From: Julien Cristau Date: Wed, 2 Oct 2019 20:03:15 +0000 (+0200) Subject: Turn off accept_ra sysctl everywhere X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=d824f9b2ae6fe566ad3c47c9d4f0c6aaa1057242;p=mirror%2Fdsa-puppet.git Turn off accept_ra sysctl everywhere --- diff --git a/manifests/site.pp b/manifests/site.pp index e939261b4..ba5b9a128 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -53,10 +53,6 @@ node default { include samhain } - if $::hostname in [geo3,wieck] { - include debian_org::radvd - } - if $::spamd { munin::check { 'spamassassin': } } diff --git a/modules/debian_org/manifests/init.pp b/modules/debian_org/manifests/init.pp index e16915151..cdf1e6273 100644 --- a/modules/debian_org/manifests/init.pp +++ b/modules/debian_org/manifests/init.pp @@ -340,6 +340,16 @@ class debian_org { value => '1', } + # our ipv6 addresses and routes are statically configured. + base::sysctl { 'dsa-accept-ra-default': + key => 'net.ipv6.conf.default.accept_ra', + value => 0, + } + base::sysctl { 'dsa-accept-ra-all': + key => 'net.ipv6.conf.all.accept_ra', + value => 0, + } + # Disable kpartx udev rules file { '/etc/udev/rules.d/60-kpartx.rules': ensure => $has_lib_udev_rules_d_60_kpartx_rules ? { true => 'present', default => 'absent' }, diff --git a/modules/debian_org/manifests/radvd.pp b/modules/debian_org/manifests/radvd.pp deleted file mode 100644 index d783b705c..000000000 --- a/modules/debian_org/manifests/radvd.pp +++ /dev/null @@ -1,10 +0,0 @@ -class debian_org::radvd { - base::sysctl { 'dsa-accept-ra-default': - key => 'net.ipv6.conf.default.accept_ra', - value => 0, - } - base::sysctl { 'dsa-accept-ra-all': - key => 'net.ipv6.conf.all.accept_ra', - value => 0, - } -}