}
case $hostname {
- cilea,luchesi,merikanto,paganini,rautavaara,sibelius,spohr: {}
+ cilea,luchesi,paganini,rautavaara,sibelius: {}
default: {
case $kernel {
Linux: {
}
include ferm::per-host
+ case $hostname {
+ beethoven,ravel,spohr: {
+ include nfs-server
+ }
+ }
+
case $brokenhosts {
"true": { include hosts }
}
---
nameinfo:
+ abel.debian.org: Carl Friedrich Abel (1723 - 1787)
agnesi.debian.org: Maria Teresa Agnesi (October 17th, 1720 - January 19th, 1795)
agricola.debian.org: Alexander Agricola (1445 or 1446 - August 15th, 1506)
+ alain.debian.org: Jehan Alain (1911 - 1940)
albeniz.debian.org: Isaac Manuel Francisco Albéniz i Pascual (May 29th, 1860 - May 18th, 1909)
+ alwyn.debian.org: William Alwyn (1905 - 1985)
ancina.debian.org: Giovanni Giovenale Ancina (October 19th, 1545 - August 30th, 1604)
+ antheil.debian.org: George Antheil (1900 - 1959)
arcadelt.debian.org: Jacques Arcadelt (also Jacob Arcadelt) (?1507 - October 14th, 1568)
argento.debian.org: Dominick Argento (b. October 27th, 1927)
+ arne.debian.org: Thomas Augustine Arne (1710 - 1778)
+ arnold.debian.org: Malcolm Henry Arnold (1921 - 2006)
barber.debian.org: Samuel Barber (March 9th, 1910 - January 23rd, 1981)
bartok.debian.org: Béla Viktor János Bartók (March 25th, 1881 - September 26th, 1945)
beethoven.debian.org: Ludwig van Beethoven (December 16th, 1770 - March 26th, 1827)
- field.debian.org
- finzi.debian.org
smarthost:
+ abel.debian.org: mailout.debian.org
agnesi.debian.org: mailout.debian.org
agricola.debian.org: mailout.debian.org
+ alain.debian.org: mailout.debian.org
albeniz.debian.org: mailout.debian.org
alkman.debian.org: mailout.debian.org
+ alwyn.debian.org: mailout.debian.org
ancina.debian.org: mailout.debian.org
+ antheil.debian.org: mailout.debian.org
arcadelt.debian.org: mailout.debian.org
argento.debian.org: mailout.debian.org
+ arne.debian.org: mailout.debian.org
+ arnold.debian.org: mailout.debian.org
ball.debian.org: mailout.debian.org
barber.debian.org: mailout.debian.org
bartok.debian.org: mailout.debian.org
}
}
case $hostname {
- franck,gluck,kaufmann,kassia,klecker,lobos,morricone,raff,ries,rietz,saens,schein,senfl,steffani,valente,villa,wieck: {
+ chopin,franck,gluck,kaufmann,kassia,klecker,lobos,merikanto,morricone,raff,ravel,ries,rietz,saens,schein,senfl,stabile,steffani,valente,villa,wieck: {
include ferm::rsync
}
}
}
}
- case $hostname {
- ravel: {
- include ferm::nfs-server
- }
- }
-
case $hostname {
piatti,samosa: {
@ferm::rule { "dsa-udd-stunnel":
}
}
+ paganini: {
+ @ferm::rule { "dsa-dhcp":
+ description => "Allow dhcp access",
+ rule => "&SERVICE(udp, 67)"
+ }
+ @ferm::rule { "dsa-tftp":
+ description => "Allow tftp access",
+ rule => "&SERVICE(udp, 69)"
+ }
+ }
handel: {
@ferm::rule { "dsa-puppet":
description => "Allow puppet access",
rule => "&SERVICE_RANGE(tcp, rsync, ( 195.20.242.90 192.25.206.33 82.195.75.106 206.12.19.118 ))"
}
}
- beethoven: {
- @ferm::rule { "dsa-merikanto-beethoven":
- description => "Allow merikanto", # for nfs, and that uses all kind of ports by default.
- rule => "source 172.22.127.147 interface bond0 jump ACCEPT",
- }
- }
heininen: {
@ferm::rule { "dsa-syslog":
description => "Allow syslog access",
--- /dev/null
+options lockd nlm_udpport=10003 nlm_tcpport=10003
--- /dev/null
+# If you do not set values for the NEED_ options, they will be attempted
+# autodetected; this should be sufficient for most people. Valid alternatives
+# for the NEED_ options are "yes" and "no".
+
+# Do you want to start the statd daemon? It is not needed for NFSv4.
+NEED_STATD=
+
+# Options for rpc.statd.
+# Should rpc.statd listen on a specific port? This is especially useful
+# when you have a port-based firewall. To use a fixed port, set this
+# this variable to a statd argument like: "--port 4000 --outgoing-port 4001".
+# For more information, see rpc.statd(8) or http://wiki.debian.org/?SecuringNFS
+STATDOPTS='--port 10000 -o 10001'
+
+# Do you want to start the idmapd daemon? It is only needed for NFSv4.
+NEED_IDMAPD=
+
+# Do you want to start the gssd daemon? It is required for Kerberos mounts.
+NEED_GSSD=
--- /dev/null
+# Number of servers to start up
+RPCNFSDCOUNT=8
+
+# Runtime priority of server (see nice(1))
+RPCNFSDPRIORITY=0
+
+# Options for rpc.mountd.
+# If you have a port-based firewall, you might want to set up
+# a fixed port here using the --port option. For more information,
+# see rpc.mountd(8) or http://wiki.debian.org/?SecuringNFS
+RPCMOUNTDOPTS="-p 10002"
+
+# Do you want to start the svcgssd daemon? It is only required for Kerberos
+# exports. Valid alternatives are "yes" and "no"; the default is "no".
+NEED_SVCGSSD=
+
+# Options for rpc.svcgssd.
+RPCSVCGSSDOPTS=
--- /dev/null
+class nfs-server {
+
+ include ferm::nfs-server
+
+ package {
+ nfs-common: ensure => installed;
+ nfs-kernel-server: ensure => installed;
+ }
+
+ file {
+ "/etc/default/nfs-common":
+ source => "puppet:///nfs-server/nfs-common.default",
+ require => Package["nfs-common"],
+ notify => Exec["nfs-common restart"];
+ "/etc/default/nfs-kernel-server":
+ source => "puppet:///nfs-server/nfs-kernel-server.default",
+ require => Package["nfs-kernel-server"],
+ notify => Exec["nfs-kernel-server restart"];
+ "/etc/modprobe.d/lockd.local":
+ source => "puppet:///nfs-server/lockd.local.modprobe";
+ }
+
+ exec {
+ "nfs-common restart":
+ path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
+ refreshonly => true;
+ "nfs-kernel-server restart":
+ path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
+ refreshonly => true;
+ }
+}
# security
%security SECHOSTS=(dak) NOPASSWD: /usr/local/bin/dak new-security-install -[AR] -- *
%sec_public SECHOSTS=(dak) NOPASSWD: /usr/local/bin/dak new-security-install -[AR] -- *
-%sec_data SECHOSTS=(archvsync) NOPASSWD: /home/archvsync/security/signal ""
+%sec_public SECHOSTS=(dak) NOPASSWD: /home/dak/trigger_mirror
dak SECHOSTS=(archvsync) NOPASSWD: /home/archvsync/signal_security
# web stuff
debwww WEBHOSTS=(archvsync) NOPASSWD: /home/archvsync/webmirrors/runmirrors
# geodns may reload bind
geodnssync geo1,geo2,geo3=(root) NOPASSWD: /etc/init.d/bind9 reload
geodnssync geo1,geo2,geo3=(root) NOPASSWD: /usr/sbin/rndc reconfig
+# fossology
+%fossy vivaldi=(root) /etc/init.d/fossology
+%fossy vivaldi=(fossy) ALL
# Porter work
%porter-alpha albeniz=(root) NOPASSWD: /usr/sbin/upgrade-porter-chroots, /usr/bin/apt-in-chroot
-<%- if defined? syslogversion && syslogversion.to_s == "3" -%>
+<%- if has_variable?("syslogversion") and syslogversion.to_s == "3" -%>
@version: 3.0
<%- end -%>
##
# function to send logs to)
unix-stream("/dev/log");
# messages from the kernel
-<%- if defined? syslogversion && syslogversion.to_s == "2" -%>
+<%- if has_variable?("syslogversion") and syslogversion.to_s == "2" -%>
file("/proc/kmsg" log_prefix("kernel: "));
<%- else -%>
file("/proc/kmsg" program_override("kernel: "));
# function to send logs to)
unix-dgram("/var/run/log");
# messages from the kernel
-<%- if defined? syslogversion && syslogversion.to_s == "2" -%>
+<%- if has_variable?("syslogversion") and syslogversion.to_s == "2" -%>
file("/dev/klog" log_prefix("kernel: "));
<%- else -%>
file("/dev/klog" program_override("kernel: "));
<%- if hostname != "heininen" -%>
- <%- if defined? syslogversion && syslogversion.to_s == "3" -%>
+ <%- if has_variable?("syslogversion") and syslogversion.to_s == "3" -%>
destination loghost-heininen {
tcp("heininen.debian.org" port (5140)
tls( key_file("/etc/ssl/debian/keys/thishost.key")