diff --git a/firewall/manifests/init.pp b/firewall/manifests/init.pp index 5c36ae2..ddb3d76 100644 --- a/firewall/manifests/init.pp +++ b/firewall/manifests/init.pp @@ -223,11 +223,18 @@ class firewall::iptables inherits firewall::common::iptables { # class firewall::custom::iptables inherits firewall::common::iptables { - File["/etc/sysconfig/iptables"] { + File[$firewall::common::iptables::iptables] { source => [ "puppet:///files/firewall/iptables.${::homename}", "puppet:///files/firewall/iptables", ], } + if $firewall::common::iptables::ip6tables and $::ipv6enabled == "true" { + File[$firewall::common::iptables::ip6tables] { + source => [ "puppet:///files/firewall/ip6tables.${::homename}", + "puppet:///files/firewall/ip6tables", ], + } + } + } diff --git a/network/manifests/init.pp b/network/manifests/init.pp index 196b98c..ac7f374 100644 --- a/network/manifests/init.pp +++ b/network/manifests/init.pp @@ -597,6 +597,7 @@ class network::manager::disable { # prefix => "2001:db8:c0de:cafe::/64" # } define network::routeradvertisement::ipv6prefix($prefix = "", $description = "") { + case $::operatingsystem { "centos","redhat": { file { "/etc/radvd.conf.d": @@ -618,20 +619,19 @@ define network::routeradvertisement::ipv6prefix($prefix = "", $description = "") ensure => directory, } - file { "/etc/rtadvd.conf.d/rtadvd-${name}.conf": + file { "/etc/rtadvd.conf.d/${name}.conf": ensure => present, mode => "0644", owner => "root", group => "wheel", content => template("network/rtadvd.conf.erb"), - before => Service["rtadvd-${name}"], - notify => Service["rtadvd-${name}"], + notify => Service["rtadvd_${name}"], } - service { "rtadvd-${name}": + service { "rtadvd_${name}": ensure => running, enable => true, - start => "/usr/sbin/rtadvd -c /etc/rtadvd.conf.d/rtadvd-${name}.conf ${name}", + start => "/usr/sbin/rtadvd -c /etc/rtadvd.conf.d/${name}.conf ${name}", stop => "/usr/bin/pkill -f \"^/usr/sbin/rtadvd -c [^ ]+ ${name}\$\"", status => "/usr/bin/pgrep -f \"^/usr/sbin/rtadvd -c [^ ]+ ${name}\$\"", } @@ -640,8 +640,10 @@ define network::routeradvertisement::ipv6prefix($prefix = "", $description = "") fail("Router advertisement not supported in $::operatingsystem.") } } + } + # Router Advertisement daemon # class network::routeradvertisement { diff --git a/sendmail/manifests/init.pp b/sendmail/manifests/init.pp index 258e72c..99792d3 100644 --- a/sendmail/manifests/init.pp +++ b/sendmail/manifests/init.pp @@ -29,15 +29,12 @@ class sendmail::common { mode => "0644", notify => Service["sendmail"], } - $ostype = "linux" $cabundle = "/etc/pki/tls/certs/ca-bundle.crt" } "ubuntu","debian": { - $ostype = "linux" $cabundle = "/etc/ssl/certs/ca-certificates.crt" } "openbsd": { - $ostype = "openbsd" $cabundle = "/etc/ssl/cert.pem" } default: { @@ -249,29 +246,31 @@ class sendmail::server inherits sendmail::common { $ssl_chain = basename($sendmail_ssl_chain) } - file { "/etc/pki/tls/private/${ssl_key}": + include ssl + + file { "${ssl::private}/${ssl_key}": ensure => present, - source => $sendmail_ssl_key, mode => "0600", owner => "root", group => "root", + source => $sendmail_ssl_key, notify => Service["sendmail"], } - file { "/etc/pki/tls/certs/${ssl_cert}": + file { "${ssl::certs}/${ssl_cert}": ensure => present, - source => $sendmail_ssl_cert, mode => "0644", owner => "root", group => "root", + source => $sendmail_ssl_cert, notify => Service["sendmail"], } if $ssl_chain { - file { "/etc/pki/tls/certs/${ssl_chain}": + file { "${ssl::certs}/${ssl_chain}": ensure => present, - source => $sendmail_ssl_chain, mode => "0644", owner => "root", group => "root", + source => $sendmail_ssl_chain, notify => Service["sendmail"], } } diff --git a/sendmail/templates/sendmail.mc.erb b/sendmail/templates/sendmail.mc.erb index e8437c3..2cfb0d9 100644 --- a/sendmail/templates/sendmail.mc.erb +++ b/sendmail/templates/sendmail.mc.erb @@ -8,7 +8,7 @@ include(`/usr/share/sendmail-cf/m4/cf.m4')dnl include(`/usr/share/sendmail/cf/m4/cf.m4')dnl <% end -%> VERSIONID(`puppet sendmail::server')dnl -OSTYPE(`<%= @ostype -%>')dnl +OSTYPE(`<%= @kernel.downcase -%>')dnl dnl # <% if @mail_smart_host -%> define(`SMART_HOST', `<%= @mail_smart_host -%>')dnl @@ -39,12 +39,12 @@ dnl # define(`confCACERT_PATH', `/etc/mail/certs') <% if @ssl_key and @ssl_cert -%> <% if @ssl_chain -%> -define(`confCACERT', `/etc/pki/tls/certs/<%= @ssl_chain %>') +define(`confCACERT', `<%= scope.lookupvar('ssl::certs') %>/<%= @ssl_chain %>') <% end -%> -define(`confSERVER_CERT', `/etc/pki/tls/certs/<%= @ssl_cert %>') -define(`confSERVER_KEY', `/etc/pki/tls/private/<%= @ssl_key %>') -define(`confCLIENT_CERT', `/etc/pki/tls/certs/<%= @ssl_cert %>') -define(`confCLIENT_KEY', `/etc/pki/tls/private/<%= @ssl_key %>') +define(`confSERVER_CERT', `<%= scope.lookupvar('ssl::certs') %>/<%= @ssl_cert %>') +define(`confSERVER_KEY', `<%= scope.lookupvar('ssl::private') %>/<%= @ssl_key %>') +define(`confCLIENT_CERT', `<%= scope.lookupvar('ssl::certs') %>/<%= @ssl_cert %>') +define(`confCLIENT_KEY', `<%= scope.lookupvar('ssl::private') %>/<%= @ssl_key %>') <% end -%> dnl # FEATURE(`no_default_msa', `dnl')dnl diff --git a/sendmail/templates/submit.mc.erb b/sendmail/templates/submit.mc.erb index eb9d525..4a1580f 100644 --- a/sendmail/templates/submit.mc.erb +++ b/sendmail/templates/submit.mc.erb @@ -22,7 +22,7 @@ include(`/usr/share/sendmail/cf/m4/cf.m4')dnl DOMAIN(`debian-msp')dnl <% end -%> VERSIONID(`puppet setup')dnl -OSTYPE(`<%= @ostype -%>')dnl +OSTYPE(`<%= @kernel.downcase -%>')dnl define(`confCF_VERSION', `Submit')dnl define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet diff --git a/smtpd/files/mailer.conf b/smtpd/files/mailer.conf new file mode 100644 index 0000000..4cb477c --- /dev/null +++ b/smtpd/files/mailer.conf @@ -0,0 +1,5 @@ +sendmail /usr/sbin/smtpctl +send-mail /usr/sbin/smtpctl +mailq /usr/sbin/smtpctl +makemap /usr/libexec/smtpd/makemap +newaliases /usr/libexec/smtpd/makemap diff --git a/smtpd/manifests/init.pp b/smtpd/manifests/init.pp new file mode 100644 index 0000000..bde27da --- /dev/null +++ b/smtpd/manifests/init.pp @@ -0,0 +1,43 @@ +# Configure smtpd for local delivery. +# +# === Global variables +# +# $mail_domain: +# Domain to masquerade as (envelope only). +# +# $smtpd_relay: +# URI of mail relay server. +# +class smtpd { + + file { "/etc/mailer.conf": + ensure => present, + mode => "0644", + owner => "root", + group => "wheel", + source => "puppet:///modules/smtpd/mailer.conf", + before => Service["smtpd"], + } + + file { "/etc/mail/smtpd.conf": + ensure => present, + mode => "0644", + owner => "root", + group => "wheel", + content => template("smtpd/client.conf.erb"), + notify => Service["smtpd"], + } + + service { "sendmail": + ensure => stopped, + enable => false, + before => Service["smtpd"], + } + + service { "smtpd": + ensure => running, + enable => true, + start => "/usr/sbin/smtpd", + } + +} diff --git a/smtpd/templates/client.conf.erb b/smtpd/templates/client.conf.erb new file mode 100644 index 0000000..0138f36 --- /dev/null +++ b/smtpd/templates/client.conf.erb @@ -0,0 +1,10 @@ +listen on lo0 + +<% if @smtpd_relay -%> +accept from local for any relay via <%= @smtpd_relay %><% if @mail_domain %> as "@<%= @mail_domain %>"<% end %> +<% else -%> +table aliases db:/etc/mail/aliases.db + +accept from local for local alias deliver to mbox +accept from local for any relay<% if @mail_domain %> as "@<%= @mail_domain %>"<% end %> +<% end -%>