137 lines
3 KiB
ObjectPascal
137 lines
3 KiB
ObjectPascal
|
# kitchen sink class for various small settings
|
||
|
class ff_gw::sysadmin {
|
||
|
|
||
|
# use Hiera as a Puppet data source
|
||
|
file {
|
||
|
'/etc/puppet/hiera.yaml':
|
||
|
# content from git repo, not from puppet
|
||
|
ensure => file;
|
||
|
'/etc/hiera.yaml':
|
||
|
ensure => link,
|
||
|
target => '/etc/puppet/hiera.yaml';
|
||
|
}
|
||
|
|
||
|
# use backports repo
|
||
|
apt::source { 'wheezy-backports':
|
||
|
location => 'http://ftp.de.debian.org/debian/',
|
||
|
release => 'wheezy-backports',
|
||
|
repos => 'main',
|
||
|
}
|
||
|
# some more packages
|
||
|
package {
|
||
|
['vim-nox', 'git', 'etckeeper', 'pv', 'curl', 'atop',
|
||
|
'screen', 'tcpdump', 'rsync', 'file']:
|
||
|
ensure => installed,
|
||
|
}
|
||
|
|
||
|
# Sudo
|
||
|
include sudo
|
||
|
sudo::conf { 'admins':
|
||
|
priority => 10,
|
||
|
content => '%sudo ALL=(ALL) NOPASSWD: ALL',
|
||
|
}
|
||
|
|
||
|
# sshd
|
||
|
augeas { 'harden_sshd':
|
||
|
context => '/files/etc/ssh/sshd_config',
|
||
|
changes => [
|
||
|
'set PermitRootLogin no',
|
||
|
'set PasswordAuthentication no',
|
||
|
'set PubkeyAuthentication yes'
|
||
|
],
|
||
|
}
|
||
|
~>
|
||
|
service { 'ssh':
|
||
|
ensure => running,
|
||
|
enable => true,
|
||
|
}
|
||
|
|
||
|
# zabbix
|
||
|
apt::source { 'zabbix':
|
||
|
location => 'http://repo.zabbix.com/zabbix/2.2/debian',
|
||
|
release => 'wheezy',
|
||
|
repos => 'main',
|
||
|
key => '79EA5ED4',
|
||
|
key_server => 'pgpkeys.mit.edu',
|
||
|
}
|
||
|
->
|
||
|
package { 'zabbix-agent':
|
||
|
ensure => latest;
|
||
|
}
|
||
|
->
|
||
|
file { '/etc/zabbix/zabbix_agentd.d/argos_monitoring.conf':
|
||
|
ensure => file,
|
||
|
content => "# managed by puppet
|
||
|
Server=argos.mschuette.name
|
||
|
HostnameItem=${::hostname}
|
||
|
";
|
||
|
}
|
||
|
~>
|
||
|
service { 'zabbix-agent':
|
||
|
ensure => running,
|
||
|
enable => true,
|
||
|
}
|
||
|
|
||
|
# munin
|
||
|
package {
|
||
|
[ 'munin-node', 'vnstat' ]:
|
||
|
ensure => installed,
|
||
|
}
|
||
|
->
|
||
|
file {
|
||
|
'/etc/munin/munin-node.conf':
|
||
|
ensure => file,
|
||
|
# mostly Debin pkg default
|
||
|
content => inline_template('# managed by puppet
|
||
|
log_level 4
|
||
|
log_file /var/log/munin/munin-node.log
|
||
|
pid_file /var/run/munin/munin-node.pid
|
||
|
|
||
|
background 1
|
||
|
setsid 1
|
||
|
|
||
|
user root
|
||
|
group root
|
||
|
|
||
|
# Regexps for files to ignore
|
||
|
ignore_file [\#~]$
|
||
|
ignore_file DEADJOE$
|
||
|
ignore_file \.bak$
|
||
|
ignore_file %$
|
||
|
ignore_file \.dpkg-(tmp|new|old|dist)$
|
||
|
ignore_file \.rpm(save|new)$
|
||
|
ignore_file \.pod$
|
||
|
|
||
|
port 4949
|
||
|
|
||
|
host_name <%= @fqdn %>
|
||
|
cidr_allow 78.47.49.236/32
|
||
|
host <%= @ipaddress_eth0 %>
|
||
|
');
|
||
|
'/usr/share/munin/plugins/vnstat_':
|
||
|
ensure => file,
|
||
|
mode => '0755',
|
||
|
source => 'puppet:///modules/ff_gw/usr/share/munin/plugins/vnstat_';
|
||
|
'/etc/munin/plugins/vnstat_eth0_monthly_rxtx':
|
||
|
ensure => link,
|
||
|
target => '/usr/share/munin/plugins/vnstat_';
|
||
|
'/usr/share/munin/plugins/udp-statistics':
|
||
|
ensure => file,
|
||
|
mode => '0755',
|
||
|
source => 'puppet:///modules/ff_gw/usr/share/munin/plugins/udp-statistics';
|
||
|
'/etc/munin/plugins/udp-statistics':
|
||
|
ensure => link,
|
||
|
target => '/usr/share/munin/plugins/udp-statistics';
|
||
|
# TODO: delete not needed plugins
|
||
|
'/etc/munin/plugin-conf.d/vnstat':
|
||
|
ensure => file,
|
||
|
content => '[vnstat_eth0_monthly_rxtx]
|
||
|
env.estimate 1';
|
||
|
}
|
||
|
~>
|
||
|
service { 'munin-node':
|
||
|
ensure => running,
|
||
|
enable => true;
|
||
|
}
|
||
|
}
|