2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
# File 'manifests/init.pp', line 2
class g_server (
# TODO: move to g_server::network
Array $external_ifaces = [],
Array $internal_ifaces = [],
Optional[String] $hostname = $::trusted['certname'],
# default values for variants has to be undef since puppet 5
# translates it as "no value" and not "value of null"
Variant[Boolean, Hash, Undef] $manage_ssh = undef,
# Boolean $manage_fail2ban = true,
Variant[Boolean, Hash, Undef] $manage_network = undef,
Boolean $manage_firewall = true,
Boolean $manage_repos = true,
Boolean $manage_sudo = true,
Boolean $manage_cron = true,
Variant[Boolean, Hash, Undef] $manage_accounts = undef,
Variant[Boolean, Hash, Undef] $manage_volumes = undef,
Variant[Boolean, Hash, Undef] $manage_ntp = undef,
Boolean $default_packages = true
) {
if ! $external_ifaces {
fail('No external iface given')
}
if $manage_volumes == true {
contain ::g_server::volumes
} elsif $manage_volumes =~ Hash {
class { 'g_server::volumes':
* => $manage_volumes
}
}
if $manage_repos {
contain ::g_server::repos
}
if $manage_firewall {
contain ::g_server::firewall
}
if $manage_ssh == true {
contain ::g_server::services::ssh
} elsif $manage_ssh =~ Hash {
class { 'g_server::services::ssh':
* => $manage_ssh
}
}
if $manage_accounts == true {
contain ::g_server::accounts
} elsif $manage_accounts =~ Hash {
class { 'g_server::accounts':
* => $manage_accounts
}
}
if $manage_network == true {
contain ::g_server::network
} elsif $manage_network =~ Hash {
class { 'g_server::network':
* => $manage_network
}
}
if $manage_sudo {
contain ::g_server::sudo
}
if $manage_cron {
contain ::g_server::cron
}
if $manage_ntp == true {
contain ::g_server::services::ntp
} elsif $manage_ntp =~ Hash {
class { 'g_server::services::ntp':
* => $manage_ntp
}
}
if $hostname {
class { 'g_server::network::hostname':
hostname => $hostname
}
}
#TODO: change switch in ssh class, include ::fail2ban::jail::sshd
# if $manage_fail2ban {
# class { 'g_server::services::fail2ban':
# sshd => $manage_ssh
# }
# }
if $::facts['os']['family'] == 'Redhat' {
# mount tmpfs in /tmp
service { 'tmp.mount':
ensure => running,
enable => true,
}
}
if $default_packages {
ensure_packages([
'e2fsprogs'
], {
ensure => 'present'
})
}
}
|