$boxap_ssid = "AndroidAP4481"
$boxap_psk = "1234567890"
$wlan0_ip = $ipaddress_wlan0
case $macaddress_eth0 {
"b8:27:eb:ae:12:1d": {
$hostn = "palette"
$domainn = "ppprod.biz"
$other_domainn = "ppprod2.biz"
$arpa_domainn = "192.168.2"
$other_arpa_domainn = "192.168.3"
$invers_arpa_domainn = "2.168.192"
$other_invers_arpa_domainn = "3.168.192"
$eth0_ip = "192.168.2.1"
$tor_nickname = "6cfdb97abb21"
$site = "stm"
$vpn_ip = "10.4.0.2"
$vpn_other = "10.4.0.1"
$vpn_other_host_fqdn = "experience.vpn"
$vpn_other_host = "experience"
}
"b8:27:eb:ac:9f:fc": {
$hostn = "experience"
$domainn = "ppprod2.biz"
$other_domainn = "ppprod.biz"
$arpa_domainn = "192.168.3"
$other_arpa_domainn = "192.168.2"
$invers_arpa_domainn = "3.168.192"
$other_invers_arpa_domainn = "2.168.192"
$eth0_ip = "192.168.3.1"
$tor_nickname = "6cfdb97abb9a"
$site = "tln"
$vpn_ip = "10.4.0.1"
$vpn_other = "10.4.0.2"
$vpn_other_host_fqdn = "palette.vpn"
$vpn_other_host = "palette"
}
}
service { "reboot":
ensure => running,
hasrestart => false,
start => "/bin/true",
hasstatus => false,
status => "/bin/true",
require => Service["monit"],
}
exec { "hostname ${hostn}":
command => "/bin/hostname ${hostn}",
}
file { "/etc/hostname":
content => $hostn,
require => Exec["hostname ${hostn}"],
}
host { localhost:
ensure => present,
ip => "127.0.0.1",
host_aliases => $hostn,
require => File["/etc/hostname"],
}
host { "${vpn_other_host_fqdn}":
ensure => present,
ip => "${vpn_other}",
host_aliases => "${vpn_other_host}",
require => File["/etc/hostname"],
}
cron { "puppet apply":
command => "mount | grep ':puppet_rpi on /etc/puppet type fuse.glusterfs (rw,' 1>/dev/null || mount /etc/puppet ; cd /etc/puppet && find . -name '*~' -delete ; /usr/bin/puppet apply /etc/puppet/manifests/site.pp",
user => root,
hour => '1-23/2',
minute => 0,
require => Mount["/etc/puppet"],
}
cron { "apt-get update":
command => "/usr/bin/apt-get update",
user => root,
hour => '12',
minute => 0,
weekday => 1,
}
cron { "apt-get full update":
command => "apt-get update && apt-get -y upgrade && apt-get -y autoremove && apt-get -y dist-upgrade && rpi-update && reboot",
user => root,
hour => 0,
minute => 0,
monthday => 1,
}
exec { "openvpn between rpi":
command => "/bin/bash -c 'test -f /var/run/vpn.rpi.pid -a -n \"$( ps -e | grep openvpn | grep $( cat /var/run/vpn.rpi.pid ) )\" || /data/glusterfs/.local/scripts/vpn.rpi start'",
}
package { [glusterfs-server,glusterfs-client,monit]:
ensure => latest,
}
service { "glusterfs-server":
ensure => running,
enable => true,
require => [ Package[glusterfs-server,glusterfs-client], Exec["openvpn between rpi"] ],
before => Service["monit"],
}
mount { "/etc/puppet":
atboot => false,
device => "${vpn_ip}:puppet_rpi",
ensure => mounted,
fstype => glusterfs,
require => Service["glusterfs-server"],
before => Service["monit"],
}
mount { "/usr/local/bin":
atboot => false,
ensure => mounted,
device => "/etc/puppet/scripts",
fstype => "none",
options => "bind",
require => Mount["/etc/puppet"],
before => Service["monit"],
}
file { "/etc/puppet/scripts/vpn.rpi.${site}.monit":
content => template("scripts/vpn.rpi.monit.erb"),
require => Mount["/etc/puppet"]
}
file { "/etc/monit/conf.d/vpn.rpi.monit":
ensure => "/data/glusterfs/.local/scripts/vpn.rpi.${site}.monit",
require => [ Package[monit], File["/etc/puppet/scripts/vpn.rpi.${site}.monit"] ],
notify => Service["monit"],
}
file { "/etc/monit/monitrc":
source => "file:///etc/puppet/modules/common/files/monitrc",
mode => 0600,
require => [ Package[monit], File["/etc/monit/conf.d/vpn.rpi.monit"] ],
notify => Service["monit"],
}
service { "monit":
ensure => running,
enable => true,
require => [ Package[monit], File["/etc/puppet/scripts/vpn.rpi.${site}.monit" ] ],
}
file { "/etc/rc.local":
source => "file:///etc/puppet/modules/common/files/rc.local",
mode => 0755,
}
file { "/etc/network/interfaces":
content => template("network/interfaces.erb"),
}
# notify => Service[reboot],
}
node common inherits default {
exec { "ping rpi vpn":
command => "/bin/ping -qc 1 ${vpn_ip}",
require => Exec["openvpn between rpi"],
}
package { [bind9,squid3,privoxy,tor,tor-arm,dnsproxy,iptables]:
ensure => latest,
}
file { "/root/iptables":
content => template("common/iptables.erb"),
}
$anonymous_id = 1000
$anonymous_user = "anonymous"
exec { ["/usr/local/bin/gidmod.sh ${anonymous_id} ${anonymous_user}","/usr/local/bin/uidmod.sh ${anonymous_id} ${anonymous_user}"]:
require => Mount["/usr/local/bin"],
}
group { "${anonymous_user}":
ensure => present,
gid => "${anonymous_id}",
require => Exec["/usr/local/bin/gidmod.sh ${anonymous_id} ${anonymous_user}"],
}
user { "${anonymous_user}":
ensure => present,
uid => "${anonymous_id}",
gid => "${anonymous_user}",
home => "/tmp",
require => [ Exec["/usr/local/bin/uidmod.sh ${anonymous_id} ${anonymous_user}"], Group["${anonymous_user}"] ],
before => Exec["do iptables"],
}
exec { "do iptables":
command => "/sbin/iptables-restore
require => File["/root/iptables"],
}
$bind_id = 116
$bind_user = bind
exec { ["/usr/local/bin/gidmod.sh ${bind_id} ${bind_user}","/usr/local/bin/uidmod.sh ${bind_id} ${bind_user}"]:
require => [ Mount["/usr/local/bin"], Package[bind9] ],
}
group { "${bind_user}":
ensure => present,
gid => "${bind_id}",
require => Exec["/usr/local/bin/gidmod.sh ${bind_id} ${bind_user}"],
}
user { "${bind_user}":
ensure => present,
uid => "${bind_id}",
gid => "${bind_user}",
require => [ Exec["/usr/local/bin/uidmod.sh ${bind_id} ${bind_user}"], Group["${bind_user}"] ],
before => Service["bind9"],
}
file { "/etc/bind/zones.rfc1918":
content => template("common/zones.rfc1918.erb"),
notify => Service["bind9"],
require => [ Package[bind9], Exec["ping rpi vpn"] ],
}
file { "/etc/bind/named.conf.options":
content => template("common/named.conf.options.erb"),
notify => Service["bind9"],
require => [ Package[bind9], File["/etc/bind/zones.rfc1918"] ],
}
file { "/etc/bind/db.${domainn}":
content => template("common/db.domainn.erb"),
}
file { "/etc/bind/db.${arpa_domainn}":
content => template("common/db.arpa_domainn.erb"),
}
File["/etc/bind/db.${domainn}","/etc/bind/db.${arpa_domainn}"] {
ensure => present,
notify => Service["bind9"],
require => File["/etc/bind/named.conf.options"],
}
file { "/etc/bind/named.conf.local":
content => template("common/named.conf.local.erb"),
notify => Service["bind9"],
require => [ Package[bind9], Exec["ping rpi vpn"],
File["/etc/bind/named.conf.options",
"/etc/bind/db.${domainn}",
"/etc/bind/db.${arpa_domainn}"] ],
}
file { "/etc/bind":
mode => "g+rws",
group => "${bind_user}",
require => Group["${bind_user}"],
}
file { "/etc/default/bind9":
source => "file:///etc/puppet/modules/common/files/bind9.default",
require => File["/etc/bind"],
notify => Service["bind9"],
}
service { "bind9":
ensure => running,
enable => true,
require => File["/etc/default/bind9"],
}
file { "/etc/dnsproxy.conf":
source => "file:///etc/puppet/modules/common/files/dnsproxy.conf",
notify => Service["dnsproxy"],
}
service { "dnsproxy":
ensure => running,
enable => true,
require => File["/etc/dnsproxy.conf"],
}
file { "/etc/resolv.conf":
source => "file:///etc/puppet/modules/common/files/resolv.conf",
require => Service["bind9"],
}
$privoxy_id = 109
$privoxy_user = privoxy
exec { "/usr/local/bin/uidmod.sh ${privoxy_id} ${privoxy_user}":
require => [ Mount["/usr/local/bin"], Package[privoxy] ],
}
user { "${privoxy_user}":
ensure => present,
uid => "${privoxy_id}",
require => Exec["/usr/local/bin/uidmod.sh ${privoxy_id} ${privoxy_user}"],
before => [ Service["privoxy"], Exec["do iptables"] ],
}
file { "/var/log/privoxy":
owner => "${privoxy_user}",
recurse => true,
require => [ Package[privoxy], User["${privoxy_user}"] ],
before => Service["privoxy"],
notify => Service["privoxy"],
}
file { "/etc/privoxy/config":
content => template("common/privoxy.config.erb"),
require => [ Package[privoxy], File["/etc/resolv.conf"] ],
notify => Service["privoxy"],
}
file { "/etc/privoxy/trust":
content => template("common/privoxy.trust.erb"),
require => [ Package[privoxy], File["/etc/resolv.conf"] ],
notify => Service["privoxy"],
}
service { "privoxy":
ensure => running,
enable => true,
require => [ File["/etc/privoxy/config","/etc/privoxy/trust"], Exec["do iptables"] ],
}
file { "/etc/monit/conf.d/privoxy":
content => template("common/monit.privoxy.erb"),
require => Service["privoxy"],
notify => Service["monit"],
}
$squid_id = 13
$squid_user = "proxy"
exec { ["/usr/local/bin/gidmod.sh ${squid_id} ${squid_user}","/usr/local/bin/uidmod.sh ${squid_id} ${squid_user}"]:
require => [ Mount["/usr/local/bin"], Package[squid3] ],
}
group { "${squid_user}":
ensure => present,
gid => "${squid_id}",
require => Exec["/usr/local/bin/gidmod.sh ${squid_id} ${squid_user}"],
}
user { "${squid_user}":
ensure => present,
uid => "${squid_id}",
gid => "${squid_user}",
require => [ Exec["/usr/local/bin/uidmod.sh ${squid_id} ${squid_user}"], Group["${squid_user}"] ],
before => [ Service["squid3"], Exec["do iptables"] ],
}
mount { "/var/squid":
device => "LABEL=DATA-squid",
fstype => ext4,
options => "defaults",
pass => 2,
atboot => true,
ensure => mounted,
}
mount { "/etc/squid3":
device => "/var/squid/etc",
}
mount { "/var/log/squid3":
device => "/var/squid/log",
}
mount { "/var/spool/squid3":
device => "/var/squid/cache",
}
Mount["/etc/squid3","/var/log/squid3","/var/spool/squid3"] {
fstype => none,
options => bind,
require => Mount["/var/squid"],
before => Package[squid3],
atboot => true,
ensure => mounted,
}
file { "/etc/squid3/squid.conf":
content => template("common/squid.conf.erb"),
require => [ Package[squid3], Service["privoxy"], Mount["/etc/squid3"] ],
notify => Service["squid3"],
}
service { "squid3":
ensure => running,
enable => true,
require => [ File["/etc/squid3/squid.conf"], Mount["/etc/squid3","/var/log/squid3","/var/spool/squid3"], User["${squid_user}"], Exec["do iptables"] ],
}
$tor_id = 117
$tor_user = "debian-tor"
exec { ["/usr/local/bin/gidmod.sh ${tor_id} ${tor_user}","/usr/local/bin/uidmod.sh ${tor_id} ${tor_user}"]:
require => [ Mount["/usr/local/bin"], Package[tor] ],
}
group { "${tor_user}":
ensure => present,
gid => "${tor_id}",
require => Exec["/usr/local/bin/gidmod.sh ${tor_id} ${tor_user}"],
}
user { "${tor_user}":
ensure => present,
uid => "${tor_id}",
gid => "${tor_user}",
require => [ Exec["/usr/local/bin/uidmod.sh ${tor_id} ${tor_user}"], Group["${tor_user}"] ],
before => [ Service["tor"], Exec["do iptables"] ],
}
file { "/etc/default/tor":
source => "file:///etc/puppet/modules/common/files/tor.default",
}
file { "/etc/tor/torrc" :
content => template("common/torrc.erb"),
}
File["/etc/default/tor","/etc/tor/torrc"] {
require => [ Package[tor], Service["squid3"] ],
before => Service["tor"],
notify => Service["tor"],
}
service { "tor":
ensure => running,
enable => true,
require => [ File["/etc/default/tor", "/etc/tor/torrc"],
Exec["do iptables"],
User["${tor_user}"] ],
}
package { [rpcbind, nfs-common]:
ensure => latest,
}
Package[nfs-common] {
require => Package[rpcbind],
}
file { "/etc/exports":
content => template("common/nfs.exports.erb"),
before => Service["nfs-common"],
notify => Service["nfs-common"],
}
service { "rpcbind":
ensure => running,
enable => true,
require => Exec["do iptables"],
}
service { "nfs-common":
ensure => running,
enable => true,
require => [ File["/etc/exports"],
Service["rpcbind"] ],
}
package { [apt-cacher-ng]:
ensure => latest,
}
$acng_id = 112
$acng_user = "apt-cacher-ng"
exec { ["/usr/local/bin/gidmod.sh ${acng_id} ${acng_user}","/usr/local/bin/uidmod.sh ${acng_id} ${acng_user}"]:
require => [ Mount["/usr/local/bin"], Package[apt-cacher-ng] ],
before => Service["apt-cacher-ng"],
}
group { "${acng_user}":
ensure => present,
gid => "${acng_id}",
require => Exec["/usr/local/bin/gidmod.sh ${acng_id} ${acng_user}"],
}
user { "${acng_user}":
ensure => present,
uid => "${acng_id}",
gid => "${acng_user}",
require => [ Exec["/usr/local/bin/uidmod.sh ${acng_id} ${acng_user}"], Group["${acng_user}"] ],
before => Service["apt-cacher-ng"],
}
file { ["/etc/apt-cacher-ng/security.conf","/var/log/apt-cacher-ng"]:
group => "${acng_user}",
owner => "${acng_user}",
recurse => true,
require => [ Package[apt-cacher-ng], User["${acng_user}"], Group["${acng_user}"] ],
before => Service["apt-cacher-ng"],
notify => Service["apt-cacher-ng"],
}
file { "/etc/apt-cacher-ng/acng.conf":
content => template("common/acng.conf.erb"),
}
file { "/etc/apt/apt.conf" :
content => template("common/apt.conf.erb"),
}
File["/etc/apt-cacher-ng/acng.conf","/etc/apt/apt.conf"] {
require => [ Package[apt-cacher-ng], User["${acng_user}"], Group["${acng_user}"] ],
before => Service["apt-cacher-ng"],
notify => Service["apt-cacher-ng"],
}
service { "apt-cacher-ng":
ensure => running,
enable => true,
require => [ Package[apt-cacher-ng],
File["/etc/apt-cacher-ng/acng.conf","/etc/apt/apt.conf"],
Mount["/var/cache/apt-cacher-ng"] ],
}
}
node palette inherits common {
mount { "/var/cache/apt-cacher-ng":
ensure => mounted,
device => "${vpn_other_host_fqdn}:/var/apt-cacher-ng/cache",
fstype => "nfs",
options => "defaults",
pass => 0,
dump => 0,
require => [ Exec["ping rpi vpn"], Host["${vpn_other_host_fqdn}"] ],
}
}
node experience inherits common {
mount { "/var/cache/apt-cacher-ng":
ensure => mounted,
device => "/var/apt-cacher-ng/cache",
fstype => "none",
options => "bind",
pass => 0,
dump => 0,
}
package { [samba4,dnsmasq]:
ensure => latest,
}
file { "/etc/default/dnsmasq":
source => "file:///etc/puppet/modules/common/files/dnsmasq.default",
}
file { "/etc/dnsmasq.conf" :
content => template("common/dnsmasq.conf.erb"),
}
File["/etc/default/dnsmasq","/etc/dnsmasq.conf"] {
require => Package[dnsmasq],
before => Service["dnsmasq"],
notify => Service["dnsmasq"],
}
service { "dnsmasq":
ensure => running,
enable => true,
require => [ Package[dnsmasq], File["/etc/default/dnsmasq","/etc/dnsmasq.conf"] ],
}
}
Aucun commentaire:
Enregistrer un commentaire