We're no longer running any wheezy hosts.
class acpi {
- if (versioncmp($::lsbmajdistrelease, '8') >= 0) {
- package { 'acpid':
- ensure => purged
- }
-
- package { 'acpi-support-base':
- ensure => purged
- }
- } elsif ($::kvmdomain) {
- package { 'acpid':
- ensure => installed
- }
-
- service { 'acpid':
- ensure => running,
- require => Package['acpid'],
- }
+ package { 'acpid':
+ ensure => purged
+ }
- package { 'acpi-support-base':
- ensure => installed
- }
+ package { 'acpi-support-base':
+ ensure => purged
}
}
apache2::module { 'mpm_prefork': ensure => absent }
apache2::module { 'mpm_worker': }
}
- if versioncmp($::lsbmajdistrelease, '7') > 0 {
- file { '/etc/apache2/mods-available/mpm_worker.conf':
- content => template('apache2/mpm_worker.erb'),
- }
+ file { '/etc/apache2/mods-available/mpm_worker.conf':
+ content => template('apache2/mpm_worker.erb'),
}
file { '/etc/apache2/sites-available/common-ssl.inc':
}
}
- if versioncmp($::lsbmajdistrelease, '7') <= 0 {
- $symlink = "/etc/apache2/sites-enabled/${name}"
- } else {
- $symlink = "/etc/apache2/sites-enabled/${name}.conf"
+ $symlink = "/etc/apache2/sites-enabled/${name}.conf"
- file { "/etc/apache2/sites-enabled/${name}":
- ensure => absent,
- notify => Exec['service apache2 reload'],
- }
+ file { "/etc/apache2/sites-enabled/${name}":
+ ensure => absent,
+ notify => Exec['service apache2 reload'],
}
if $ensure == present {
CustomLog /var/log/apache2/access.log privacy
DocumentRoot /srv/www/default.debian.org/htdocs
- <% if scope.call_function('versioncmp', [@lsbmajdistrelease, '7']) > 0 -%>
<Directory /srv/www/default.debian.org/htdocs>
Require all granted
</Directory>
- <% end -%>
HostnameLookups Off
UseCanonicalName Off
tag => extra_repo,
}
- if versioncmp($::lsbmajdistrelease, '8') >= 0 {
- $rubyfs_package = 'ruby-filesystem'
- } else {
- $rubyfs_package = 'libfilesystem-ruby1.9'
- }
package { [
'apt-utils',
'bash-completion',
'dnsutils',
'less',
'lsb-release',
- $rubyfs_package,
+ 'ruby-filesystem',
'mtr-tiny',
'nload',
'pciutils',
package { 'ferm':
ensure => installed
}
- if (versioncmp($::lsbmajdistrelease, '8') >= 0) {
- package { 'ulogd2':
- ensure => installed
- }
- package { 'ulogd':
- # Remove instead of purge ulogd because it deletes log files on purge.
- ensure => absent
- }
- } else {
- package { 'ulogd':
- ensure => installed
- }
+ package { 'ulogd2':
+ ensure => installed
+ }
+ package { 'ulogd':
+ # Remove instead of purge ulogd because it deletes log files on purge.
+ ensure => absent
}
service { 'ferm':
content => template('ferm/interfaces.conf.erb'),
notify => Service['ferm'],
}
- if (versioncmp($::lsbmajdistrelease, '8') >= 0) {
- augeas { 'logrotate_ulogd2':
- context => '/files/etc/logrotate.d/ulogd2',
- changes => [
- 'set rule/schedule daily',
- 'set rule/delaycompress delaycompress',
- 'set rule/rotate 10',
- 'set rule/ifempty notifempty',
- ],
- }
- file { '/etc/logrotate.d/ulogd':
- ensure => absent,
- }
- file { '/etc/logrotate.d/ulogd.dpkg-bak':
- ensure => absent,
- }
- file { '/etc/logrotate.d/ulogd.dpkg-dist':
- ensure => absent,
- }
- } else {
- file { '/etc/logrotate.d/ulogd':
- source => 'puppet:///modules/ferm/logrotate-ulogd',
- mode => '0444',
- require => Package['debian.org'],
- }
+ augeas { 'logrotate_ulogd2':
+ context => '/files/etc/logrotate.d/ulogd2',
+ changes => [
+ 'set rule/schedule daily',
+ 'set rule/delaycompress delaycompress',
+ 'set rule/rotate 10',
+ 'set rule/ifempty notifempty',
+ ],
+ }
+ file { '/etc/logrotate.d/ulogd':
+ ensure => absent,
+ }
+ file { '/etc/logrotate.d/ulogd.dpkg-bak':
+ ensure => absent,
+ }
+ file { '/etc/logrotate.d/ulogd.dpkg-dist':
+ ensure => absent,
}
}
@include 'conf.d/';
-<% if scope.call_function('versioncmp', [@lsbmajdistrelease, '8']) >= 0 -%>
domain (ip ip6) {
table filter {
chain log_and_reject {
}
}
-<% else -%>
-domain ip {
- table filter {
- chain log_and_reject {
- ULOG ulog-prefix "REJECT: ";
- proto tcp REJECT reject-with tcp-reset;
- REJECT;
- }
-
- chain log_or_drop {
- mod hashlimit hashlimit-name ulogreject hashlimit-mode srcip hashlimit-burst 10 hashlimit 1/second jump log_and_reject;
- mod hashlimit hashlimit-name uloglogdrop hashlimit-mode srcip hashlimit-burst 10 hashlimit 1/second ULOG ulog-prefix "DROP: ";
- DROP;
- }
-
- }
-}
-domain ip6 {
- table filter {
- chain log_and_reject {
- LOG log-prefix "REJECT: ";
- proto tcp REJECT reject-with tcp-reset;
- REJECT;
- }
-
- chain log_or_drop {
- mod hashlimit hashlimit-name logreject hashlimit-mode srcip hashlimit-burst 10 hashlimit 1/second jump log_and_reject;
- mod hashlimit hashlimit-name loglogdrop hashlimit-mode srcip hashlimit-burst 10 hashlimit 1/second LOG log-prefix "DROP: ";
- DROP;
- }
- }
-}
-<% end -%>
domain (ip ip6) {
table filter {
chain INPUT {
# include monit
#
class monit {
- if versioncmp($::lsbmajdistrelease, '7') <= 0 {
- package { 'monit':
- ensure => installed
- }
-
- augeas { 'inittab_monit':
- context => '/files/etc/inittab',
- changes => [
- 'set mo/runlevels 2345',
- 'set mo/action respawn',
- "set mo/process \"/usr/bin/monit -d 300 -I -c /etc/monit/monitrc -s /var/lib/monit/monit.state\"",
- ],
- notify => Exec['init q'],
- }
-
- file { '/etc/monit/':
- ensure => directory,
- mode => '0755',
- purge => true,
- notify => Exec['service monit stop'],
- require => Package['monit'],
- }
- file { '/etc/monit/monit.d':
- ensure => directory,
- mode => '0750',
- purge => true,
- }
- file { '/etc/monit/monitrc':
- content => template('monit/monitrc.erb'),
- mode => '0400'
- }
- file { '/etc/monit/monit.d/01puppet':
- source => 'puppet:///modules/monit/puppet',
- mode => '0440'
- }
- file { '/etc/monit/monit.d/00debian.org':
- source => 'puppet:///modules/monit/debianorg',
- mode => '0440'
- }
- file { '/etc/default/monit':
- content => template('monit/default.erb'),
- require => Package['monit'],
- notify => Exec['service monit stop']
- }
-
- exec { 'service monit stop':
- refreshonly => true,
- }
- } else {
- package { 'monit':
- ensure => purged
- }
- file { [ '/etc/monit/',
- '/etc/monit/monit.d',
- '/etc/monit/monit.d/01puppet',
- '/etc/monit/monit.d/00debian.org'
- ]:
- ensure => absent,
- force => true
- }
+ package { 'monit':
+ ensure => purged
+ }
+ file { [ '/etc/monit/',
+ '/etc/monit/monit.d',
+ '/etc/monit/monit.d/01puppet',
+ '/etc/monit/monit.d/00debian.org'
+ ]:
+ ensure => absent,
+ force => true
}
}
<% @ns.to_a.flatten.each do |nms| -%>
forward-addr: <%= nms %>
<% end -%>
- # This will actually only work starting with unbound 1.4.18 (wheezy has 1.4.17)
- # previously, forward-first was not implemented for the root zone.
forward-first: yes
<% end -%>
projects / mirror / dsa-puppet.git / commitdiff