add geo1

Signed-off-by: Stephen Gran <steve@lobefin.net>

Merge branch 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet

use new split v4/v6 defs in template

Signed-off-by: Stephen Gran <steve@lobefin.net>

Merge branch 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet

* 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet:
  add draghi as dbmaster
  split nagios, munin, and db hosts into seperate v4 and v6 defs, and provide the superset as well

And support many forward ports from a single host

add draghi as dbmaster

Signed-off-by: Stephen Gran <steve@lobefin.net>

Merge branch 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet

split nagios, munin, and db hosts into seperate v4 and v6 defs, and provide the superset as well

Signed-off-by: Stephen Gran <steve@lobefin.net>

Merge branch 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet

* 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet:
  nagios is also allowed to connect to ssh
  anchor start of line
  template the munin master as well
  erb, I hate you
  reshuffle bind configuration

Specify which target port we want in our ssh call

nagios is also allowed to connect to ssh

Signed-off-by: Stephen Gran <steve@lobefin.net>

anchor start of line

Signed-off-by: Stephen Gran <steve@lobefin.net>

template the munin master as well

Signed-off-by: Stephen Gran <steve@lobefin.net>

erb, I hate you

Signed-off-by: Stephen Gran <steve@lobefin.net>

reshuffle bind configuration

Signed-off-by: Stephen Gran <steve@lobefin.net>

Add a comment

Replace stunnel on master with this

Try to get sshkey

Typo

Manually cast more

Manually cast

Update comment

Typo

And produce an xinetd snippet

Comment out debugging info

fqdn instead of hostname

I wonder how one debugs these things properly

yeah, that too

start by quoting strings

I wonder in how many ways this will blow up

Merge branch 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet

* 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet:
  Revert "test template"

Use _ instead of -

Revert "test template"

This reverts commit 95fe5adaaca52ca56e246c545169ab68fd62d8e4.

Merge branch 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet

* 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet:
  test template

Rename portforwarder to portforwarder-key; Add portforwarder-user-exists fact

Merge branch 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet

test template

Signed-off-by: Stephen Gran <steve@lobefin.net>

Add a facter that collects ssh keys of the portforwarder user

clean up some formatting

Signed-off-by: Stephen Gran <steve@lobefin.net>

right, this is an array

Signed-off-by: Stephen Gran <steve@lobefin.net>

we don't actually need to build an array and take it back apart

Signed-off-by: Stephen Gran <steve@lobefin.net>

we don't need to append to the string now

Signed-off-by: Stephen Gran <steve@lobefin.net>

force into a string

Signed-off-by: Stephen Gran <steve@lobefin.net>

let's use consistent variables

Signed-off-by: Stephen Gran <steve@lobefin.net>

correct template name

Signed-off-by: Stephen Gran <steve@lobefin.net>

automate named.conf.acl

Signed-off-by: Stephen Gran <steve@lobefin.net>

fix up some usage of keyinfo

Signed-off-by: Stephen Gran <steve@lobefin.net>

move keyinfo to all hosts, as we want it for various other lookups

Signed-off-by: Stephen Gran <steve@lobefin.net>

equality is overrated

Signed-off-by: Stephen Gran <steve@lobefin.net>

first stab at making puppet figure out info for nagios and munin master

Signed-off-by: Stephen Gran <steve@lobefin.net>

add munin and nagios master declarations

Signed-off-by: Stephen Gran <steve@lobefin.net>

skip munin on fano, as it keeps dying and holding up the show

Signed-off-by: Stephen Gran <steve@lobefin.net>

Merge branch 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet

quick, before anybody notices

fix typo

Signed-off-by: Stephen Gran <steve@lobefin.net>

Merge branch 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet

* 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet:
  cleanup a bit

weasel addresses

cleanup a bit

Signed-off-by: Stephen Gran <steve@lobefin.net>

Extra sources.list entry on alkman

correct munin/nagios ip addresses

Signed-off-by: Stephen Gran <steve@lobefin.net>

how about I add the right ip for weasel?

Signed-off-by: Stephen Gran <steve@lobefin.net>

make v6 logging work; add weasel ip; fix brain damage

Signed-off-by: Stephen Gran <steve@lobefin.net>

shuffle

Signed-off-by: Stephen Gran <steve@lobefin.net>

and name it

Signed-off-by: Stephen Gran <steve@lobefin.net>

add log/drop rule

Signed-off-by: Stephen Gran <steve@lobefin.net>

shorten up the typing

Signed-off-by: Stephen Gran <steve@lobefin.net>

obligatory headers

Signed-off-by: Stephen Gran <steve@lobefin.net>

scoping fix

Signed-off-by: Stephen Gran <steve@lobefin.net>

Revert "try without a source for the directory"

This reverts commit a1a623c8c95076d6d2c13c0d8ed81860eae626ee.

try without a source for the directory

Signed-off-by: Stephen Gran <steve@lobefin.net>

this should virtually work

Signed-off-by: Stephen Gran <steve@lobefin.net>

dammit.  ferm is smarter than me

Signed-off-by: Stephen Gran <steve@lobefin.net>

and actually quote correctly

Signed-off-by: Stephen Gran <steve@lobefin.net>

add v4 and v6 any rules

Signed-off-by: Stephen Gran <steve@lobefin.net>

a few more rules

Signed-off-by: Stephen Gran <steve@lobefin.net>

reshuffle things around

Signed-off-by: Stephen Gran <steve@lobefin.net>

override the command run as well

Signed-off-by: Stephen Gran <steve@lobefin.net>

put my home subnets in, instead of single ips

Signed-off-by: Stephen Gran <steve@lobefin.net>

permissions fixup

Signed-off-by: Stephen Gran <steve@lobefin.net>

first stab at making the rules appear without doing anything

Signed-off-by: Stephen Gran <steve@lobefin.net>

actually inherit from ferm in subclass

Signed-off-by: Stephen Gran <steve@lobefin.net>

what can possibly go wrong, take 2

Signed-off-by: Stephen Gran <steve@lobefin.net>

what can possibly go wrong

Signed-off-by: Stephen Gran <steve@lobefin.net>

and remove random extra keyword

Signed-off-by: Stephen Gran <steve@lobefin.net>

apparently this is a known bug only for icmp - make target match all protocols but only after icmp accept

Signed-off-by: Stephen Gran <steve@lobefin.net>

a few more rules

Signed-off-by: Stephen Gran <steve@lobefin.net>

move INVALID handler after ICMP handler due to ip6tables bug

Signed-off-by: Stephen Gran <steve@lobefin.net>

add v6, possibly not brokenly this time

Signed-off-by: Stephen Gran <steve@lobefin.net>

might work better

Signed-off-by: Stephen Gran <steve@lobefin.net>

how bad can this go

Signed-off-by: Stephen Gran <steve@lobefin.net>

fail open

Signed-off-by: Stephen Gran <steve@lobefin.net>

try it with several ips

Signed-off-by: Stephen Gran <steve@lobefin.net>

reload ferm on rule change

Signed-off-by: Stephen Gran <steve@lobefin.net>

maybe this is not wrong, take 7

Signed-off-by: Stephen Gran <steve@lobefin.net>

maybe this is not wrong, take 6

Signed-off-by: Stephen Gran <steve@lobefin.net>

maybe this is not wrong, take 5

Signed-off-by: Stephen Gran <steve@lobefin.net>

maybe this is not wrong, take 4

Signed-off-by: Stephen Gran <steve@lobefin.net>

maybe this is not wrong, take 3

Signed-off-by: Stephen Gran <steve@lobefin.net>

maybe this is not wrong, take 2

Signed-off-by: Stephen Gran <steve@lobefin.net>

maybe this is not wrong

Signed-off-by: Stephen Gran <steve@lobefin.net>