Updated all templates to use instance variables

abusehelper/templates/botnet.sysconfig.erb

@@ -1,2 +1,2 @@
-BOTUSER="<%= abusehelper_user %>"
-BOTNETS="<%= abusehelper_botnets.join(" ") %>"
+BOTUSER="<%= @abusehelper_user %>"
+BOTNETS="<%= @abusehelper_botnets.join(" ") %>"

alpine/templates/pine.conf.fixed.erb

@@ -1,6 +1,6 @@
 
-user-domain=<%= mail_domain %>
-smtp-server=<%= mail_server %>/TLS
-inbox-path={<%= mail_server %>/USER=${USER}/SSL}INBOX
-folder-collections={<%= mail_server %>/USER=${USER}/SSL}[]
+user-domain=<%= @mail_domain %>
+smtp-server=<%= @mail_server %>/TLS
+inbox-path={<%= @mail_server %>/USER=${USER}/SSL}INBOX
+folder-collections={<%= @mail_server %>/USER=${USER}/SSL}[]
 

amanda/templates/amanda-client.conf.erb

@@ -3,7 +3,7 @@
 # This file normally goes in /etc/amanda/amanda-client.conf.
 #
 
-index_server	"<%= amanda_server %>"
-tape_server 	"<%= amanda_server %>"
+index_server	"<%= @amanda_server %>"
+tape_server 	"<%= @amanda_server %>"
 auth		"ssh"
 ssh_keys	"/var/lib/amanda/.ssh/id_rsa_amrecover"

apache/templates/apache2.conf.erb

@@ -193,7 +193,7 @@ HostnameLookups Off
 # logged here.  If you *do* define an error logfile for a <VirtualHost>
 # container, that host's errors will be logged there and not here.
 #
-ErrorLog /srv/www/log/http/<%= homename %>/error_log
+ErrorLog /srv/www/log/http/<%= @homename %>/error_log
 
 #
 # LogLevel: Control the number of messages logged to the error_log.
@@ -225,7 +225,7 @@ LogFormat "%{User-agent}i" agent
 
 #
 # Define an access log for VirtualHosts that don't define their own logfile
-CustomLog /srv/www/log/http/<%= homename %>/access_log combined
+CustomLog /srv/www/log/http/<%= @homename %>/access_log combined
 
 
 # Include of directories ignores editors' and dpkg's backup files,

apache/templates/apache2.httpd.conf.erb

@@ -1,10 +1,10 @@
-<% if has_variable?("domain") -%>
+<% if @domain -%>
 #
 # ServerAdmin: Your address, where problems with the server should be
 # e-mailed.  This address appears on some server-generated pages, such
 # as error documents.  e.g. admin@your-domain.com
 #
-ServerAdmin adm@<%= domain %>
+ServerAdmin adm@<%= @domain %>
 <% end -%>
 
 #
@@ -19,7 +19,7 @@ ServerAdmin adm@<%= domain %>
 # You will have to access it by its address anyway, and this will make 
 # redirections work in a sensible way.
 #
-ServerName <%= homename %>
+ServerName <%= @homename %>
 
 #
 # UseCanonicalName: Determines how Apache constructs self-referencing 

apache/templates/auth_kerb.conf.erb

@@ -13,7 +13,7 @@ LoadModule auth_kerb_module modules/mod_auth_kerb.so
 # "www.example.com" is the FQDN of this server.
 #
 
-KrbAuthRealms <%= kerberos_realm %>
+KrbAuthRealms <%= @kerberos_realm %>
 Krb5KeyTab /etc/httpd/conf/httpsd.keytab
 KrbMethodNegotiate On
 KrbAuthoritative On

apache/templates/httpd.conf.erb

@@ -193,7 +193,7 @@ LoadModule proxy_connect_module modules/mod_proxy_connect.so
 LoadModule cache_module modules/mod_cache.so
 LoadModule suexec_module modules/mod_suexec.so
 LoadModule disk_cache_module modules/mod_disk_cache.so
-<% if ['CentOS','RedHat'].index(operatingsystem) and operatingsystemrelease =~ /^[1-5]\./ -%>
+<% if ['CentOS','RedHat'].index(@operatingsystem) and @operatingsystemrelease =~ /^[1-5]\./ -%>
 LoadModule file_cache_module modules/mod_file_cache.so
 LoadModule mem_cache_module modules/mod_mem_cache.so
 <% end -%>
@@ -245,13 +245,13 @@ Group <%= scope.lookupvar('apache::server::group') %>
 # virtual host being defined.
 #
 
-<% if has_variable?("domain") -%>
+<% if @domain -%>
 #
 # ServerAdmin: Your address, where problems with the server should be
 # e-mailed.  This address appears on some server-generated pages, such
 # as error documents.  e.g. admin@your-domain.com
 #
-ServerAdmin adm@<%= domain %>
+ServerAdmin adm@<%= @domain %>
 <% end -%>
 
 #
@@ -267,7 +267,7 @@ ServerAdmin adm@<%= domain %>
 # redirections work in a sensible way.
 #
 #ServerName www.example.com:80
-ServerName <%= homename %>
+ServerName <%= @homename %>
 
 #
 # UseCanonicalName: Determines how Apache constructs self-referencing 
@@ -283,7 +283,7 @@ UseCanonicalName Off
 # documents. By default, all requests are taken from this directory, but
 # symbolic links and aliases may be used to point to other locations.
 #
-DocumentRoot "/srv/www/http/<%= homename %>"
+DocumentRoot "/srv/www/http/<%= @homename %>"
 
 #
 # Each directory to which Apache has access can be configured with respect
@@ -476,7 +476,7 @@ HostnameLookups Off
 # logged here.  If you *do* define an error logfile for a <VirtualHost>
 # container, that host's errors will be logged there and not here.
 #
-ErrorLog /srv/www/log/http/<%= homename %>/error_log
+ErrorLog /srv/www/log/http/<%= @homename %>/error_log
 
 #
 # LogLevel: Control the number of messages logged to the error_log.
@@ -518,7 +518,7 @@ LogFormat "%{User-agent}i" agent
 # For a single logfile with access, agent, and referer information
 # (Combined Logfile Format), use the following directive:
 #
-CustomLog /srv/www/log/http/<%= homename %>/access_log combined
+CustomLog /srv/www/log/http/<%= @homename %>/access_log combined
 
 #
 # Optionally add a line containing the server version and virtual host

apache/templates/httpsd.conf.erb

@@ -145,7 +145,7 @@ MaxRequestsPerChild  0
 # Example:
 # LoadModule foo_module modules/mod_foo.so
 #
-<% if operatingsystem == 'Fedora' and operatingsystemrelease.to_i > 17 -%>
+<% if @operatingsystem == 'Fedora' and @operatingsystemrelease.to_i > 17 -%>
 Include conf.modules.d/*.conf
 <% else -%>
 LoadModule auth_basic_module modules/mod_auth_basic.so
@@ -196,7 +196,7 @@ LoadModule proxy_connect_module modules/mod_proxy_connect.so
 LoadModule cache_module modules/mod_cache.so
 LoadModule suexec_module modules/mod_suexec.so
 LoadModule disk_cache_module modules/mod_disk_cache.so
-<% if ['CentOS','RedHat'].index(operatingsystem) and operatingsystemrelease =~ /^[1-5]\./ -%>
+<% if ['CentOS','RedHat'].index(@operatingsystem) and @operatingsystemrelease =~ /^[1-5]\./ -%>
 LoadModule file_cache_module modules/mod_file_cache.so
 LoadModule mem_cache_module modules/mod_mem_cache.so
 <% end -%>
@@ -249,13 +249,13 @@ Group <%= scope.lookupvar('apache::sslserver::group') %>
 # virtual host being defined.
 #
 
-<% if has_variable?("domain") -%>
+<% if @domain -%>
 #
 # ServerAdmin: Your address, where problems with the server should be
 # e-mailed.  This address appears on some server-generated pages, such
 # as error documents.  e.g. admin@your-domain.com
 #
-ServerAdmin adm@<%= domain %>
+ServerAdmin adm@<%= @domain %>
 <% end -%>
 
 #
@@ -271,7 +271,7 @@ ServerAdmin adm@<%= domain %>
 # redirections work in a sensible way.
 #
 #ServerName www.example.com:80
-ServerName <%= homename %>
+ServerName <%= @homename %>
 
 #
 # UseCanonicalName: Determines how Apache constructs self-referencing 
@@ -287,7 +287,7 @@ UseCanonicalName Off
 # documents. By default, all requests are taken from this directory, but
 # symbolic links and aliases may be used to point to other locations.
 #
-DocumentRoot "/srv/www/https/<%= homename %>"
+DocumentRoot "/srv/www/https/<%= @homename %>"
 
 #
 # Each directory to which Apache has access can be configured with respect
@@ -480,7 +480,7 @@ HostnameLookups Off
 # logged here.  If you *do* define an error logfile for a <VirtualHost>
 # container, that host's errors will be logged there and not here.
 #
-ErrorLog /srv/www/log/https/<%= homename %>/error_log
+ErrorLog /srv/www/log/https/<%= @homename %>/error_log
 
 #
 # LogLevel: Control the number of messages logged to the error_log.
@@ -522,7 +522,7 @@ LogFormat "%{User-agent}i" agent
 # For a single logfile with access, agent, and referer information
 # (Combined Logfile Format), use the following directive:
 #
-CustomLog /srv/www/log/https/<%= homename %>/access_log combined
+CustomLog /srv/www/log/https/<%= @homename %>/access_log combined
 
 #
 # Optionally add a line containing the server version and virtual host

apache/templates/proxy.conf.erb

@@ -1,11 +1,11 @@
-<% if has_variable?("apache_proxy_allow") -%>
+<% if @apache_proxy_allow -%>
 ProxyRequests On
 ProxyVia On
 
 <Proxy *>
   Order deny,allow
   Deny from all
-  Allow from <%= apache_proxy_allow %>
+  Allow from <%= @apache_proxy_allow %>
 </Proxy>
 <% else -%>
 ProxyRequests Off

apache/templates/site.http.conf.erb

@@ -1,10 +1,10 @@
 <VirtualHost *:80>
-  ServerName <%= site_fqdn %>
-<% if aliases != "" -%>
-  ServerAlias <%= aliases %>
+  ServerName <%= @site_fqdn %>
+<% if @aliases != "" -%>
+  ServerAlias <%= @aliases %>
 <% end -%>
-  ErrorLog /srv/www/log/http/<%= site_fqdn %>/error_log
-  CustomLog /srv/www/log/http/<%= site_fqdn %>/access_log combined
-  DocumentRoot /srv/www/http/<%= site_fqdn %>
-  Include <%= site_confdir %>/*.conf
+  ErrorLog /srv/www/log/http/<%= @site_fqdn %>/error_log
+  CustomLog /srv/www/log/http/<%= @site_fqdn %>/access_log combined
+  DocumentRoot /srv/www/http/<%= @site_fqdn %>
+  Include <%= @site_confdir %>/*.conf
 </VirtualHost>

apache/templates/site.https.conf.erb

@@ -1,13 +1,13 @@
-<VirtualHost <%= ipaddr %>:443>
+<VirtualHost <%= @ipaddr %>:443>
 
 # General setup for the virtual host, inherited from global configuration
-DocumentRoot "/srv/www/https/<%= site_fqdn %>"
-ServerName <%= site_fqdn %>:443
+DocumentRoot "/srv/www/https/<%= @site_fqdn %>"
+ServerName <%= @site_fqdn %>:443
 
 # Use separate log files for the SSL virtual host; note that LogLevel
 # is not inherited from httpd.conf.
-ErrorLog /srv/www/log/https/<%= site_fqdn %>/error_log
-CustomLog /srv/www/log/https/<%= site_fqdn %>/access_log combined
+ErrorLog /srv/www/log/https/<%= @site_fqdn %>/error_log
+CustomLog /srv/www/log/https/<%= @site_fqdn %>/access_log combined
 LogLevel warn
 
 #   SSL Engine Switch:
@@ -30,14 +30,14 @@ SSLCipherSuite RC4-SHA:HIGH:!ADH
 # the certificate is encrypted, then you will be prompted for a
 # pass phrase.  Note that a kill -HUP will prompt again.  A new
 # certificate can be generated using the genkey(1) command.
-SSLCertificateFile <%= @apache_ssldir %>/certs/<%= site_fqdn %>.crt
+SSLCertificateFile <%= @apache_ssldir %>/certs/<%= @site_fqdn %>.crt
 
 #   Server Private Key:
 #   If the key is not combined with the certificate, use this
 #   directive to point at the key file.  Keep in mind that if
 #   you've both a RSA and a DSA private key you can configure
 #   both in parallel (to also allow the use of DSA ciphers, etc.)
-SSLCertificateKeyFile <%= @apache_ssldir %>/private/<%= site_fqdn %>.key
+SSLCertificateKeyFile <%= @apache_ssldir %>/private/<%= @site_fqdn %>.key
 
 #   Server Certificate Chain:
 #   Point SSLCertificateChainFile at a file containing the
@@ -46,8 +46,8 @@ SSLCertificateKeyFile <%= @apache_ssldir %>/private/<%= site_fqdn %>.key
 #   the referenced file can be the same as SSLCertificateFile
 #   when the CA certificates are directly appended to the server
 #   certificate for convinience.
-<% if ssl_chain != "" -%>
-SSLCertificateChainFile <%= @apache_ssldir %>/certs/<%= site_fqdn %>.chain.crt
+<% if @ssl_chain != "" -%>
+SSLCertificateChainFile <%= @apache_ssldir %>/certs/<%= @site_fqdn %>.chain.crt
 <% end -%>
 
 #   Certificate Authority (CA):
@@ -149,6 +149,6 @@ BrowserMatch "MSIE [2-5]" \
 #CustomLog logs/ssl_request_log \
 #          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
 
-Include <%= site_confdir %>/*.conf
+Include <%= @site_confdir %>/*.conf
 
 </VirtualHost>

apache/templates/ssl.conf.erb

@@ -3,7 +3,7 @@ LoadModule ssl_module modules/mod_ssl.so
 </IfModule>
 
 Listen 443
-<% if ['Fedora','CentOS','RedHat'].index(operatingsystem) -%>
+<% if ['Fedora','CentOS','RedHat'].index(@operatingsystem) -%>
 ##
 ##  SSL Global Context
 ##
@@ -30,7 +30,7 @@ SSLPassPhraseDialog  builtin
 SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
 SSLSessionCacheTimeout  300
 
-<% unless operatingsystem == 'Fedora' and operatingsystemrelease.to_i > 17 -%>
+<% unless @operatingsystem == 'Fedora' and @operatingsystemrelease.to_i > 17 -%>
 #   Semaphore:
 #   Configure the path to the mutual exclusion semaphore the
 #   SSL engine uses internally for inter-process synchronization. 

apache/templates/webalizer.conf.erb

@@ -25,7 +25,7 @@
 # the log filename ends in '.gz' (ie: a gzip compressed file), it will
 # be decompressed on the fly as it is being read.
 
-LogFile        /srv/www/log/<%= name %>/access_log
+LogFile        /srv/www/log/<%= @name %>/access_log
 
 # LogType defines the log type being processed.  Normally, the Webalizer
 # expects a CLF or Combined web server log as input.  Using this option,
@@ -39,7 +39,7 @@ LogFile        /srv/www/log/<%= name %>/access_log
 # should be a full path name, however relative ones might work as well.
 # If no output directory is specified, the current directory will be used.
 
-OutputDir      /srv/www/webalizer/html/<%= name %>
+OutputDir      /srv/www/webalizer/html/<%= @name %>
 
 # HistoryName allows you to specify the name of the history file produced
 # by the Webalizer.  The history file keeps the data for up to 12 months
@@ -49,7 +49,7 @@ OutputDir      /srv/www/webalizer/html/<%= name %>
 # it will be kept in the specified output directory.  Otherwise, the path
 # is relative to the output directory, unless absolute (leading /).
 
-HistoryName	/srv/www/webalizer/history/<%= name %>/webalizer.hist
+HistoryName	/srv/www/webalizer/history/<%= @name %>/webalizer.hist
 
 # Incremental processing allows multiple partial log files to be used
 # instead of one huge one.  Useful for large sites that have to rotate
@@ -73,7 +73,7 @@ Incremental	yes
 # kept in the normal output directory.  If you don't specify "Incremental"
 # as 'yes' then this option has no meaning.
 
-IncrementalName	/srv/www/webalizer/history/<%= name %>/webalizer.current
+IncrementalName	/srv/www/webalizer/history/<%= @name %>/webalizer.current
 
 # ReportTitle is the text to display as the title.  The hostname
 # (unless blank) is appended to the end of this string (seperated with
@@ -91,7 +91,7 @@ IncrementalName	/srv/www/webalizer/history/<%= name %>/webalizer.current
 # try to get the hostname via a uname system call.  If that fails,
 # it will default to "localhost".
 
-HostName       <%= site_fqdn %>
+HostName       <%= @site_fqdn %>
 
 # HTMLExtension allows you to specify the filename extension to use
 # for generated HTML pages.  Normally, this defaults to "html", but
@@ -119,7 +119,7 @@ PageType        shtml
 # Default is 'no'.  This only changes the behaviour of the 'Top
 # URL's' table.
 
-UseHTTPS       <% if site_proto == 'https' %>yes<% else %>no<% end %>
+UseHTTPS       <% if @site_proto == 'https' %>yes<% else %>no<% end %>
 
 # DNSCache specifies the DNS cache filename to use for reverse DNS lookups.
 # This file must be specified if you wish to perform name lookups on any IP

apcupsd/templates/apcupsd.conf.client.erb

@@ -2,7 +2,7 @@
 UPSCABLE ether
 UPSTYPE net
 LOCKFILE /var/lock
-DEVICE <%= apcupsd_server %>:3551
+DEVICE <%= @apcupsd_server %>:3551
 UPSCLASS standalone
 UPSMODE disable
 NETTIME 10

apt/templates/mirror.list.erb

@@ -9,15 +9,15 @@
 # set defaultarch  <running host architecture>
 # set postmirror_script $var_path/postmirror.sh
 # set run_postmirror 0
-set nthreads     <%= aptmirror_threads %>
+set nthreads     <%= @aptmirror_threads %>
 set _tilde 0
 #
 ############# end config ##############
 
-<% aptmirror_list.each do |os| -%>
-deb <%= aptmirror_server %> <%= os %> main restricted universe multiverse
-deb <%= aptmirror_server %> <%= os %>-security main restricted universe multiverse
-deb <%= aptmirror_server %> <%= os %>-updates main restricted universe multiverse
+<% @aptmirror_list.each do |os| -%>
+deb <%= @aptmirror_server %> <%= os %> main restricted universe multiverse
+deb <%= @aptmirror_server %> <%= os %>-security main restricted universe multiverse
+deb <%= @aptmirror_server %> <%= os %>-updates main restricted universe multiverse
 <% end -%>
 
 clean http://archive.ubuntu.com/ubuntu

apt/templates/sources.list.erb

@@ -1,31 +1,31 @@
 # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
 # newer versions of the distribution.
 
-deb <%= apt_archive_url %> <%= lsbdistcodename %> main restricted
-deb-src <%= apt_archive_url %> <%= lsbdistcodename %> main restricted
+deb <%= @apt_archive_url %> <%= @lsbdistcodename %> main restricted
+deb-src <%= @apt_archive_url %> <%= @lsbdistcodename %> main restricted
 
 ## Major bug fix updates produced after the final release of the
 ## distribution.
-deb <%= apt_archive_url %> <%= lsbdistcodename %>-updates main restricted
-deb-src <%= apt_archive_url %> <%= lsbdistcodename %>-updates main restricted
+deb <%= @apt_archive_url %> <%= @lsbdistcodename %>-updates main restricted
+deb-src <%= @apt_archive_url %> <%= @lsbdistcodename %>-updates main restricted
 
 ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
 ## team. Also, please note that software in universe WILL NOT receive any
 ## review or updates from the Ubuntu security team.
-deb <%= apt_archive_url %> <%= lsbdistcodename %> universe
-deb-src <%= apt_archive_url %> <%= lsbdistcodename %> universe
-deb <%= apt_archive_url %> <%= lsbdistcodename %>-updates universe
-deb-src <%= apt_archive_url %> <%= lsbdistcodename %>-updates universe
+deb <%= @apt_archive_url %> <%= @lsbdistcodename %> universe
+deb-src <%= @apt_archive_url %> <%= @lsbdistcodename %> universe
+deb <%= @apt_archive_url %> <%= @lsbdistcodename %>-updates universe
+deb-src <%= @apt_archive_url %> <%= @lsbdistcodename %>-updates universe
 
 ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu 
 ## team, and may not be under a free licence. Please satisfy yourself as to 
 ## your rights to use the software. Also, please note that software in 
 ## multiverse WILL NOT receive any review or updates from the Ubuntu
 ## security team.
-deb <%= apt_archive_url %> <%= lsbdistcodename %> multiverse
-deb-src <%= apt_archive_url %> <%= lsbdistcodename %> multiverse
-deb <%= apt_archive_url %> <%= lsbdistcodename %>-updates multiverse
-deb-src <%= apt_archive_url %> <%= lsbdistcodename %>-updates multiverse
+deb <%= @apt_archive_url %> <%= @lsbdistcodename %> multiverse
+deb-src <%= @apt_archive_url %> <%= @lsbdistcodename %> multiverse
+deb <%= @apt_archive_url %> <%= @lsbdistcodename %>-updates multiverse
+deb-src <%= @apt_archive_url %> <%= @lsbdistcodename %>-updates multiverse
 
 ## Uncomment the following two lines to add software from the 'backports'
 ## repository.
@@ -34,24 +34,24 @@ deb-src <%= apt_archive_url %> <%= lsbdistcodename %>-updates multiverse
 ## newer versions of some applications which may provide useful features.
 ## Also, please note that software in backports WILL NOT receive any review
 ## or updates from the Ubuntu security team.
-<% if has_variable?("apt_backports") -%>
-deb <%= apt_archive_url %> <%= lsbdistcodename %>-backports main restricted universe multiverse
-deb-src <%= apt_archive_url %> <%= lsbdistcodename %>-backports main restricted universe multiverse
+<% if @apt_backports -%>
+deb <%= @apt_archive_url %> <%= @lsbdistcodename %>-backports main restricted universe multiverse
+deb-src <%= @apt_archive_url %> <%= @lsbdistcodename %>-backports main restricted universe multiverse
 <% else -%>
-# deb <%= apt_archive_url %> <%= lsbdistcodename %>-backports main restricted universe multiverse
-# deb-src <%= apt_archive_url %> <%= lsbdistcodename %>-backports main restricted universe multiverse
+# deb <%= @apt_archive_url %> <%= @lsbdistcodename %>-backports main restricted universe multiverse
+# deb-src <%= @apt_archive_url %> <%= @lsbdistcodename %>-backports main restricted universe multiverse
 <% end -%>
 
 ## Uncomment the following two lines to add software from Canonical's
 ## 'partner' repository.
 ## This software is not part of Ubuntu, but is offered by Canonical and the
 ## respective vendors as a service to Ubuntu users.
-# deb http://archive.canonical.com/ubuntu <%= lsbdistcodename %> partner
-# deb-src http://archive.canonical.com/ubuntu <%= lsbdistcodename %> partner
+# deb http://archive.canonical.com/ubuntu <%= @lsbdistcodename %> partner
+# deb-src http://archive.canonical.com/ubuntu <%= @lsbdistcodename %> partner
 
-deb <%= apt_security_url %> <%= lsbdistcodename %>-security main restricted
-deb-src <%= apt_security_url %> <%= lsbdistcodename %>-security main restricted
-deb <%= apt_security_url %> <%= lsbdistcodename %>-security universe
-deb-src <%= apt_security_url %> <%= lsbdistcodename %>-security universe
-deb <%= apt_security_url %> <%= lsbdistcodename %>-security multiverse
-deb-src <%= apt_security_url %> <%= lsbdistcodename %>-security multiverse
+deb <%= @apt_security_url %> <%= @lsbdistcodename %>-security main restricted
+deb-src <%= @apt_security_url %> <%= @lsbdistcodename %>-security main restricted
+deb <%= @apt_security_url %> <%= @lsbdistcodename %>-security universe
+deb-src <%= @apt_security_url %> <%= @lsbdistcodename %>-security universe
+deb <%= @apt_security_url %> <%= @lsbdistcodename %>-security multiverse
+deb-src <%= @apt_security_url %> <%= @lsbdistcodename %>-security multiverse

avahi/templates/service.erb

@@ -3,12 +3,12 @@
 
 <service-group>
 
-  <name replace-wildcards="yes"><%= description %></name>
+  <name replace-wildcards="yes"><%= @description %></name>
 
   <service>
-    <type><%= name %></type>
-    <port><%= realport %></port>
-<% txt.each do |val| -%>
+    <type><%= @name %></type>
+    <port><%= @realport %></port>
+<% @txt.each do |val| -%>
     <txt-record><%= val %></txt-record>
 <% end -%>
   </service>

clarified/templates/probe.erb

@@ -1,11 +1,11 @@
 #!/bin/bash
 
-NETWORK_IFC="<%= interface_real %>"
-CAPTURE_DIR="/var/lib/recorder/<%= name %>"
-SNAPLEN="<%= snaplen %>"
-KEEPTIME="<%= keeptime %>"
-BLOCKSIZE="<%= blocksize %>"
-FILTER="<%= filter %>"
-OPTIONS="<%= probeopt %>"
+NETWORK_IFC="<%= @interface_real %>"
+CAPTURE_DIR="/var/lib/recorder/<%= @name %>"
+SNAPLEN="<%= @snaplen %>"
+KEEPTIME="<%= @keeptime %>"
+BLOCKSIZE="<%= @blocksize %>"
+FILTER="<%= @filter %>"
+OPTIONS="<%= @probeopt %>"
 
 . /etc/clarified/clarified-functions

clarified/templates/remote.erb

@@ -1,10 +1,10 @@
 #!/bin/bash
 
-CAPTURE_DIR="/var/lib/recorder/<%= name %>"
-PRIVATE_CERT="<%= puppet_ssldir %>/private_keys/<%= homename %>.pem"
-PUBLIC_CERT="<%= puppet_ssldir %>/certs/<%= homename %>.pem"
-PORT="<%= remoteport %>"
-COLLAB="<%= collab.join(" ") %>"
-OPTIONS="<%= remoteopt %>"
+CAPTURE_DIR="/var/lib/recorder/<%= @name %>"
+PRIVATE_CERT="<%= @puppet_ssldir %>/private_keys/<%= @homename %>.pem"
+PUBLIC_CERT="<%= @puppet_ssldir %>/certs/<%= @homename %>.pem"
+PORT="<%= @remoteport %>"
+COLLAB="<%= @collab.join(" ") %>"
+OPTIONS="<%= @remoteopt %>"
 
 . /etc/clarified/clarified-functions

cups/templates/client.conf.erb

@@ -1,4 +1,4 @@
-ServerName <%= cups_server %>
-<% if cups_ssl -%>
+ServerName <%= @cups_server %>
+<% if @cups_ssl -%>
 Encryption Required
 <% end -%>

cyrus/templates/imapd.conf.erb

@@ -53,7 +53,7 @@ lmtp_downcase_rcpt: yes
 
 # Uncomment the following and add the space-separated users who 
 # have admin rights for all services.
-admins: <%= cyrus_admins %>
+admins: <%= @cyrus_admins %>
 
 # Space-separated list of users that have lmtp "admin" status (i.e. that
 # can deliver email through TCP/IP lmtp). If specified, this parameter

dns/templates/bind9.erb

@@ -2,4 +2,4 @@
 RESOLVCONF=yes
 
 # startup options for the server
-OPTIONS="<% bind_startup_options %>"
+OPTIONS="<% @bind_startup_options %>"

dns/templates/db.erb

@@ -1,11 +1,11 @@
 ;
-; BIND data file for <%= zone %>
+; BIND data file for <%= @zone %>
 ;
 ;
 $TTL    3600
-$ORIGIN <%= zone %>.
-<% master.each_pair do |k, v| %>
-@      IN      SOA     <%= v['ns'] %>. <%= soacontact %>. (
+$ORIGIN <%= @zone %>.
+<% @master.each_pair do |k, v| %>
+@      IN      SOA     <%= v['ns'] %>. <%= @soacontact %>. (
                          <%= Time.now.to_i %> ; Serial
                            3600         ; Refresh
                            7200         ; Retry
@@ -14,15 +14,15 @@ $ORIGIN <%= zone %>.
 ;
 @      IN      NS      <%= v['ns'] %>.
 <% end -%>
-<% if slaves != [] %>
-<% slaves.each_pair do |k, v| -%>
+<% if @slaves != [] %>
+<% @slaves.each_pair do |k, v| -%>
 @      IN      NS      <%= v['ns'] %>.
 <% end -%>
 <% end -%>
-<% if zone.match(/\//) %>
-$INCLUDE <%= zonedir %>/db.<%= zone.sub(/\//, '-') %>-dynamic
-$INCLUDE <%= zonedir %>/db.<%= zone.sub(/\//, '-') %>-static
+<% if @zone.match(/\//) %>
+$INCLUDE <%= @zonedir %>/db.<%= @zone.sub(/\//, '-') %>-dynamic
+$INCLUDE <%= @zonedir %>/db.<%= @zone.sub(/\//, '-') %>-static
 <% else %>
-$INCLUDE <%= zonedir %>/db.<%= zone %>-dynamic
-$INCLUDE <%= zonedir %>/db.<%= zone %>-static
+$INCLUDE <%= @zonedir %>/db.<%= @zone %>-dynamic
+$INCLUDE <%= @zonedir %>/db.<%= @zone %>-static
 <% end -%>

dns/templates/generate-named-conf.sh.erb

@@ -1,8 +1,8 @@
 #!/bin/sh
 
-chroot="<%= chroot %>"
-confdir="<%= confdir %>"
-operatingsystem="<%= operatingsystem %>"
+chroot="<%= @chroot %>"
+confdir="<%= @confdir %>"
+operatingsystem="<%= @operatingsystem %>"
 
 printview() {
     view=$1

dns/templates/named.erb

@@ -37,4 +37,4 @@
 ROOTDIR=/var/named/chroot
 
 # startup options for the server
-OPTIONS="<% bind_startup_options %>"
+OPTIONS="<% @bind_startup_options %>"

dns/templates/nsupdate.sh.erb

@@ -2,10 +2,10 @@
 
 PATH="/sbin:/bin:/usr/sbin:/usr/bin"
 
-DNSSERVER="<%= dns_nsupdate_server -%>"
-DNSZONE="<% if has_variable?("dns_nsupdate_zone") -%><%= dns_nsupdate_zone -%><% end %>"
-MYNAME="<%= dns_nsupdate_name -%>"
-MYKEY="<%= dns_nsupdate_key -%>"
+DNSSERVER="<%= @dns_nsupdate_server -%>"
+DNSZONE="<% if @dns_nsupdate_zone -%><%= @dns_nsupdate_zone -%><% end %>"
+MYNAME="<%= @dns_nsupdate_name -%>"
+MYKEY="<%= @dns_nsupdate_key -%>"
 
 # if zone is not defined take it from fqdn
 if [ "${DNSZONE}" = "" ]; then

dns/templates/zone.dynamic.erb

@@ -1,18 +1,18 @@
-key "<%= zone %>" {
-    algorithm <%= keytype %>;
-    secret "<%= key %>";
+key "<%= @zone %>" {
+    algorithm <%= @keytype %>;
+    secret "<%= @key %>";
 };
 
-zone "<%= zone %>" {
+zone "<%= @zone %>" {
     type master;
-<% if zone.match(/\//) -%>
-    file "<%= zonedir %>/db.<%= zone.sub(/\//, '-') %>";
+<% if @zone.match(/\//) -%>
+    file "<%= @zonedir %>/db.<%= @zone.sub(/\//, '-') %>";
 <% else -%>
-    file "<%= zonedir %>/db.<%= zone %>";
+    file "<%= @zonedir %>/db.<%= @zone %>";
 <% end -%>
     allow-transfer {
-<% if slaves != [] -%>
-<%     slaves.each_pair do |k, v| -%>
+<% if @slaves != [] -%>
+<%     @slaves.each_pair do |k, v| -%>
         <%= v['ip'] %>;
 <%     end -%>
 <% else -%>
@@ -20,6 +20,6 @@ zone "<%= zone %>" {
 <% end -%>
     };
     allow-update {
-        key <%= zone %>;
+        key <%= @zone %>;
     };
 };

dns/templates/zone.forward.erb

@@ -1,8 +1,8 @@
-zone "<%= zone %>" {
+zone "<%= @zone %>" {
     type forward;
     forward only;
     forwarders {
-<% forwarders.each do |ip| -%>
+<% @forwarders.each do |ip| -%>
         <%= ip %>;
 <% end -%>
     };

dns/templates/zone.master.erb

@@ -1,13 +1,13 @@
-zone "<%= zone %>" {
+zone "<%= @zone %>" {
     type master;
-<% if zone.match(/\//) -%>
-    file "<%= zonedir %>/db.<%= zone.sub(/\//, '-') %>";
+<% if @zone.match(/\//) -%>
+    file "<%= @zonedir %>/db.<%= @zone.sub(/\//, '-') %>";
 <% else -%>
-    file "<%= zonedir %>/db.<%= zone %>";
+    file "<%= @zonedir %>/db.<%= @zone %>";
 <% end -%>
     allow-transfer {
-<% if slaves != [] -%>
-<%     slaves.each_pair do |k, v| -%>
+<% if @slaves != [] -%>
+<%     @slaves.each_pair do |k, v| -%>
         <%= v['ip'] %>;
 <%     end -%>
 <% else -%>

dns/templates/zone.slave.erb

@@ -1,18 +1,18 @@
-zone "<%= zone %>" {
+zone "<%= @zone %>" {
     type slave;
-<% if zone.match(/\//) %>
-    file "<%= zonedir %>/db.<%= zone.sub(/\//, '-') %>";
+<% if @zone.match(/\//) %>
+    file "<%= @zonedir %>/db.<%= @zone.sub(/\//, '-') %>";
 <% else -%>
-    file "<%= zonedir %>/db.<%= zone %>";
+    file "<%= @zonedir %>/db.<%= @zone %>";
 <% end -%>
-<% if master.is_a?(Hash) -%>
+<% if @master.is_a?(Hash) -%>
     masters {
-    <%     master.each_pair do |k, v| -%>
+    <%     @master.each_pair do |k, v| -%>
         <%= v['ip'] %>;
     <%     end -%>
     };
 <% else -%>
-    masters { <%= master %>; };
+    masters { <%= @master %>; };
 <% end -%>
     allow-transfer { none; };
 };

dovecot/templates/dovecot.conf.erb

@@ -1,9 +1,9 @@
 protocols = imaps
 disable_plaintext_auth = yes
-ssl_cert_file = <%= dovecot_ssl_dir %>/certs/dovecot.crt
-ssl_key_file = <%= dovecot_ssl_dir %>/private/dovecot.key
-<% if has_variable?('dovecot_ssl_ca') -%>
-ssl_ca_file = <%= dovecot_ssl_dir %>/certs/dovecot.ca.crt
+ssl_cert_file = <%= @dovecot_ssl_dir %>/certs/dovecot.crt
+ssl_key_file = <%= @dovecot_ssl_dir %>/private/dovecot.key
+<% if @dovecot_ssl_ca -%>
+ssl_ca_file = <%= @dovecot_ssl_dir %>/certs/dovecot.ca.crt
 <% end -%>
 login_chroot = yes
 login_user = dovecot
@@ -20,7 +20,7 @@ protocol imap {
 protocol pop3 {
 }
 protocol lda {
-  postmaster_address = postmaster@<%= dovecot_mail_domain %>
+  postmaster_address = postmaster@<%= @dovecot_mail_domain %>
 }
 auth default {
   mechanisms = plain

dovecot/templates/puppet.conf.erb

@@ -1,19 +1,19 @@
 
 ssl=required
-ssl_cert = <<%= dovecot_ssl_dir %>/certs/dovecot.crt
-ssl_key = <<%= dovecot_ssl_dir %>/private/dovecot.key
-<% if has_variable?('dovecot_ssl_ca') -%>
-ssl_ca = <<%= dovecot_ssl_dir %>/certs/dovecot.ca.crt
+ssl_cert = <<%= @dovecot_ssl_dir %>/certs/dovecot.crt
+ssl_key = <<%= @dovecot_ssl_dir %>/private/dovecot.key
+<% if @dovecot_ssl_ca -%>
+ssl_ca = <<%= @dovecot_ssl_dir %>/certs/dovecot.ca.crt
 <% end -%>
 
-<% if has_variable=('dovecot_mailbox_format') && dovecot_mailbox_format == "mdbox" -%>
+<% if @dovecot_mailbox_format && @dovecot_mailbox_format == "mdbox" -%>
 # mdbox settings
 mdbox_rotate_size = 10M
 mdbox_rotate_interval = 10d
 <% end -%>
 
 # zlib
-<% if has_variable?('dovecot_zlib') && dovecot_zlib == "yes" -%>
+<% if @dovecot_zlib && @dovecot_zlib == "yes" -%>
 mail_plugins = $mail_plugins zlib
 plugin {
   zlib_save_level = 1 # 1..9

ejabberd/templates/ejabberd-backup.erb

@@ -25,7 +25,7 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 # THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-DESTDIR="<%= ejabberd_backup_datadir %>"
+DESTDIR="<%= @ejabberd_backup_datadir %>"
 
 if [ ! -d ${DESTDIR} ]; then
     echo "ERR: ejabberd backup directory [${DESTDIR}] does not exist" 1>&2

ejabberd/templates/ejabberd.cfg.erb

@@ -89,8 +89,8 @@ override_acls.
 %% You can define one or several, for example:
 %% {hosts, ["example.net", "example.com", "example.org"]}.
 %%
-<% ejabberd_hosts.map! { |host| '"%s"' % host } -%>
-{hosts, [<%= ejabberd_hosts.join(", ") %>]}.
+<% @ejabberd_hosts.map! { |host| '"%s"' % host } -%>
+{hosts, [<%= @ejabberd_hosts.join(", ") %>]}.
 
 %%
 %% route_subdomains: Delegate subdomains to other XMPP servers.
@@ -213,18 +213,18 @@ override_acls.
 %%%.   ==============
 %%%'   AUTHENTICATION
 
-<% if ejabberd_auth.is_a?(Array) -%>
-{auth_method, [<%= ejabberd_auth.join(", ") %>]}.
+<% if @ejabberd_auth.is_a?(Array) -%>
+{auth_method, [<%= @ejabberd_auth.join(", ") %>]}.
 <% else -%>
-{auth_method, <%= ejabberd_auth %>}.
+{auth_method, <%= @ejabberd_auth %>}.
 <% end -%>
-<% if has_variable?("ejabberd_extauth") -%>
-{extauth_program, "<%= ejabberd_extauth %>"}.
+<% if @ejabberd_extauth -%>
+{extauth_program, "<%= @ejabberd_extauth %>"}.
 <% end -%>
-<% if has_variable?("ejabberd_ldap_server") -%>
-<% ejabberd_ldap_server.map! { |server| '"%s"' % server } -%>
-{ldap_servers, [<%= ejabberd_ldap_server.join(", ") %>]}.
-{ldap_base, "<%= ejabberd_ldap_basedn %>"}.
+<% if @ejabberd_ldap_server -%>
+<% @ejabberd_ldap_server.map! { |server| '"%s"' % server } -%>
+{ldap_servers, [<%= @ejabberd_ldap_server.join(", ") %>]}.
+{ldap_base, "<%= @ejabberd_ldap_basedn %>"}.
 {ldap_encrypt, tls}.
 {ldap_port, 636}.
 {ldap_uids, [{"uid", "%u"}]}.
@@ -387,7 +387,7 @@ override_acls.
 %%
 %%{acl, admin, {user, "aleksey", "localhost"}}.
 %%{acl, admin, {user, "ermine", "example.org"}}.
-<% ejabberd_admin.each do |admin|
+<% @ejabberd_admin.each do |admin|
 user, host = admin.split("@") -%>
 {acl, admin, {user, "<%= user %>", "<%= host %>"}}.
 <% end -%>
@@ -554,7 +554,7 @@ user, host = admin.split("@") -%>
 		      {allow_user_invites, true},
 		      {anonymous, false},
 		      {public, false},
-<% if has_variable?("ejabberd_muclog_datadir") -%>
+<% if @ejabberd_muclog_datadir -%>
 		      {logging, true}
 <% else -%>
 		      {logging, false}
@@ -563,13 +563,13 @@ user, host = admin.split("@") -%>
 		  }
 		 ]},
   %%{mod_muc_log,[]},
-<% if has_variable?("ejabberd_muclog_datadir") -%>
+<% if @ejabberd_muclog_datadir -%>
   {mod_muc_log,  [
 		  {access_log, muc},
-		  {outdir, "<%= ejabberd_muclog_datadir %>"},
+		  {outdir, "<%= @ejabberd_muclog_datadir %>"},
 		  {dirtype, subdirs},
-<% if has_variable?("ejabberd_muclog_format") -%>
-		  {file_format, <%= ejabberd_muclog_format %>},
+<% if @ejabberd_muclog_format -%>
+		  {file_format, <%= @ejabberd_muclog_format %>},
 <% end -%>
 		  {cssfile, false},
 		  {top_link, {"/jabber-logs/", "Back to Logs"}}

firewall/templates/ip6tables.erb

@@ -6,7 +6,7 @@
 -A INPUT -i lo -j ACCEPT
 -A INPUT -m ipv6header --header ah -j ACCEPT
 -A INPUT -m ipv6header --header esp -j ACCEPT
-<% if ip6states >= 0 -%>
+<% if @ip6states >= 0 -%>
 -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 <% else -%>
 -A INPUT -m tcp -p tcp ! --syn -j ACCEPT

irc/templates/ircd-ratbox-services.conf.erb

@@ -16,11 +16,11 @@ connect "ratbox.services" {
 	/* passwords: the passwords we send (OLD C:) and accept (OLD N:).
 	 * The remote server will have these passwords reversed.
 	 */
-	send_password = "<%= servpass %>";
-	accept_password = "<%= servpass %>";
+	send_password = "<%= @servpass %>";
+	accept_password = "<%= @servpass %>";
 
 	/* port: the port to connect to this server on */
-	port = <%= port %>;
+	port = <%= @port %>;
 
 	/* hub mask: the mask of servers that this server may hub. Multiple
 	 * entries are permitted

irc/templates/ircd-ratbox.conf.erb

@@ -28,7 +28,7 @@
  /* serverinfo {}:  Contains information about the server. (OLD M:) */
 serverinfo {
 	/* name: the name of our server */
-	name = "<%= servername %>";
+	name = "<%= @servername %>";
 
 	/* sid: the unique server id of our server.  This must be three
 	 * characters long.  The first character must be a digit [0-9], the
@@ -41,13 +41,13 @@ serverinfo {
 	/* description: the description of our server.  '[' and ']' may not
 	 * be used here for compatibility with older servers.
 	 */
-	description = "<%= serverdesc %>";
+	description = "<%= @serverdesc %>";
 
 	/* network info: the name and description of the network this server
 	 * is on.  Shown in the 005 reply and used with serverhiding.
 	 */
-	network_name = "<%= name %>";
-	network_desc = "<%= desc %>";
+	network_name = "<%= @name %>";
+	network_desc = "<%= @desc %>";
 
 	/* hub: allow this server to act as a hub and have multiple servers
 	 * connected to it.  
@@ -218,18 +218,18 @@ class "server" {
 /* listen {}: contain information about the ports ircd listens on (OLD P:) */
 listen {
 	host = "127.0.0.1";
-	port = <%= port %>;
+	port = <%= @port %>;
 };
 listen {
-	sslport = <%= sslport %>;
+	sslport = <%= @sslport %>;
 };
 
 /* auth {}: allow users to connect to the ircd (OLD I:) */
 auth {
 	user = "*@*";
 	class = "users";
-<% if userpass != "" -%>
-	password = "<%= userpass %>";
+<% if @userpass != "" -%>
+	password = "<%= @userpass %>";
 	flags = encrypted;
 <% end -%>
 };
@@ -245,7 +245,7 @@ operator "root" {
 	 * supported now.
  	 * multiple user="" lines are supported.
 	 */
-<% operator.each do |user| -%>
+<% @operator.each do |user| -%>
 	user = "<%= user %>";
 <% end -%>
 
@@ -253,7 +253,7 @@ operator "root" {
 	 * contained in flags = ...; this will need to be encrypted using 
 	 * ratbox-mkpasswd, MD5 is supported
 	 */
-	password = "<%= operpass %>";
+	password = "<%= @operpass %>";
 
 	/* rsa key: the public key for this oper when using Challenge.
 	 * A password should not be defined when this is used, see 
@@ -641,7 +641,7 @@ general {
 	connect_timeout = 30 seconds;
 
 	/* disable auth: disables identd checking */
-	disable_auth = <%= disable_identd %>;
+	disable_auth = <%= @disable_identd %>;
 
 	/* no oper flood: increase flood limits for opers. */
 	no_oper_flood = yes;

irc/templates/ircd-ratbox.init.erb

@@ -22,9 +22,9 @@
 PATH=/sbin:/bin:/usr/sbin:/usr/bin
 DAEMON=/usr/sbin/ircd-ratbox
 DEFAULT=/etc/default/ircd-ratbox
-NAME="ircd-<%= name %>"
+NAME="ircd-<%= @name %>"
 DESC="ratbox IRC Server"
-BASEDIR="/var/lib/ratbox/<%= name %>"
+BASEDIR="/var/lib/ratbox/<%= @name %>"
 ENABLED=1
 
 test -f $DAEMON || exit 0

irc/templates/ratbox-services.conf.erb

@@ -130,7 +130,7 @@ admin {
 /* connect: specifies a server to connect to, name of uplink
  *          is specified in quotation marks
  */
-connect "<%= servername %>" {
+connect "<%= @servername %>" {
         /* host: the host to connect to */
         host = "127.0.0.1";
 
@@ -138,10 +138,10 @@ connect "<%= servername %>" {
         # vhost = "10.0.0.2";
 
         /* password: the password to use */
-        password = "<%= servpass %>";
+        password = "<%= @servpass %>";
 
         /* port: the port to connect on */
-        port = <%= port %>;
+        port = <%= @port %>;
 
 	/* autoconn: auto connect to this server.  default yes */
 	# autoconn = no;
@@ -154,7 +154,7 @@ operator "root" {
         /* user: specifies a user@host who may connect.
 	 * multiple may be specified, wildcards are accepted.
          */
-<% operator.each do |user| -%>
+<% @operator.each do |user| -%>
 	user = "<%= user %>";
 <% end -%>
 
@@ -164,7 +164,7 @@ operator "root" {
 	#user = "flame@127.0.0.1", "irc.ircd-ratbox.org";
 
         /* password: the password to login */
-        password = "<%= operpass %>";
+        password = "<%= @operpass %>";
 
         /* encrypted: specifies whether the above password has been
          * encrypted or not.  default: yes

irc/templates/ratbox-services.init.erb

@@ -23,9 +23,9 @@
 PATH=/sbin:/bin:/usr/sbin:/usr/bin
 DAEMON=/usr/sbin/ratbox-services
 DEFAULT=/etc/default/ratbox-services
-NAME="ratbox-services-<%= name %>"
+NAME="ratbox-services-<%= @name %>"
 DESC="ratbox IRC Services"
-BASEDIR="/var/lib/ratbox-services/<%= name %>"
+BASEDIR="/var/lib/ratbox-services/<%= @name %>"
 UID=$(id -u irc)
 GID=$(id -g irc)
 ENABLED=1

iscsi/templates/tid.conf.erb

@@ -1,4 +1,4 @@
-<target <%= iqn -%>>
-  backing-store <%= name %>
-  initiator-address <%= initiator %>
+<target <%= @iqn -%>>
+  backing-store <%= @name %>
+  initiator-address <%= @initiator %>
 </target>

kerberos/templates/kadm5.acl.erb

@@ -1,2 +1,2 @@
-puppet/admin@<%= kerberos_realm %> ci */*@<%= kerberos_realm %>
-smbkrb5pwd/<%= homename %>@<%= kerberos_realm %> ac *@<%= kerberos_realm %>
+puppet/admin@<%= @kerberos_realm %> ci */*@<%= @kerberos_realm %>
+smbkrb5pwd/<%= @homename %>@<%= @kerberos_realm %> ac *@<%= @kerberos_realm %>

kerberos/templates/kdc-ldap.conf.erb

@@ -4,9 +4,9 @@
   kdc_tcp_ports = 88
 
 [realms]
-  <%= kerberos_realm %> = {
-    database_module = ldap.<%= kerberos_realm.downcase %>
-    key_stash_file = /srv/kerberos/.k5.<%= kerberos_realm %>
+  <%= @kerberos_realm %> = {
+    database_module = ldap.<%= @kerberos_realm.downcase %>
+    key_stash_file = /srv/kerberos/.k5.<%= @kerberos_realm %>
     max_life = 24h 0m 0s
     max_renewable_life = 7d 0h 0m 0s
     master_key_type = aes256-cts-hmac-sha1-96
@@ -14,14 +14,14 @@
   }
 
 [dbdefaults]
-  ldap_kerberos_container_dn = "ou=system,<%= ldap_basedn %>"
+  ldap_kerberos_container_dn = "ou=system,<%= @ldap_basedn %>"
 
 [dbmodules]
-  ldap.<%= kerberos_realm.downcase %> = {
+  ldap.<%= @kerberos_realm.downcase %> = {
     db_library = kldap
-    ldap_kerberos_container_dn = ou=system,<%= ldap_basedn %>
-    ldap_kdc_dn = "uid=krb5admin,ou=system,<%= ldap_basedn %>"
-    ldap_kadmind_dn = "uid=krb5admin,ou=system,<%= ldap_basedn %>"
-    ldap_service_password_file = "/srv/kerberos/.ldap.<%= kerberos_realm %>"
-    ldap_servers = "<%= ldap_server.join(" ") %>"
+    ldap_kerberos_container_dn = ou=system,<%= @ldap_basedn %>
+    ldap_kdc_dn = "uid=krb5admin,ou=system,<%= @ldap_basedn %>"
+    ldap_kadmind_dn = "uid=krb5admin,ou=system,<%= @ldap_basedn %>"
+    ldap_service_password_file = "/srv/kerberos/.ldap.<%= @kerberos_realm %>"
+    ldap_servers = "<%= @ldap_server.join(" ") %>"
   }

kerberos/templates/kdc.conf.erb

@@ -4,9 +4,9 @@
   kdc_tcp_ports = 88
 
 [realms]
-  <%= kerberos_realm %> = {
-    database_name = /srv/kerberos/db.<%= kerberos_realm %>
-    key_stash_file = /srv/kerberos/.k5.<%= kerberos_realm %>
+  <%= @kerberos_realm %> = {
+    database_name = /srv/kerberos/db.<%= @kerberos_realm %>
+    key_stash_file = /srv/kerberos/.k5.<%= @kerberos_realm %>
     max_life = 24h 0m 0s
     max_renewable_life = 7d 0h 0m 0s
     master_key_type = aes256-cts-hmac-sha1-96

kerberos/templates/krb5.conf.erb

@@ -1,26 +1,26 @@
 [libdefaults]
-  default_realm = <%= kerberos_realm %>
+  default_realm = <%= @kerberos_realm %>
   dns_lookup_realm = false
   dns_lookup_kdc = false
   ticket_lifetime = 24h
   forwardable = yes
 
 [domain_realm]
-  <%= kerberos_realm.downcase %> = <%= kerberos_realm %>
-  .<%= kerberos_realm.downcase %> = <%= kerberos_realm %>
+  <%= @kerberos_realm.downcase %> = <%= @kerberos_realm %>
+  .<%= @kerberos_realm.downcase %> = <%= @kerberos_realm %>
 
 [realms]
-  <%= kerberos_realm -%> = {
-<% kerberos_kdc.each do |kdc| -%>
+  <%= @kerberos_realm -%> = {
+<% @kerberos_kdc.each do |kdc| -%>
     kdc = <%= kdc %>
 <% end -%>
-    admin_server = <% if has_variable?('kerberos_kadmin') %><%= kerberos_kadmin %><% else %><%= kerberos_kdc[0] %><% end %>
-<% if has_variable?('kerberos_kpasswd') -%>
-    kpasswd_server = <%= kerberos_kpasswd %>
+    admin_server = <% if @kerberos_kadmin %><%= @kerberos_kadmin %><% else %><%= @kerberos_kdc[0] %><% end %>
+<% if @kerberos_kpasswd -%>
+    kpasswd_server = <%= @kerberos_kpasswd %>
 <% end -%>
   }
 
-<% if kernel == 'Linux' -%>
+<% if @kernel == 'Linux' -%>
 [appdefaults]
  pam = {
    debug = false

ldap/templates/ldap.conf.erb

@@ -5,6 +5,6 @@
 # See ldap.conf(5) for details
 # This file should be world readable but not world writable.
 
-BASE		<%= ldap_basedn %>
-URI		<% ldap_server.each do |uri| %><%= uri %> <% end %>
+BASE		<%= @ldap_basedn %>
+URI		<% @ldap_server.each do |uri| %><%= uri %> <% end %>
 TLS_REQCERT	never

ldap/templates/login.conf.erb

@@ -118,7 +118,7 @@ end
 ldap:\
 	:auth=-ldap:\
 	<%= servers -%>
-	:x-ldap-basedn=<%= ldap_basedn %>:\
+	:x-ldap-basedn=<%= @ldap_basedn %>:\
 	:x-ldap-filter=(&(objectclass=posixAccount)(uid=%u)):\
-	:umask=<%= ldap_login_umask %>:\
+	:umask=<%= @ldap_login_umask %>:\
 	:tc=default:

ldap/templates/slapd-acl.conf.erb

@@ -1,7 +1,7 @@
 
 # database replication
 access to *
-        by dn="uid=replicator,cn=config,<%= name %>" read
+        by dn="uid=replicator,cn=config,<%= @name %>" read
         by * break
 
 # allow everyone to get naming context
@@ -9,7 +9,7 @@ access to dn.base=""
         by * read
 
 # allow everyone to get directory root object
-access to dn.base="<%= name %>"
+access to dn.base="<%= @name %>"
         by * read
 
 # schema browsing requires authentication

ldap/templates/slapd-database.conf.erb

@@ -1,25 +1,25 @@
 
 #######################################################################
-# Database <%= name %> config
+# Database <%= @name %> config
 #######################################################################
 
 database			hdb
-suffix				"<%= name %>"
+suffix				"<%= @name %>"
 checkpoint			1024 15
-rootdn				"cn=manager,<%= name %>"
+rootdn				"cn=manager,<%= @name %>"
 
-<% if has_variable?("ldap_server_modules") -%>
-<%   ldap_server_modules.each do |name| -%>
+<% if @ldap_server_modules -%>
+<%   @ldap_server_modules.each do |name| -%>
 overlay				<%= name %>
 <%   end -%>
 <% end -%>
 
-<% moduleoptions.each do |name| -%>
+<% @moduleoptions.each do |name| -%>
 <%= name.split("=")[0] %> <%= name.split("=")[1] %>
 <% end -%>
 
 overlay				ppolicy
-ppolicy_default			cn=pwdPolicy,cn=config,<%= name %>
+ppolicy_default			cn=pwdPolicy,cn=config,<%= @name %>
 ppolicy_hash_cleartext
 ppolicy_use_lockout
 password-hash			{CRYPT}
@@ -32,15 +32,15 @@ syncprov-sessionlog		100
 # The database directory MUST exist prior to running slapd AND
 # should only be accessible by the slapd and slap tools.
 # Mode 700 recommended.
-directory	/srv/ldap/<%= name %>
+directory	/srv/ldap/<%= @name %>
 
-<% if master != "" -%>
+<% if @master != "" -%>
 # replication
-syncrepl rid=<%= rid_real %>
-         provider=<%= master %>
+syncrepl rid=<%= @rid_real %>
+         provider=<%= @master %>
          type=refreshAndPersist
          retry="10 10 60 +"
-         searchbase="<%= name %>"
+         searchbase="<%= @name %>"
          filter="(objectClass=*)"
          scope="sub"
          sizelimit=500000
@@ -48,25 +48,25 @@ syncrepl rid=<%= rid_real %>
          schemachecking="off"
          bindmethod="simple"
          tls_reqcert="never"
-         binddn="uid=replicator,cn=config,<%= name %>"
-         credentials="<%= syncpw %>"
-updateref <%= master %>
+         binddn="uid=replicator,cn=config,<%= @name %>"
+         credentials="<%= @syncpw %>"
+updateref <%= @master %>
 <% end -%>
 
 # include acl and index configs
-include		<%= scope.lookupvar('ldap::server::config') %>/slapd.conf.d/acl.<%= name %>.conf
-include		<%= scope.lookupvar('ldap::server::config') %>/slapd.conf.d/index.<%= name %>.conf
+include		<%= scope.lookupvar('ldap::server::config') %>/slapd.conf.d/acl.<%= @name %>.conf
+include		<%= scope.lookupvar('ldap::server::config') %>/slapd.conf.d/index.<%= @name %>.conf
 
 # map local users connecting via ldapi:///
 sasl-regexp "gidNumber=([^,]+)+uidNumber=0,cn=peercred,cn=external,cn=auth"
-	"cn=manager,<%= name %>"
+	"cn=manager,<%= @name %>"
 sasl-regexp "gidNumber=([^,]+)+uidNumber=([^,]+),cn=peercred,cn=external,cn=auth"
-	ldap:///<%= name %>??sub?(&(uidNumber=$2)(objectClass=posixAccount))
+	ldap:///<%= @name %>??sub?(&(uidNumber=$2)(objectClass=posixAccount))
 
 # map sasl authenticated users
 sasl-regexp "uid=(.*),cn=plain,cn=auth"
-	ldap:///<%= name %>??sub?(&(uid=$1)(objectClass=posixAccount))
+	ldap:///<%= @name %>??sub?(&(uid=$1)(objectClass=posixAccount))
 sasl-regexp "uid=(.*),cn=login,cn=auth"
-	ldap:///<%= name %>??sub?(&(uid=$1)(objectClass=posixAccount))
+	ldap:///<%= @name %>??sub?(&(uid=$1)(objectClass=posixAccount))
 sasl-regexp "uid=(.*),cn=gssapi,cn=auth"
-	ldap:///<%= name %>??sub?(&(uid=$1)(|(objectClass=posixAccount)(objectClass=krb5Principal)))
+	ldap:///<%= @name %>??sub?(&(uid=$1)(|(objectClass=posixAccount)(objectClass=krb5Principal)))

ldap/templates/slapd.conf.erb

@@ -24,15 +24,15 @@ argsfile	<%= scope.lookupvar('ldap::server::rundir') %>/slapd.args
 
 # overlay modules to load
 <% if scope.lookupvar('ldap::server::modulepath') != '' -%>
-modulepath <%= modulepath %>
+modulepath <%= @modulepath %>
 moduleload ppolicy.la
 moduleload syncprov.la
-<%   if ['Ubuntu','Debian'].index(operatingsystem) -%>
+<%   if ['Ubuntu','Debian'].index(@operatingsystem) -%>
 moduleload back_hdb.la
 moduleload back_monitor.la
 <%   end -%>
-<%   if has_variable?('ldap_server_modules') -%>
-<%     ldap_server_modules.each do |name| -%>
+<%   if @ldap_server_modules -%>
+<%     @ldap_server_modules.each do |name| -%>
 moduleload <%= name %>.la
 <%     end -%>
 <%   end -%>

libvirt/templates/libvirtd.conf.erb

@@ -78,7 +78,7 @@
 # without becoming root.
 #
 # This is restricted to 'root' by default.
-unix_sock_group = "<%= libvirt_admingroup %>"
+unix_sock_group = "<%= @libvirt_admingroup %>"
 
 # Set the UNIX socket permissions for the R/O socket. This is used
 # for monitoring VM status only

libvirt/templates/sysconfig-libvirt-guests.erb

@@ -8,7 +8,7 @@
 # - ignore  libvirt-guests init script won't start any guest on boot, however,
 #           guests marked as autostart will still be automatically started by
 #           libvirtd
-ON_BOOT=<%= libvirt_guest_on_boot %>
+ON_BOOT=<%= @libvirt_guest_on_boot %>
 
 # Number of seconds to wait between each guest start. Set to 0 to allow
 # parallel startup.
@@ -22,11 +22,11 @@ ON_BOOT=<%= libvirt_guest_on_boot %>
 #             which just needs a long time to shutdown. When setting
 #             ON_SHUTDOWN=shutdown, you must also set SHUTDOWN_TIMEOUT to a
 #             value suitable for your guests.
-ON_SHUTDOWN=<%= libvirt_guest_on_shutdown %>
+ON_SHUTDOWN=<%= @libvirt_guest_on_shutdown %>
 
 # If set to non-zero, shutdown will suspend guests concurrently. Number of
 # guests on shutdown at any time will not exceed number set in this variable.
-PARALLEL_SHUTDOWN=<%= libvirt_parallel_shutdown %>
+PARALLEL_SHUTDOWN=<%= @libvirt_parallel_shutdown %>
 
 # Number of seconds we're willing to wait for a guest to shut down. If parallel
 # shutdown is enabled, this timeout applies as a timeout for shutting down all

lynx/templates/lynx-site.cfg.erb

@@ -1 +1 @@
-STARTFILE:<%= www_default_url %>
+STARTFILE:<%= @www_default_url %>

minidlna/templates/minidlna.conf.erb

@@ -11,12 +11,12 @@ port=8200
 #   + "A" for audio  (eg. media_dir=A,/home/jmaggard/Music)
 #   + "V" for video  (eg. media_dir=V,/home/jmaggard/Videos)
 #   + "P" for images (eg. media_dir=P,/home/jmaggard/Pictures)
-<% if videodir != '' %>media_dir=V,<%= videodir %><% end %>
-<% if audiodir != '' %>media_dir=A,<%= audiodir %><% end %>
-<% if photodir != '' %>media_dir=P,<%= photodir %><% end %>
+<% if @videodir != '' %>media_dir=V,<%= @videodir %><% end %>
+<% if @audiodir != '' %>media_dir=A,<%= @audiodir %><% end %>
+<% if @photodir != '' %>media_dir=P,<%= @photodir %><% end %>
 
 # set this if you want to customize the name that shows up on your clients
-friendly_name=<% if name == '' %>MiniDLNA<% else %><%= name %><% end %>
+friendly_name=<% if @name == '' %>MiniDLNA<% else %><%= @name %><% end %>
 
 # set this if you would like to specify the directory where you want MiniDLNA to store its database and album art cache
 db_dir=/var/cache/minidlna

mirror/templates/mirror.conf.erb

@@ -1,2 +1,2 @@
-SRC="<%= source %>"
-RSYNCOPTS="<%= rsync_options.join(' ') %>"
+SRC="<%= @source %>"
+RSYNCOPTS="<%= @rsync_options.join(' ') %>"

mirror/templates/report_mirror.conf.erb

@@ -11,8 +11,8 @@ enabled=1
 # Name and Password fields need to match the Site name and password
 # fields you entered for your Site in the MirrorManager database at
 # https://admin.fedoraproject.org/mirrormanager
-name=<%= sitename %>
-password=<%= password %>
+name=<%= @sitename %>
+password=<%= @password %>
 
 [host]
 # if enabled=0, no data about this host is sent to the database
@@ -20,7 +20,7 @@ enabled=1
 # Name field need to match the Host name field you entered for your
 # Host in the MirrorManager database at
 # https://admin.fedoraproject.org/mirrormanager
-name=<%= hostname %>
+name=<%= @hostname %>
 # if user_active=0, no data about this category is given to the public
 # This can be used to toggle between serving and not serving data,
 # such enabled during the nighttime (when you have more idle bandwidth
@@ -52,7 +52,7 @@ rsyncd=/var/log/rsyncd.log
 # path= is the path on your local disk to the top-level directory for this Category
 
 [Fedora Linux]
-<% if mirrors.include?('fedora') -%>
+<% if @mirrors.include?('fedora') -%>
 enabled=1
 <% else -%>
 enabled=0
@@ -60,7 +60,7 @@ enabled=0
 path=/srv/mirrors/fedora
 
 [Fedora EPEL]
-<% if mirrors.include?('epel') -%>
+<% if @mirrors.include?('epel') -%>
 enabled=1
 <% else -%>
 enabled=0

munin/templates/munin-node.conf.erb

@@ -3,7 +3,7 @@
 #
 
 log_level 4
-<% if ['CentOS','Fedora','RedHat'].index(operatingsystem) -%>
+<% if ['CentOS','Fedora','RedHat'].index(@operatingsystem) -%>
 log_file /var/log/munin-node/munin-node.log
 <% else -%>
 log_file /var/log/munin/munin-node.log
@@ -14,7 +14,7 @@ background 1
 setsid 1
 
 user root
-<% if operatingsystem == "OpenBSD" -%>
+<% if @operatingsystem == "OpenBSD" -%>
 group wheel
 <% else -%>
 group root
@@ -31,17 +31,17 @@ ignore_file \.pod$
 # Set this if the client doesn't report the correct hostname when
 # telnetting to localhost, port 4949
 #
-host_name <%= homename %>
+host_name <%= @homename %>
 
 # A list of addresses that are allowed to connect.  This must be a
 # regular expression, due to brain damage in Net::Server, which
 # doesn't understand CIDR-style network notation.  You may repeat
 # the allow line as many times as you'd like
 
-allow <%= munin_allow %>
+allow <%= @munin_allow %>
 
 # Which address to bind to;
-host <%= ipaddress %>
+host <%= @ipaddress %>
 
 # And which port
 port 4949

murmur/templates/murmur.ini.erb

@@ -67,7 +67,7 @@ pidfile=/srv/murmur/murmur.pid
 # configure it here than through D-Bus or Ice.
 #
 # Welcome message sent to clients when they connect
-welcometext="<%= murmur_welcome %>"
+welcometext="<%= @murmur_welcome %>"
 
 # Port to bind TCP and UDP sockets to
 port=64738
@@ -77,7 +77,7 @@ port=64738
 #host=
 
 # Password to join server
-serverpassword=<%= murmur_password %>
+serverpassword=<%= @murmur_password %>
 
 # Maximum bandwidth (in bits per second) clients are allowed
 # to send speech at.

mutt/templates/Muttrc.local.erb

@@ -1,12 +1,12 @@
 
 set use_8bitmime
 
-set hostname=<%= mail_domain %>
+set hostname=<%= @mail_domain %>
 
 set imap_authenticators="gssapi:plain"
-<% if ['CentOS','Fedora','RedHat'].index(operatingsystem) and operatingsystemrelease !~ /^[1-5]\./-%>
+<% if ['CentOS','Fedora','RedHat'].index(@operatingsystem) and @operatingsystemrelease !~ /^[1-5]\./-%>
 set ssl_ca_certificates_file="/etc/pki/tls/certs/ca-bundle.crt"
 <% end -%>
 
-set spoolfile=imaps://${USER}@<%= mail_server %>/INBOX
-set folder=imaps://${USER}@<%= mail_server %>
+set spoolfile=imaps://${USER}@<%= @mail_server %>/INBOX
+set folder=imaps://${USER}@<%= @mail_server %>

mysql/templates/mysql-backup.cron.erb

@@ -1,7 +1,7 @@
 #!/bin/sh
 
-DESTDIR="<%= mysql_backup_datadir %>"
-MAXAGE="<%= mysql_backup_maxage %>"
+DESTDIR="<%= @mysql_backup_datadir %>"
+MAXAGE="<%= @mysql_backup_maxage %>"
 
 DATE=`date "+%Y-%m-%d"`
 HOME="`getent passwd ${USER} | cut -d : -f 6`"

mythtv/templates/config.xml.erb

@@ -2,19 +2,19 @@
   <UPnP>
     <MythFrontend>
       <DefaultBackend>
-        <DBHostName><%= mythtv_dbhost -%></DBHostName>
-        <DBUserName><%= mythtv_dbuser -%></DBUserName>
-        <DBPassword><%= mythtv_dbpass -%></DBPassword>
-        <DBName><%= mythtv_dbname -%></DBName>
+        <DBHostName><%= @mythtv_dbhost -%></DBHostName>
+        <DBUserName><%= @mythtv_dbuser -%></DBUserName>
+        <DBPassword><%= @mythtv_dbpass -%></DBPassword>
+        <DBName><%= @mythtv_dbname -%></DBName>
         <DBPort>3306</DBPort>
       </DefaultBackend>
     </MythFrontend>
   </UPnP>
   <Database>
-    <Host><%= mythtv_dbhost %></Host>
-    <UserName><%= mythtv_dbuser %></UserName>
-    <Password><%= mythtv_dbpass %></Password>
-    <DatabaseName><%= mythtv_dbname %></DatabaseName>
+    <Host><%= @mythtv_dbhost %></Host>
+    <UserName><%= @mythtv_dbuser %></UserName>
+    <Password><%= @mythtv_dbpass %></Password>
+    <DatabaseName><%= @mythtv_dbname %></DatabaseName>
     <Port>3306</Port>
   </Database>
 </Configuration>

mythtv/templates/mysql.txt.erb

@@ -1,13 +1,13 @@
-DBHostName=<%= mythtv_dbhost %>
+DBHostName=<%= @mythtv_dbhost %>
 
 # By default, Myth tries to ping the DB host to see if it exists.
 # If your DB host or network doesn't accept pings, set this to no:
 #
 #DBHostPing=no
 
-DBUserName=<%= mythtv_dbuser %>
-DBPassword=<%= mythtv_dbpass %>
-DBName=<%= mythtv_dbname %>
+DBUserName=<%= @mythtv_dbuser %>
+DBPassword=<%= @mythtv_dbpass %>
+DBName=<%= @mythtv_dbname %>
 DBType=QMYSQL3
 
 # Set the following if you want to use something other than this

mythtv/templates/mythweb.conf.erb

@@ -44,10 +44,10 @@ Alias /mythweb/ "/usr/share/mythweb/"
         # fine unless you've changed mythtv's mysql.txt file, or are running MythWeb on
         # a different server from your main backend.  Make sure you have mod_env enabled.
         #
-            setenv db_server        "<%= mythtv_dbhost -%>"
-            setenv db_name          "<%= mythtv_dbname -%>"
-            setenv db_login         "<%= mythtv_dbuser -%>"
-            setenv db_password      "<%= mythtv_dbpass -%>"
+            setenv db_server        "<%= @mythtv_dbhost -%>"
+            setenv db_name          "<%= @mythtv_dbname -%>"
+            setenv db_login         "<%= @mythtv_dbuser -%>"
+            setenv db_password      "<%= @mythtv_dbpass -%>"
 
         #
         # By default, MythWeb uses the hostname program to look up the hostname of the

nagios/templates/cgi.cfg.erb

@@ -12,7 +12,7 @@
 # The CGIs will read the main and host config files for any other
 # data they might need.
 
-main_config_file=<%= etcdir %>/nagios.cfg
+main_config_file=<%= @etcdir %>/nagios.cfg
 
 
 
@@ -21,7 +21,7 @@ main_config_file=<%= etcdir %>/nagios.cfg
 # value is used to locate the logo images needed by the statusmap
 # and statuswrl CGIs.
 
-physical_html_path=<%= htdocs %>
+physical_html_path=<%= @htdocs %>
 
 
 
@@ -70,10 +70,10 @@ use_pending_states=1
 # have to be tweaked a bit, as different versions of the plugin
 # use different command line arguments/syntaxes.
 
-<% if osfamily == 'Debian' -%>
+<% if @osfamily == 'Debian' -%>
 nagios_check_command=/usr/lib/nagios/plugins/check_nagios /var/cache/nagios3/status.dat 5 '/usr/sbin/nagios3'
 <% else -%>
-<%   if architecture == 'x86_64' %>
+<%   if @architecture == 'x86_64' %>
 nagios_check_command=/usr/lib64/nagios/plugins/check_nagios /var/log/nagios/status.dat 5 '/usr/sbin/nagios'
 <%   else -%>
 nagios_check_command=/usr/lib/nagios/plugins/check_nagios /var/log/nagios/status.dat 5 '/usr/sbin/nagios'

nagios/templates/nagios-httpd.conf.erb

@@ -1,12 +1,12 @@
-ScriptAlias <%= scriptalias %> <%= cgibin %>/
-Alias       /nagios <%= htdocs %>
+ScriptAlias <%= @scriptalias %> <%= @cgibin %>/
+Alias       /nagios <%= @htdocs %>
 
-<Directory "<%= cgibin %>">
+<Directory "<%= @cgibin %>">
  Options ExecCGI
  AllowOverride AuthConfig
 </Directory>
 
-<Directory "<%= htdocs %>">
+<Directory "<%= @htdocs %>">
  Options FollowSymLinks
  AllowOverride AuthConfig
 </Directory>

network/templates/hostname.if.erb

@@ -1,15 +1,15 @@
-<% if proto == 'dhcp' -%>
-dhcp NONE NONE NONE<% options.each do |val| %> <%= val %><% end %>
-<% elsif proto == 'none' -%>
+<% if @proto == 'dhcp' -%>
+dhcp NONE NONE NONE<% @options.each do |val| %> <%= val %><% end %>
+<% elsif @proto == 'none' -%>
 up
 <% else -%>
-inet <%= ipaddr %> <%= netmask %> NONE<% options.each do |val| %> <%= val %><% end %>
+inet <%= @ipaddr %> <%= @netmask %> NONE<% @options.each do |val| %> <%= val %><% end %>
 <% end -%>
-<% if ip6addr == 'auto' -%>
+<% if @ip6addr == 'auto' -%>
 rtsol
-<% elsif ip6addr != 'none' -%>
-inet6 alias <%= ip6addr %> <%= ip6netmask %>
+<% elsif @ip6addr != 'none' -%>
+inet6 alias <%= @ip6addr %> <%= @ip6netmask %>
 <% end -%>
-<% postcmd.each do |val| -%>
+<% @postcmd.each do |val| -%>
 !<%= val %>
 <% end -%>

network/templates/hostname.pppoe.erb

@@ -1,4 +1,4 @@
-inet 0.0.0.0 255.255.255.255 NONE pppoedev <%= device -%> authproto <%= authtype -%> authname '<%= username -%>' authkey '<%= password %>' up
+inet 0.0.0.0 255.255.255.255 NONE pppoedev <%= @device -%> authproto <%= @authtype -%> authname '<%= @username -%>' authkey '<%= @password %>' up
 dest 0.0.0.1
 !/sbin/route -qn delete default
 !/sbin/route add default -ifp pppoe0 0.0.0.1

network/templates/ifcfg-if.erb

@@ -1,33 +1,33 @@
-DEVICE=<%= name %>
-<% if name !~ /(bond|br)[0-9]/ && has_variable?("macaddress_" + name) -%>
+DEVICE=<%= @name %>
+<% if @name !~ /(bond|br)[0-9]/ && has_variable?("macaddress_" + name) -%>
 HWADDR=<%= scope.lookupvar("macaddress_" + name) %>
 <% end -%>
 ONBOOT=yes
 BOOTPROTO=<%= proto %>
-<% if ipaddr != 'none' and ipaddr != 'dhcp' -%>
-IPADDR=<%= ipaddr %>
+<% if @ipaddr != 'none' and @ipaddr != 'dhcp' -%>
+IPADDR=<%= @ipaddr %>
 <% end -%>
-<% if netmask != 'none' -%>
-NETMASK=<%= netmask %>
+<% if @netmask != 'none' -%>
+NETMASK=<%= @netmask %>
 <% end -%>
-<% if proto == 'dhcp' -%>
+<% if @proto == 'dhcp' -%>
 DHCPCLASS=
 PERSISTENT_DHCLIENT=yes
 NOZEROCONF=yes
 <% end -%>
-<% if ip6addr == 'none' -%>
+<% if @ip6addr == 'none' -%>
 IPV6INIT=no
 <% else -%>
 IPV6INIT=yes
-<%   if ip6addr != 'auto' -%>
-IPV6ADDR=<%= ip6addr %>/<%= ip6netmask %>
+<%   if @ip6addr != 'auto' -%>
+IPV6ADDR=<%= ip6addr %>/<%= @ip6netmask %>
 <%   end -%>
 <% end -%>
-<% if name =~ /br[0-9]/ -%>
+<% if @name =~ /br[0-9]/ -%>
 TYPE=Bridge
 DELAY=0
 LINKDELAY=10
 <% end -%>
-<% options.each do |val| -%>
+<% @options.each do |val| -%>
 <%= val %>
 <% end -%>

network/templates/interfaces-gateway.erb

@@ -1,3 +1,3 @@
-<% if gateway != 'none' -%>
-    gateway <%= gateway %>
+<% if @gateway != 'none' -%>
+    gateway <%= @gateway %>
 <% end -%>

network/templates/interfaces-if.erb

@@ -1,22 +1,22 @@
 
-auto <%= name %>
-<% if proto == 'none' -%>
-iface <%= name %> inet manual
+auto <%= @name %>
+<% if @proto == 'none' -%>
+iface <%= @name %> inet manual
 <% else -%>
-iface <%= name %> inet <%= proto %>
+iface <%= @name %> inet <%= @proto %>
 <% end -%>
-<% if ipaddr != 'none' and ipaddr != 'dhcp' -%>
-    address <%= ipaddr %>
+<% if @ipaddr != 'none' and @ipaddr != 'dhcp' -%>
+    address <%= @ipaddr %>
 <% end -%>
-<% if netmask != 'none' -%>
-    netmask <%= netmask %>
+<% if @netmask != 'none' -%>
+    netmask <%= @netmask %>
 <% end -%>
-<% if dnssearch != 'none' -%>
-    dns-search <%= dnssearch %>
+<% if @dnssearch != 'none' -%>
+    dns-search <%= @dnssearch %>
 <% end -%>
-<% if dnsnameservers != 'none' -%>
-    dns-nameservers <%= dnsnameservers %>
+<% if @dnsnameservers != 'none' -%>
+    dns-nameservers <%= @dnsnameservers %>
 <% end -%>
-<% options.each do |val| -%>
+<% @options.each do |val| -%>
     <%= val %>
 <% end -%>

network/templates/mygate.erb

@@ -1,6 +1,6 @@
-<% if gateway != "" -%>
-<%= gateway %>
+<% if @gateway != "" -%>
+<%= @gateway %>
 <% end -%>
-<% if ipv6gateway != "" -%>
-<%= ipv6gateway %>
+<% if @ipv6gateway != "" -%>
+<%= @ipv6gateway %>
 <% end -%>

network/templates/radvd.conf.erb

@@ -1,13 +1,13 @@
 
-# <%= description %>
-interface <%= name %>
+# <%= @description %>
+interface <%= @name %>
 {
         AdvSendAdvert on;
         MinRtrAdvInterval 3;
         MaxRtrAdvInterval 10;
         AdvHomeAgentFlag off;
 
-        prefix <%= prefix %>
+        prefix <%= @prefix %>
         {
                 AdvOnLink on;
                 AdvAutonomous on;

network/templates/route-if.erb

@@ -1,3 +1,3 @@
-ADDRESS0=<%= name.split('/')[0] %>
-NETMASK0=<%= name.split('/')[1] %>
-<% if gateway != "" %>GATEWAY0=<%= gateway %><% end %>
+ADDRESS0=<%= @name.split('/')[0] %>
+NETMASK0=<%= @name.split('/')[1] %>
+<% if @gateway != "" %>GATEWAY0=<%= @gateway %><% end %>

network/templates/rtadvd.conf.erb

@@ -1,4 +1,4 @@
 
-# <%= description %>
-<%= name %>:\
-        :addr="<%= prefix.split("/").first %>":":prefixlen#<%= prefix.split("/").last %>:raflags#8:
+# <%= @description %>
+<%= @name %>:\
+        :addr="<%= @prefix.split("/").first %>":":prefixlen#<%= @prefix.split("/").last %>:raflags#8:

network/templates/vip.conf.erb

@@ -3,12 +3,12 @@
 
 # In the simple scenario, you want a single virtual IP address from the _same_
 # network to be taken over by one of the routers.
-VIP_ADDRESS="<%= ipaddr -%>"
-SOURCE_ADDRESS="<%= ipaddress %>"
+VIP_ADDRESS="<%= @ipaddr -%>"
+SOURCE_ADDRESS="<%= @ipaddress %>"
 
 # In more complex scenarios, check the "vip-common" file for values to override
 # and how to add options.
-PASSWORD="<%= password -%>"
+PASSWORD="<%= @password -%>"
 
 # Extra options.
-OPTIONS="<% options.each do |val| -%> <%= val %><% end -%>"
+OPTIONS="<% @options.each do |val| -%> <%= val %><% end -%>"

networker/templates/servers.erb

@@ -1,3 +1,3 @@
-<% networker_server.each do |name| -%>
+<% @networker_server.each do |name| -%>
 <%= name %>
 <% end -%>

nginx/templates/nginx.conf.erb

@@ -1,5 +1,5 @@
-user <%= user %>;
-worker_processes <%= processorcount %>;
+user <%= @user %>;
+worker_processes <%= @processorcount %>;
 
 events {
     worker_connections 1024;

ntpd/templates/chrony.conf.erb

@@ -1,5 +1,5 @@
 # Remote servers.
-<% ntp_server.each do |server| -%>
+<% @ntp_server.each do |server| -%>
 server <%= server %> iburst
 <% end -%>
 

ntpd/templates/ntp.conf.erb

@@ -1,4 +1,4 @@
-<% if is_virtual == "true" -%>
+<% if @is_virtual == "true" -%>
 # Don't mind if the virtualized clock appears to be behaving erratically.
 tinker panic 0
 
@@ -15,21 +15,21 @@ restrict ::1
 driftfile /var/lib/ntp/ntp.drift
 
 # Remote servers.
-<% ntp_server.each do |server| -%>
+<% @ntp_server.each do |server| -%>
 restrict <%= server %> mask 255.255.255.255 nomodify notrap noquery
 server <%= server %>
 <% end -%>
-<% if is_virtual == "false" -%>
+<% if @is_virtual == "false" -%>
 
 # Undisciplined Local Clock. This is a fake driver intended for backup
 # and when no outside source of synchronized time is available.
 server 127.127.1.0
 fudge  127.127.1.0 stratum 10
 <% end -%>
-<% if has_variable?("ntp_client_networks") -%>
+<% if @ntp_client_networks -%>
 
 # Restrictions for clients using us as source.
-<%     ntp_client_networks.each do |net| -%>
+<%     @ntp_client_networks.each do |net| -%>
 restrict <%= net.split("/")[0] %> mask <%= net.split("/")[1] %> nomodify notrap
 <%     end -%>
 <% end -%>

ntpd/templates/openntpd.conf.erb

@@ -9,7 +9,7 @@ listen on *
 
 # use a random selection of NTP Pool Time Servers
 # see http://support.ntp.org/bin/view/Servers/NTPPoolServers
-<% ntp_server.each do |server| -%>
+<% @ntp_server.each do |server| -%>
 servers <%= server %>
 <% end -%>
 

openvpn/templates/openvpn.conf.erb

@@ -1,14 +1,14 @@
-ca <%= openvpn_ca %>
-cert <%= puppet_ssldir %>/certs/<%= homename %>.pem
+ca <%= @openvpn_ca %>
+cert <%= @puppet_ssldir %>/certs/<%= @homename %>.pem
 cipher AES-256-CBC
 comp-lzo
 dev tun
-key <%= puppet_ssldir %>/private_keys/<%= homename %>.pem
-port <%= openvpn_port %>
+key <%= @puppet_ssldir %>/private_keys/<%= @homename %>.pem
+port <%= @openvpn_port %>
 pull
-remote <%= openvpn_server %>
+remote <%= @openvpn_server %>
 route-delay 2
 route-method exe
-tls-auth <%= openvpn_ta %> 1
+tls-auth <%= @openvpn_ta %> 1
 tls-client
 verb 4

postfix/templates/main.cf.erb

@@ -39,7 +39,7 @@ command_directory = /usr/sbin
 # daemon programs (i.e. programs listed in the master.cf file). This
 # directory must be owned by root.
 #
-<% if ['Debian','Ubuntu'].index(operatingsystem) -%>
+<% if ['Debian','Ubuntu'].index(@operatingsystem) -%>
 daemon_directory = /usr/lib/postfix
 <% else -%>
 daemon_directory = /usr/libexec/postfix
@@ -78,7 +78,7 @@ mail_owner = postfix
 #
 #myhostname = host.domain.tld
 #myhostname = virtual.domain.tld
-myhostname = <%= postfix_hostname %>
+myhostname = <%= @postfix_hostname %>
 
 # The mydomain parameter specifies the local internet domain name.
 # The default is to use $myhostname minus the first component.
@@ -86,7 +86,7 @@ myhostname = <%= postfix_hostname %>
 # parameters.
 #
 #mydomain = domain.tld
-mydomain = <%= mail_domain %>
+mydomain = <%= @mail_domain %>
 
 # SENDING MAIL
 # 
@@ -119,7 +119,7 @@ myorigin = $mydomain
 #inet_interfaces = all
 #inet_interfaces = $myhostname
 #inet_interfaces = $myhostname, localhost
-inet_interfaces = <%= postfix_interfaces %>
+inet_interfaces = <%= @postfix_interfaces %>
 
 # Enable IPv4, and IPv6 if supported
 inet_protocols = all
@@ -167,8 +167,8 @@ inet_protocols = all
 #
 # See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
 #
-<% if has_variable?("mydestination") -%>
-mydestination = <%= mydestination %>
+<% if @mydestination -%>
+mydestination = <%= @mydestination %>
 <% else -%>
 mydestination = $myhostname, localhost.$mydomain, localhost
 <% end -%>
@@ -274,8 +274,8 @@ mynetworks_style = subnet
 #mynetworks = 168.100.189.0/28, 127.0.0.0/8
 #mynetworks = $config_directory/mynetworks
 #mynetworks = hash:/etc/postfix/network_table
-<% if has_variable?("postfix_networks") -%>
-mynetworks = <%= postfix_networks %>
+<% if @postfix_networks -%>
+mynetworks = <%= @postfix_networks %>
 <% end -%>
 
 # The relay_domains parameter restricts what destinations this system will
@@ -328,8 +328,8 @@ relay_domains = $mydestination
 #relayhost = [mailserver.isp.tld]
 #relayhost = uucphost
 #relayhost = [an.ip.add.ress]
-<% if postfix_interfaces == "localhost" and has_variable?("mail_server") -%>
-relayhost = [<%= mail_server %>]
+<% if @postfix_interfaces == "localhost" and @mail_server -%>
+relayhost = [<%= @mail_server %>]
 <% end -%>
 
 # REJECTING UNKNOWN RELAY USERS
@@ -435,8 +435,8 @@ alias_database = hash:/etc/aliases
 #
 #home_mailbox = Mailbox
 #home_mailbox = Maildir/
-<% if has_variable?("postfix_home_mailbox") -%>
-home_mailbox = <%= postfix_home_mailbox %>
+<% if @postfix_home_mailbox -%>
+home_mailbox = <%= @postfix_home_mailbox %>
 <% end -%>
  
 # The mail_spool_directory parameter specifies the directory where
@@ -484,7 +484,7 @@ mail_spool_directory = /var/mail
 # non-UNIX accounts with "User unknown in local recipient table".
 #
 #mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
-<% if has_variable?("cyrus_lmtp") -%>
+<% if @cyrus_lmtp -%>
 mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp
 <% end -%>
 
@@ -561,8 +561,8 @@ smtpd_client_restrictions =
 	permit_mynetworks,
 	permit_sasl_authenticated,
 	reject_unknown_client,
-<% if has_variable?("postfix_rbl") -%>
-  <% postfix_rbl.each do |rbl| -%>
+<% if @postfix_rbl -%>
+  <% @postfix_rbl.each do |rbl| -%>
 	reject_rbl_client <%= rbl %>,
   <% end -%>
 <% end -%>
@@ -571,7 +571,7 @@ smtpd_recipient_restrictions =
 	permit_sasl_authenticated,
 	permit_mynetworks,
 	reject_unauth_destination,
-<% if has_variable?("postgrey") -%>
+<% if @postgrey -%>
         check_policy_service inet:127.0.0.1:10023
 <% else -%>
 	check_relay_domains
@@ -719,7 +719,7 @@ manpage_directory = /usr/share/man
 # readme_directory: The location of the Postfix README files.
 #
 #readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES
-<% if postfix_interfaces != "localhost" -%>
+<% if @postfix_interfaces != "localhost" -%>
 
 # SASL
 #
@@ -731,7 +731,7 @@ smtpd_sasl_security_options = noanonymous
 # TLS
 #
 smtpd_use_tls=yes
-<% if has_variable?("postfix_chain") -%>
+<% if @postfix_chain -%>
 smtpd_tls_CAfile = <%= scope.lookupvar('ssl::certs') %>/postfix-chain.crt
 <% end -%>
 smtpd_tls_cert_file=<%= scope.lookupvar('ssl::certs') %>/postfix.crt

postfix/templates/master.cf.erb

@@ -13,7 +13,7 @@ smtp      inet  n       -       -       -       -       smtpd
 #smtpd     pass  -       -       -       -       -       smtpd
 #dnsblog   unix  -       -       -       -       0       dnsblog
 #tlsproxy  unix  -       -       -       -       0       tlsproxy
-<% if has_variable?("submission") -%>
+<% if @submission -%>
 submission inet n       -       -       -       -       smtpd
   -o syslog_name=postfix/submission
   -o smtpd_tls_security_level=encrypt

puppet/templates/mongrel-httpd.conf.erb

@@ -22,8 +22,8 @@ Listen 8140
 <VirtualHost _default_:8140>
 
   # Use default log path for puppet
-  ErrorLog /srv/www/log/https/<%= homename %>/error_log
-  CustomLog /srv/www/log/https/<%= homename %>/access_log combined
+  ErrorLog /srv/www/log/https/<%= @homename %>/error_log
+  CustomLog /srv/www/log/https/<%= @homename %>/access_log combined
   LogLevel warn
 
   # SSL settings
@@ -32,11 +32,11 @@ Listen 8140
   SSLCipherSuite DHE-RSA-AES256-SHA
 
   # Certificates and keys
-  SSLCertificateFile <%= puppet_ssldir %>/certs/<%= homename %>.pem
-  SSLCertificateKeyFile <%= puppet_ssldir %>/private_keys/<%= homename %>.pem
-  SSLCertificateChainFile <%= puppet_ssldir %>/certs/ca.pem
-  SSLCACertificateFile <%= puppet_ssldir %>/certs/ca.pem
-  SSLCARevocationFile <%= puppet_ssldir %>/ca/ca_crl.pem
+  SSLCertificateFile <%= @puppet_ssldir %>/certs/<%= @homename %>.pem
+  SSLCertificateKeyFile <%= @puppet_ssldir %>/private_keys/<%= @homename %>.pem
+  SSLCertificateChainFile <%= @puppet_ssldir %>/certs/ca.pem
+  SSLCACertificateFile <%= @puppet_ssldir %>/certs/ca.pem
+  SSLCARevocationFile <%= @puppet_ssldir %>/ca/ca_crl.pem
 
   # Client authentication
   SSLVerifyClient optional

puppet/templates/passenger-httpd.conf.erb

@@ -15,8 +15,8 @@ Listen 8140
 <VirtualHost _default_:8140>
 
   # Use default log path for puppet
-  ErrorLog /srv/www/log/https/<%= homename %>/error_log
-  CustomLog /srv/www/log/https/<%= homename %>/access_log combined
+  ErrorLog /srv/www/log/https/<%= @homename %>/error_log
+  CustomLog /srv/www/log/https/<%= @homename %>/access_log combined
   LogLevel warn
 
   # SSL settings
@@ -25,11 +25,11 @@ Listen 8140
   SSLCipherSuite DHE-RSA-AES256-SHA
 
   # Certificates and keys
-  SSLCertificateFile <%= puppet_ssldir %>/certs/<%= homename %>.pem
-  SSLCertificateKeyFile <%= puppet_ssldir %>/private_keys/<%= homename %>.pem
-  SSLCertificateChainFile <%= puppet_ssldir %>/certs/ca.pem
-  SSLCACertificateFile <%= puppet_ssldir %>/certs/ca.pem
-  SSLCARevocationFile <%= puppet_ssldir %>/ca/ca_crl.pem
+  SSLCertificateFile <%= @puppet_ssldir %>/certs/<%= @homename %>.pem
+  SSLCertificateKeyFile <%= @puppet_ssldir %>/private_keys/<%= @homename %>.pem
+  SSLCertificateChainFile <%= @puppet_ssldir %>/certs/ca.pem
+  SSLCACertificateFile <%= @puppet_ssldir %>/certs/ca.pem
+  SSLCARevocationFile <%= @puppet_ssldir %>/ca/ca_crl.pem
 
   # Client authentication
   SSLVerifyClient optional

puppet/templates/puppet-passenger.conf.erb

@@ -1,10 +1,10 @@
 server {
     server_name puppet;
     listen 8140 default ssl;
-    ssl_certificate <%= puppet_ssldir %>/certs/<%= homename %>.pem;
-    ssl_certificate_key <%= puppet_ssldir %>/private_keys/<%= homename %>.pem;
-    ssl_client_certificate <%= puppet_ssldir %>/certs/ca.pem;
-    ssl_crl <%= puppet_ssldir %>/ca/ca_crl.pem;
+    ssl_certificate <%= @puppet_ssldir %>/certs/<%= @homename %>.pem;
+    ssl_certificate_key <%= @puppet_ssldir %>/private_keys/<%= @homename %>.pem;
+    ssl_client_certificate <%= @puppet_ssldir %>/certs/ca.pem;
+    ssl_crl <%= @puppet_ssldir %>/ca/ca_crl.pem;
     ssl_protocols SSLv3 TLSv1;
     ssl_ciphers HIGH:+MEDIUM;
     ssl_prefer_server_ciphers on;

puppet/templates/puppet-report-cleanup.erb

@@ -1,6 +1,6 @@
 #!/bin/sh
 
-MAXAGE=<%= puppet_report_maxage %>
+MAXAGE=<%= @puppet_report_maxage %>
 
 /usr/sbin/tmpwatch -m ${MAXAGE} /srv/puppet/reports
 find /srv/puppet/reports/ -mindepth 2 -mmin +1440 -type f -name \*.yaml -exec gzip {} \;

puppet/templates/puppet.conf.erb

@@ -1,9 +1,9 @@
 [main]
     # Where Puppet stores dynamic and growing data.
     # The default value is '/var/puppet'.
-    vardir = <%= vardir %>
+    vardir = <%= @vardir %>
 
-<% if kernel == 'Linux' -%>
+<% if @kernel == 'Linux' -%>
     # The Puppet log directory.
     # The default value is '$vardir/log'.
     logdir = /var/log/puppet
@@ -13,7 +13,7 @@
     rundir = /var/run/puppet
 
 <% end -%>
-<% if kernel == 'OpenBSD' -%>
+<% if @kernel == 'OpenBSD' -%>
     # The shell search path.  Defaults to whatever is inherited
     # from the parent process.
     path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin
@@ -22,11 +22,11 @@
     # The server to which server puppetd should connect
     # The default value is 'puppet'. Explicitly set to support
     # re-installs on remote networks.
-    server = <%= puppet_server %>
+    server = <%= @puppet_server %>
 
     # The name to use when handling certificates. Set during
     # bootstrap based on the fully qualified domain name.
-    certname = <%= homename %>
+    certname = <%= @homename %>
 
     # Enable sending reports to puppet server.
     report = true
@@ -37,14 +37,14 @@
     factpath = $vardir/lib/facter
 
     # The bit length of keys.
-    keylength = <%= puppet_keylength %>
+    keylength = <%= @puppet_keylength %>
 
-<% if has_variable?("puppet_diffargs") -%>
+<% if @puppet_diffargs -%>
     # Arguments for puppet's use of diff
-    diff_args = <%= puppet_diffargs %>
+    diff_args = <%= @puppet_diffargs %>
 
 <% end -%>
-<% if puppetversion[/\d+/].to_i >= 2 -%>
+<% if @puppetversion[/\d+/].to_i >= 2 -%>
 [agent]
     # Ignore site manifest when run as agent. Fixes warnings about
     # storeconfigs on master.

puppet/templates/puppetmaster.conf.erb

@@ -1,5 +1,5 @@
 
-<% if puppetversion[/\d+/].to_i >= 2 -%>
+<% if @puppetversion[/\d+/].to_i >= 2 -%>
 [master]
 <% else -%>
 [puppetmasterd]
@@ -19,19 +19,19 @@
     # Put custom templates under datadirectory
     templatedir = /srv/puppet/templates
 
-<% if puppet_storeconfigs != 'none' -%>
+<% if @puppet_storeconfigs != 'none' -%>
     # Use storeconfigs
     storeconfigs = true
-<%   if puppet_storeconfigs == 'thin' -%>
+<%   if @puppet_storeconfigs == 'thin' -%>
     thin_storeconfigs = true
 <%   end -%>
-    dbadapter = <%= puppet_dbadapter %>
-<%   if puppet_dbadapter == 'sqlite3' -%>
+    dbadapter = <%= @puppet_dbadapter %>
+<%   if @puppet_dbadapter == 'sqlite3' -%>
     dblocation = /srv/puppet/storeconfigs/storeconfigs.db
 <%   else -%>
-    dbserver = <%= puppet_dbserver %>
-    dbname = <%= puppet_dbname %>
-    dbuser = <%= puppet_dbuser %>
-    dbpassword = <%= puppet_dbpassword %>
+    dbserver = <%= @puppet_dbserver %>
+    dbname = <%= @puppet_dbname %>
+    dbuser = <%= @puppet_dbuser %>
+    dbpassword = <%= @puppet_dbpassword %>
 <%   end -%>
 <% end -%>

puppet/templates/puppetmaster.default.erb

@@ -15,7 +15,7 @@ DAEMON_OPTS=""
 #	    	    mongrel. Requires front-end web-proxy such as
 #	    	    apache, nginx, or pound)
 #	   See: http://reductivelabs.com/trac/puppet/wiki/UsingMongrel
-<% if puppet_listenports.length > 1 -%>
+<% if @puppet_listenports.length > 1 -%>
 SERVERTYPE=mongrel
 <% else -%>
 SERVERTYPE=webrick
@@ -23,7 +23,7 @@ SERVERTYPE=webrick
 
 # How many puppetmaster instances to start? Its pointless to set this
 # higher than 1 if you are not using mongrel. 
-PUPPETMASTERS=<%= puppet_listenports.length %>
+PUPPETMASTERS=<%= @puppet_listenports.length %>
 
 # What port should the puppetmaster listen on (default: 8140). If
 # PUPPETMASTERS is set to a number greater than 1, then the port for
@@ -37,4 +37,4 @@ PUPPETMASTERS=<%= puppet_listenports.length %>
 # processes.  In this case it is recommended to run your web-proxy on
 # port 8140 and change the below number to something else, such as
 # 18140.
-PORT=<%= puppet_listenports.first %>
+PORT=<%= @puppet_listenports.first %>

puppet/templates/puppetmaster.sysconfig.erb

@@ -25,7 +25,7 @@
 #PUPPETMASTER_PORTS="8141"
 # Example with multiple ports which will start puppetmaster with mongrel
 # as a servertype
-PUPPETMASTER_PORTS=( <% puppet_listenports.each do |port| -%><%= port -%> <% end %>)
+PUPPETMASTER_PORTS=( <% @puppet_listenports.each do |port| -%><%= port -%> <% end %>)
 
 # You may specify other parameters to the puppetmaster here
 #PUPPETMASTER_EXTRA_OPTS=--noca

resolver/manifests/init.pp

@@ -21,11 +21,13 @@
 #               nameservers => ['192.168.1.100', '192.168.1.101', '192.168.1.102'],
 #       }
 #
-class resolver($domainname = "", $searchpath = "", $nameservers ) {
+class resolver($domainname = "", $searchpath = [], $nameservers) {
+
     file { "/etc/resolv.conf":
-                owner   => root,
-                group   => root,
-                mode    => 644,
+        owner   => "root",
+        group   => "root",
+        mode    => "0644",
         content => template("resolver/resolv.conf.erb"),
     }
+
 }

resolver/templates/resolv.conf.erb

@@ -1,6 +1,9 @@
-<% if !domainname.empty? %>domain <%= domainname %>
+<% unless @domainname.empty? -%>
+domain <%= @domainname %>
 <% end -%>
-<% if !searchpath.empty? %>search <%= searchpath.join(" ") %>
+<% unless @searchpath.empty? -%>
+search <%= @searchpath.join(" ") %>
 <% end -%>
-<% nameservers.each do |ns| %>nameserver <%= ns %>
+<% @nameservers.each do |ns| -%>
+nameserver <%= ns %>
 <% end -%>

sasl/templates/saslauthd.conf.ldap.erb

@@ -1,2 +1,2 @@
-ldap_servers: <% ldap_server.each do |uri| %><%= uri %> <% end %>
-ldap_search_base: <%= ldap_basedn %>
+ldap_servers: <% @ldap_server.each do |uri| %><%= uri %> <% end %>
+ldap_search_base: <%= @ldap_basedn %>

selinux/templates/config.erb

@@ -3,7 +3,7 @@
 #       enforcing - SELinux security policy is enforced.
 #       permissive - SELinux prints warnings instead of enforcing.
 #       disabled - SELinux is fully disabled.
-SELINUX=<%= selinux_type %>
+SELINUX=<%= @selinux_type %>
 # SELINUXTYPE= type of policy in use. Possible values are:
 #       targeted - Only targeted network daemons are protected.
 #       strict - Full SELinux protection.

sendmail/templates/sendmail.mc.erb

@@ -2,13 +2,13 @@ divert(-1)dnl
 dnl #
 dnl # This file is managed by puppet so hand editing is not recommended.
 dnl #
-<% if ['CentOS','RedHat','Fedora'].index(operatingsystem) -%>
+<% if ['CentOS','RedHat','Fedora'].index(@operatingsystem) -%>
 include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
-<% elsif operatingsystem == 'Ubuntu' -%>
+<% elsif @operatingsystem == 'Ubuntu' -%>
 include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
 <% end -%>
 VERSIONID(`puppet sendmail::server')dnl
-OSTYPE(`<%= ostype -%>')dnl
+OSTYPE(`<%= @ostype -%>')dnl
 dnl #
 define(`confDEF_USER_ID', ``8:12'')dnl
 define(`confTO_CONNECT', `1m')dnl
@@ -23,17 +23,17 @@ define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
 define(`confTO_IDENT', `0')dnl
 dnl #
 define(`confAUTH_OPTIONS', `A p y')dnl
-TRUST_AUTH_MECH(`<%= sendmail_auth_mech.join(' ') %>')dnl
-define(`confAUTH_MECHANISMS', `<%= sendmail_auth_mech.join(' ') %>')dnl
+TRUST_AUTH_MECH(`<%= @sendmail_auth_mech.join(' ') %>')dnl
+define(`confAUTH_MECHANISMS', `<%= @sendmail_auth_mech.join(' ') %>')dnl
 dnl #
 define(`confCACERT_PATH', `/etc/mail/certs')
-<% if has_variable?('ssl_chain') -%>
-define(`confCACERT', `/etc/pki/tls/certs/<%= ssl_chain %>')
+<% if @ssl_chain -%>
+define(`confCACERT', `/etc/pki/tls/certs/<%= @ssl_chain %>')
 <% end -%>
-define(`confSERVER_CERT', `/etc/pki/tls/certs/<%= ssl_cert %>')
-define(`confSERVER_KEY', `/etc/pki/tls/private/<%= ssl_key %>')
-define(`confCLIENT_CERT', `/etc/pki/tls/certs/<%= ssl_cert %>')
-define(`confCLIENT_KEY', `/etc/pki/tls/private/<%= ssl_key %>')
+define(`confSERVER_CERT', `/etc/pki/tls/certs/<%= @ssl_cert %>')
+define(`confSERVER_KEY', `/etc/pki/tls/private/<%= @ssl_key %>')
+define(`confCLIENT_CERT', `/etc/pki/tls/certs/<%= @ssl_cert %>')
+define(`confCLIENT_KEY', `/etc/pki/tls/private/<%= @ssl_key %>')
 dnl #
 FEATURE(`no_default_msa', `dnl')dnl
 FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
@@ -55,8 +55,8 @@ DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl
 DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
 dnl #
 LOCAL_DOMAIN(`localhost.localdomain')dnl
-MASQUERADE_AS(`<%= mail_domain %>')dnl
-<% masquerade_exception.each do |exception| -%>
+MASQUERADE_AS(`<%= @mail_domain %>')dnl
+<% @masquerade_exception.each do |exception| -%>
 MASQUERADE_EXCEPTION(`<%= exception %>')dnl
 <% end -%>
 FEATURE(masquerade_envelope)dnl
@@ -65,7 +65,7 @@ FEATURE(masquerade_entire_domain)dnl
 FEATURE(`accept_unresolvable_domains')dnl
 dnl #
 define(`confMATCH_GECOS')dnl
-define(`confDOMAIN_NAME', `<%= mail_domain %>')dnl
+define(`confDOMAIN_NAME', `<%= @mail_domain %>')dnl
 define(`confDONT_BLAME_SENDMAIL', `GroupWritableDirpathSafe,GroupWritableIncludeFileSafe,GroupWritableForwardFile,ForwardFileInGroupWritableDirPath')dnl
 dnl #
 MAILER(smtp)dnl

sendmail/templates/submit.mc.erb

@@ -15,24 +15,24 @@ divert(-1)
 #
 
 divert(0)dnl
-<% if ['CentOS','RedHat','Fedora'].index(operatingsystem) -%>
+<% if ['CentOS','RedHat','Fedora'].index(@operatingsystem) -%>
 include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
-<% elsif operatingsystem == 'Ubuntu' -%>
+<% elsif @operatingsystem == 'Ubuntu' -%>
 include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
 DOMAIN(`debian-msp')dnl
 <% end -%>
 VERSIONID(`puppet setup')dnl
-OSTYPE(`<%= ostype -%>')dnl
+OSTYPE(`<%= @ostype -%>')dnl
 define(`confCF_VERSION', `Submit')dnl
 define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
 define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
 define(`confTIME_ZONE', `USE_TZ')dnl
 define(`confDONT_INIT_GROUPS', `True')dnl
 define(`confDIRECT_SUBMISSION_MODIFIERS',`C')dnl
-<% if has_variable?('mail_domain') -%>
-define(`confDOMAIN_NAME', `<%= mail_domain %>')dnl
+<% if @mail_domain -%>
+define(`confDOMAIN_NAME', `<%= @mail_domain %>')dnl
 <% end -%>
-<% if ['CentOS','RedHat','Fedora'].index(operatingsystem) -%>
+<% if ['CentOS','RedHat','Fedora'].index(@operatingsystem) -%>
 define(`confPID_FILE', `/var/run/sm-client.pid')dnl
 <% end -%>
 define(`confCACERT_PATH', `/etc/mail/certs')dnl

sendmail/templates/submit.mc.msa.erb

@@ -1 +1 @@
-FEATURE(`msp', `[<%= mail_server %>]', `MSA')dnl
+FEATURE(`msp', `[<%= @mail_server %>]', `MSA')dnl

sendmail/templates/submit.mc.msp.erb

@@ -1 +1 @@
-FEATURE(`msp', `[<%= mail_server %>]')dnl
+FEATURE(`msp', `[<%= @mail_server %>]')dnl

snmp/templates/snmptrapd.conf.erb

@@ -1,9 +1,9 @@
 
 pidFile /var/run/snmptrapd.pid
-<% if acl == 'NONE' -%>
+<% if @acl == 'NONE' -%>
 disableAuthorization yes
 <% else -%>
-<%   acl.each do |rule| -%>
+<%   @acl.each do |rule| -%>
 authCommunity log <%= rule %>
 <%   end -%>
 <% end -%>