X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fferm%2Fmanifests%2Finit.pp;h=03025d53533dd857a385da953ab3270ed06c619a;hb=6ca6f6af1264badd3565ccae3dc4d8dbcfd1bf0a;hp=4332dad78631a5198756c78b9e560fa32c7fffef;hpb=3eb533e5499e66423bafdedaf6c7d08ead1772de;p=mirror%2Fdsa-puppet.git

diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp
index 4332dad78..03025d535 100644
--- a/modules/ferm/manifests/init.pp
+++ b/modules/ferm/manifests/init.pp
@@ -1,3 +1,11 @@
+# = Class: ferm
+#
+# This class installs ferm and sets up rules
+#
+# == Sample Usage:
+#
+#   include ferm
+#
 class ferm {
 	# realize (i.e. enable) all @ferm::rule virtual resources
 	Ferm::Rule <| |>
@@ -14,7 +22,6 @@ class ferm {
 	service { 'ferm':
 		hasstatus   => false,
 		status      => '/bin/true',
-		refreshonly => true,
 	}
 
 	$munin_ips = split(regsubst($v4ips, '([^,]+)', 'ip_\1', 'G'), ',')
@@ -23,7 +30,7 @@ class ferm {
 
 	if $v6ips {
 		$munin6_ips = split(regsubst($v6ips, '([^,]+)', 'ip_\1', 'G'), ',')
-		munin::check { $munin6_ips: script => 'ip_', }
+		munin::ipv6check { $munin6_ips: }
 	}
 
 	# get rid of old stuff
@@ -38,6 +45,7 @@ class ferm {
 	}
 	file { '/etc/ferm/dsa.d':
 		ensure => directory,
+		mode   => '0555',
 		purge   => true,
 		force   => true,
 		recurse => true,
@@ -45,33 +53,38 @@ class ferm {
 	}
 	file { '/etc/ferm/conf.d':
 		ensure => directory,
+		mode   => '0555',
+		purge   => true,
+		force   => true,
+		recurse => true,
+		source  => 'puppet:///files/empty/',
 	}
 	file { '/etc/default/ferm':
 		source  => 'puppet:///modules/ferm/ferm.default',
 		require => Package['ferm'],
 		notify  => Service['ferm'],
+		mode    => '0444',
 	}
 	file { '/etc/ferm/ferm.conf':
 		source  => 'puppet:///modules/ferm/ferm.conf',
+		notify  => Service['ferm'],
 	}
 	file { '/etc/ferm/conf.d/me.conf':
 		content => template('ferm/me.conf.erb'),
+		notify  => Service['ferm'],
 	}
 	file { '/etc/ferm/conf.d/defs.conf':
 		content => template('ferm/defs.conf.erb'),
+		notify  => Service['ferm'],
 	}
 	file { '/etc/ferm/conf.d/interfaces.conf':
 		content => template('ferm/interfaces.conf.erb'),
+		notify  => Service['ferm'],
 	}
 	file { '/etc/logrotate.d/ulogd':
-		source => 'puppet:///modules/ferm/logrotate-ulogd',
+		source  => 'puppet:///modules/ferm/logrotate-ulogd',
+		mode    => '0444',
 		require => Package['debian.org'],
 	}
 
-	if getfromhash($site::nodeinfo, 'buildd') {
-		file { '/etc/ferm/conf.d/load_ftp_conntrack.conf':
-			source => 'puppet:///modules/ferm/conntrack_ftp.conf',
-		}
-	}
-
 }