diff --git a/kerberos/templates/keytab.erb b/kerberos/templates/keytab.erb index 867ceca..12fd8d3 100644 --- a/kerberos/templates/keytab.erb +++ b/kerberos/templates/keytab.erb @@ -7,8 +7,8 @@ require 'tempfile' config = {} config['cachedir'] = '/var/cache/puppet' -config['kadmin'] = '/usr/kerberos/sbin/kadmin' -config['klist'] = '/usr/kerberos/bin/klist' +config['kadmin'] = '/usr/bin/kadmin' +config['klist'] = '/usr/bin/klist' # set global vars diff --git a/ldap/manifests/init.pp b/ldap/manifests/init.pp index 902caa8..fa6d768 100644 --- a/ldap/manifests/init.pp +++ b/ldap/manifests/init.pp @@ -486,7 +486,7 @@ class ldap::server { } exec { "slaptest": - command => "slaptest", + command => "slaptest -f ${config}/slapd.conf", path => "/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin", refreshonly => true, require => File["${config}/slapd.conf.d"], diff --git a/logwatch/manifests/init.pp b/logwatch/manifests/init.pp index 0dbca0b..05e4341 100644 --- a/logwatch/manifests/init.pp +++ b/logwatch/manifests/init.pp @@ -1,5 +1,10 @@ # Install logwatch. # +# === Global variables +# +# $logwatch_mailto +# Logwatch mail recipient. +# class logwatch { case $::kernel { @@ -13,4 +18,15 @@ class logwatch { } } + if $logwatch_mailto { + file { "/etc/logwatch/conf/logwatch.conf": + ensure => present, + mode => "0644", + owner => "root", + group => "root", + content => "MailTo = ${logwatch_mailto}\n", + require => Package["logwatch"], + } + } + } diff --git a/minidlna/manifests/init.pp b/minidlna/manifests/init.pp new file mode 100644 index 0000000..2219032 --- /dev/null +++ b/minidlna/manifests/init.pp @@ -0,0 +1,24 @@ + +class minidlna($name="", $audiodir="", $videodir="", $photodir="") { + + package { "minidlna": + ensure => installed, + } + + file { "minidlna.conf": + ensure => present, + path => "/etc/minidlna.conf", + content => template("minidlna/minidlna.conf.erb"), + mode => "0644", + owner => "root", + group => "root", + require => Package["minidlna"], + notify => Service["minidlna"], + } + + service { "minidlna": + ensure => running, + enable => true, + } + +} diff --git a/minidlna/templates/minidlna.conf.erb b/minidlna/templates/minidlna.conf.erb new file mode 100644 index 0000000..9c5d101 --- /dev/null +++ b/minidlna/templates/minidlna.conf.erb @@ -0,0 +1,69 @@ +# port for HTTP (descriptions, SOAP, media transfer) traffic +port=8200 + +# network interfaces to serve, comma delimited +#network_interface=eth0 + +# set this to the directory you want scanned. +# * if have multiple directories, you can have multiple media_dir= lines +# * if you want to restrict a media_dir to a specific content type, you +# can prepend the type, followed by a comma, to the directory: +# + "A" for audio (eg. media_dir=A,/home/jmaggard/Music) +# + "V" for video (eg. media_dir=V,/home/jmaggard/Videos) +# + "P" for images (eg. media_dir=P,/home/jmaggard/Pictures) +<% if audiodir != '' %>media_dir=A,<%= audiodir %><% end -%> +<% if videodir != '' %>media_dir=V,<%= videodir %><% end -%> +<% if photodir != '' %>media_dir=P,<%= photodir %><% end -%> + +# set this if you want to customize the name that shows up on your clients +friendly_name=<% if name == '' %>MiniDLNA<% else %><%= name %><% end %> + +# set this if you would like to specify the directory where you want MiniDLNA to store its database and album art cache +db_dir=/var/cache/minidlna + +# set this if you would like to specify the directory where you want MiniDLNA to store its log file +log_dir=/var/log/minidlna + +# set this to change the verbosity of the information that is logged +# each section can use a different level: off, fatal, error, warn, info, or debug +#log_level=general,artwork,database,inotify,scanner,metadata,http,ssdp,tivo=warn + +# this should be a list of file names to check for when searching for album art +# note: names should be delimited with a forward slash ("/") +album_art_names=Cover.jpg/cover.jpg/AlbumArtSmall.jpg/albumartsmall.jpg/AlbumArt.jpg/albumart.jpg/Album.jpg/album.jpg/Folder.jpg/folder.jpg/Thumb.jpg/thumb.jpg + +# set this to no to disable inotify monitoring to automatically discover new files +# note: the default is yes +inotify=yes + +# set this to yes to enable support for streaming .jpg and .mp3 files to a TiVo supporting HMO +enable_tivo=no + +# set this to strictly adhere to DLNA standards. +# * This will allow server-side downscaling of very large JPEG images, +# which may hurt JPEG serving performance on (at least) Sony DLNA products. +strict_dlna=no + +# default presentation url is http address on port 80 +#presentation_url=http://www.mylan/index.php + +# notify interval in seconds. default is 895 seconds. +notify_interval=900 + +# serial and model number the daemon will report to clients +# in its XML description +serial=<%= scope.function_fqdn_rand(['10000000', '99999999']) %> +model_number=1 + +# specify the path to the MiniSSDPd socket +#minissdpdsocket=/var/run/minissdpd.sock + +# use different container as root of the tree +# possible values: +# + "." - use standard container (this is the default) +# + "B" - "Browse Directory" +# + "M" - "Music" +# + "V" - "Video" +# + "P" - "Pictures" +# if you specify "B" and client device is audio-only then "Music/Folders" will be used as root +#root_container=. diff --git a/mirror/files/sync-mirrors b/mirror/files/sync-mirrors new file mode 100755 index 0000000..be66dd1 --- /dev/null +++ b/mirror/files/sync-mirrors @@ -0,0 +1,103 @@ +#!/bin/bash + +LOCKFILE=/var/run/sync-mirrors/lockfile +LOGFILE=/var/log/sync-mirrors/sync-mirrors-`date +%Y%m%d%H%M%S`.log +CONFDIR=/etc/sync-mirrors + +usage() { + echo "Usage: `basename $0` [-v] [mirror]" 1>&2 + echo " `basename $0` -l" 1>&2 +} + +if [ -d ${CONFDIR} ]; then + MIRRORLIST=`ls ${CONFDIR}/*.conf 2> /dev/null | while read f ; \ + do basename $f | sed -e 's/\.conf$//' ; done` + if [ "${MIRRORLIST}" = "" ]; then + echo "ERR: No configured mirrors found" 1>&2 + exit 1 + fi +else + echo "ERR: Config directory [${CONFDIR}] missing" 1>&2 + exit 1 +fi + +VERBOSE=0 +EXTRA_OPTS="" +while getopts "vhl" c ; do + case $c in + v) + VERBOSE=1 + EXTRA_OPTS="-v --progress" + ;; + h) + usage + exit 1 + ;; + l) + echo "Available mirrors:" + for name in ${MIRRORLIST} ; do + echo " ${name}" + done + exit 0 + ;; + esac +done + +shift `expr $OPTIND - 1` + +if [ $# -gt 0 ]; then + for mirror in $* ; do + if [ ! -f ${CONFDIR}/$1.conf ]; then + echo "ERR: No mirror named [$1]" 1>&2 + exit 1 + fi + SYNC="${MIRRORS} $1" + shift + done +else + SYNC=${MIRRORLIST} +fi + +if [ `whoami` != mirror ]; then + echo "ERR: Script needs to be run as mirror user" 1>&2 + exit 1 +fi + +umask 022 + +if [ -f ${LOCKFILE} ]; then + kill -0 `cat ${LOCKFILE}` + if [ $? -ne 1 ]; then + which stat > /dev/null 2>&1 + if [ $? -eq 0 ]; then + STARTED=" (`stat ${LOCKFILE} | sed -n 's/^Modify: \(.*\)/\1/p'`)" + else + STARTED="" + fi + echo "ERR: Lockfile exists${STARTED}, exiting" 1>&2 + exit 1 + else + echo "WARN: Removing stale lock file..." 1>&2 + rm -f ${LOCKFILE} + fi +fi +trap "rm -f ${LOCKFILE}" INT TERM EXIT +echo $$ > ${LOCKFILE} + +for mirror in ${SYNC} ; do + SRC="" + RSYNCOPTS="" + . ${CONFDIR}/${mirror}.conf + if [ "${SRC}" = "" ]; then + echo "ERR: No SRC set for mirror ${mirror} ..." 1>&2 + exit 1 + fi + [ ${VERBOSE} -eq 1 ] && echo "Starting ${mirror} sync ..." + echo "`date '+%Y/%m/%d %H:%M:%S'` [$$] Starting ${mirror} sync ..." \ + >> ${LOGFILE} + rsync -aH -4 ${EXTRA_OPTS} --numeric-ids --delete --delete-after \ + --delay-updates --no-motd ${RSYNCOPTS} --log-file=${LOGFILE} \ + ${SRC} /srv/mirrors/${mirror}/ +done + +rm -f ${LOCKFILE} diff --git a/mirror/manifests/init.pp b/mirror/manifests/init.pp new file mode 100644 index 0000000..58a6e81 --- /dev/null +++ b/mirror/manifests/init.pp @@ -0,0 +1,185 @@ + +# Install mirroring scripts +# +# === Parameters +# +# $datadir: +# Directory for mirrored data. Defaults to /srv/mirrors +# +class mirror($datadir = "/srv/mirrors") { + + include user::system + realize(User["mirror"], Group["mirror"]) + + if $datadir != "/srv/mirrors" { + file { "/srv/mirrors": + ensure => link, + target => $datadir, + owner => "root", + group => "root", + seltype => "httpd_sys_content_t", + before => File[$datadir], + } + selinux::manage_fcontext { "/srv/mirrors(/.*)?": + type => "httpd_sys_content_t", + before => File["/srv/mirrors"], + } + } + file { $datadir: + ensure => directory, + mode => "0755", + owner => "root", + group => "root", + seltype => "httpd_sys_content_t", + } + selinux::manage_fcontext { "${datadir}(/.*)?": + type => "httpd_sys_content_t", + before => File[$datadir], + } + + file { "/etc/sync-mirrors": + ensure => directory, + mode => "0755", + owner => "root", + group => "root", + recurse => true, + purge => true, + } + + file { [ "/var/run/sync-mirrors", "/var/log/sync-mirrors", ]: + ensure => directory, + mode => "0755", + owner => "mirror", + group => "mirror", + before => Cron["sync-mirrors"], + require => User["mirror"], + } + + file { "/usr/local/bin/sync-mirrors": + ensure => present, + source => "puppet:///modules/mirror/sync-mirrors", + mode => "0755", + owner => "root", + group => "root", + } + cron { "sync-mirrors": + command => "/usr/local/bin/sync-mirrors", + user => "mirror", + hour => [ 0, 6, 12, 18, ], + minute => 0, + require => [ File["/usr/local/bin/sync-mirrors"], User["mirror"], ], + } + +} + + +# Create new mirror +# +# === Parameters: +# +# $name: +# Mirror name +# +# $source: +# Rsync path from where to sync mirror +# +# $rsync_options: +# Extra options for rsync +# +# === Sample usage: +# +# mirrors::mirror { "centos": +# source => "rsync://rsync.nic.funet.fi/ftp/pub/mirrors/centos.org/", +# rsync_options => [ +# "--exclude=SRPMS", +# "--exclude=debug", +# "--exclude=isos", +# ], +# } +# +define mirror::mirror($source, $rsync_options=[]) { + + require mirror + + file { "/etc/sync-mirrors/${name}.conf": + ensure => present, + content => template("mirror/mirror.conf.erb"), + mode => "0644", + owner => "root", + group => "root", + require => File["/srv/mirrors/${name}"], + } + + file { "/srv/mirrors/${name}": + ensure => directory, + owner => "mirror", + group => "mirror", + seltype => "httpd_sys_content_t", + } + +} + + +# Run weekly hardlinking for mirrored data +# +class mirror::hardlink { + + require mirror + + package { "hardlink": + ensure => installed, + } + cron { "hardlink-mirrors-weekly": + command => "/usr/sbin/hardlink /srv/mirrors/", + user => "mirror", + hour => 4, + minute => 0, + weekday => 0, + } + +} + + +# Install Fedora mirror reporting tool +# +# https://fedoraproject.org/wiki/Infrastructure/Mirroring +# +# === Parameters: +# +# $sitename: +# Site name configured to mirrormanager +# +# $password: +# Site password configured to mirrormanager +# +# $hostname: +# Host name configured to mirrormanager +# +# $mirrors: +# Components mirrored to this hosts +# +# === Sample usage: +# +# mirrors::reportmirror { +# sitename => "foo.sh" +# password => "secret", +# hostname => "mirrors.foo.sh", +# mirrors => [ "fedora", "epel", ], +# } +# +class mirror::reportmirror($sitename, $password, $hostname, $mirrors=[]) { + + package { "mirrormanager-client": + ensure => installed, + } + + file { "/etc/mirrormanager-client/report_mirror.conf": + ensure => present, + content => template("mirror/report_mirror.conf.erb"), + mode => "0640", + owner => "root", + group => "mirror", + require => [ Package["mirrormanager-client"], Group["mirror"], ], + } + +} diff --git a/mirror/templates/mirror.conf.erb b/mirror/templates/mirror.conf.erb new file mode 100644 index 0000000..cd001a6 --- /dev/null +++ b/mirror/templates/mirror.conf.erb @@ -0,0 +1,2 @@ +SRC="<%= source %>" +RSYNCOPTS="<%= rsync_options.join(' ') %>" diff --git a/mirror/templates/report_mirror.conf.erb b/mirror/templates/report_mirror.conf.erb new file mode 100644 index 0000000..db9682f --- /dev/null +++ b/mirror/templates/report_mirror.conf.erb @@ -0,0 +1,96 @@ +[global] +# if enabled=0, no data is sent to the database +enabled=1 +# server= is the URL to the MirrorManager XML-RPC interface +server=https://admin.fedoraproject.org/mirrormanager/xmlrpc + + +[site] +# if enabled=0, no data about this site is sent to the database +enabled=1 +# Name and Password fields need to match the Site name and password +# fields you entered for your Site in the MirrorManager database at +# https://admin.fedoraproject.org/mirrormanager +name=<%= sitename %> +password=<%= password %> + +[host] +# if enabled=0, no data about this host is sent to the database +enabled=1 +# Name field need to match the Host name field you entered for your +# Host in the MirrorManager database at +# https://admin.fedoraproject.org/mirrormanager +name=<%= hostname %> +# if user_active=0, no data about this category is given to the public +# This can be used to toggle between serving and not serving data, +# such enabled during the nighttime (when you have more idle bandwidth +# available) and disabled during the daytime. +# By not specifying user_active, the database will not be updated. +# user_active=1 + +[stats] +# Stats are only sent when run with the -s option +# and when this section is enabled. +# This feature is not presently implemented +enabled=0 +apache=/var/log/httpd/access_log +vsftpd=/var/log/vsftpd.log +# remember to enable log file and transfer logging in rsyncd.conf +rsyncd=/var/log/rsyncd.log + + +# Content Categories +# These sections match the Categories for content tracked by MirrorManager. +# +# enabled=1 means information about this category will be sent to the database. +# enabled=0, no data about this host is sent to the database. If the +# database already has information for you for this Category, it will +# remain unchanged. This can be used to update the database after you +# have manually synced some infrequently-updated content, such as +# historical releases. +# +# path= is the path on your local disk to the top-level directory for this Category + +[Fedora Linux] +<% if mirrors.include?('fedora') -%> +enabled=1 +<% else -%> +enabled=0 +<% end -%> +path=/srv/mirrors/fedora + +[Fedora EPEL] +<% if mirrors.include?('epel') -%> +enabled=1 +<% else -%> +enabled=0 +<% end -%> +path=/srv/mirrors/fedora-epel + +# lesser used categories below + +[Fedora Web] +enabled=0 +path=/var/www/html/pub/fedora/web + +[Fedora Secondary Arches] +enabled=0 +path=/var/www/html/pub/fedora-secondary + +[Fedora Other] +enabled=0 +path=/var/www/html/pub/alt + +# historical content + +[Fedora Core] +enabled=0 +path=/var/www/html/pub/fedora/linux/core + +[Fedora Extras] +enabled=0 +path=/var/www/html/pub/fedora/linux/extras + +[Fedora Archive] +enabled=0 +path=/var/www/html/pub/fedora-archive diff --git a/mythtv/templates/mythweb.conf.erb b/mythtv/templates/mythweb.conf.erb index 586d5ca..175f878 100644 --- a/mythtv/templates/mythweb.conf.erb +++ b/mythtv/templates/mythweb.conf.erb @@ -199,7 +199,7 @@ Alias /mythweb/ "/usr/share/mythweb/" - Options -All +FollowSymLinks +IncludesNoExec + Options FollowSymLinks IncludesNoExec # You will probably also want to uncomment the following rules, which diff --git a/resolver/manifests/init.pp b/resolver/manifests/init.pp new file mode 100644 index 0000000..08e3f4e --- /dev/null +++ b/resolver/manifests/init.pp @@ -0,0 +1,31 @@ +# Class: resolver +# +# This class handles configuring /etc/resolv.conf +# +# Parameters: +# $domainname: The default domain +# +# $searchpath: Array of domains to search +# +# $nameservers: List of nameservers to search +# +# Actions: +# Configures the /etc/resolv.conf file according to parameters +# +# Requires: +# +# Sample Usage: +# class { 'resolver': +# domainname => "mydomain", +# searchpath => ['mydomain', 'test.mydomain'], +# nameservers => ['192.168.1.100', '192.168.1.101', '192.168.1.102'], +# } +# +class resolver($domainname = "", $searchpath = "", $nameservers ) { + file { "/etc/resolv.conf": + owner => root, + group => root, + mode => 644, + content => template("resolver/resolv.conf.erb"), + } +} diff --git a/resolver/templates/resolv.conf.erb b/resolver/templates/resolv.conf.erb new file mode 100644 index 0000000..aaf5f51 --- /dev/null +++ b/resolver/templates/resolv.conf.erb @@ -0,0 +1,6 @@ +<% if !domainname.empty? %>domain <%= domainname %> +<% end -%> +<% if !searchpath.empty? %>search <%= searchpath.join(" ") %> +<% end -%> +<% nameservers.each do |ns| %>nameserver <%= ns %> +<% end -%> diff --git a/sendmail/manifests/init.pp b/sendmail/manifests/init.pp index 9cf5c98..5b83860 100644 --- a/sendmail/manifests/init.pp +++ b/sendmail/manifests/init.pp @@ -363,6 +363,7 @@ class sendmail::server inherits sendmail::common { mode => "0644", owner => "root", group => "root", + notify => Service["sendmail"], } } diff --git a/user/manifests/init.pp b/user/manifests/init.pp index aefda07..9533dd9 100644 --- a/user/manifests/init.pp +++ b/user/manifests/init.pp @@ -290,6 +290,21 @@ class user::system { require => Group["murmur"], } + # Mirrors + @group { "mirror": + ensure => present, + gid => 820, + } + @user { "mirror": + ensure => present, + uid => 820, + gid => 820, + comment => "Service Mirror", + home => "/var/empty", + shell => "/sbin/nologin", + require => Group["mirror"], + } + } diff --git a/vsroom/manifests/init.pp b/vsroom/manifests/init.pp index cc27a58..c729fcc 100644 --- a/vsroom/manifests/init.pp +++ b/vsroom/manifests/init.pp @@ -92,31 +92,6 @@ class vsroom::common { } python::setup::install { "/usr/local/src/vsroom": } - include user::system - realize(User["vsroom"], Group["vsroom"]) - - if $vsroom_datadir { - file { $vsroom_datadir: - ensure => directory, - mode => "2750", - owner => "root", - group => "vsroom", - } - - file { "/var/lib/vsroom": - ensure => link, - target => $vsroom_datadir, - require => File[$vsroom_datadir], - } - } else { - file { "/var/lib/vsroom": - ensure => directory, - mode => "2750", - owner => "root", - group => "vsroom", - } - } - $htdocs = $::operatingsystem ? { "ubuntu" => "/usr/local/share/vsroom/htdocs", default => "/usr/share/vsroom/htdocs",