-backup",
user => "root",
- minute => 15,
- hour => 21,
- require => File[ $ejabberd_backup_datadir,
- "/usr/local/sbin/ejabberd-backup" ],
+ minute => "15",
+ hour => "21",
+ require => File[$datadir, "/usr/local/sbin/ejabberd-backup"],
}
}
diff --git a/ejabberd/templates/ejabberd-backup.erb b/ejabberd/templates/ejabberd-backup.erb
index 62fc8cd..4173197 100755
--- a/ejabberd/templates/ejabberd-backup.erb
+++ b/ejabberd/templates/ejabberd-backup.erb
@@ -25,7 +25,7 @@
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-DESTDIR="<%= @ejabberd_backup_datadir %>"
+DESTDIR="<%= @datadir %>"
if [ ! -d ${DESTDIR} ]; then
echo "ERR: ejabberd backup directory [${DESTDIR}] does not exist" 1>&2
diff --git a/ejabberd/templates/ejabberd.cfg.erb b/ejabberd/templates/ejabberd.cfg.erb
index 67f7ab4..77d0979 100644
--- a/ejabberd/templates/ejabberd.cfg.erb
+++ b/ejabberd/templates/ejabberd.cfg.erb
@@ -89,8 +89,8 @@ override_acls.
%% You can define one or several, for example:
%% {hosts, ["example.net", "example.com", "example.org"]}.
%%
-<% @ejabberd_hosts.map! { |host| '"%s"' % host } -%>
-{hosts, [<%= @ejabberd_hosts.join(", ") %>]}.
+<% @hosts.map! { |host| '"%s"' % host } -%>
+{hosts, [<%= @hosts.join(", ") %>]}.
%%
%% route_subdomains: Delegate subdomains to other XMPP servers.
@@ -213,25 +213,25 @@ override_acls.
%%%. ==============
%%%' AUTHENTICATION
-<% if @ejabberd_auth.is_a?(Array) -%>
-{auth_method, [<%= @ejabberd_auth.join(", ") %>]}.
+<% if @auth.is_a?(Array) -%>
+{auth_method, [<%= @auth.join(", ") %>]}.
<% else -%>
-{auth_method, <%= @ejabberd_auth %>}.
+{auth_method, <%= @auth %>}.
<% end -%>
-<% if @ejabberd_extauth -%>
-{extauth_program, "<%= @ejabberd_extauth %>"}.
+<% if @extauth -%>
+{extauth_program, "<%= @extauth %>"}.
<% end -%>
-<% if @ejabberd_ldap_server -%>
-<% @ejabberd_ldap_server.map! { |server| '"%s"' % server } -%>
-{ldap_servers, [<%= @ejabberd_ldap_server.join(", ") %>]}.
-{ldap_base, "<%= @ejabberd_ldap_basedn %>"}.
-{ldap_encrypt, <%= @ejabberd_ldap_encrypt %>}.
-{ldap_port, <%= @ejabberd_ldap_port %>}.
-{ldap_uids, [{"<%= @ejabberd_ldap_uidattr %>", "%u"}]}.
+<% if @ldap_server -%>
+<% @ldap_server.map! { |server| '"%s"' % server } -%>
+{ldap_servers, [<%= @ldap_server.join(", ") %>]}.
+{ldap_base, "<%= @ldap_basedn %>"}.
+{ldap_encrypt, <%= @ldap_encrypt %>}.
+{ldap_port, <%= @ldap_port %>}.
+{ldap_uids, [{"<%= @ldap_uid %>", "%u"}]}.
{ldap_filter, "(!(loginShell=/sbin/nologin))"}.
-<% if @ejabberd_ldap_binddn -%>
-{ldap_rootdn, "<%= @ejabberd_ldap_binddn %>"}.
-{ldap_password, "<%= @ejabberd_ldap_bindpw %>"}.
+<% if @ldap_rootdn and @ldap_password -%>
+{ldap_rootdn, "<%= @ldap_rootdn %>"}.
+{ldap_password, "<%= @ldap_password %>"}.
<% end -%>
<% end -%>
@@ -391,7 +391,7 @@ override_acls.
%%
%%{acl, admin, {user, "aleksey", "localhost"}}.
%%{acl, admin, {user, "ermine", "example.org"}}.
-<% @ejabberd_admin.each do |admin|
+<% @admins.each do |admin|
user, host = admin.split("@") -%>
{acl, admin, {user, "<%= user %>", "<%= host %>"}}.
<% end -%>
@@ -429,7 +429,7 @@ user, host = admin.split("@") -%>
%%%' ACCESS RULES
%% Maximum number of simultaneous sessions allowed for a single user:
-{access, max_user_sessions, [{100, all}]}.
+{access, max_user_sessions, [{1000, all}]}.
%% Maximum number of offline messages that users can have:
{access, max_user_offline_messages, [{5000, admin}, {100, all}]}.
@@ -554,29 +554,26 @@ user, host = admin.split("@") -%>
{max_users, 1000},
{max_user_conferences, 2500},
{default_room_options,
- [
+ [
{allow_user_invites, true},
{anonymous, false},
{public, false},
-<% if @ejabberd_muclog_datadir -%>
- {logging, true}
+<% if @muclog_datadir -%>
+ {logging, true},
<% else -%>
- {logging, false}
+ {logging, false},
<% end -%>
+ {max_users, 1000}
]
}
]},
%%{mod_muc_log,[]},
-<% if @ejabberd_muclog_datadir -%>
+<% if @muclog_datadir -%>
{mod_muc_log, [
- {access_log, muc},
- {outdir, "<%= @ejabberd_muclog_datadir %>"},
- {dirtype, subdirs},
-<% if @ejabberd_muclog_format -%>
- {file_format, <%= @ejabberd_muclog_format %>},
-<% end -%>
- {cssfile, false},
- {top_link, {"/jabber-logs/", "Back to Logs"}}
+ {access_log, muc_admin},
+ {file_format, <%= @muclog_format %>},
+ {outdir, "<%= @muclog_datadir %>"},
+ {timezone, universal}
]},
<% end -%>
{mod_offline, [{access_max_user_messages, max_user_offline_messages}]},
diff --git a/ejabberd/templates/ejabberd.yml.erb b/ejabberd/templates/ejabberd.yml.erb
new file mode 100644
index 0000000..28d9968
--- /dev/null
+++ b/ejabberd/templates/ejabberd.yml.erb
@@ -0,0 +1,183 @@
+loglevel: 4
+
+hosts:
+<% @hosts.each do |host| -%>
+ - "<%= host %>"
+<% end -%>
+
+listen:
+ -
+ port: 5222
+ module: ejabberd_c2s
+ max_stanza_size: 655360
+ shaper: c2s_shaper
+ access: c2s
+ starttls_required: true
+ certfile: "/etc/ejabberd/ejabberd.pem"
+ -
+ port: 5223
+ module: ejabberd_c2s
+ max_stanza_size: 655360
+ shaper: c2s_shaper
+ access: c2s
+ tls: true
+ certfile: "/etc/ejabberd/ejabberd.pem"
+ -
+ port: 5269
+ module: ejabberd_s2s_in
+ max_stanza_size: 1310720
+ shaper: s2s_shaper
+ -
+ port: 5280
+ module: ejabberd_http
+ web_admin: true
+ http_poll: true
+ http_bind: true
+
+s2s_access: s2s
+s2s_certfile: "/etc/ejabberd/ejabberd.pem"
+s2s_use_starttls: required
+
+<% if @auth.is_a?(Array) -%>
+auth_method:
+<% @auth.each do |method| -%>
+ - <%= method %>
+<% end -%>
+<% else -%>
+auth_method: <%= @auth %>
+<% end -%>
+<% if @extauth -%>
+extauth_program: "<%= @extauth %>"
+<% end -%>
+<% if @ldap_server -%>
+ldap_base: "<%= @ldap_basedn %>"
+ldap_encrypt: <%= @ldap_encrypt %>
+ldap_filter: "(!(loginShell=/sbin/nologin))"
+ldap_port: <%= @ldap_port %>
+ldap_servers:
+<% @ldap_server.each do |server| -%>
+ - "<%= server %>"
+<% end -%>
+ldap_uids:
+ - "<%= @ldap_uid %>": "%u"
+<% if @ldap_rootdn and @ldap_password -%>
+ldap_rootdn: "<%= @ldap_rootdn %>"
+ldap_password: "<%= @ldap_password %>"
+<% end -%>
+<% end -%>
+
+shaper:
+ c2s: 655360
+ s2s: 1310720
+
+max_fsm_queue: 10000
+
+acl:
+<% if @admins -%>
+ admin:
+ user:
+<% @admins.each do |admin|
+ user, host = admin.split("@") -%>
+ - "<%= user %>": "<%= host %>"
+<% end -%>
+<% end -%>
+ local:
+ user_regexp: ""
+ loopback:
+ ip:
+ - "127.0.0.0/8"
+
+access:
+ announce:
+ admin: allow
+ c2s:
+ all: allow
+ c2s_shaper:
+ all: c2s
+ configure:
+ admin: allow
+ local:
+ local: allow
+ max_user_offline_messages:
+ admin: 1000
+ all: 100
+ max_user_sessions:
+ all: 1000
+ muc:
+ local: allow
+ muc_admin:
+ admin: allow
+ muc_create:
+ local: allow
+ pubsub_createnode:
+ local: allow
+ register:
+ all: deny
+ s2s:
+ all: allow
+ s2s_shaper:
+ all: s2s
+ trusted_network:
+ loopback: allow
+
+language: "en"
+
+modules:
+ mod_adhoc: {}
+ mod_admin_extra: {}
+ mod_announce:
+ access: announce
+ mod_blocking: {}
+ mod_caps: {}
+ mod_carboncopy: {}
+ mod_configure: {}
+ mod_disco: {}
+ mod_http_bind: {}
+ mod_last: {}
+ mod_muc:
+ access: muc
+ access_admin: muc_admin
+ access_create: muc_create
+ access_persistent: muc_create
+ history_size: 100
+ max_users: 1000
+ max_user_conferences: 2000
+ default_room_options:
+ allow_user_invites: true
+ anonymous: false
+<% if @muclog_datadir -%>
+ logging: true
+<% else -%>
+ logging: false
+<% end -%>
+ max_users: 1000
+ members_by_default: false
+ members_only: true
+ public: false
+ public_list: false
+<% if @muclog_datadir -%>
+ mod_muc_log:
+ access_log: muc_admin
+ file_format: <%= @muclog_format %>
+ outdir: "<%= @muclog_datadir %>"
+ timezone: universal
+<% end -%>
+ mod_offline:
+ access_max_user_messages: max_user_offline_messages
+ mod_ping: {}
+ mod_privacy: {}
+ mod_private: {}
+ mod_pubsub:
+ access_createnode: pubsub_createnode
+ ignore_pep_from_offline: true
+ last_item_cache: false
+ plugins:
+ - "flat"
+ - "hometree"
+ - "pep"
+ mod_roster: {}
+ mod_shared_roster: {}
+ mod_stats: {}
+ mod_time: {}
+ mod_vcard: {}
+ mod_version: {}
diff --git a/ejabberd/files/htaccess b/ejabberd/templates/htaccess.erb
similarity index 57%
rename from ejabberd/files/htaccess
rename to ejabberd/templates/htaccess.erb
index c6801cf..5cff781 100644
--- a/ejabberd/files/htaccess
+++ b/ejabberd/templates/htaccess.erb
@@ -1,3 +1,6 @@
+<% if scope.lookupvar('apache::version') == '2.4' -%>
+DirectoryIndex disabled
+<% end -%>
RewriteEngine On
RewriteRule ^(.*)$ http://localhost:5280/http-bind/$1 [P,L]
diff --git a/erlang/manifests/init.pp b/erlang/manifests/init.pp
new file mode 100644
index 0000000..87bf7ca
--- /dev/null
+++ b/erlang/manifests/init.pp
@@ -0,0 +1,21 @@
+# Install erlang.
+#
+class erlang {
+
+ case $::operatingsystem {
+ 'centos','redhat','fedora': {
+ package { 'erlang':
+ ensure => installed,
+ }
+ }
+ 'debian','ubuntu': {
+ package { [ 'erlang', 'erlang-base' ]:
+ ensure => installed,
+ }
+ }
+ default: {
+ fail("erlang not supported on ${::operatingsystem}.")
+ }
+ }
+
+}
diff --git a/gnu/manifests/init.pp b/gnu/manifests/init.pp
index 054d02f..8034755 100644
--- a/gnu/manifests/init.pp
+++ b/gnu/manifests/init.pp
@@ -13,8 +13,8 @@ class gnu::gcc {
case $::operatingsystem {
'debian', 'ubuntu': {
package { "kernel-headers":
- name => "linux-libc-dev",
ensure => installed,
+ name => "linux-libc-dev",
}
}
default: {
diff --git a/mirror/files/sync-mirrors b/mirror/files/sync-mirrors
index fa8c237..87a7498 100755
--- a/mirror/files/sync-mirrors
+++ b/mirror/files/sync-mirrors
@@ -27,12 +27,13 @@ else
fi
VERBOSE=0
+NOOP=""
EXTRA_OPTS=""
-while getopts "vhl" c ; do
+while getopts "vhln" c ; do
case $c in
v)
VERBOSE=1
- EXTRA_OPTS="-v --progress"
+ EXTRA_OPTS="${EXTRA_OPTS} -v --progress"
;;
h)
usage
@@ -45,6 +46,14 @@ while getopts "vhl" c ; do
done
exit 0
;;
+ n)
+ NOOP=" (DRY RUN)"
+ EXTRA_OPTS="${EXTRA_OPTS} -n"
+ ;;
+ *)
+ usage
+ exit 1
+ ;;
esac
done
@@ -98,7 +107,7 @@ for mirror in ${SYNC} ; do
echo "ERR: No SRC set for mirror ${mirror} ..." 1>&2
exit 1
fi
- logmsg "Starting ${mirror} sync ..."
+ logmsg "Starting ${mirror} sync${NOOP}..."
rsync -aH -4 ${EXTRA_OPTS} --numeric-ids --delete --delete-delay \
--delay-updates --no-motd ${RSYNCOPTS} --log-file=${LOGFILE} \
--exclude=.~tmp~/ ${SRC} /srv/mirrors/${mirror}/
@@ -106,7 +115,7 @@ for mirror in ${SYNC} ; do
if [ ${STATUS} -ne 0 ]; then
echo "WARN: Encountered errors on ${mirror} sync, see ${LOGFILE} for details" 1>&2
fi
- logmsg "Finished ${mirror} sync with exit status ${STATUS} ..."
+ logmsg "Finished ${mirror} sync with exit status ${STATUS}${NOOP} ..."
if [ "${POSTCMD}" != "" ]; then
logmsg "Running post for ${mirror} ..."
${POSTCMD} 2>&1 | awk \
diff --git a/murmur/Makefile b/murmur/Makefile
index 41116ae..f9a971e 100644
--- a/murmur/Makefile
+++ b/murmur/Makefile
@@ -1,9 +1,9 @@
include $(CURDIR)/../Makefile.inc
-VERSION = 1.2.4
+VERSION = 1.2.9
TARGET = murmur-static_x86-$(VERSION).tar.bz2
-SOURCE = http://downloads.sourceforge.net/project/mumble/Mumble/$(VERSION)/murmur-static_x86-$(VERSION).tar.bz2
+SOURCE = https://github.com/mumble-voip/mumble/releases/download/$(VERSION)/murmur-static_x86-$(VERSION).tar.bz2
all: download manifest
download: $(PACKAGES)/$(TARGET)
diff --git a/nginx/manifests/init.pp b/nginx/manifests/init.pp
index faed91b..a80280e 100644
--- a/nginx/manifests/init.pp
+++ b/nginx/manifests/init.pp
@@ -13,10 +13,12 @@ class nginx(
$user = '_nginx'
$group = '_nginx'
}
+ $logdir = '/var/www/logs'
}
default: {
$user = 'nginx'
$group = 'nginx'
+ $logdir = '/var/log/nginx'
}
}
diff --git a/nginx/templates/nginx.conf.erb b/nginx/templates/nginx.conf.erb
index 6f2bb90..6d235f9 100644
--- a/nginx/templates/nginx.conf.erb
+++ b/nginx/templates/nginx.conf.erb
@@ -2,6 +2,8 @@ user <%= @user %>;
worker_processes <%= @workers %>;
worker_rlimit_nofile 1024;
+error_log <%= @logdir %>/error.log;
+
events {
worker_connections 1024;
}
@@ -10,6 +12,8 @@ http {
include mime.types;
default_type application/octet-stream;
+ access_log <%= @logdir %>/access.log combined;
+
server_tokens off;
include conf.d/*.conf;
diff --git a/smtpd/manifests/init.pp b/smtpd/manifests/init.pp
index 49c6117..c03b6dc 100644
--- a/smtpd/manifests/init.pp
+++ b/smtpd/manifests/init.pp
@@ -18,6 +18,9 @@
# $maildir:
# Directory in user home for INBOX. Defaults to "Mail".
#
+# $config:
+# Path to custom configuration file.
+#
# $custom:
# Array of custom accept/reject rules.
#
@@ -39,6 +42,7 @@ class smtpd(
$listen=false,
$gecos=true,
$maildir="Mail",
+ $config=undef,
$custom=undef,
$domains=undef,
$virtuals=undef,
@@ -130,6 +134,15 @@ class smtpd(
include ssl
+ if $config {
+ $content = undef
+ } else {
+ $content = $listen ? {
+ true => template("smtpd/server.conf.erb"),
+ default => template("smtpd/client.conf.erb"),
+ }
+ }
+
file { "${confdir}/smtpd.conf":
ensure => present,
mode => "0644",
@@ -138,10 +151,8 @@ class smtpd(
"openbsd" => "wheel",
default => "root",
},
- content => $listen ? {
- true => template("smtpd/server.conf.erb"),
- default => template("smtpd/client.conf.erb"),
- },
+ source => $config,
+ content => $content,
notify => Service[$service],
}
@@ -154,21 +165,7 @@ class smtpd(
},
}
- if $listen == true {
- include procmail
-
- procmail::rc { "00-default.rc":
- content => "MAILDIR=\$HOME/${maildir}\nDEFAULT=\$MAILDIR/INBOX\n",
- }
-
- file { [ "/root/${maildir}", "/etc/skel/${maildir}" ]:
- ensure => directory,
- mode => "0700",
- owner => "root",
- group => "wheel",
- before => Service["smtpd"],
- }
-
+ if $listen == true or $config {
file { "${ssl::private}/smtpd.key":
ensure => present,
mode => "0600",
@@ -185,6 +182,22 @@ class smtpd(
source => $ssl_cert,
notify => Service["smtpd"],
}
+ }
+
+ if $listen == true {
+ include procmail
+
+ procmail::rc { "00-default.rc":
+ content => "MAILDIR=\$HOME/${maildir}\nDEFAULT=\$MAILDIR/INBOX\n",
+ }
+
+ file { [ "/root/${maildir}", "/etc/skel/${maildir}" ]:
+ ensure => directory,
+ mode => "0700",
+ owner => "root",
+ group => "wheel",
+ before => Service["smtpd"],
+ }
if $gecos == true {
file { "/usr/local/sbin/generate-smtpd-gecos.sh":