├── modules ├── custom │ ├── files │ │ └── blank │ └── plugins │ │ ├── facter │ │ └── jailed.rb │ │ └── puppet │ │ └── parser │ │ └── functions │ │ ├── dash2underscore.rb │ │ ├── exists.rb │ │ ├── flatten.rb │ │ ├── puppet_exists.rb │ │ └── login2uid.rb ├── nginx │ ├── files │ │ ├── passwords │ │ │ └── personal.htaccess │ │ ├── fastcgi_params │ │ └── mime.types │ ├── templates │ │ ├── enabled │ │ │ ├── ext.rt │ │ │ └── ext.twiki │ │ ├── nginx.conf.freebsd.erb │ │ ├── nginx.conf.ubuntu.erb │ │ └── nginx.conf.erb │ ├── manifests │ │ ├── fastcgi.pp │ │ └── init.pp │ ├── dist │ │ ├── fastcgi_params │ │ ├── koi-win │ │ ├── nginx.conf-dist │ │ ├── koi-utf │ │ ├── mime.types-dist │ │ └── win-utf │ ├── lib │ │ ├── nginx_server.rb │ │ ├── options_core.rb │ │ └── README.mkd │ └── stationx ├── puppet │ ├── files │ │ ├── autosign.conf │ │ ├── fileserver.conf │ │ └── namespaceauth.conf │ ├── templates │ │ ├── tagmail.conf.erb │ │ └── puppet.conf.erb │ ├── manifests │ │ └── init.pp │ └── dist │ │ └── puppetd.conf ├── environment │ ├── manifests │ │ ├── init.pp │ │ ├── clisp.pp │ │ ├── java │ │ │ └── compojure.pp │ │ ├── ruby │ │ │ ├── sinatra.pp │ │ │ ├── rails.pp │ │ │ ├── mongrel.pp │ │ │ └── thin.pp │ │ ├── java.pp │ │ └── ruby.pp │ └── templates │ │ └── thin.erb ├── project │ ├── manifests │ │ ├── init.pp │ │ ├── neko │ │ │ ├── indcyc.pp │ │ │ └── annotalia.pp │ │ ├── alhowar │ │ │ ├── sinatra.pp │ │ │ ├── rails.pp │ │ │ └── reddit.pp │ │ └── dso │ │ │ └── wishlist.pp │ └── dist │ │ └── wishlist_sphinx_ts:index.output ├── mount │ └── manifests │ │ ├── init.pp │ │ └── jail.pp ├── core │ ├── files │ │ ├── localtime │ │ ├── ntp.conf │ │ ├── make.conf │ │ ├── pf.conf │ │ ├── sysctl.conf │ │ └── pf.conf.hyper │ ├── templates │ │ ├── rc.local.erb │ │ ├── resolv.conf.erb │ │ ├── hosts.erb │ │ └── rc.conf.erb │ └── manifests │ │ ├── init.pp │ │ └── freebsd.pp ├── ports │ ├── manifests │ │ ├── vim.pp │ │ ├── init.pp │ │ └── sudo.pp │ ├── generate │ ├── README │ ├── .generate.rb │ └── files │ │ └── sudoers ├── user │ └── manifests │ │ ├── real │ │ ├── rescue.pp │ │ ├── neko.pp │ │ ├── lp.pp │ │ └── dso.pp │ │ ├── real.pp │ │ ├── virtual.pp │ │ └── init.pp ├── exim │ ├── templates │ │ ├── mailer.conf.erb │ │ └── aliases.erb │ └── manifests │ │ └── init.pp ├── thttpd │ ├── manifests │ │ └── init.pp │ └── files │ │ └── thttpd.conf ├── ezjail │ ├── templates │ │ ├── fstab.rescue.erb │ │ └── ezjail.conf.erb │ ├── files │ │ └── flavour │ │ │ ├── etc │ │ │ ├── periodic.conf │ │ │ └── rc.local │ │ │ └── usr │ │ │ └── local │ │ │ └── etc │ │ │ └── puppet │ │ │ └── puppet.conf │ └── manifests │ │ └── init.pp ├── ssh │ ├── manifests │ │ └── init.pp │ └── templates │ │ └── sshd_config.erb ├── mysql │ ├── manifests │ │ └── init.pp │ └── dist │ │ └── sphinx.conf.sample └── mailman │ ├── dist │ └── mm_cfg.py.dist │ ├── templates │ └── mm_cfg.py.erb │ └── manifests │ └── init.pp ├── tagmail.conf ├── manifests ├── site.pp ├── roles.pp ├── defaults.pp ├── infrastructure.pp ├── nodes.pp └── macros.pp ├── namespaceauth.conf ├── puppet.conf └── README.mkd /modules/custom/files/blank: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /modules/nginx/files/passwords/personal.htaccess: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /modules/puppet/files/autosign.conf: -------------------------------------------------------------------------------- 1 | *.nekogiri.com 2 | -------------------------------------------------------------------------------- /tagmail.conf: -------------------------------------------------------------------------------- 1 | all: see_my_real_email@README.mkd 2 | -------------------------------------------------------------------------------- /modules/environment/manifests/init.pp: -------------------------------------------------------------------------------- 1 | # environment/init.pp 2 | 3 | import "*" 4 | -------------------------------------------------------------------------------- /modules/project/manifests/init.pp: -------------------------------------------------------------------------------- 1 | # project/init.pp 2 | 3 | import "*" 4 | 5 | -------------------------------------------------------------------------------- /modules/puppet/templates/tagmail.conf.erb: -------------------------------------------------------------------------------- 1 | all: see_my_real_email@REDACTED.mkd 2 | -------------------------------------------------------------------------------- /modules/mount/manifests/init.pp: -------------------------------------------------------------------------------- 1 | # module: mount/init.pp 2 | 3 | class mount { 4 | } 5 | -------------------------------------------------------------------------------- /modules/core/files/localtime: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/eshao/puppet/HEAD/modules/core/files/localtime -------------------------------------------------------------------------------- /modules/puppet/files/fileserver.conf: -------------------------------------------------------------------------------- 1 | [plugins] 2 | path /usr/local/etc/puppet/plugins 3 | allow * 4 | -------------------------------------------------------------------------------- /modules/ports/manifests/vim.pp: -------------------------------------------------------------------------------- 1 | class ports::vim { 2 | package { 'vim': ensure => present, provider => freebsd } 3 | } -------------------------------------------------------------------------------- /modules/core/templates/rc.local.erb: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # /etc/rc.local - run once at boot time 3 | # Put any local setup commands in here: 4 | -------------------------------------------------------------------------------- /modules/ports/generate: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | require '.generate' 4 | 5 | generate("sudo", ["sudoers", 440]) 6 | generate("vim") 7 | -------------------------------------------------------------------------------- /modules/environment/manifests/clisp.pp: -------------------------------------------------------------------------------- 1 | # projects/clisp.pp 2 | 3 | class project::clisp { 4 | package { 5 | "clisp":; 6 | "cl-asdf":; 7 | } 8 | } 9 | -------------------------------------------------------------------------------- /modules/environment/manifests/java/compojure.pp: -------------------------------------------------------------------------------- 1 | # environment/java/compojure.pp 2 | 3 | class environment::java::compojure { 4 | package { 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /modules/core/templates/resolv.conf.erb: -------------------------------------------------------------------------------- 1 | search <%= search %> 2 | <% nameservers.each do |nameserver| -%> 3 | nameserver <%= nameserver %> 4 | <% end -%> 5 | lookup file bind 6 | -------------------------------------------------------------------------------- /modules/custom/plugins/facter/jailed.rb: -------------------------------------------------------------------------------- 1 | require 'facter' 2 | 3 | Facter.add("jailed") do 4 | setcode do 5 | `sysctl security.jail.jailed | sed "s/security.jail.jailed: //"`.strip 6 | end 7 | end 8 | -------------------------------------------------------------------------------- /modules/custom/plugins/puppet/parser/functions/dash2underscore.rb: -------------------------------------------------------------------------------- 1 | module Puppet::Parser::Functions 2 | newfunction(:dash2underscore, :type => :rvalue) do |arg| 3 | arg[0].gsub('-', '_') 4 | end 5 | end 6 | -------------------------------------------------------------------------------- /modules/custom/plugins/puppet/parser/functions/exists.rb: -------------------------------------------------------------------------------- 1 | module Puppet::Parser::Functions 2 | newfunction(:exists, :type => :rvalue) do |arg| 3 | File.exists?(arg[0]) || File.symlink?(arg[0]) 4 | end 5 | end 6 | -------------------------------------------------------------------------------- /modules/user/manifests/real/rescue.pp: -------------------------------------------------------------------------------- 1 | # module: user/rescue.pp 2 | 3 | class user::real::rescue inherits user::real { 4 | $groups = ["neko", "dso"] 5 | 6 | dgroup {$groups: } 7 | Duser["eshao"] { groups +> $groups } 8 | } 9 | -------------------------------------------------------------------------------- /modules/ports/manifests/init.pp: -------------------------------------------------------------------------------- 1 | # module: ports/init.pp 2 | 3 | class ports { 4 | define pkg_add() { 5 | package { '$name': 6 | ensure => present, 7 | provider => freebsd, 8 | } 9 | } 10 | } 11 | 12 | -------------------------------------------------------------------------------- /manifests/site.pp: -------------------------------------------------------------------------------- 1 | # site.pp 2 | # 3 | # ref: 4 | 5 | $puppetmasterd_ip = '38.99.2.39' 6 | 7 | import "infrastructure" 8 | import "macros" 9 | import "roles" 10 | import "defaults" 11 | import "nodes" 12 | 13 | -------------------------------------------------------------------------------- /modules/custom/plugins/puppet/parser/functions/flatten.rb: -------------------------------------------------------------------------------- 1 | # flatten.rb: flattens a one dimensional array into a string. 2 | 3 | module Puppet::Parser::Functions 4 | newfunction(:flatten, :type => :rvalue) do |arg| 5 | "\"#{arg.join('", "')}\"" 6 | end 7 | end 8 | -------------------------------------------------------------------------------- /modules/exim/templates/mailer.conf.erb: -------------------------------------------------------------------------------- 1 | <% sendmail_location = '/usr/local/sbin/exim' %> 2 | sendmail <%= sendmail_location %> 3 | send-mail <%= sendmail_location %> 4 | mailq <%= sendmail_location %> -bp 5 | newaliases /usr/bin/true 6 | -------------------------------------------------------------------------------- /modules/environment/manifests/ruby/sinatra.pp: -------------------------------------------------------------------------------- 1 | # environment/ruby/sinatra.pp 2 | 3 | class environment::ruby::sinatra inherits environment::ruby::thin { 4 | package { 5 | "sinatra": 6 | provider => "gem", 7 | require => Package["rubygems"]; 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /modules/user/manifests/real.pp: -------------------------------------------------------------------------------- 1 | # module: user/real.pp 2 | # 3 | # Concrete users that need to be on ALL servers. 4 | 5 | class user::real inherits user::virtual { 6 | $default_users = [ 7 | "eshao", 8 | ] 9 | 10 | realize Dgroup[$default_users] 11 | realize Duser[$default_users] 12 | } 13 | -------------------------------------------------------------------------------- /modules/ports/README: -------------------------------------------------------------------------------- 1 | In here go all ports. Conveniently, they all are prefixed with /usr/local/etc. 2 | Therefore, their configuration should be very easy. Even scriptable. 3 | 4 | Automatically excludes many core system apps, which use /etc. 5 | 6 | ONLY for ports with no moving parts, ie: one static configuration file. 7 | -------------------------------------------------------------------------------- /namespaceauth.conf: -------------------------------------------------------------------------------- 1 | [fileserver] 2 | allow *.nekogiri.com 3 | 4 | [puppetmaster] 5 | allow *.nekogiri.com 6 | 7 | [puppetrunner] 8 | allow *.nekogiri.com 9 | 10 | [puppetbucket] 11 | allow *.nekogiri.com 12 | 13 | [puppetreports] 14 | allow *.nekogiri.com 15 | 16 | [resource] 17 | allow *.nekogiri.com 18 | -------------------------------------------------------------------------------- /modules/puppet/files/namespaceauth.conf: -------------------------------------------------------------------------------- 1 | [fileserver] 2 | allow *.nekogiri.com 3 | 4 | [puppetmaster] 5 | allow *.nekogiri.com 6 | 7 | [puppetrunner] 8 | allow *.nekogiri.com 9 | 10 | [puppetbucket] 11 | allow *.nekogiri.com 12 | 13 | [puppetreports] 14 | allow *.nekogiri.com 15 | 16 | [resource] 17 | allow *.nekogiri.com 18 | -------------------------------------------------------------------------------- /modules/custom/plugins/puppet/parser/functions/puppet_exists.rb: -------------------------------------------------------------------------------- 1 | module Puppet::Parser::Functions 2 | newfunction(:puppet_exists, :type => :rvalue) do |arg| 3 | confdir = '/usr/local/etc/puppet' 4 | path = File.join(confdir, "modules") 5 | return false if !File.exist?(path) 6 | 7 | !`find #{path} -name #{arg[0]}`.empty? 8 | end 9 | end 10 | -------------------------------------------------------------------------------- /modules/user/manifests/real/neko.pp: -------------------------------------------------------------------------------- 1 | # module: user/neko.pp 2 | 3 | class user::real::neko inherits user::real { 4 | $neko_users = [ 5 | "eshao", 6 | "example", 7 | ] 8 | 9 | Duser["eshao"] { groups +> $neko_users } 10 | 11 | # Override group for $neko_users and instantiate them. 12 | realize Dgroup[$neko_users] 13 | realize Duser[$neko_users] 14 | } 15 | -------------------------------------------------------------------------------- /modules/environment/manifests/ruby/rails.pp: -------------------------------------------------------------------------------- 1 | # environment/ruby/rails.pp 2 | # 3 | # Default installation for rails + some projects with dependencies maintained 4 | # through puppet. 5 | 6 | class environment::ruby::rails inherits environment::ruby::mongrel { 7 | package { 8 | "rails": 9 | provider => "gem", 10 | require => Package["rubygems"]; 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /modules/thttpd/manifests/init.pp: -------------------------------------------------------------------------------- 1 | # module: thttpd/init.pp 2 | 3 | class thttpd { 4 | sync {"thttpd.conf": 5 | prefix => "/usr/local/etc", 6 | module => "thttpd", 7 | notify => Service[thttpd], 8 | require => Package[thttpd], 9 | } 10 | 11 | # The thttpd service. 12 | package { "thttpd": } 13 | service { "thttpd": require => Package[thttpd] } 14 | } 15 | -------------------------------------------------------------------------------- /modules/ports/manifests/sudo.pp: -------------------------------------------------------------------------------- 1 | # ports/sudo.pp 2 | 3 | class ports::sudo { 4 | package { 'sudo': ensure => present, provider => freebsd } 5 | sync { "sudoers": 6 | prefix => $operatingsystem ? { 7 | freebsd => "/usr/local/etc", 8 | default => "/etc" 9 | }, 10 | module => "ports", 11 | require => Package["sudo"], 12 | mode => 440, 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /modules/project/manifests/neko/indcyc.pp: -------------------------------------------------------------------------------- 1 | # project/neko/indcyc.pp 2 | 3 | class project::neko::indcyc inherits environment::ruby::sinatra { 4 | $neko_owner = 'www' 5 | $neko_group = 'www' 6 | $neko_directory = "/var/www/indcyc.com/sinatra/" 7 | 8 | thin_cluster_config { "indcyc": 9 | chdir => $neko_directory, 10 | port => 4632, 11 | group => $neko_group, 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /modules/project/manifests/neko/annotalia.pp: -------------------------------------------------------------------------------- 1 | # project/neko/annotalia.pp 2 | 3 | class project::neko::annotalia inherits environment::ruby::sinatra { 4 | $neko_owner = 'www' 5 | $neko_group = 'www' 6 | $neko_directory = "/var/www/annotalia.com/sinatra/" 7 | 8 | thin_cluster_config { "annotalia": 9 | chdir => $neko_directory, 10 | port => 2666, 11 | group => $neko_group, 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /modules/project/manifests/alhowar/sinatra.pp: -------------------------------------------------------------------------------- 1 | # project/alhowar/sinatra.pp 2 | 3 | class project::alhowar::sinatra inherits environment::ruby::sinatra { 4 | $alhowar_owner = 'www' 5 | $alhowar_group = 'howar' # 46927 6 | $alhowar_directory = "/var/www/alhowar.com/thin/" 7 | 8 | thin_cluster_config { "alhowar": 9 | chdir => $alhowar_directory, 10 | port => 6927, 11 | group => $alhowar_group, 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /modules/user/manifests/real/lp.pp: -------------------------------------------------------------------------------- 1 | # module: user/lp.pp 2 | 3 | class user::real::lp inherits user::real { 4 | $lp_users = [ 5 | "eshao", 6 | ] 7 | $lp_group = "howar" 8 | dgroup { $lp_group: } # Quickly instantiate group. 9 | 10 | # Add people to additional groups to grant permissions. 11 | Duser["eshao"] { groups +> ["www"] } 12 | 13 | # Override group for $lp_users and instantiate them. 14 | Duser[$lp_users] { gid => $lp_group } 15 | realize Duser[$lp_users] 16 | } 17 | -------------------------------------------------------------------------------- /modules/thttpd/files/thttpd.conf: -------------------------------------------------------------------------------- 1 | user=www 2 | host=localhost 3 | port=8080 4 | dir=/var/www 5 | 6 | # Changed from default to support mailman. 7 | # ref: 8 | nochroot 9 | 10 | # Can't use symlinks with mailman anyway, so doesn't matter. 11 | # ref: 12 | #nosymlink 13 | 14 | 15 | cgipat=/cgi-bin/**|/mailman/**|**.cgi|**.pl|**.py|**.rb 16 | logfile=/var/log/thttpd.log 17 | pidfile=/var/run/thttpd.pid 18 | -------------------------------------------------------------------------------- /modules/environment/manifests/java.pp: -------------------------------------------------------------------------------- 1 | # environment/java.pp 2 | 3 | class environment::java { 4 | package { 5 | # Java dependencies, as seen at . 6 | ["zip", "unzip", "open-motif", "cups-client", "diablo-jdk16", "gmake", 7 | "libX11", "libXext", "libXi", "pkg-config", "desktop-file-utils"]:; 8 | # Java runtime dependencies. 9 | ["javavmwrapper", "libXtst", "gio-fam-backend"]:; 10 | # Java required libraries. 11 | ["libiconv", "glib20"]:; 12 | "jdk16":; 13 | "apache-ant":; 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /modules/nginx/templates/enabled/ext.rt: -------------------------------------------------------------------------------- 1 | # Remember to add_virtualhost('lists.cmudso.org', 'lists.cmudso.org') in /etc/mailman/mm_cfg.py 2 | server { 3 | listen 80; 4 | server_name rt.cmudso.org; 5 | 6 | access_log /var/www/localhost/log/access.log; 7 | error_log /var/www/localhost/log/error.log info; 8 | 9 | # Show in the main page the list info 10 | rewrite ^/$ / last; 11 | 12 | location /rt/ { 13 | # Use thttpd for CGI 14 | proxy_pass http://127.0.0.1:8080/rt/; 15 | 16 | proxy_set_header Host $host; 17 | #proxy_intercept_errors on; 18 | } 19 | } 20 | 21 | -------------------------------------------------------------------------------- /modules/core/manifests/init.pp: -------------------------------------------------------------------------------- 1 | # module: core/init.pp 2 | # 3 | # For magic lookup: http://reductivelabs.com/trac/puppet/wiki/ModuleOrganisation 4 | # 5 | # Uses naming of files to specify: 6 | # -- per-os files 7 | # -- per-host files 8 | 9 | import '*' 10 | 11 | class core { 12 | Sync { prefix => "/etc", module => "core" } 13 | Itpl { prefix => "/etc", module => "core" } 14 | 15 | # Sync files. 16 | # localtime from /usr/share/zoneinfo. 17 | sync { ["make.conf", "ntp.conf", "sysctl.conf", "pf.conf", "localtime"]: } 18 | itpl { ["resolv.conf", "hosts", "rc.conf", "rc.local"]: } 19 | } 20 | 21 | -------------------------------------------------------------------------------- /modules/nginx/templates/enabled/ext.twiki: -------------------------------------------------------------------------------- 1 | server { 2 | listen 80; 3 | server_name kb.cmudso.org; 4 | 5 | access_log /var/www/localhost/log/access.log; 6 | error_log /var/www/localhost/log/error.log debug; 7 | 8 | # rewrite ^/twiki/(.*) /$1 last; 9 | 10 | location / { 11 | # Use thttpd for CGI 12 | proxy_set_header Host $host; 13 | proxy_set_header X-Real-IP $remote_addr; 14 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 15 | 16 | proxy_pass http://localhost:8080/; 17 | proxy_buffering off; 18 | #proxy_intercept_errors on; 19 | } 20 | } 21 | 22 | -------------------------------------------------------------------------------- /modules/core/files/ntp.conf: -------------------------------------------------------------------------------- 1 | # GPL $Id: ntpd.conf,v 1.1.1.1 2005/02/28 18:22:49 cvonk Exp $ 2 | # configuration for Network Time Protocol client/server (ntpd) 3 | # 4 | # note that currently the clock is only synchronized at system startup 5 | # (this to keep my dial-on-demand ISDN connection from staying up) 6 | # 7 | # See also: 8 | 9 | # prohibit general access 10 | restrict default ignore 11 | 12 | #server 0.pool.ntp.org 13 | #server 1.pool.ntp.org 14 | #server 2.pool.ntp.org 15 | server pool.ntp.org 16 | 17 | # drift file. 18 | driftfile /var/db/ntp.drift 19 | -------------------------------------------------------------------------------- /manifests/roles.pp: -------------------------------------------------------------------------------- 1 | # roles.pp 2 | # 3 | # Define the various roles used by the nodes. There is a general class with 4 | # general modules used in all the hosts and then some specific roles with 5 | # extra includes. 6 | 7 | case $operatingsystem { 8 | freebsd: { 9 | $root = "root" 10 | $wheel = "wheel" 11 | } 12 | default: { 13 | $root = "root" # root's login 14 | $wheel = "root" # root's group 15 | } 16 | } 17 | 18 | class minimum { 19 | include core, puppet 20 | include ports, ports::sudo 21 | } 22 | 23 | class baseclass { 24 | include minimum, ssh 25 | include user::real # Instantiate users that should be on ALL servers. 26 | } 27 | 28 | -------------------------------------------------------------------------------- /modules/ezjail/templates/fstab.rescue.erb: -------------------------------------------------------------------------------- 1 | # fstab.<%= name %> 2 | /usr/jails/basejail /usr/jails/<%= name %>/basejail nullfs ro,noatime 0 0 3 | 4 | <% unless name == 'dso' %> 5 | # Mount . 6 | /home/eshao/.git /usr/jails/<%= name %>/usr/home/eshao/.git nullfs rw 0 0 7 | /home/eshao/wsp /usr/jails/<%= name %>/usr/home/eshao/wsp nullfs rw 0 0 8 | <% end %> 9 | 10 | <% if name == 'neko' || name == 'dso' %> 11 | # Mount . 12 | /fs/<%= name %>/www /usr/jails/<%= name %>/var/www nullfs rw 0 0 13 | <% end %> 14 | 15 | <% if name == 'dso' %> 16 | # Mount . 17 | /fs/<%= name %>/mailman /usr/jails/<%= name %>/usr/local/mailman nullfs rw 0 0 18 | <% end %> 19 | -------------------------------------------------------------------------------- /modules/project/manifests/alhowar/rails.pp: -------------------------------------------------------------------------------- 1 | # project/alhowar/rails.pp 2 | # 3 | # In Common Lisp: 4 | # ref: 5 | # 6 | # In Rails: 7 | # ref: 8 | 9 | class project::alhowar::rails inherits environment::ruby::rails { 10 | $alhowar_owner = 'www' 11 | $alhowar_group = 'howar' # 46927 12 | $alhowar_directory = "/var/www/alhowar.com/rails/" 13 | 14 | Service["mongrel_cluster"] { enable => true } 15 | mongrel_cluster_config { "alhowar": 16 | cwd => $alhowar_directory, 17 | port => 46927, 18 | group => $alhowar_group, 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /modules/custom/plugins/puppet/parser/functions/login2uid.rb: -------------------------------------------------------------------------------- 1 | module Puppet::Parser::Functions 2 | newfunction(:login2uid, :type => :rvalue) do |arg| 3 | minuid = 1100 4 | maxuid = 65530 5 | login = arg[0] 6 | 7 | # Telephone transformation. 8 | uid = login.gsub(/[abc]/, '2') 9 | uid.gsub!(/[def]/, '3') 10 | uid.gsub!(/[ghi]/, '4') 11 | uid.gsub!(/[jkl]/, '5') 12 | uid.gsub!(/[mno]/, '6') 13 | uid.gsub!(/[pqrs]/, '7') 14 | uid.gsub!(/[tuv]/, '8') 15 | uid.gsub!(/[wxyz]/, '9') 16 | uid = uid.to_i 17 | 18 | # Boundary checking. 19 | uid = uid.modulo(maxuid) 20 | if uid < 1100 then 21 | return uid + 1100 22 | else 23 | return uid 24 | end 25 | end 26 | end 27 | -------------------------------------------------------------------------------- /modules/nginx/manifests/fastcgi.pp: -------------------------------------------------------------------------------- 1 | # module: nginx/fastcgi.pp 2 | 3 | class nginx::fastcgi { 4 | # Use latest recommended configuration. 5 | file {"/usr/local/etc/php.ini": 6 | alias => "php.ini", 7 | ensure => "/usr/local/etc/php.ini-recommended", 8 | } 9 | 10 | # The fastcgi-php service. 11 | package {["php5", "spawn-fcgi"]: require => Package[nginx] } 12 | package {["php5-extensions", "php5-mysql"]: require => Package[php5] } 13 | core::freebsd::ports_enable {"spawn_fcgi": } 14 | 15 | # The service can check its own pid correctly, but only if no syntax errors, 16 | # which are prone because of the messed up spawn-fcgi rc.conf.d file. 17 | service { "spawn-fcgi": require => Package[spawn-fcgi] } 18 | } 19 | 20 | -------------------------------------------------------------------------------- /modules/environment/templates/thin.erb: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # PROVIDE: thin_<%= name %> 3 | # REQUIRE: DAEMON 4 | # KEYWORD: shutdown 5 | # 6 | # thin_<%= name %>_enable (bool): 7 | # Set it to YES to enable this service. 8 | # Default: NO 9 | 10 | . /etc/rc.subr 11 | 12 | name=thin_<%= name %> 13 | rcvar=${name}_enable 14 | 15 | command="/usr/local/bin/thin" 16 | 17 | load_rc_config $name 18 | 19 | : ${thin_<%= name %>_enable="NO"} 20 | 21 | command_args="-C <%= File.join(chdir, "log", "thin.yml") %>" 22 | start_cmd="thin_cmd start" 23 | stop_cmd="thin_cmd stop" 24 | status_cmd="thin_cmd status" 25 | 26 | thin_cmd() 27 | { 28 | ${command} $1 ${thin_flags} ${command_args} 2>&1 | grep -v "procfs" 29 | } 30 | 31 | run_rc_command "$1" 32 | -------------------------------------------------------------------------------- /modules/ssh/manifests/init.pp: -------------------------------------------------------------------------------- 1 | # module: ssh/init.pp 2 | # 3 | # -- Depends 4 | # $root, $wheel, $ip 5 | 6 | class ssh { 7 | # Files. 8 | $ssh_sync = [ 9 | "ssh_host_dsa_key", 10 | "ssh_host_key", 11 | "ssh_host_rsa_key" 12 | ] 13 | $ssh_itpl = [ 14 | "sshd_config", 15 | ] 16 | 17 | # Static sync. 18 | sync { $ssh_sync: 19 | prefix => "/etc/ssh", 20 | module => "ssh", 21 | mode => 600, 22 | } 23 | 24 | # Dynamic sync. 25 | itpl { $ssh_itpl: 26 | prefix => "/etc/ssh", 27 | module => "ssh", 28 | notify => Service[sshd], 29 | } 30 | 31 | # sshd service. 32 | service { sshd: 33 | ensure => true, 34 | enable => true, 35 | require => File["sshd_config"], 36 | } 37 | } 38 | 39 | -------------------------------------------------------------------------------- /modules/user/manifests/virtual.pp: -------------------------------------------------------------------------------- 1 | # module: user/virtual.pp 2 | # 3 | # Users should be declared virtually in a a class called user::virtual. 4 | # These virtual users can then be realized as needed in user groups. 5 | # (Note: The subclasses of users should mostly be logical groupings.) 6 | # 7 | # ref: 8 | # ref: 9 | 10 | class user::virtual inherits user { 11 | # Manage users. 12 | @duser { 13 | # Me. 14 | "eshao": 15 | password => 'use_a_bogus_hash_here_...mSJVf5me/', 16 | groups => ["wheel"]; 17 | 18 | 19 | # Guests. 20 | "example": password => 'use_a_bogus_hash_here_...XGdsiP2Q0'; 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /modules/core/files/make.conf: -------------------------------------------------------------------------------- 1 | # ref: 2 | CPUTYPE=i386 3 | CFLAGS= -O3 -pipe -funroll-loops -ffast-math 4 | COPTFLAGS= -O2 -pipe -funroll-loops -ffast-math 5 | 6 | # WRKDIRPREFIX: Where to create any temporary files. 7 | # DISTDIR: Where to find/put distfiles. 8 | # PACKAGES: Used only for the package target; the base directory for the 9 | # packages tree, normally packages/ in PORTSDIR. 10 | # ref: 11 | WRKDIRPREFIX=/var/ports 12 | DISTDIR=/var/ports/distfiles 13 | PACKAGES=/var/ports/packages 14 | 15 | # Can use `make config` in special cases when the defaults don't suffice. 16 | BATCH=yes 17 | 18 | # Added by use.perl. 19 | PERL_VERSION=5.8.9 20 | -------------------------------------------------------------------------------- /modules/user/manifests/real/dso.pp: -------------------------------------------------------------------------------- 1 | # module: user/dso.pp 2 | 3 | class user::real::dso inherits user::real { 4 | $dso_users = [ 5 | "eshao", 6 | "root_example", # Superusers. 7 | "example", # Regular users. 8 | ] 9 | $dso_group = "dso" 10 | dgroup { $dso_group: } # Quickly instantiate group. 11 | 12 | # Give root to some users. 13 | Duser["root_example"] { groups +> ["wheel"] } 14 | 15 | # Override group for $dso_users and instantiate them. 16 | Duser[$dso_users] { gid => $dso_group } 17 | realize Duser[$dso_users] 18 | 19 | # Make sure users know where www is. 20 | define symlinks() { 21 | file { 22 | "/home/$name/dsoglobal.org": ensure => "/var/www/dsoglobal.org/public"; 23 | "/home/$name/wishlist": ensure => "/var/www/dsoglobal.org/wishlist"; 24 | } 25 | } 26 | symlinks { $dso_users: } 27 | } 28 | -------------------------------------------------------------------------------- /modules/ezjail/files/flavour/etc/periodic.conf: -------------------------------------------------------------------------------- 1 | # (path or list) What to do with the output of the scripts envoked 2 | # from the directory dir. If this variable is set to an absolute 3 | # path name, output is logged to that file, otherwise it is taken 4 | # as one or more space separated email addresses and mailed to 5 | # those users. If this variable is not set or is empty, output is 6 | # sent to standard output. 7 | daily_output="/var/log/daily.log" 8 | weekly_output="/var/log/weekly.log" 9 | monthly_output="/var/log/monthly.log" 10 | daily_status_security_output="/var/log/daily_status_security.log" 11 | 12 | # Some overrides over /etc/defaults/periodic.conf. 13 | daily_status_network_enable="NO" 14 | daily_status_security_ipfwlimit_enable="NO" 15 | daily_status_security_ipfwdenied_enable="NO" 16 | weekly_whatis_enable="NO" # our jails are read-only /usr 17 | -------------------------------------------------------------------------------- /modules/environment/manifests/ruby.pp: -------------------------------------------------------------------------------- 1 | # environment/ruby.pp 2 | 3 | class environment::ruby { 4 | # An explaination of the difference between ports and gems can be found at: 5 | # 6 | # 7 | # For some reason, everything breaks horribly without iconv. 8 | package { 9 | "ruby":; 10 | "ruby18-iconv": 11 | require => Package["ruby"]; 12 | "ruby18-gems": 13 | alias => "rubygems", 14 | require => Package["ruby", "ruby18-iconv"]; 15 | 16 | # SQLite is a good drop-in default database. 17 | # Need to install sqlite3-ruby gem manually. 18 | # ref: 19 | "sqlite3":; 20 | "rubygem-sqlite3":; 21 | 22 | # Very common rubygems. 23 | "haml": 24 | provider => "gem", 25 | require => Package["rubygems"]; 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /manifests/defaults.pp: -------------------------------------------------------------------------------- 1 | # defaults.pp 2 | # 3 | # Some resource defaults. 4 | 5 | Exec { 6 | path => [ 7 | "/usr/libexec", 8 | "/sbin", 9 | "/bin", 10 | "/usr/sbin", 11 | "/usr/bin", 12 | "/usr/games", 13 | "/usr/local/sbin", 14 | "/usr/local/bin", 15 | ], 16 | } 17 | 18 | File { 19 | owner => $root, 20 | group => $wheel, 21 | mode => 664, 22 | ensure => present, 23 | } 24 | 25 | Service { 26 | ensure => running, 27 | enable => true, 28 | hasstatus => true, 29 | } 30 | 31 | # For Freebsd, the default is to use ensure => latest, provider => ports 32 | Package { 33 | ensure => present, 34 | provider => freebsd, 35 | } 36 | 37 | Cron { 38 | ensure => present, 39 | } 40 | 41 | # Users and groups. 42 | User { 43 | ensure => present, 44 | allowdupe => false, 45 | shell => $operatingsystem ? { 46 | freebsd => '/usr/local/bin/bash', 47 | default => '/bin/bash', 48 | }, 49 | } 50 | 51 | Group { 52 | ensure => present, 53 | } 54 | -------------------------------------------------------------------------------- /modules/nginx/dist/fastcgi_params: -------------------------------------------------------------------------------- 1 | 2 | fastcgi_param QUERY_STRING $query_string; 3 | fastcgi_param REQUEST_METHOD $request_method; 4 | fastcgi_param CONTENT_TYPE $content_type; 5 | fastcgi_param CONTENT_LENGTH $content_length; 6 | 7 | fastcgi_param SCRIPT_NAME $fastcgi_script_name; 8 | fastcgi_param REQUEST_URI $request_uri; 9 | fastcgi_param DOCUMENT_URI $document_uri; 10 | fastcgi_param DOCUMENT_ROOT $document_root; 11 | fastcgi_param SERVER_PROTOCOL $server_protocol; 12 | 13 | fastcgi_param GATEWAY_INTERFACE CGI/1.1; 14 | fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; 15 | 16 | fastcgi_param REMOTE_ADDR $remote_addr; 17 | fastcgi_param REMOTE_PORT $remote_port; 18 | fastcgi_param SERVER_ADDR $server_addr; 19 | fastcgi_param SERVER_PORT $server_port; 20 | fastcgi_param SERVER_NAME $server_name; 21 | 22 | # PHP only, required if PHP was built with --enable-force-cgi-redirect 23 | fastcgi_param REDIRECT_STATUS 200; 24 | -------------------------------------------------------------------------------- /modules/nginx/files/fastcgi_params: -------------------------------------------------------------------------------- 1 | 2 | fastcgi_param QUERY_STRING $query_string; 3 | fastcgi_param REQUEST_METHOD $request_method; 4 | fastcgi_param CONTENT_TYPE $content_type; 5 | fastcgi_param CONTENT_LENGTH $content_length; 6 | 7 | fastcgi_param SCRIPT_NAME $fastcgi_script_name; 8 | fastcgi_param REQUEST_URI $request_uri; 9 | fastcgi_param DOCUMENT_URI $document_uri; 10 | fastcgi_param DOCUMENT_ROOT $document_root; 11 | fastcgi_param SERVER_PROTOCOL $server_protocol; 12 | 13 | fastcgi_param GATEWAY_INTERFACE CGI/1.1; 14 | fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; 15 | 16 | fastcgi_param REMOTE_ADDR $remote_addr; 17 | fastcgi_param REMOTE_PORT $remote_port; 18 | fastcgi_param SERVER_ADDR $server_addr; 19 | fastcgi_param SERVER_PORT $server_port; 20 | fastcgi_param SERVER_NAME $server_name; 21 | 22 | # PHP only, required if PHP was built with --enable-force-cgi-redirect 23 | fastcgi_param REDIRECT_STATUS 200; 24 | -------------------------------------------------------------------------------- /modules/ezjail/files/flavour/usr/local/etc/puppet/puppet.conf: -------------------------------------------------------------------------------- 1 | # The configuration file for puppetmasterd. Note that this file 2 | # is likely to have unused configuration parameters in it; any parameter that's 3 | # valid anywhere in Puppet can be in any config file, even if it's not used. 4 | # 5 | # Every section can specify three special parameters: owner, group, and mode. 6 | # These parameters affect the required permissions of any files specified after 7 | # their specification. Puppet will sometimes use these parameters to check its 8 | # own configured state, so they can be used to make Puppet a bit more self-managing. 9 | # 10 | # Generated on Sat Aug 08 00:30:12 +0000 2009. 11 | # 12 | [main] 13 | # Changed locations. 14 | # confdir = /usr/local/etc/puppet 15 | # vardir = /var/puppet 16 | # logdir = $vardir/log 17 | # rundir = $vardir/run 18 | # statedir = $vardir/state 19 | ssldir = $vardir/ssl 20 | 21 | # ref: 22 | pluginsync = true 23 | factpath = $vardir/lib/facter 24 | -------------------------------------------------------------------------------- /modules/core/files/pf.conf: -------------------------------------------------------------------------------- 1 | # $FreeBSD$ 2 | # $OpenBSD: pf.conf,v 1.34 2007/02/24 19:30:59 millert Exp $ 3 | # 4 | # See pf.conf(5) and /usr/share/examples/pf for syntax and examples. 5 | # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 6 | # in /etc/sysctl.conf if packets are to be forwarded between interfaces. 7 | 8 | #table persist 9 | 10 | #set skip on lo 11 | 12 | #scrub in 13 | 14 | #nat-anchor "ftp-proxy/*" 15 | #rdr-anchor "ftp-proxy/*" 16 | #nat on $ext_if from !($ext_if) -> ($ext_if:0) 17 | #rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021 18 | #no rdr on $ext_if proto tcp from to any port smtp 19 | #rdr pass on $ext_if proto tcp from any to any port smtp \ 20 | # -> 127.0.0.1 port spamd 21 | 22 | #anchor "ftp-proxy/*" 23 | #block in 24 | #pass out 25 | 26 | #pass quick on $int_if no state 27 | #antispoof quick for { lo $int_if } 28 | 29 | #pass in on $ext_if proto tcp to ($ext_if) port ssh 30 | #pass in log on $ext_if proto tcp to ($ext_if) port smtp 31 | #pass out log on $ext_if proto tcp from ($ext_if) to port smtp 32 | -------------------------------------------------------------------------------- /modules/core/files/sysctl.conf: -------------------------------------------------------------------------------- 1 | # $FreeBSD$ 2 | # 3 | # This file is read when going to multi-user and its contents piped thru 4 | # ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for details. 5 | # 6 | 7 | # Uncomment this to prevent users from seeing information about processes that 8 | # are being run under another UID. 9 | 10 | 11 | security.jail.enforce_statfs=0 #Processes in jail cannot see all mounted file systems 12 | security.jail.mount_allowed=1 #Processes in jail can mount/unmount jail-friendly file systems 13 | #security.jail.chflags_allowed: #Processes in jail can alter system file flags 14 | security.jail.allow_raw_sockets=1 #Prison root can create raw sockets 15 | #security.jail.sysvipc_allowed: #Processes in jail can use System V IPC primitives 16 | #security.jail.socket_unixiproute_only: #Processes in jail are limited to creating UNIX/IP/route sockets only 17 | #security.jail.set_hostname_allowed: #Processes in jail can set their hostnames 18 | #security.jail.jail_max_af_ips: #Number of IP addresses a jail may have at most per address family 19 | #security.jail.jailed: #Process in jail? 20 | -------------------------------------------------------------------------------- /modules/project/dist/wishlist_sphinx_ts:index.output: -------------------------------------------------------------------------------- 1 | dso /var/www/dsoglobal.org/wishlist/cron> ./hourly 2 | (in /var/www/dsoglobal.org/wishlist) 3 | Generating Configuration to /var/www/dsoglobal.org/wishlist/config/development.sphinx.conf 4 | indexer --config /var/www/dsoglobal.org/wishlist/config/development.sphinx.conf --all --rotate 5 | Sphinx 0.9.8.1-release (r1533) 6 | Copyright (c) 2001-2008, Andrew Aksyonoff 7 | 8 | using config file '/var/www/dsoglobal.org/wishlist/config/development.sphinx.conf'... 9 | indexing index 'opportunity_core'... 10 | collected 182 docs, 0.2 MB 11 | collected 0 attr values 12 | sorted 0.0 Mvalues, 100.0% done 13 | sorted 0.0 Mhits, 100.0% done 14 | total 182 docs, 167986 bytes 15 | total 0.147 sec, 1142777.43 bytes/sec, 1238.11 docs/sec 16 | indexing index 'opportunity_delta'... 17 | collected 0 docs, 0.0 MB 18 | collected 0 attr values 19 | sorted 0.0 Mvalues, nan% done 20 | total 0 docs, 0 bytes 21 | total 0.047 sec, 0.00 bytes/sec, 0.00 docs/sec 22 | distributed index 'opportunity' can not be directly indexed; skipping. 23 | rotating indices: succesfully sent SIGHUP to searchd (pid=80444). 24 | -------------------------------------------------------------------------------- /modules/ezjail/files/flavour/etc/rc.local: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # BEFORE: DAEMON 4 | # 5 | # ezjail flavour example 6 | 7 | # Hide 8 | ####### 9 | # 10 | # Prevent this script from being called over and over if something fails. 11 | 12 | rm -f /etc/rc.local /etc/rc.d/ezjail-config.sh /ezjail.flavour 13 | 14 | # Packages 15 | ########### 16 | # 17 | # Install all packages previously put to /pkg 18 | # Remove package files afterwards 19 | 20 | find /basejail/pkg -type d -exec sh -c "cd {}; pkg_add *" \; 21 | 22 | # Puppet 23 | ######### 24 | # 25 | # Take care of setting up puppet. 26 | 27 | /usr/local/bin/puppetd --test 28 | /usr/local/bin/puppetd --test 29 | /usr/local/etc/rc.d/puppetd start 30 | 31 | # Postinstall 32 | ############## 33 | # 34 | # Your own stuff here, for example set login shells that were only 35 | # installed just before. 36 | /etc/rc.d/sshd start 37 | 38 | # Please note, that for all network related stuff like ports, 39 | # package remote fetching, etc. you need a sane /etc/resolv.conf 40 | 41 | # chpass -s /usr/local/bin/bash admin 42 | # pkg_add -r pico 43 | # cd /usr/ports/sysutils/screen && make install 44 | -------------------------------------------------------------------------------- /modules/ports/.generate.rb: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | `rm manifests/*` 4 | init = <<-eos 5 | # module: ports/init.pp 6 | 7 | class ports { 8 | define pkg_add() { 9 | package { '\\$name': 10 | ensure => present, 11 | provider => freebsd, 12 | } 13 | } 14 | } 15 | eos 16 | `echo "#{init}" > manifests/init.pp` 17 | 18 | # To generate a module with config files. 19 | def generate(name, *config_files) 20 | tbr = <<-eos 21 | class ports::#{name} { 22 | package { '#{name}': ensure => present, provider => freebsd } 23 | eos 24 | 25 | config_files.each do |tuple| 26 | # One or two arguments? 27 | if tuple[1].nil? then 28 | file = tuple 29 | else 30 | file = tuple[0] 31 | mode = "mode => #{tuple[1]}," 32 | end 33 | tbr << <<-eos 34 | sync { "#{file}": 35 | prefix => $operatingsystem ? { 36 | freebsd => "/usr/local/etc", 37 | default => "/etc" 38 | }, 39 | module => "ports", 40 | require => Package["#{name}"], 41 | #{mode} 42 | } 43 | eos 44 | end 45 | 46 | tbr << "}" 47 | File.open("manifests/#{name}.pp", 'w') {|f| f.write(tbr) } 48 | puts "Generated manifests/#{name}.pp" 49 | end 50 | -------------------------------------------------------------------------------- /modules/nginx/templates/nginx.conf.freebsd.erb: -------------------------------------------------------------------------------- 1 | #user www-data; 2 | worker_processes 1; 3 | 4 | #error_log /var/log/nginx/error.log; 5 | #pid /var/run/nginx.pid; 6 | 7 | events { 8 | worker_connections 1024; 9 | } 10 | 11 | http { 12 | include mime.types; 13 | default_type application/octet-stream; 14 | 15 | access_log /var/log/nginx/access.log; 16 | 17 | sendfile on; 18 | #tcp_nopush on; 19 | 20 | #keepalive_timeout 0; 21 | keepalive_timeout 65; 22 | tcp_nodelay on; 23 | autoindex on; 24 | 25 | # http://tumblelog.jauderho.com/post/27655495/gzip-compression-with-nginx 26 | gzip on; 27 | gzip_proxied any; 28 | gzip_http_version 1.1; 29 | gzip_comp_level 5; 30 | gzip_types text/plain text/html text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; 31 | 32 | # make sure gzip does not lose large gzipped js or css files 33 | # see http://blog.leetsoft.com/2007/7/25/nginx-gzip-ssl 34 | gzip_buffers 16 8k; 35 | 36 | # Disable gzip for certain browsers. 37 | gzip_disable "MSIE [1-6].(?!.*SV1)"; 38 | 39 | include /etc/nginx/sites-enabled/*; 40 | } 41 | -------------------------------------------------------------------------------- /modules/nginx/templates/nginx.conf.ubuntu.erb: -------------------------------------------------------------------------------- 1 | user www-data; 2 | worker_processes 1; 3 | 4 | error_log /var/log/nginx/error.log; 5 | pid /var/run/nginx.pid; 6 | 7 | events { 8 | worker_connections 1024; 9 | } 10 | 11 | http { 12 | include /etc/nginx/mime.types; 13 | default_type application/octet-stream; 14 | 15 | access_log /var/log/nginx/access.log; 16 | 17 | sendfile on; 18 | #tcp_nopush on; 19 | 20 | #keepalive_timeout 0; 21 | keepalive_timeout 65; 22 | tcp_nodelay on; 23 | autoindex on; 24 | 25 | # http://tumblelog.jauderho.com/post/27655495/gzip-compression-with-nginx 26 | gzip on; 27 | gzip_proxied any; 28 | gzip_http_version 1.1; 29 | gzip_comp_level 5; 30 | gzip_types text/plain text/html text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; 31 | 32 | # make sure gzip does not lose large gzipped js or css files 33 | # see http://blog.leetsoft.com/2007/7/25/nginx-gzip-ssl 34 | gzip_buffers 16 8k; 35 | 36 | # Disable gzip for certain browsers. 37 | gzip_disable "MSIE [1-6].(?!.*SV1)"; 38 | 39 | include /etc/nginx/sites-enabled/*; 40 | } 41 | -------------------------------------------------------------------------------- /modules/ports/files/sudoers: -------------------------------------------------------------------------------- 1 | # sudoers file. 2 | # 3 | # This file MUST be edited with the 'visudo' command as root. 4 | # Failure to use 'visudo' may result in syntax or file permission errors 5 | # that prevent sudo from running. 6 | # 7 | # See the sudoers man page for the details on how to write a sudoers file. 8 | # 9 | 10 | # Host alias specification 11 | 12 | # User alias specification 13 | 14 | # Cmnd alias specification 15 | 16 | # Defaults specification 17 | # Uncomment if needed to preserve environmental variables related to the 18 | # FreeBSD pkg_* utilities and fetch. 19 | #Defaults env_keep += "PKG_PATH PKG_DBDIR PKG_TMPDIR TMPDIR PACKAGEROOT PACKAGESITE PKGDIR FTP_PASSIVE_MODE" 20 | 21 | # Additionally uncomment if needed to preserve environmental variables 22 | # related to portupgrade. 23 | #Defaults env_keep += "PORTSDIR PORTS_INDEX PORTS_DBDIR PACKAGES PKGTOOLS_CONF" 24 | 25 | # Runas alias specification 26 | 27 | # User privilege specification 28 | root ALL=(ALL) ALL 29 | 30 | # Uncomment to allow people in group wheel to run all commands 31 | # %wheel ALL=(ALL) ALL 32 | 33 | # Same thing without a password 34 | %wheel ALL=(ALL) NOPASSWD: ALL 35 | 36 | # Samples 37 | # %users ALL=/sbin/mount /cdrom,/sbin/umount /cdrom 38 | # %users localhost=/sbin/shutdown -h now 39 | -------------------------------------------------------------------------------- /modules/nginx/templates/nginx.conf.erb: -------------------------------------------------------------------------------- 1 | #user www-data; 2 | worker_processes 1; 3 | 4 | #error_log /var/log/nginx/error.log; 5 | #pid /var/run/nginx.pid; 6 | 7 | events { 8 | worker_connections 1024; 9 | } 10 | 11 | http { 12 | include mime.types; 13 | default_type application/octet-stream; 14 | 15 | # access_log /var/log/nginx/access.log; 16 | 17 | sendfile on; 18 | #tcp_nopush on; 19 | 20 | #keepalive_timeout 0; 21 | keepalive_timeout 65; 22 | tcp_nodelay on; 23 | autoindex on; 24 | 25 | # http://tumblelog.jauderho.com/post/27655495/gzip-compression-with-nginx 26 | gzip on; 27 | gzip_proxied any; 28 | gzip_http_version 1.1; 29 | gzip_comp_level 5; 30 | 31 | # After 0.7.9, text/html is default type and always included. 32 | gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; 33 | 34 | # make sure gzip does not lose large gzipped js or css files 35 | # see http://blog.leetsoft.com/2007/7/25/nginx-gzip-ssl 36 | gzip_buffers 16 8k; 37 | 38 | # Disable gzip for certain browsers. 39 | gzip_disable "MSIE [1-6].(?!.*SV1)"; 40 | 41 | include <%= File.join(nginx_prefix, "enabled", "*") %>; 42 | } 43 | -------------------------------------------------------------------------------- /modules/puppet/manifests/init.pp: -------------------------------------------------------------------------------- 1 | # module: puppet/init.pp 2 | 3 | class puppet { 4 | # Per-module defaults. 5 | $puppet_prefix = $operatingsystem ? { 6 | freebsd => "/usr/local/etc/puppet", 7 | default => "/etc/puppet", 8 | } 9 | Sync { prefix => $puppet_prefix, module => "puppet" } 10 | Itpl { prefix => $puppet_prefix, module => "puppet" } 11 | File { require => Package[puppet], notify => Service[puppetd] } 12 | 13 | # Sync. 14 | $puppet_sync = [ 15 | "autosign.conf", 16 | "namespaceauth.conf", 17 | ] 18 | $puppet_itpl = [ 19 | "puppet.conf", 20 | "tagmail.conf", 21 | ] 22 | sync { $puppet_sync: mode => 644 } 23 | itpl { $puppet_itpl: mode => 644 } 24 | 25 | # Ensure that /etc/puppet -> /usr/local/etc/puppet on FreeBSD. 26 | file { "/etc/puppet": 27 | ensure => $operatingsystem ? { 28 | freebsd => "/usr/local/etc/puppet", 29 | default => directory, 30 | }, 31 | } 32 | 33 | # The puppetd service. 34 | package { "puppet": } 35 | service { "puppetd": require => File["puppet.conf"] } 36 | } 37 | 38 | class puppet::master inherits puppet { 39 | Sync[$puppet_sync] { notify +> Service[puppetmasterd] } 40 | Itpl[$puppet_itpl] { notify +> Service[puppetmasterd] } 41 | service { "puppetmasterd": require => File["puppet.conf"] } 42 | } 43 | -------------------------------------------------------------------------------- /puppet.conf: -------------------------------------------------------------------------------- 1 | # The configuration file for puppetmasterd. Note that this file 2 | # is likely to have unused configuration parameters in it; any parameter that's 3 | # valid anywhere in Puppet can be in any config file, even if it's not used. 4 | # 5 | # Every section can specify three special parameters: owner, group, and mode. 6 | # These parameters affect the required permissions of any files specified after 7 | # their specification. Puppet will sometimes use these parameters to check its 8 | # own configured state, so they can be used to make Puppet a bit more self-managing. 9 | # 10 | # Generated on Sat Aug 08 00:30:12 +0000 2009. 11 | # 12 | [main] 13 | # Changed locations. 14 | # confdir = /usr/local/etc/puppet 15 | # vardir = /var/puppet 16 | # logdir = $vardir/log 17 | # rundir = $vardir/run 18 | # statedir = $vardir/state 19 | ssldir = $vardir/ssl 20 | 21 | # ref: 22 | pluginsync = true 23 | factpath = $vardir/lib/facter 24 | # factsync = true 25 | 26 | # Enable reporting. 27 | report = true 28 | reports = tagmail,store 29 | summarize = true 30 | smtpserver = localhost 31 | 32 | [puppetmasterd] 33 | certname = hyper.nekogiri.com 34 | 35 | [puppetd] 36 | bindaddress = 67.58.98.11 37 | listen = true 38 | 39 | -------------------------------------------------------------------------------- /manifests/infrastructure.pp: -------------------------------------------------------------------------------- 1 | # infrastructure.pp 2 | # 3 | # Defines overall infrastructure logic. Give information specific to various 4 | # providers in use (prgmr.com, Slicehost, EC2, etc.) such as DNS. Nodes within 5 | # the same provider should be in the same network and grouped accordingly. 6 | # 7 | # Note: These variables are static and can NOT be reassigned. 8 | 9 | node basenode { 10 | # ref: 11 | $domain = "" # One-word lookup suffix. 12 | $nameservers = ["208.67.220.220", "208.67.222.222"] # Direct DNS queries to. 13 | $search = $domain # Space-deliminated. 14 | $intranet = "" 15 | } 16 | 17 | node prgmr inherits basenode { 18 | $domain = "nekogiri.com" 19 | $nameservers = ["66.28.0.45", "66.28.0.61"] 20 | $search = "${domain} xen.prgmr.com" 21 | $intranet = "" 22 | } 23 | 24 | node ec2 inherits basenode { 25 | } 26 | 27 | node cpc inherits basenode { 28 | $domain = "nekogiri.com" 29 | $nameservers = ["208.67.220.220","4.2.2.3","4.2.2.2","4.2.2.4"] 30 | $search = "${domain} local" 31 | $intranet = "67.58.98.8/29" 32 | 33 | # Domains I'll accept mail for. 34 | $local_domains = [ 35 | "nekogiri.com", 36 | "cmudso.org", 37 | "friedneko.com", 38 | "dsoglobal.org", 39 | ] 40 | } 41 | -------------------------------------------------------------------------------- /modules/puppet/templates/puppet.conf.erb: -------------------------------------------------------------------------------- 1 | # The configuration file for puppetmasterd. Note that this file 2 | # is likely to have unused configuration parameters in it; any parameter that's 3 | # valid anywhere in Puppet can be in any config file, even if it's not used. 4 | # 5 | # Every section can specify three special parameters: owner, group, and mode. 6 | # These parameters affect the required permissions of any files specified after 7 | # their specification. Puppet will sometimes use these parameters to check its 8 | # own configured state, so they can be used to make Puppet a bit more self-managing. 9 | # 10 | # Generated on Sat Aug 08 00:30:12 +0000 2009. 11 | # 12 | [main] 13 | # Changed locations. 14 | # confdir = /usr/local/etc/puppet 15 | # vardir = /var/puppet 16 | # logdir = $vardir/log 17 | # rundir = $vardir/run 18 | # statedir = $vardir/state 19 | ssldir = $vardir/ssl 20 | 21 | # ref: 22 | pluginsync = true 23 | factpath = $vardir/lib/facter 24 | # factsync = true 25 | 26 | # Enable reporting. 27 | report = true 28 | reports = tagmail,store 29 | summarize = true 30 | smtpserver = localhost 31 | 32 | [puppetmasterd] 33 | certname = hyper.<%= domain %> 34 | 35 | [puppetd] 36 | bindaddress = <%= ip %> 37 | listen = true 38 | 39 | -------------------------------------------------------------------------------- /modules/exim/manifests/init.pp: -------------------------------------------------------------------------------- 1 | # module: exim/init.pp 2 | # 3 | # It should set itself up, but try these troubleshooting steps: 4 | # ref: 5 | # 6 | # Steps after configuration to get through anti-spam: 7 | # 1) Configure reverse DNS. 8 | # 2) Configure SPF. 9 | 10 | class exim { 11 | Itpl { module => "exim" } 12 | File { notify => Service[exim], require => Package[exim] } 13 | 14 | # Dynamic sync. 15 | itpl {"mailer.conf": prefix => "/etc/mail" } 16 | itpl {"configure": 17 | prefix => "/usr/local/etc/exim", 18 | mode => 644, 19 | } 20 | 21 | # /etc/aliases 22 | itpl { "aliases": 23 | prefix => "/etc/mail", 24 | mode => 644, 25 | } 26 | exec { "newaliases": 27 | subscribe => Itpl["aliases"], 28 | refreshonly => true, 29 | } 30 | file { "/etc/aliases": ensure => "mail/aliases" } 31 | 32 | # Don't `mailq -Ac` during nightly runs. 33 | # ref: 34 | core::freebsd::periodic_conf { 35 | "daily_status_include_submit_mailq": value => "NO"; 36 | } 37 | 38 | # The exim service. 39 | package {"exim": } 40 | service {"exim": require => Itpl[configure] } 41 | } 42 | 43 | class exim::sendonly inherits exim { 44 | Service["exim"] { 45 | hasstatus => false, # Will just report error message of not having rc val. 46 | ensure => stopped, 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /modules/nginx/manifests/init.pp: -------------------------------------------------------------------------------- 1 | # module: nginx/init.pp 2 | 3 | class nginx { 4 | # Define some defaults. 5 | $nginx_prefix = $operatingsystem ? { 6 | freebsd => "/usr/local/etc/nginx", 7 | default => "/etc/nginx", 8 | } 9 | $nginx_www = "/var/www" 10 | Sync { prefix => $nginx_prefix, module => "nginx", require => Package[nginx] } 11 | Sdir { prefix => $nginx_prefix, module => "nginx", require => Package[nginx] } 12 | Itpl { prefix => $nginx_prefix, module => "nginx", require => Package[nginx] } 13 | File { require => Package[nginx], notify => Service[nginx] } 14 | 15 | # Sync files. 16 | sync {[ 17 | "mime.types", 18 | "fastcgi_params", 19 | "enabled/gen.host", 20 | "enabled/gen.all"]: 21 | } 22 | sdir { "passwords": } 23 | itpl { "nginx.conf": } 24 | 25 | file {[ 26 | # Create folders so puppet doesn't fail on fresh installs. 27 | "$nginx_www", 28 | "$nginx_www/localhost", 29 | "$nginx_www/localhost/log"]: 30 | ensure => directory; 31 | "$nginx_prefix/enabled": 32 | ensure => directory, 33 | mode => 770; 34 | 35 | # A quick symlink for compatability's sake. 36 | "/etc/nginx": 37 | ensure => $operatingsystem ? { 38 | freebsd => "/usr/local/etc/nginx", 39 | default => directory, 40 | }; 41 | } 42 | 43 | # The nginx service. 44 | package { "nginx-devel": alias => "nginx" } 45 | service { "nginx": } 46 | } 47 | 48 | -------------------------------------------------------------------------------- /modules/project/manifests/alhowar/reddit.pp: -------------------------------------------------------------------------------- 1 | # project/alhowar/reddit.pp 2 | # 3 | # Process outlined on reddit trac. 4 | # ref: 5 | # 6 | # 1) Run PMR to install packages. 7 | # 2) Use ez_install to install Imaging. 8 | # 3) Use git to grab reddit source code. 9 | # 4) Follow instructions to run . 10 | # 5) Setup Postgre, create four initial databases. 11 | # 6) Follow to get nginx+reddit up. 12 | 13 | class project::alhowar::reddit { 14 | package { 15 | "curl":; 16 | "freetype2":; 17 | "gcc": source => "gcc44"; 18 | "gettext":; 19 | "git":; 20 | "jpeg":; 21 | "png":; 22 | "postgresql-server": source => "postgresql82-server"; 23 | "postgresql-libpqxx":; 24 | "postgresql-libpgeasy":; 25 | "subversion":; 26 | "python26":; 27 | "py26-setuptools":; 28 | "py26-psycopg2":; 29 | } 30 | service { 31 | "postgresql":; 32 | "memcached":; 33 | } 34 | 35 | # Need authentication for ri to use database. 36 | # err: sqlalchemy.exc.OperationalError: (OperationalError) 37 | # FATAL: no pg_hba.conf entry for host "67.58.98.14", 38 | # user "ri", database "newreddit", SSL off 39 | core::freebsd::line { "postgre_ri_auth": 40 | file => "/usr/local/pgsql/data/pg_hba.conf", 41 | line => "host all ri $ip/32 trust" 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /modules/core/files/pf.conf.hyper: -------------------------------------------------------------------------------- 1 | # $FreeBSD$ 2 | # $OpenBSD: pf.conf,v 1.34 2007/02/24 19:30:59 millert Exp $ 3 | # 4 | # See pf.conf(5) and /usr/share/examples/pf for syntax and examples. 5 | # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 6 | # in /etc/sysctl.conf if packets are to be forwarded between interfaces. 7 | 8 | ext_if="xn0" 9 | #int_if="int0" 10 | 11 | # 12 | nat on $ext_if from 10.0.0.0/8 to any -> ($ext_if) 13 | #nat on $ext_if from vif1:network to any -> ($ext_if) 14 | #nat on $ext_if from vif2:network to any -> ($ext_if) 15 | #nat on $ext_if from vif3:network to any -> ($ext_if) 16 | #nat on $ext_if from vif4:network to any -> ($ext_if) 17 | 18 | #table persist 19 | 20 | #set skip on lo 21 | 22 | #scrub in 23 | 24 | #nat-anchor "ftp-proxy/*" 25 | #rdr-anchor "ftp-proxy/*" 26 | #nat on $ext_if from !($ext_if) -> ($ext_if:0) 27 | #rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021 28 | #no rdr on $ext_if proto tcp from to any port smtp 29 | #rdr pass on $ext_if proto tcp from any to any port smtp \ 30 | # -> 127.0.0.1 port spamd 31 | 32 | #anchor "ftp-proxy/*" 33 | #block in 34 | #pass out 35 | 36 | #pass quick on $int_if no state 37 | #antispoof quick for { lo $int_if } 38 | 39 | #pass in on $ext_if proto tcp to ($ext_if) port ssh 40 | #pass in log on $ext_if proto tcp to ($ext_if) port smtp 41 | #pass out log on $ext_if proto tcp from ($ext_if) to port smtp 42 | -------------------------------------------------------------------------------- /modules/mysql/manifests/init.pp: -------------------------------------------------------------------------------- 1 | # module: mysql/init.pp 2 | # 3 | # 1. Install mysql50-{server,client} manually, as ports are buggy. 4 | # 2. Create some system tables by running . 5 | # 6 | # Do 3-4 ONLY if not dumping (aka starting from scratch.) 7 | # Otherwise just do . 8 | # 3. Set password for root: 9 | # 4. Set password for root@host: 10 | # 11 | # 5. Use or on remote host. 12 | # 6. Use to restore all data. 13 | # 7. Make sure to run as it will fix the grants table. 14 | 15 | class mysql { 16 | # The mysql service -- version compatible with sphinxsearch. 17 | # We specify source because the name of the package is different from 18 | # the name of used to query existence locally. 19 | # 20 | # Note: Usually this doesn't work and you have to install manually, 21 | # but at least afterwards, no warning/error messages. 22 | package { "mysql-server": source => "mysql50-server" } 23 | package { "mysql-client": source => "mysql50-client" } 24 | service { "mysql-server": require => Package["mysql-server"] } 25 | core::freebsd::ports_enable { "mysql": } 26 | } 27 | 28 | class mysql::sphinx { 29 | $sphinx_user = "_sphinx" 30 | $sphinx_group = "_sphinx" 31 | 32 | package { "sphinxsearch": require => Package["mysql-client"] } 33 | service { "sphinxsearch": require => Package["sphinxsearch"] } 34 | } 35 | 36 | -------------------------------------------------------------------------------- /modules/core/templates/hosts.erb: -------------------------------------------------------------------------------- 1 | # $FreeBSD$ 2 | # 3 | # Host Database 4 | # 5 | # This file should contain the addresses and aliases for local hosts that 6 | # share this file. Replace 'my.domain' below with the domainname of your 7 | # machine. 8 | # 9 | # In the presence of the domain name service or NIS, this file may 10 | # not be consulted at all; see /etc/nsswitch.conf for the resolution order. 11 | # 12 | # 13 | ::1 localhost.localdomain localhost 14 | <%= lo %> localhost.localdomain localhost 15 | 16 | # 17 | # Imaginary networks 18 | # 19 | 20 | # Needed for puppetd to know where to connect. 21 | 67.58.98.11 puppet.<%= domain %> puppet 22 | 23 | # Shortcuts for the other machines on this network. 24 | 67.58.98.10 rescue.<%= domain %> rescue 25 | 67.58.98.11 hyper.<%= domain %> hyper 26 | 67.58.98.12 neko.<%= domain %> neko 27 | 67.58.98.13 dso.<%= domain %> dso 28 | 67.58.98.14 lp.<%= domain %> lp 29 | 30 | 31 | # 32 | # According to RFC 1918, you can use the following IP networks for 33 | # private nets which will never be connected to the Internet: 34 | # 35 | # 10.0.0.0 - 10.255.255.255 36 | # 172.16.0.0 - 172.31.255.255 37 | # 192.168.0.0 - 192.168.255.255 38 | # 39 | # In case you want to be able to connect to the Internet, you need 40 | # real official assigned numbers. Do not try to invent your own network 41 | # numbers but instead get one from your network provider (if any) or 42 | # from your regional registry (ARIN, APNIC, LACNIC, RIPE NCC, or AfriNIC.) 43 | # 44 | -------------------------------------------------------------------------------- /modules/mount/manifests/jail.pp: -------------------------------------------------------------------------------- 1 | # module: mount/jail.pp 2 | 3 | class mount::jail { 4 | # Generates an fstab to support jail (fstab.) 5 | define generate { 6 | # Format: /usr/jails/basejail /usr/jails/neko/basejail nullfs ro 0 0 7 | # Note: mounted does not work with custom fstab name. Present works fine: 8 | # -- When mounted, can't edit file. 9 | # -- When unmounted, creates file to specifications. 10 | if exists("/usr/jails/$name/basejail") { 11 | mount { "fstab.${name}::basejail": 12 | device => "/usr/jails/basejail", 13 | name => "/usr/jails/$name/basejail", 14 | fstype => "nullfs", 15 | options => "ro,noatime", 16 | dump => 0, 17 | pass => 0, 18 | ensure => present, 19 | target => dash2underscore("/etc/fstab.$name"), 20 | } 21 | } 22 | 23 | # Allows one set of ports to be shared. 24 | # ref: 25 | # 26 | # Could also have just kept the real directory in fulljail/usr/ports 27 | # and symlinked from /usr/jails, but would not have flexibility to not 28 | # mount ports. NOTE: Ended up doing this, as was easier. 29 | # if exists("/usr/jails/$name/usr/ports") { 30 | # file { "/usr/jails/$name/usr/ports": ensure => directory } 31 | # mount { "fstab.${name}::ports": 32 | # device => "/usr/ports", 33 | # name => "/usr/jails/$name/usr/ports", 34 | # fstype => "nullfs", 35 | # options => "ro,noatime", 36 | # dump => 0, 37 | # pass => 0, 38 | # ensure => present, 39 | # target => dash2underscore("/etc/fstab.$name"), 40 | # require => File["/usr/jails/$name/usr/ports"], 41 | # } 42 | # } 43 | } 44 | } 45 | -------------------------------------------------------------------------------- /modules/ezjail/manifests/init.pp: -------------------------------------------------------------------------------- 1 | # module: ezjail/init.pp 2 | # 3 | # Several targets possible: 4 | # 1) Top-level unjailed vmachine. 5 | # 2) Second-level jailed vmachine: can create child jails under themselves. 6 | 7 | # The purpose of this class is to ensure the host has enough flavour to create 8 | # a child jail that can use puppetd --test. 9 | # 10 | # Target: Any (v)machine that will be creating child jails. 11 | class ezjail { 12 | $ezjail_prefix = "/usr/local/etc" 13 | $ezjail_J = "/usr/jails" 14 | $ezjail_JF = "$ezjail_J/flavours" 15 | $ezjail_JFF = "$ezjail_J/flavours/flavour" 16 | Itpl { prefix => $ezjail_prefix, module => "ezjail" } 17 | Sdir { prefix => $ezjail_JF, module => "ezjail" } 18 | File { require => Package[ezjail] } 19 | 20 | # Static sync. 21 | itpl { "ezjail.conf": } 22 | sdir { "flavour": ignore => '.git' } 23 | # Copied from core. 24 | file { "$ezjail_JFF/etc/resolv.conf": source => "/etc/resolv.conf" } 25 | file { "$ezjail_JFF/etc/hosts": source => "/etc/hosts" } 26 | 27 | # Create per-jail fstab. 28 | define mount() { 29 | $fname = dash2underscore("fstab.$name") 30 | # Manage necessary files and fstab. 31 | file {[ 32 | "/usr/jails/$name/usr/home/eshao/.git", 33 | "/usr/jails/$name/usr/home/eshao/wsp"]: 34 | ensure => directory, 35 | owner => 'eshao', 36 | group => undef, 37 | mode => undef; 38 | "/etc/$fname": 39 | content => template("ezjail/fstab.$hostname.erb"); 40 | } 41 | } 42 | 43 | # The ezjail package. 44 | package { "ezjail": } 45 | } 46 | 47 | # When is_jailed = 0. 48 | class ezjail::top inherits ezjail { 49 | } 50 | 51 | # Turtles all the way down... (is_jailed = 1) 52 | class ezjail::middle inherits ezjail { 53 | # Ensure /basejail and /newjail are symlinked. 54 | } 55 | -------------------------------------------------------------------------------- /modules/environment/manifests/ruby/mongrel.pp: -------------------------------------------------------------------------------- 1 | # environment/ruby/mongrel.pp 2 | # 3 | # Doesn't start anything running by itself, but provides easy potential to. 4 | 5 | class environment::ruby::mongrel inherits environment::ruby { 6 | $mongrel_prefix = "/usr/local/etc/mongrel_cluster" 7 | 8 | # Make sure configuration directory exists. 9 | file { $mongrel_prefix: 10 | ensure => directory, 11 | require => Package["rubygem-mongrel_cluster"], 12 | } 13 | # Actually generate the configuration. 14 | define mongrel_cluster_config($user = 'mongrel', 15 | $cwd, 16 | $port, 17 | $log_file = 'log/mongrel.log', 18 | $environment = 'development', 19 | $user = 'www', 20 | $group = 'www', 21 | $address = '127.0.0.1', 22 | $pid_file = 'log/mongrel.pid', 23 | $servers = 2) { 24 | $content = " 25 | --- 26 | cwd: $cwd 27 | log_file: $log_file 28 | port: '$port' 29 | environment: $environment 30 | user: $user 31 | group: $group 32 | address: $address 33 | pid_file: $pid_file 34 | servers: $servers 35 | " 36 | file { "$mongrel_prefix/$name.yml": 37 | content => $content, 38 | } 39 | } 40 | 41 | # The mongrel package/service. 42 | # Note: mongrel_cluster can NOT determine status well by itself. 43 | package { ["rubygem-mongrel", "rubygem-mongrel_cluster"]: 44 | require => Package["rubygems"] 45 | } 46 | service { "mongrel_cluster": 47 | enable => false, 48 | hasstatus => false, 49 | pattern => "/usr/local/bin/mongrel_rails", 50 | require => File[$mongrel_prefix], 51 | } 52 | } 53 | 54 | -------------------------------------------------------------------------------- /modules/mailman/dist/mm_cfg.py.dist: -------------------------------------------------------------------------------- 1 | # -*- python -*- 2 | 3 | # Copyright (C) 1998,1999,2000,2001,2002 by the Free Software Foundation, Inc. 4 | # 5 | # This program is free software; you can redistribute it and/or 6 | # modify it under the terms of the GNU General Public License 7 | # as published by the Free Software Foundation; either version 2 8 | # of the License, or (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program; if not, write to the Free Software 17 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | 19 | """This module contains your site-specific settings. 20 | 21 | From a brand new distribution it should be copied to mm_cfg.py. If you 22 | already have an mm_cfg.py, be careful to add in only the new settings you 23 | want. Mailman's installation procedure will never overwrite your mm_cfg.py 24 | file. 25 | 26 | The complete set of distributed defaults, with documentation, are in the file 27 | Defaults.py. In mm_cfg.py, override only those you want to change, after the 28 | 29 | from Defaults import * 30 | 31 | line (see below). 32 | 33 | Note that these are just default settings; many can be overridden via the 34 | administrator and user interfaces on a per-list or per-user basis. 35 | 36 | """ 37 | 38 | ############################################### 39 | # Here's where we get the distributed defaults. 40 | 41 | from Defaults import * 42 | 43 | ################################################## 44 | # Put YOUR site-specific settings below this line. 45 | -------------------------------------------------------------------------------- /modules/ezjail/templates/ezjail.conf.erb: -------------------------------------------------------------------------------- 1 | # ezjail.conf - Example file, see ezjail.conf(5) 2 | # 3 | # Note: If you alter some of those variables AFTER creating your first 4 | # jail, you may have to adapt /etc/fstab.* and EZJAIL_PREFIX/etc/ezjail/* by 5 | # hand 6 | 7 | # Location of jail root directories 8 | # 9 | # Note: If you have spread your jails to multiple locations, use softlinks 10 | # to collect them in this directory 11 | # ezjail_jaildir=/usr/jails 12 | 13 | # Location of the tiny skeleton jail template 14 | # ezjail_jailtemplate=${ezjail_jaildir}/newjail 15 | 16 | # Location of the huge base jail 17 | # ezjail_jailbase=${ezjail_jaildir}/basejail 18 | 19 | # Location of your copy of FreeBSD's source tree 20 | # ezjail_sourcetree=/usr/src 21 | 22 | # In case you want to provide a copy of ports tree in base jail, set this to 23 | # a cvsroot near you 24 | # ezjail_portscvsroot=freebsdanoncvs@anoncvs.FreeBSD.org:/home/ncvs 25 | 26 | # This is where the install sub command defaults to fetch its packages from 27 | # ezjail_ftphost=ftp.freebsd.org 28 | 29 | # This is the command that is being executed by the console subcommand 30 | # ezjail_default_execute=/usr/bin/login -f root 31 | 32 | # This is the default location where ezjail archives its jails to 33 | # ezjail_archivedir=`pwd -P` 34 | 35 | # base jail will provide a soft link from /usr/bin/perl to /usr/local/bin/perl 36 | # to accomodate all scripts using '#!/usr/bin/perl'... 37 | # ezjail_uglyperlhack="YES" 38 | 39 | # Default options for newly created jails 40 | # 41 | # Note: Be VERY careful about disabling ezjail_mount_enable. Mounting 42 | # basejail via nullfs depends on this. You will have to find other 43 | # ways to provide your jail with essential system files 44 | <% if jailed == '0' then %> 45 | #ezjail_mount_enable="YES" 46 | #ezjail_devfs_enable="YES" 47 | #ezjail_devfs_ruleset="devfsrules_jail" 48 | #ezjail_procfs_enable="YES" 49 | #ezjail_fdescfs_enable="YES" 50 | <% else %> 51 | #ezjail_mount_enable="YES" 52 | ezjail_devfs_enable="NO" 53 | #ezjail_devfs_ruleset="devfsrules_jail" 54 | ezjail_procfs_enable="NO" 55 | #ezjail_fdescfs_enable="YES" 56 | <% end %> 57 | -------------------------------------------------------------------------------- /modules/exim/templates/aliases.erb: -------------------------------------------------------------------------------- 1 | # $FreeBSD$ 2 | # @(#)aliases 5.3 (Berkeley) 5/24/90 3 | # 4 | # Aliases in this file will NOT be expanded in the header from 5 | # Mail, but WILL be visible over networks. 6 | # 7 | # >>>>>>>>>> The program "newaliases" must be run after 8 | # >> NOTE >> this file is updated for any changes to 9 | # >>>>>>>>>> show through to sendmail. 10 | # 11 | # 12 | # See also RFC 2142, `MAILBOX NAMES FOR COMMON SERVICES, ROLES 13 | # AND FUNCTIONS', May 1997 14 | # http://tools.ietf.org/html/rfc2142 15 | 16 | # Pretty much everything else in this file points to "root", so 17 | # you would do well in either reading root's mailbox or forwarding 18 | # root's email from here. 19 | 20 | # root: me@my.domain 21 | 22 | # Basic system aliases -- these MUST be present 23 | MAILER-DAEMON: postmaster 24 | postmaster: root 25 | 26 | # General redirections for pseudo accounts 27 | _dhcp: root 28 | _pflogd: root 29 | bin: root 30 | bind: root 31 | daemon: root 32 | games: root 33 | kmem: root 34 | mailnull: postmaster 35 | man: root 36 | news: root 37 | nobody: root 38 | operator: root 39 | pop: root 40 | proxy: root 41 | smmsp: postmaster 42 | sshd: root 43 | system: root 44 | toor: root 45 | tty: root 46 | usenet: news 47 | uucp: root 48 | 49 | # Well-known aliases -- these should be filled in! 50 | # manager: 51 | # dumper: 52 | 53 | # BUSINESS-RELATED MAILBOX NAMES 54 | # info: 55 | # marketing: 56 | # sales: 57 | # support: 58 | 59 | # NETWORK OPERATIONS MAILBOX NAMES 60 | abuse: root 61 | noc: root 62 | security: root 63 | 64 | # SUPPORT MAILBOX NAMES FOR SPECIFIC INTERNET SERVICES 65 | ftp: root 66 | ftp-bugs: ftp 67 | hostmaster: root 68 | webmaster: root 69 | www: webmaster 70 | 71 | # Finally real emails. 72 | root: <%= noc %> 73 | 74 | 75 | 76 | 77 | 78 | # NOTE: /var/msgs and /var/msgs/bounds must be owned by sendmail's 79 | # DefaultUser (defaults to mailnull) for the msgs alias to work. 80 | # 81 | # msgs: "| /usr/bin/msgs -s" 82 | 83 | # bit-bucket: /dev/null 84 | # dev-null: bit-bucket 85 | 86 | 87 | 88 | ################################# 89 | # 90 | # My own personal emails. 91 | # 92 | # 93 | poleris: eshao 94 | aquilae: eshao 95 | eshao: see_my_real_email@README.mkd 96 | 97 | 98 | -------------------------------------------------------------------------------- /manifests/nodes.pp: -------------------------------------------------------------------------------- 1 | # nodes.pp 2 | # 3 | # Defines specific node settings. Node names according to your puppet client 4 | # hostnames. A single host/node can inherit existing "zone/nodes" with the 5 | # possibility of overriding variables defined at more general levels. 6 | 7 | # All nodes not addressed directly. 8 | node 'default' { 9 | include baseclass 10 | } 11 | 12 | # Rescue. 13 | node 'rescue.nekogiri.com' inherits cpc { 14 | $ip = "67.58.98.10" 15 | $lo = "127.0.0.1" 16 | $noc = "edwin.shao@gmail.com" 17 | 18 | # Role 19 | include baseclass 20 | include ezjail 21 | 22 | # Mount jails 23 | ezjail::mount { ["hyper", "neko", "dso", "lp"]: } 24 | 25 | # Users 26 | include user::real::rescue 27 | } 28 | 29 | # Hypervisor. 30 | node 'hyper.nekogiri.com' inherits cpc { 31 | $ip = "67.58.98.11" 32 | $lo = "127.0.0.11" 33 | $noc = "poleris@gmail.com" 34 | 35 | include baseclass, exim::sendonly 36 | include ezjail 37 | include puppet::master 38 | } 39 | 40 | # Neko. 41 | node 'neko.nekogiri.com' inherits cpc { 42 | $ip = "67.58.98.12" 43 | $lo = "127.0.0.12" 44 | $noc = "edwin.shao@gmail.com" 45 | 46 | include baseclass, exim::sendonly 47 | include nginx, nginx::fastcgi, thttpd 48 | include mysql 49 | 50 | include project::neko::indcyc 51 | include project::neko::annotalia 52 | include user::real::neko 53 | } 54 | 55 | # DSO. 56 | node 'dso.nekogiri.com' inherits cpc { 57 | $ip = "67.58.98.13" 58 | $lo = "127.0.0.13" 59 | $noc = "poleris@gmail.com" # Change later. 60 | $mailman_lists = [ 61 | "lists.dsoglobal.org", # Used as default for mailman purposes. 62 | "lists.cmudso.org", 63 | "lists.nekogiri.com", 64 | ] 65 | 66 | include baseclass, exim 67 | include mailman 68 | include nginx, nginx::fastcgi, thttpd 69 | include mysql, mysql::sphinx 70 | 71 | include project::dso::wishlist 72 | include user::real::dso 73 | } 74 | 75 | # LP. 76 | node 'lp.nekogiri.com' inherits cpc { 77 | $ip = "67.58.98.14" 78 | $lo = "127.0.0.14" 79 | $noc = "edwin.shao@gmail.com" 80 | 81 | include baseclass, exim::sendonly 82 | include nginx, nginx::fastcgi, thttpd 83 | 84 | include project::alhowar::rails 85 | include project::alhowar::sinatra 86 | include user::real::lp 87 | } 88 | -------------------------------------------------------------------------------- /modules/environment/manifests/ruby/thin.pp: -------------------------------------------------------------------------------- 1 | # environment/ruby/thin.pp 2 | # 3 | # Doesn't start anything running by itself, but provides easy potential to. 4 | # 5 | # To remove this, need to delete from nodes.pp AND manually rm the service file. 6 | 7 | class environment::ruby::thin inherits environment::ruby { 8 | package { "thin": 9 | provider => "gem", 10 | require => Package["rubygems"], 11 | } 12 | 13 | # Generate the configuration. 14 | # ref: 15 | define thin_cluster_config($chdir, 16 | $address = '127.0.0.1', 17 | $port, 18 | $log = 'log/thin.log', 19 | $environment = 'development', 20 | $user = 'www', 21 | $group = 'www', 22 | $pid = 'log/thin.pid', 23 | $max_conns = 1024, 24 | $max_persistent_conns = 512, 25 | $timeout = 30, 26 | $servers = 1, 27 | $daemonize = true) { 28 | 29 | file { "$chdir/log/thin.yml": content => " 30 | --- 31 | chdir: $chdir 32 | address: $address 33 | port: $port 34 | log: $log 35 | environment: $environment 36 | user: $user 37 | group: $group 38 | pid: $pid 39 | max_conns: $max_conns 40 | max_persistent_conns: $max_persistent_conns 41 | timeout: $timeout 42 | rackup: log/rackup.ru 43 | servers: $servers 44 | daemonize: $daemonize" 45 | } 46 | file { "$chdir/log/rackup.ru": content => " 47 | require 'application.rb' 48 | run Sinatra::Application" 49 | } 50 | file {"/usr/local/etc/rc.d/thin_$name": 51 | mode => 555, 52 | content => template("environment/thin.erb"), 53 | } 54 | 55 | # The mongrel package/service. 56 | # Note: mongrel_cluster can NOT determine status well by itself. 57 | service { "thin_$name": 58 | hasstatus => false, 59 | pattern => "thin server", 60 | require => File["$chdir/log/rackup.ru"], 61 | } 62 | } 63 | } 64 | 65 | -------------------------------------------------------------------------------- /modules/core/templates/rc.conf.erb: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | ############################################################## 3 | ### Important initial Boot-time options #################### 4 | ############################################################## 5 | hostname="<%= fqdn %>" # Like: hyper.nekogiri.com 6 | clear_tmp_enable="YES" 7 | 8 | ############################################################## 9 | ### Network configuration sub-section ###################### 10 | ############################################################## 11 | ### Basic network and firewall/security options: ### 12 | defaultrouter="67.58.98.9" 13 | ifconfig_rl0="inet 67.58.98.10/25" 14 | ifconfig_rl0_alias0="inet 67.58.98.11/25" 15 | ifconfig_rl0_alias1="inet 67.58.98.12/25" 16 | ifconfig_rl0_alias2="inet 67.58.98.13/25" 17 | ifconfig_rl0_alias3="inet 67.58.98.14/25" 18 | ifconfig_lo0="inet 127.0.0.1" 19 | ifconfig_lo0_alias0="inet 127.0.0.10" 20 | ifconfig_lo0_alias1="inet 127.0.0.11" 21 | ifconfig_lo0_alias2="inet 127.0.0.12" 22 | ifconfig_lo0_alias3="inet 127.0.0.13" 23 | ifconfig_lo0_alias4="inet 127.0.0.14" 24 | 25 | ############################################################## 26 | ### Initial Start Services (daemons) ###################### 27 | ############################################################## 28 | ntpd_enable="NO" 29 | syslogd_enable="YES" 30 | syslogd_flags="-ss" # Don't log to or from remote addresses. 31 | 32 | pf_enable="YES" 33 | cron_enable="YES" 34 | dmesg_enable="YES" 35 | 36 | sendmail_enable="NO" 37 | sendmail_submit_enable="NO" 38 | sendmail_outbound_enable="NO" 39 | sendmail_msp_queue_enable="NO" 40 | 41 | ############################################################## 42 | ### Jail Configuration ####################################### 43 | ############################################################## 44 | ezjail_enable="YES" 45 | jail_enable="YES" 46 | jail_set_hostname_allow="NO" 47 | jail_set_mount_enable="YES" 48 | jail_set_allow_raw_sockets="YES" 49 | #jail_socket_unixiproute_only="NO" 50 | 51 | # Needed for PostgreSQL in jails. 52 | # ref: 53 | jail_sysvipc_allow="YES" 54 | 55 | <% if jailed == '0' then %> 56 | <% else %> 57 | # No network interfaces in jails 58 | network_interfaces="" 59 | 60 | # Prevent rpc 61 | rpcbind_enable="NO" 62 | 63 | # Prevent loads of jails doing their cron jobs at the same time 64 | cron_flags="$cron_flags -J 15" 65 | <% end %> 66 | -------------------------------------------------------------------------------- /modules/user/manifests/init.pp: -------------------------------------------------------------------------------- 1 | # module: users/init.pp 2 | # 3 | # Only has defaults. All actual users are virtualized in other class files. 4 | 5 | class user { 6 | # Specify defaults for groups. 7 | # 8 | # IMPORTANT: Can't refer to $name in parameters: screws everything up for 9 | # some unknown reason. 10 | define dgroup($gid = '') { 11 | group { "$name": } 12 | 13 | Group[$name] { 14 | gid => $gid ? { 15 | '' => login2uid($name), 16 | default => $gid, 17 | } 18 | } 19 | } 20 | 21 | # Specify (extensive) defaults for users. 22 | define duser($uid = '', 23 | $gid = '', 24 | $home = '', 25 | $groups = [], 26 | $password = false) { 27 | user { "$name": } 28 | @dgroup { "$name": } # Create virtual resource by default, even if unused. 29 | 30 | # Manage home directory. 31 | if $home == '' { 32 | file { "/home/$name": 33 | owner => "$name", # Can't ensure gid exists. 34 | group => undef, 35 | mode => undef, 36 | ensure => directory, 37 | require => User[$name], 38 | } 39 | 40 | # Sync if exists. 41 | if puppet_exists("home.$name") { 42 | sdir { "home.$name": 43 | owner => "$name", # Can't ensure gid exists. 44 | group => undef, 45 | mode => 700, 46 | prefix => "/home/$name/.puppet", 47 | module => "user", 48 | require => [User["$name"], File["/home/$name"]], 49 | } 50 | } 51 | User[$name] { home => "/home/$name" } 52 | } else { # User doesn't want us to manage their home. 53 | User[$name] { home => $home } 54 | } 55 | 56 | # Specify overrides here, so defaults don't get trampled on. 57 | # The below do not have sensible defaults, so force to standard. 58 | User[$name] { 59 | uid => $uid ? { 60 | '' => login2uid($name), 61 | default => $uid, 62 | }, 63 | } 64 | 65 | # Manage group. 66 | if $gid == '' { 67 | User[$name] { 68 | gid => login2uid($name), 69 | require +> Group[$name], 70 | } 71 | } else { 72 | User[$name] { gid => $gid } 73 | } 74 | 75 | # FreeBSD has no password support. 76 | if $operatingsystem != 'FreeBSD' { 77 | if $password != false { User[$name] { password => $password } } 78 | } else { 79 | } 80 | 81 | # The below have sensible defaults, so only override if necessary. 82 | if $groups != [] { User[$name] { groups => $groups } } 83 | } 84 | } 85 | -------------------------------------------------------------------------------- /modules/nginx/dist/koi-win: -------------------------------------------------------------------------------- 1 | 2 | charset_map koi8-r windows-1251 { 3 | 4 | 80 88 ; # euro 5 | 6 | 95 95 ; # bullet 7 | 8 | 9A A0 ; #   9 | 10 | 9E B7 ; # · 11 | 12 | A3 B8 ; # small yo 13 | A4 BA ; # small Ukrainian ye 14 | 15 | A6 B3 ; # small Ukrainian i 16 | A7 BF ; # small Ukrainian yi 17 | 18 | AD B4 ; # small Ukrainian soft g 19 | AE A2 ; # small Byelorussian short u 20 | 21 | B0 B0 ; # ° 22 | 23 | B3 A8 ; # capital YO 24 | B4 AA ; # capital Ukrainian YE 25 | 26 | B6 B2 ; # capital Ukrainian I 27 | B7 AF ; # capital Ukrainian YI 28 | 29 | B9 B9 ; # numero sign 30 | 31 | BD A5 ; # capital Ukrainian soft G 32 | BE A1 ; # capital Byelorussian short U 33 | 34 | BF A9 ; # (C) 35 | 36 | C0 FE ; # small yu 37 | C1 E0 ; # small a 38 | C2 E1 ; # small b 39 | C3 F6 ; # small ts 40 | C4 E4 ; # small d 41 | C5 E5 ; # small ye 42 | C6 F4 ; # small f 43 | C7 E3 ; # small g 44 | C8 F5 ; # small kh 45 | C9 E8 ; # small i 46 | CA E9 ; # small j 47 | CB EA ; # small k 48 | CC EB ; # small l 49 | CD EC ; # small m 50 | CE ED ; # small n 51 | CF EE ; # small o 52 | 53 | D0 EF ; # small p 54 | D1 FF ; # small ya 55 | D2 F0 ; # small r 56 | D3 F1 ; # small s 57 | D4 F2 ; # small t 58 | D5 F3 ; # small u 59 | D6 E6 ; # small zh 60 | D7 E2 ; # small v 61 | D8 FC ; # small soft sign 62 | D9 FB ; # small y 63 | DA E7 ; # small z 64 | DB F8 ; # small sh 65 | DC FD ; # small e 66 | DD F9 ; # small shch 67 | DE F7 ; # small ch 68 | DF FA ; # small hard sign 69 | 70 | E0 DE ; # capital YU 71 | E1 C0 ; # capital A 72 | E2 C1 ; # capital B 73 | E3 D6 ; # capital TS 74 | E4 C4 ; # capital D 75 | E5 C5 ; # capital YE 76 | E6 D4 ; # capital F 77 | E7 C3 ; # capital G 78 | E8 D5 ; # capital KH 79 | E9 C8 ; # capital I 80 | EA C9 ; # capital J 81 | EB CA ; # capital K 82 | EC CB ; # capital L 83 | ED CC ; # capital M 84 | EE CD ; # capital N 85 | EF CE ; # capital O 86 | 87 | F0 CF ; # capital P 88 | F1 DF ; # capital YA 89 | F2 D0 ; # capital R 90 | F3 D1 ; # capital S 91 | F4 D2 ; # capital T 92 | F5 D3 ; # capital U 93 | F6 C6 ; # capital ZH 94 | F7 C2 ; # capital V 95 | F8 DC ; # capital soft sign 96 | F9 DB ; # capital Y 97 | FA C7 ; # capital Z 98 | FB D8 ; # capital SH 99 | FC DD ; # capital E 100 | FD D9 ; # capital SHCH 101 | FE D7 ; # capital CH 102 | FF DA ; # capital hard sign 103 | } 104 | -------------------------------------------------------------------------------- /modules/nginx/lib/nginx_server.rb: -------------------------------------------------------------------------------- 1 | # lib/nginx_server.rb 2 | # 3 | # 4 | 5 | class N 6 | attr_accessor :prefix, :opt, :suffix 7 | def initialize(*params) 8 | # Check for subdomain parameter 9 | @name = params[0] 10 | if @name =~ /^\.(.*)$/ 11 | @sd = true 12 | @name = $1 13 | end 14 | 15 | # Sensible defaults. 16 | @root = "/var/www/#{@name}" 17 | @root_pub = "#{@root}/public" 18 | @log = "#{@root}/log" 19 | # Explicit root/log specified. 20 | if params.length == 2 && params[1] == :localhost 21 | @root = '/var/www/localhost' 22 | @root_pub = "#{@root}/public" 23 | @log = "#{@root}/log" 24 | elsif params.length == 2 25 | @root = params[1] 26 | @root_pub = @root 27 | @log = '/var/www/localhost/log' 28 | elsif params.length == 3 29 | params[1] = '/var/www/localhost/public' if params[1] == :localhost 30 | params[2] = '/var/www/localhost/log' if params[2] == :localhost 31 | @root = params[1] 32 | @root_pub = @root 33 | @log = params[2] 34 | end 35 | 36 | # Find absolute request by removing /var/www. 37 | @rel_root_pub = @root_pub.gsub('/var/www/', '') 38 | 39 | # Capture @prefix and @opt 40 | $server = self 41 | @prefix = "" 42 | @opt = "" 43 | @suffix = "" 44 | 45 | # Grab additional parts from options_core.rb 46 | yield if block_given? 47 | end 48 | 49 | def to_s 50 | # Generate text. 51 | # See: 52 | # See: 53 | # Permanent rewrites URL on client. Last rewrites on server. 54 | tbr = @prefix + <<-eos 55 | server { 56 | set $name #{@name}; 57 | set $root #{@root}; 58 | set $root_pub #{@root_pub}; 59 | set $rel_root_pub #{@rel_root_pub}; 60 | 61 | listen 80; 62 | server_name #{@sd ? '.' : ''}#{@name}; 63 | access_log #{@log}/access.log; 64 | error_log #{@log}/error.log info; 65 | 66 | if ($host ~* ^www\.(.*)) { 67 | set $host_without_www $1; 68 | rewrite ^(.*)$ http://$host_without_www$1 permanent; 69 | } 70 | eos 71 | 72 | if @sd; tbr += "\n" + <<-eos 73 | if ($host ~ ^(.*?)\.?#{@name}) { 74 | set $subdomain $1; 75 | } 76 | eos 77 | end 78 | 79 | tbr += "\n" + @opt + <<-eos 80 | root $root_pub/$subdomain/; 81 | index index.php index.html index.htm home.php home.html home.htm main.php main.html main.htm; 82 | } 83 | eos 84 | end 85 | 86 | def >(file) 87 | fout = File.new(file, 'w') 88 | fout.puts self 89 | fout.close 90 | end 91 | 92 | def >>(file) 93 | fout = File.new(file, 'a') 94 | fout.puts self 95 | fout.close 96 | end 97 | end 98 | 99 | def redir(from, to) 100 | N.new(from, :localhost) { redirect(to) } 101 | end 102 | -------------------------------------------------------------------------------- /modules/mailman/templates/mm_cfg.py.erb: -------------------------------------------------------------------------------- 1 | # -*- python -*- 2 | 3 | # Copyright (C) 1998,1999,2000,2001,2002 by the Free Software Foundation, Inc. 4 | # 5 | # This program is free software; you can redistribute it and/or 6 | # modify it under the terms of the GNU General Public License 7 | # as published by the Free Software Foundation; either version 2 8 | # of the License, or (at your option) any later version. 9 | # 10 | # This program is distributed in the hope that it will be useful, 11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 | # GNU General Public License for more details. 14 | # 15 | # You should have received a copy of the GNU General Public License 16 | # along with this program; if not, write to the Free Software 17 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 18 | 19 | """This module contains your site-specific settings. 20 | 21 | From a brand new distribution it should be copied to mm_cfg.py. If you 22 | already have an mm_cfg.py, be careful to add in only the new settings you 23 | want. Mailman's installation procedure will never overwrite your mm_cfg.py 24 | file. 25 | 26 | The complete set of distributed defaults, with documentation, are in the file 27 | Defaults.py. In mm_cfg.py, override only those you want to change, after the 28 | 29 | from Defaults import * 30 | 31 | line (see below). 32 | 33 | Note that these are just default settings; many can be overridden via the 34 | administrator and user interfaces on a per-list or per-user basis. 35 | 36 | """ 37 | 38 | ############################################### 39 | # Here's where we get the distributed defaults. 40 | 41 | from Defaults import * 42 | 43 | ################################################## 44 | # Put YOUR site-specific settings below this line. 45 | 46 | <% 47 | primary_list = mailman_lists[1] 48 | secondary_lists = mailman_lists[1..-1] 49 | %> 50 | 51 | DEFAULT_EMAIL_HOST = '<%= primary_list %>' 52 | DEFAULT_URL_HOST = '<%= primary_list %>' 53 | add_virtualhost(DEFAULT_URL_HOST, DEFAULT_EMAIL_HOST) 54 | <% secondary_lists.each do |list| %> 55 | add_virtualhost('<%= list %>', '<%= list %>') 56 | <% end %> 57 | 58 | # We configured Exim so it automatically recognizes newly created lists. 59 | # ref: 60 | MTA = None 61 | 62 | # Added by eshao: 63 | DEFAULT_SEND_REMINDERS = No 64 | DEFAULT_MAX_MESSAGE_SIZE = 30720 # 30 MB 65 | DEFAULT_DEFAULT_MEMBER_MODERATION = Yes 66 | DEFAULT_REQUIRE_EXPLICIT_DESTINATION = No 67 | DEFAULT_SUBSCRIBE_POLICY = 2 # Admin approval, not confirmation req'd. 68 | DEFAULT_PRIVATE_ROSTER = 2 # Only admins can see member list. 69 | DEFAULT_ADMIN_NOTIFY_MCHANGES = Yes 70 | 71 | # As suggested by 72 | # Max recipients for each message 73 | SMTP_MAX_RCPTS = 15 74 | # Max messages sent in each SMTP connection 75 | SMTP_MAX_SESSIONS_PER_CONNECTION = 30 76 | 77 | -------------------------------------------------------------------------------- /modules/nginx/files/mime.types: -------------------------------------------------------------------------------- 1 | types { 2 | text/html html htm shtml; 3 | text/css css; 4 | text/xml xml rss; 5 | image/gif gif; 6 | image/jpeg jpeg jpg; 7 | application/x-javascript js; 8 | application/json json; 9 | application/atom+xml atom; 10 | 11 | text/mathml mml; 12 | text/plain txt; 13 | text/vnd.sun.j2me.app-descriptor jad; 14 | text/vnd.wap.wml wml; 15 | text/x-component htc; 16 | 17 | image/png png; 18 | image/tiff tif tiff; 19 | image/vnd.wap.wbmp wbmp; 20 | image/x-icon ico; 21 | image/x-jng jng; 22 | image/x-ms-bmp bmp; 23 | 24 | application/java-archive jar war ear; 25 | application/mac-binhex40 hqx; 26 | application/msword doc; 27 | application/pdf pdf; 28 | application/postscript ps eps ai; 29 | application/rtf rtf; 30 | application/vnd.ms-excel xls; 31 | application/vnd.ms-powerpoint ppt; 32 | application/vnd.wap.wmlc wmlc; 33 | application/vnd.wap.xhtml+xml xhtml; 34 | application/x-cocoa cco; 35 | application/x-java-archive-diff jardiff; 36 | application/x-java-jnlp-file jnlp; 37 | application/x-makeself run; 38 | application/x-perl pl pm; 39 | application/x-pilot prc pdb; 40 | application/x-rar-compressed rar; 41 | application/x-redhat-package-manager rpm; 42 | application/x-sea sea; 43 | application/x-shockwave-flash swf; 44 | application/x-stuffit sit; 45 | application/x-tcl tcl tk; 46 | application/x-x509-ca-cert der pem crt; 47 | application/x-xpinstall xpi; 48 | application/zip zip; 49 | 50 | application/octet-stream bin exe dll; 51 | application/octet-stream deb; 52 | application/octet-stream dmg; 53 | application/octet-stream eot; 54 | application/octet-stream iso img; 55 | application/octet-stream msi msp msm; 56 | 57 | audio/midi mid midi kar; 58 | audio/mpeg mp3; 59 | audio/x-realaudio ra; 60 | 61 | video/3gpp 3gpp 3gp; 62 | video/mpeg mpeg mpg; 63 | video/quicktime mov; 64 | video/x-flv flv; 65 | video/x-mng mng; 66 | video/x-ms-asf asx asf; 67 | video/x-ms-wmv wmv; 68 | video/x-msvideo avi; 69 | } 70 | -------------------------------------------------------------------------------- /modules/mailman/manifests/init.pp: -------------------------------------------------------------------------------- 1 | # module: mailman/init.pp 2 | # 3 | # README README README README README README README README README README 4 | # 5 | # -- INSTRUCTIONS: 6 | # -- ref: 7 | # 8 | # 9 | # README README README README README README README README README README 10 | # 11 | # For blank install: 12 | # 1) Install exim, thttpd, nginx and configure them correctly. 13 | # 2) Create site-wide mailing list by running . 14 | # 3) Run to create a new password. 15 | # 4) COPY (not link) files from to the www directory. 16 | # ref: 17 | # 18 | # To move from one server to next: 19 | # ref: 20 | # 1) Do a blank install and make sure everything is working. 21 | # 2) If anything is installed use to remove them. 22 | # 3) Run on the remote server AND after transfering. 23 | # 4) Move to the new server's mailman folder. 24 | # 5) Run to fix permissions after transferring. 25 | # 6) Run to update data files. 26 | # 7) [Optional] Run to fix URLs. 27 | # -l locks, -a all, -r run [script] 28 | # Note: This will use the value in mm_cfg.py to determine desired new host. 29 | # 8) Fix symlinks in if absolute location of mailman changed. 30 | # 31 | # For troubleshooting, check . Make sure it's world-writeable. 32 | 33 | class mailman { 34 | # Some defaults. 35 | $mailman_prefix = $operatingsystem ? { 36 | freebsd => "/usr/local/mailman", 37 | ubuntu => "/var/lib/mailman", 38 | default => "/var/lib/mailman", 39 | } 40 | $mailman_conf = $operatingsystem ? { 41 | freebsd => "$mailman_prefix/Mailman", 42 | ubuntu => "/etc/mailman", 43 | default => "/etc/mailman", 44 | } 45 | $mailman_owner = "mailman" 46 | $mailman_group = "mailman" 47 | 48 | # Syncing files. 49 | itpl { "mm_cfg.py": 50 | prefix => $mailman_conf, 51 | module => "mailman", 52 | require => Package["mailman"], 53 | notify => Service["mailman"], 54 | } 55 | 56 | # Run check-perms every day or so at 3a. 57 | cron { "mailman_check_perms": 58 | command => "$mailman_prefix/bin/check_perms -f > /tmp/mailman_check_perms", 59 | hour => "3", 60 | minute => "23", 61 | } 62 | 63 | # The mailman cgi-bin MUST be run with setuid or setgid, otherwise the 64 | # webserver will not be able to edit/view the actual private files/packages. 65 | file { "/var/www/mailman": 66 | owner => $mailman_owner, 67 | group => $mailman_group, 68 | mode => 2775, 69 | recurse => true, 70 | } 71 | 72 | # The mailman service. 73 | package { "mailman": require => Package["exim", "thttpd", "nginx"] } 74 | service { "mailman": # The default mailman init script duplicates mailman. 75 | restart => "$mailman_prefix/bin/mailmanctl restart", 76 | start => "$mailman_prefix/bin/mailmanctl start", 77 | stop => "$mailman_prefix/bin/mailmanctl stop", 78 | pattern => "$mailman_prefix/bin/", 79 | hasstatus => false, 80 | hasrestart => true, 81 | } 82 | } 83 | -------------------------------------------------------------------------------- /modules/project/manifests/dso/wishlist.pp: -------------------------------------------------------------------------------- 1 | # project/dso/wishlist.pp 2 | # 3 | # dsoglobal.org's Wishlist. 4 | # 1) First, don't panic! The steps to install are generally simple! 5 | # 2) Make sure rubygems, rails, mysql, sphinx, etc. are all installed. 6 | # 3) Configure mysql according to instructions on that class' page. 7 | # 4) Import dump from previous Wishlist mysql. 8 | # 5) Ensure the wishlist.yml file has correct syntax / user+group created. 9 | # 6) Ensure mongrel has permissions and sphinx has permissions to pid. 10 | # 7) Run rc mongrel_cluster start and check /log/mongrel*.log for errors. 11 | # 12 | # At this point, the homepage should show up, but no opportunities. So 13 | # let's configure sphinx to index the opportunities. 14 | # 8) Ensure sphinx is running using the configuration in . 17 | # 18 | # Remember to reboot mongrel_cluster periodically throughout the install! 19 | class project::dso::wishlist inherits environment::ruby::rails { 20 | $wishlist_owner = 'www' 21 | $wishlist_group = 'dso' 22 | $wishlist_directory = "/var/www/dsoglobal.org/wishlist/" 23 | 24 | Package { provider => "gem", require => Package["rubygems"] } 25 | Package["rails"] { ensure +> "2.2.2" } 26 | package { 27 | "mislav-will_paginate": ensure => "2.2.3"; 28 | "mysql": ensure => latest; 29 | } 30 | 31 | # Also requires sphinxsearch from class mysql::sphinx. 32 | # Note: this setup assumes it is the ONLY application using sphinx. 33 | Service["mongrel_cluster"] { 34 | enable => true, 35 | require +> Service["sphinxsearch"], 36 | } 37 | mongrel_cluster_config { "wishlist": 38 | cwd => $wishlist_directory, 39 | port => 9474, 40 | group => $wishlist_group, 41 | } 42 | 43 | # Make sure sphinx configuration linked correctly. 44 | file { 45 | "/usr/local/etc/sphinx.conf": 46 | target => "$wishlist_directory/config/development.sphinx.conf"; 47 | "$wishlist_directory/log/searchd.development.pid": 48 | target => "/var/run/sphinxsearch/searchd.pid", 49 | owner => $mysql::sphinx::sphinx_user, 50 | group => $mysql::sphinx::sphinx_group, 51 | mode => undef; 52 | } 53 | 54 | # Setup the cronjob for sphinx: will execute every 3 minutes! 55 | # Because stdout is being redirected, only emails on error. 56 | cron { "wishlist_hourly": 57 | command => "$wishlist_directory/cron/hourly > /tmp/wishlist_hourly", 58 | minute => "*/3", 59 | user => $root, 60 | } 61 | 62 | # Some permissions that have to be set correctly: 63 | # $wishlist_directory => www:dso 64 | file {[ 65 | "$wishlist_directory/config/development.sphinx.conf", 66 | "$wishlist_directory/log/searchd.log", 67 | "$wishlist_directory/log/searchd.query.log", 68 | "$wishlist_directory/db", 69 | "/var/run/sphinxsearch"]: 70 | owner => $mysql::sphinx::sphinx_user, 71 | group => $mysql::sphinx::sphinx_group, 72 | mode => undef, 73 | recurse => true, 74 | require => File["$wishlist_directory"]; 75 | "$wishlist_directory": 76 | owner => $wishlist_owner, 77 | group => $wishlist_group, 78 | mode => undef, 79 | recurse => true; 80 | "$wishlist_directory/log/development.log": mode => 666; 81 | } 82 | } 83 | -------------------------------------------------------------------------------- /modules/nginx/dist/nginx.conf-dist: -------------------------------------------------------------------------------- 1 | 2 | #user nobody; 3 | worker_processes 1; 4 | 5 | #error_log logs/error.log; 6 | #error_log logs/error.log notice; 7 | #error_log logs/error.log info; 8 | 9 | #pid logs/nginx.pid; 10 | 11 | 12 | events { 13 | worker_connections 1024; 14 | } 15 | 16 | 17 | http { 18 | include mime.types; 19 | default_type application/octet-stream; 20 | 21 | #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 22 | # '$status $body_bytes_sent "$http_referer" ' 23 | # '"$http_user_agent" "$http_x_forwarded_for"'; 24 | 25 | #access_log logs/access.log main; 26 | 27 | sendfile on; 28 | #tcp_nopush on; 29 | 30 | #keepalive_timeout 0; 31 | keepalive_timeout 65; 32 | 33 | #gzip on; 34 | 35 | server { 36 | listen 80; 37 | server_name localhost; 38 | 39 | #charset koi8-r; 40 | 41 | #access_log logs/host.access.log main; 42 | 43 | location / { 44 | root /usr/local/www/nginx; 45 | index index.html index.htm; 46 | } 47 | 48 | #error_page 404 /404.html; 49 | 50 | # redirect server error pages to the static page /50x.html 51 | # 52 | error_page 500 502 503 504 /50x.html; 53 | location = /50x.html { 54 | root /usr/local/www/nginx-dist; 55 | } 56 | 57 | # proxy the PHP scripts to Apache listening on 127.0.0.1:80 58 | # 59 | #location ~ \.php$ { 60 | # proxy_pass http://127.0.0.1; 61 | #} 62 | 63 | # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 64 | # 65 | #location ~ \.php$ { 66 | # root html; 67 | # fastcgi_pass 127.0.0.1:9000; 68 | # fastcgi_index index.php; 69 | # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; 70 | # include fastcgi_params; 71 | #} 72 | 73 | # deny access to .htaccess files, if Apache's document root 74 | # concurs with nginx's one 75 | # 76 | #location ~ /\.ht { 77 | # deny all; 78 | #} 79 | } 80 | 81 | 82 | # another virtual host using mix of IP-, name-, and port-based configuration 83 | # 84 | #server { 85 | # listen 8000; 86 | # listen somename:8080; 87 | # server_name somename alias another.alias; 88 | 89 | # location / { 90 | # root html; 91 | # index index.html index.htm; 92 | # } 93 | #} 94 | 95 | 96 | # HTTPS server 97 | # 98 | #server { 99 | # listen 443; 100 | # server_name localhost; 101 | 102 | # ssl on; 103 | # ssl_certificate cert.pem; 104 | # ssl_certificate_key cert.key; 105 | 106 | # ssl_session_timeout 5m; 107 | 108 | # ssl_protocols SSLv2 SSLv3 TLSv1; 109 | # ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; 110 | # ssl_prefer_server_ciphers on; 111 | 112 | # location / { 113 | # root html; 114 | # index index.html index.htm; 115 | # } 116 | #} 117 | 118 | } 119 | -------------------------------------------------------------------------------- /modules/nginx/dist/koi-utf: -------------------------------------------------------------------------------- 1 | 2 | # This map is not a full koi8-r <> utf8 map: it does not contain 3 | # box-drawing and some other characters. Besides this map contains 4 | # several koi8-u and Byelorussian letters which are not in koi8-r. 5 | # If you need a full and standard map, use contrib/unicode2nginx/koi-utf 6 | # map instead. 7 | 8 | charset_map koi8-r utf-8 { 9 | 10 | 80 E282AC ; # euro 11 | 12 | 95 E280A2 ; # bullet 13 | 14 | 9A C2A0 ; #   15 | 16 | 9E C2B7 ; # · 17 | 18 | A3 D191 ; # small yo 19 | A4 D194 ; # small Ukrainian ye 20 | 21 | A6 D196 ; # small Ukrainian i 22 | A7 D197 ; # small Ukrainian yi 23 | 24 | AD D291 ; # small Ukrainian soft g 25 | AE D19E ; # small Byelorussian short u 26 | 27 | B0 C2B0 ; # ° 28 | 29 | B3 D081 ; # capital YO 30 | B4 D084 ; # capital Ukrainian YE 31 | 32 | B6 D086 ; # capital Ukrainian I 33 | B7 D087 ; # capital Ukrainian YI 34 | 35 | B9 E28496 ; # numero sign 36 | 37 | BD D290 ; # capital Ukrainian soft G 38 | BE D18E ; # capital Byelorussian short U 39 | 40 | BF C2A9 ; # (C) 41 | 42 | C0 D18E ; # small yu 43 | C1 D0B0 ; # small a 44 | C2 D0B1 ; # small b 45 | C3 D186 ; # small ts 46 | C4 D0B4 ; # small d 47 | C5 D0B5 ; # small ye 48 | C6 D184 ; # small f 49 | C7 D0B3 ; # small g 50 | C8 D185 ; # small kh 51 | C9 D0B8 ; # small i 52 | CA D0B9 ; # small j 53 | CB D0BA ; # small k 54 | CC D0BB ; # small l 55 | CD D0BC ; # small m 56 | CE D0BD ; # small n 57 | CF D0BE ; # small o 58 | 59 | D0 D0BF ; # small p 60 | D1 D18F ; # small ya 61 | D2 D180 ; # small r 62 | D3 D181 ; # small s 63 | D4 D182 ; # small t 64 | D5 D183 ; # small u 65 | D6 D0B6 ; # small zh 66 | D7 D0B2 ; # small v 67 | D8 D18C ; # small soft sign 68 | D9 D18B ; # small y 69 | DA D0B7 ; # small z 70 | DB D188 ; # small sh 71 | DC D18D ; # small e 72 | DD D189 ; # small shch 73 | DE D187 ; # small ch 74 | DF D18A ; # small hard sign 75 | 76 | E0 D0AE ; # capital YU 77 | E1 D090 ; # capital A 78 | E2 D091 ; # capital B 79 | E3 D0A6 ; # capital TS 80 | E4 D094 ; # capital D 81 | E5 D095 ; # capital YE 82 | E6 D0A4 ; # capital F 83 | E7 D093 ; # capital G 84 | E8 D0A5 ; # capital KH 85 | E9 D098 ; # capital I 86 | EA D099 ; # capital J 87 | EB D09A ; # capital K 88 | EC D09B ; # capital L 89 | ED D09C ; # capital M 90 | EE D09D ; # capital N 91 | EF D09E ; # capital O 92 | 93 | F0 D09F ; # capital P 94 | F1 D0AF ; # capital YA 95 | F2 D0A0 ; # capital R 96 | F3 D0A1 ; # capital S 97 | F4 D0A2 ; # capital T 98 | F5 D0A3 ; # capital U 99 | F6 D096 ; # capital ZH 100 | F7 D092 ; # capital V 101 | F8 D0AC ; # capital soft sign 102 | F9 D0AB ; # capital Y 103 | FA D097 ; # capital Z 104 | FB D0A8 ; # capital SH 105 | FC D0AD ; # capital E 106 | FD D0A9 ; # capital SHCH 107 | FE D0A7 ; # capital CH 108 | FF D0AA ; # capital hard sign 109 | } 110 | -------------------------------------------------------------------------------- /modules/nginx/dist/mime.types-dist: -------------------------------------------------------------------------------- 1 | 2 | types { 3 | text/html html htm shtml; 4 | text/css css; 5 | text/xml xml; 6 | image/gif gif; 7 | image/jpeg jpeg jpg; 8 | application/x-javascript js; 9 | application/atom+xml atom; 10 | application/rss+xml rss; 11 | 12 | text/mathml mml; 13 | text/plain txt; 14 | text/vnd.sun.j2me.app-descriptor jad; 15 | text/vnd.wap.wml wml; 16 | text/x-component htc; 17 | 18 | image/png png; 19 | image/tiff tif tiff; 20 | image/vnd.wap.wbmp wbmp; 21 | image/x-icon ico; 22 | image/x-jng jng; 23 | image/x-ms-bmp bmp; 24 | image/svg+xml svg; 25 | 26 | application/java-archive jar war ear; 27 | application/mac-binhex40 hqx; 28 | application/msword doc; 29 | application/pdf pdf; 30 | application/postscript ps eps ai; 31 | application/rtf rtf; 32 | application/vnd.ms-excel xls; 33 | application/vnd.ms-powerpoint ppt; 34 | application/vnd.wap.wmlc wmlc; 35 | application/vnd.wap.xhtml+xml xhtml; 36 | application/vnd.google-earth.kml+xml kml; 37 | application/vnd.google-earth.kmz kmz; 38 | application/x-cocoa cco; 39 | application/x-java-archive-diff jardiff; 40 | application/x-java-jnlp-file jnlp; 41 | application/x-makeself run; 42 | application/x-perl pl pm; 43 | application/x-pilot prc pdb; 44 | application/x-rar-compressed rar; 45 | application/x-redhat-package-manager rpm; 46 | application/x-sea sea; 47 | application/x-shockwave-flash swf; 48 | application/x-stuffit sit; 49 | application/x-tcl tcl tk; 50 | application/x-x509-ca-cert der pem crt; 51 | application/x-xpinstall xpi; 52 | application/zip zip; 53 | 54 | application/octet-stream bin exe dll; 55 | application/octet-stream deb; 56 | application/octet-stream dmg; 57 | application/octet-stream eot; 58 | application/octet-stream iso img; 59 | application/octet-stream msi msp msm; 60 | 61 | audio/midi mid midi kar; 62 | audio/mpeg mp3; 63 | audio/x-realaudio ra; 64 | 65 | video/3gpp 3gpp 3gp; 66 | video/mpeg mpeg mpg; 67 | video/quicktime mov; 68 | video/x-flv flv; 69 | video/x-mng mng; 70 | video/x-ms-asf asx asf; 71 | video/x-ms-wmv wmv; 72 | video/x-msvideo avi; 73 | } 74 | -------------------------------------------------------------------------------- /modules/ssh/templates/sshd_config.erb: -------------------------------------------------------------------------------- 1 | # $OpenBSD: sshd_config,v 1.80 2008/07/02 02:24:18 djm Exp $ 2 | # $FreeBSD$ 3 | 4 | # This is the sshd server system-wide configuration file. See 5 | # sshd_config(5) for more information. 6 | 7 | # This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin 8 | 9 | # The strategy used for options in the default sshd_config shipped with 10 | # OpenSSH is to specify options with their default value where 11 | # possible, but leave them commented. Uncommented options change a 12 | # default value. 13 | 14 | # Note that some of FreeBSD's defaults differ from OpenBSD's, and 15 | # FreeBSD has a few additional options. 16 | 17 | #VersionAddendum FreeBSD-20080801 18 | 19 | #Port 22 20 | #Protocol 2 21 | #AddressFamily any 22 | ListenAddress <%= ip %> 23 | #ListenAddress :: 24 | 25 | # Disable legacy (protocol version 1) support in the server for new 26 | # installations. In future the default will change to require explicit 27 | # activation of protocol 1 28 | Protocol 2 29 | 30 | # HostKey for protocol version 1 31 | #HostKey /etc/ssh/ssh_host_key 32 | # HostKeys for protocol version 2 33 | #HostKey /etc/ssh/ssh_host_rsa_key 34 | #HostKey /etc/ssh/ssh_host_dsa_key 35 | 36 | # Lifetime and size of ephemeral version 1 server key 37 | #KeyRegenerationInterval 1h 38 | #ServerKeyBits 1024 39 | 40 | # Logging 41 | # obsoletes QuietMode and FascistLogging 42 | #SyslogFacility AUTH 43 | #LogLevel INFO 44 | 45 | # Authentication: 46 | 47 | #LoginGraceTime 2m 48 | #PermitRootLogin no 49 | #StrictModes yes 50 | #MaxAuthTries 6 51 | #MaxSessions 10 52 | 53 | #RSAAuthentication yes 54 | #PubkeyAuthentication yes 55 | #AuthorizedKeysFile .ssh/authorized_keys 56 | 57 | # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts 58 | #RhostsRSAAuthentication no 59 | # similar for protocol version 2 60 | #HostbasedAuthentication no 61 | # Change to yes if you don't trust ~/.ssh/known_hosts for 62 | # RhostsRSAAuthentication and HostbasedAuthentication 63 | #IgnoreUserKnownHosts no 64 | # Don't read the user's ~/.rhosts and ~/.shosts files 65 | #IgnoreRhosts yes 66 | 67 | # Change to yes to enable built-in password authentication. 68 | #PasswordAuthentication no 69 | #PermitEmptyPasswords no 70 | 71 | # Change to no to disable PAM authentication 72 | #ChallengeResponseAuthentication yes 73 | 74 | # Kerberos options 75 | #KerberosAuthentication no 76 | #KerberosOrLocalPasswd yes 77 | #KerberosTicketCleanup yes 78 | #KerberosGetAFSToken no 79 | 80 | # GSSAPI options 81 | #GSSAPIAuthentication no 82 | #GSSAPICleanupCredentials yes 83 | 84 | # Set this to 'no' to disable PAM authentication, account processing, 85 | # and session processing. If this is enabled, PAM authentication will 86 | # be allowed through the ChallengeResponseAuthentication and 87 | # PasswordAuthentication. Depending on your PAM configuration, 88 | # PAM authentication via ChallengeResponseAuthentication may bypass 89 | # the setting of "PermitRootLogin without-password". 90 | # If you just want the PAM account and session checks to run without 91 | # PAM authentication, then enable this but set PasswordAuthentication 92 | # and ChallengeResponseAuthentication to 'no'. 93 | #UsePAM yes 94 | 95 | #AllowAgentForwarding yes 96 | #AllowTcpForwarding yes 97 | #GatewayPorts no 98 | #X11Forwarding yes 99 | #X11DisplayOffset 10 100 | #X11UseLocalhost yes 101 | #PrintMotd yes 102 | #PrintLastLog yes 103 | #TCPKeepAlive yes 104 | #UseLogin no 105 | #UsePrivilegeSeparation yes 106 | #PermitUserEnvironment no 107 | #Compression delayed 108 | #ClientAliveInterval 0 109 | #ClientAliveCountMax 3 110 | #UseDNS yes 111 | #PidFile /var/run/sshd.pid 112 | #MaxStartups 10 113 | #PermitTunnel no 114 | #ChrootDirectory none 115 | 116 | # no default banner path 117 | #Banner none 118 | 119 | # override default of no subsystems 120 | Subsystem sftp /usr/libexec/sftp-server 121 | 122 | # Example of overriding settings on a per-user basis 123 | #Match User anoncvs 124 | # X11Forwarding no 125 | # AllowTcpForwarding no 126 | # ForceCommand cvs server 127 | -------------------------------------------------------------------------------- /manifests/macros.pp: -------------------------------------------------------------------------------- 1 | # macros.pp 2 | # 3 | # Defines new resource types as a poor man's macro. 4 | 5 | # Synchronize a static file with the server. 6 | # Note: notify is inherited from parent, so no need to explicitly specify. 7 | define sync($prefix, $module, 8 | $owner = $root, 9 | $group = $wheel, 10 | $mode = 664, 11 | $ensure = present) { 12 | # Doesn't actually work because run on client instead of host. 13 | # if puppet_exists("$name.$hostname.erb") { 14 | # $exists = true 15 | # } else { 16 | # if puppet_exists("$name.$operatingsystem") { 17 | # $exists = true 18 | # } else { 19 | # if puppet_exists("$name") { 20 | # $exists = true 21 | # } else { 22 | # $exists = false 23 | # } 24 | # } 25 | # } 26 | 27 | file { "$prefix/$name": 28 | alias => $name, 29 | source => [ 30 | "puppet:///$module/$name.$hostname", 31 | "puppet:///$module/$name.$operatingsystem", 32 | "puppet:///$module/$name", 33 | # "puppet:///custom/blank", messes up sshd. 34 | ], 35 | } 36 | 37 | # Set overrides here so that defaults from File still work. 38 | if $mode != 664 { File["$prefix/$name"] { mode => $mode } } 39 | if $owner != $root { File["$prefix/$name"] { owner => $owner } } 40 | if $group != $wheel { File["$prefix/$name"] { group => $group } } 41 | if $ensure != present { File["$prefix/$name"] { ensure => $ensure } } 42 | } 43 | 44 | # Synchronize a static directory with the server. 45 | define sdir($prefix, $module, 46 | $owner = $root, 47 | $group = $wheel, 48 | $mode = 664, 49 | $links = manage, 50 | $ignore = '', 51 | $ensure = present) { 52 | file { "$prefix/$name": 53 | links => $links, 54 | ignore => $ignore, 55 | recurse => inf, 56 | purge => true, 57 | source => [ 58 | "puppet:///$module/$name.$hostname", 59 | "puppet:///$module/$name.$operatingsystem", 60 | "puppet:///$module/$name", 61 | ], 62 | } 63 | 64 | # Doesn't work because ensure => directory nukes symlinks. 65 | # if defined(File["$prefix"]) { 66 | # } else { 67 | # if exists("$prefix") { 68 | # file { "$prefix": 69 | # owner => undef, 70 | # group => undef, 71 | # mode => undef, 72 | # ensure => present, 73 | # } 74 | # } else { 75 | # file { "$prefix": 76 | # owner => $owner, 77 | # group => $group, 78 | # mode => $mode, 79 | # ensure => directory, 80 | # } 81 | # } 82 | # } 83 | 84 | # Set overrides here so that defaults from File still work. 85 | if $mode != 664 { File["$prefix/$name"] { mode => $mode } } 86 | if $owner != $root { File["$prefix/$name"] { owner => $owner } } 87 | if $group != $wheel { File["$prefix/$name"] { group => $group } } 88 | if $ensure != present { File["$prefix/$name"] { ensure => $ensure } } 89 | } 90 | 91 | # Synchronize a dynamic (template) file with the server. 92 | define itpl($prefix, $module, 93 | $owner = $root, 94 | $group = $wheel, 95 | $mode = 664, 96 | $ensure = present) { 97 | if puppet_exists("$name.$hostname.erb") { 98 | $template = template("$module/$name.$hostname.erb") 99 | } else { 100 | if puppet_exists("$name.$operatingsystem.erb") { 101 | $template = template("$module/$name.$operatingsystem.erb") 102 | } else { 103 | $template = template("$module/$name.erb") 104 | } 105 | } 106 | 107 | file { "$prefix/$name": 108 | alias => $name, 109 | content => $template, 110 | } 111 | 112 | # Set overrides here so that defaults from File still work. 113 | if $mode != 664 { File["$prefix/$name"] { mode => $mode } } 114 | if $owner != $root { File["$prefix/$name"] { owner => $owner } } 115 | if $group != $wheel { File["$prefix/$name"] { group => $group } } 116 | if $ensure != present { File["$prefix/$name"] { ensure => $ensure } } 117 | } 118 | 119 | -------------------------------------------------------------------------------- /modules/core/manifests/freebsd.pp: -------------------------------------------------------------------------------- 1 | # module: core/freebsd.pp 2 | # 3 | # ref: 4 | 5 | class core::freebsd { 6 | define line($file, $line, $ensure = 'present') { 7 | case $ensure { 8 | default: { err ( "unknown ensure value ${ensure}" ) } 9 | present: { 10 | exec { 11 | "/bin/echo '${line}' >> '${file}'": 12 | unless => "/usr/bin/grep -qFx '${line}' '${file}'" 13 | } 14 | } 15 | absent: { 16 | exec { 17 | "/usr/bin/sed -i '' -e '/^${line}\$/d' '${file}'": 18 | onlyif => "/usr/bin/grep -qFx '${line}' '${file}'" 19 | } 20 | } 21 | } 22 | } 23 | 24 | define shell_config($file, $key, $value, $ensure = 'present') { 25 | case $ensure { 26 | default: { err ( "unknown ensure value ${ensure}" ) } 27 | present: { 28 | exec { 29 | "shell_config_unique_$ensure '$file$key'": 30 | unless => "/bin/test `/usr/bin/grep -cE '^[ \t]*$key=' -- $file` -le 1", 31 | command => "/usr/bin/sed -i '' -e '/$key=\".*\"/d' $file"; 32 | "shell_config_create_$ensure '$file$key'": 33 | unless => "/usr/bin/grep -qE '^[ \t]*$key=' -- $file", 34 | command => "/usr/bin/printf '%s=\"%s\"\n' '$key' '$value' >> '${file}'"; 35 | "shell_config_update_$ensure '$file$key'": 36 | unless => "/usr/bin/grep -qE '^[ \t]*$key=\"$value\"' -- $file", 37 | command => "/usr/bin/sed -i '' -e 's/$key=\".*\"/$key=\"$value\"/' $file"; 38 | } 39 | } 40 | absent: { 41 | exec { "shell_config_delete_$ensure $file$key": 42 | onlyif => "/usr/bin/grep -qE '^[ \t]*$key=' -- $file", 43 | command => "/usr/bin/sed -i '' -e '/$key=\".*\"/d' $file"; 44 | } 45 | } 46 | } 47 | } 48 | 49 | define periodic_conf($value) { 50 | shell_config { "periodic_conf_${name}": 51 | file => '/etc/periodic.conf', 52 | key => $name, 53 | value => $value 54 | } 55 | } 56 | 57 | define rc_conf_local($value) { 58 | shell_config { "rc_conf_local_${name}": 59 | file => "/etc/rc.conf.local", 60 | key => $name, 61 | value => $value; 62 | } 63 | } 64 | 65 | ### EXAMPLE 66 | # 67 | #periodic_conf { 68 | # daily_show_badconfig: value => YES; 69 | # daily_clean_tmps_enable: value => YES; 70 | # weekly_noid_enable: value => YES; 71 | # weekly_status_pkg_enable: value => YES; 72 | #} 73 | # 74 | #rc_conf_local { 75 | # inetd_flags: value => "-wW -a $ipaddress"; 76 | #} 77 | 78 | define ports_conf($key, $value) { 79 | shell_config { 80 | "port_${name}_rc_conf_${key}": 81 | file => "/etc/rc.conf.d/${name}", 82 | key => $key, 83 | value => $value; 84 | } 85 | } 86 | 87 | define ports_enable { 88 | ports_conf { $name: key => "${name}_enable", value => "YES" } 89 | } 90 | 91 | ### EXAMPLE 92 | # 93 | #node 'freebsd.local' { 94 | # include freebsd-mtree 95 | # include ports-puppet 96 | #} 97 | # 98 | ## Only needed to create /etc/rc.conf.d: 99 | #class freebsd-mtree { 100 | # file { 101 | # "/etc/rc.conf.d": 102 | # ensure => directory. 103 | # owner => root, 104 | # group => wheel, 105 | # mode => 755; 106 | # } 107 | #} 108 | # 109 | #class ports-puppet { 110 | #... 111 | # file { "/usr/local/etc/puppet/puppet.conf": 112 | # alias => "puppet.conf", 113 | # path => "/usr/local/etc/puppet/puppet.conf", 114 | # owner => root, 115 | # group => wheel, 116 | # mode => 444, 117 | # source => "..."; 118 | # } 119 | # 120 | # exec { "puppetd-restart": 121 | # command => "/usr/local/etc/rc.d/puppetd restart", 122 | # subscribe => File["puppetd.conf"], 123 | # refreshonly => true, 124 | # } 125 | # 126 | # ports_conf { 127 | # puppetd: key => puppetd_enable, value => YES; 128 | # puppetmasterd: key => puppetmasterd_enable, value => YES; 129 | # } 130 | #} 131 | } 132 | -------------------------------------------------------------------------------- /modules/nginx/dist/win-utf: -------------------------------------------------------------------------------- 1 | 2 | # This map is not a full windows-1251 <> utf8 map: it does not 3 | # contain Serbian and Macedonian letters. If you need a full map, 4 | # use contrib/unicode2nginx/win-utf map instead. 5 | 6 | charset_map windows-1251 utf-8 { 7 | 8 | 82 E2809A ; # single low-9 quotation mark 9 | 10 | 84 E2809E ; # double low-9 quotation mark 11 | 85 E280A6 ; # ellipsis 12 | 86 E280A0 ; # dagger 13 | 87 E280A1 ; # double dagger 14 | 88 E282AC ; # euro 15 | 89 E280B0 ; # per mille 16 | 17 | 91 E28098 ; # left single quotation mark 18 | 92 E28099 ; # right single quotation mark 19 | 93 E2809C ; # left double quotation mark 20 | 94 E2809D ; # right double quotation mark 21 | 95 E280A2 ; # bullet 22 | 96 E28093 ; # en dash 23 | 97 E28094 ; # em dash 24 | 25 | 99 E284A2 ; # trade mark sign 26 | 27 | A0 C2A0 ; #   28 | A1 D18E ; # capital Byelorussian short U 29 | A2 D19E ; # small Byelorussian short u 30 | 31 | A4 C2A4 ; # currency sign 32 | A5 D290 ; # capital Ukrainian soft G 33 | A6 C2A6 ; # borken bar 34 | A7 C2A7 ; # section sign 35 | A8 D081 ; # capital YO 36 | A9 C2A9 ; # (C) 37 | AA D084 ; # capital Ukrainian YE 38 | AB C2AB ; # left-pointing double angle quotation mark 39 | AC C2AC ; # not sign 40 | AD C2AD ; # soft hypen 41 | AE C2AE ; # (R) 42 | AF D087 ; # capital Ukrainian YI 43 | 44 | B0 C2B0 ; # ° 45 | B1 C2B1 ; # plus-minus sign 46 | B2 D086 ; # capital Ukrainian I 47 | B3 D196 ; # small Ukrainian i 48 | B4 D291 ; # small Ukrainian soft g 49 | B5 C2B5 ; # micro sign 50 | B6 C2B6 ; # pilcrow sign 51 | B7 C2B7 ; # · 52 | B8 D191 ; # small yo 53 | B9 E28496 ; # numero sign 54 | BA D194 ; # small Ukrainian ye 55 | BB C2BB ; # right-pointing double angle quotation mark 56 | 57 | BF D197 ; # small Ukrainian yi 58 | 59 | C0 D090 ; # capital A 60 | C1 D091 ; # capital B 61 | C2 D092 ; # capital V 62 | C3 D093 ; # capital G 63 | C4 D094 ; # capital D 64 | C5 D095 ; # capital YE 65 | C6 D096 ; # capital ZH 66 | C7 D097 ; # capital Z 67 | C8 D098 ; # capital I 68 | C9 D099 ; # capital J 69 | CA D09A ; # capital K 70 | CB D09B ; # capital L 71 | CC D09C ; # capital M 72 | CD D09D ; # capital N 73 | CE D09E ; # capital O 74 | CF D09F ; # capital P 75 | 76 | D0 D0A0 ; # capital R 77 | D1 D0A1 ; # capital S 78 | D2 D0A2 ; # capital T 79 | D3 D0A3 ; # capital U 80 | D4 D0A4 ; # capital F 81 | D5 D0A5 ; # capital KH 82 | D6 D0A6 ; # capital TS 83 | D7 D0A7 ; # capital CH 84 | D8 D0A8 ; # capital SH 85 | D9 D0A9 ; # capital SHCH 86 | DA D0AA ; # capital hard sign 87 | DB D0AB ; # capital Y 88 | DC D0AC ; # capital soft sign 89 | DD D0AD ; # capital E 90 | DE D0AE ; # capital YU 91 | DF D0AF ; # capital YA 92 | 93 | E0 D0B0 ; # small a 94 | E1 D0B1 ; # small b 95 | E2 D0B2 ; # small v 96 | E3 D0B3 ; # small g 97 | E4 D0B4 ; # small d 98 | E5 D0B5 ; # small ye 99 | E6 D0B6 ; # small zh 100 | E7 D0B7 ; # small z 101 | E8 D0B8 ; # small i 102 | E9 D0B9 ; # small j 103 | EA D0BA ; # small k 104 | EB D0BB ; # small l 105 | EC D0BC ; # small m 106 | ED D0BD ; # small n 107 | EE D0BE ; # small o 108 | EF D0BF ; # small p 109 | 110 | F0 D180 ; # small r 111 | F1 D181 ; # small s 112 | F2 D182 ; # small t 113 | F3 D183 ; # small u 114 | F4 D184 ; # small f 115 | F5 D185 ; # small kh 116 | F6 D186 ; # small ts 117 | F7 D187 ; # small ch 118 | F8 D188 ; # small sh 119 | F9 D189 ; # small shch 120 | FA D18A ; # small hard sign 121 | FB D18B ; # small y 122 | FC D18C ; # small soft sign 123 | FD D18D ; # small e 124 | FE D18E ; # small yu 125 | FF D18F ; # small ya 126 | } 127 | -------------------------------------------------------------------------------- /modules/nginx/lib/options_core.rb: -------------------------------------------------------------------------------- 1 | # Helper functions. 2 | def pputs(str); $server.prefix += str.to_s + "\n"; end 3 | def sputs(str); $server.suffix += str.to_s + "\n"; end 4 | def oputs(str); $server.opt += str.to_s + "\n"; end 5 | 6 | def redirect(to) 7 | oputs <<-eos 8 | rewrite ^/(.*) #{to}/$1 permanent; 9 | eos 10 | end 11 | 12 | def redirh(to) 13 | redir("http://#{to}") 14 | end 15 | 16 | def password(htaccess) 17 | oputs <<-eos 18 | auth_basic "Restricted"; 19 | auth_basic_user_file #{htaccess}; 20 | eos 21 | end 22 | 23 | # Sends requests to index.php?q=(req) for WP. 24 | def index_redir(base) 25 | oputs <<-eos 26 | if (-f $request_filename) { break; } 27 | if (-d $request_filename) { break; } 28 | rewrite ^(.+)$ #{base}$1 last; 29 | eos 30 | end 31 | 32 | def rename(req, loc) 33 | oputs <<-eos 34 | location #{req} { 35 | alias #{loc}; 36 | } 37 | eos 38 | end 39 | 40 | ######################################################################## 41 | # 42 | # 43 | # Four major scripting languages. 44 | # 45 | # 46 | def php 47 | oputs <<-eos 48 | location ~ \.php$ { 49 | fastcgi_pass 127.0.0.1:9000; 50 | fastcgi_index index.php; 51 | fastcgi_param SCRIPT_FILENAME $root_pub/$subdomain/$fastcgi_script_name; 52 | include /etc/nginx/fastcgi_params; 53 | } 54 | eos 55 | end 56 | def py 57 | oputs <<-eos 58 | location ~ \.py$ { 59 | proxy_pass http://localhost:8080/$rel_root_pub/$subdomain/$uri; 60 | proxy_set_header Host $host; 61 | } 62 | eos 63 | end 64 | def rb 65 | oputs <<-eos 66 | location ~ \.rb$ { 67 | proxy_pass http://localhost:8080/$rel_root_pub/$subdomain/$uri; 68 | proxy_set_header Host $host; 69 | } 70 | eos 71 | end 72 | def pl 73 | oputs <<-eos 74 | location ~ \.pl$ { 75 | proxy_pass http://localhost:8080/$rel_root_pub/$subdomain/$uri; 76 | proxy_set_header Host $host; 77 | } 78 | eos 79 | end 80 | def pppr 81 | php; py; pl; rb 82 | end 83 | 84 | ######################################################################## 85 | # 86 | # 87 | # Application-specific configurations. 88 | # 89 | # 90 | def doku 91 | oputs <<-eos 92 | rewrite ^(/)_media/(.*) $1lib/exe/fetch.php?media=$2 last; 93 | rewrite ^(/)_detail/(.*) $1lib/exe/detail.php?media=$2 last; 94 | rewrite ^(/)_export/([^/]+)/(.*) $1doku.php?do=export_$2&id=$3 last; 95 | 96 | location / { 97 | if (!-f $request_filename) { 98 | rewrite ^(/)(.*)?(.*) $1doku.php?id=$2&$3 last; 99 | rewrite ^(/)$ $1doku.php last; 100 | } 101 | } 102 | eos 103 | end 104 | 105 | def mailman 106 | oputs <<-eos 107 | # Show in the main page the list info 108 | rewrite ^/$ /mailman/listinfo permanent; 109 | 110 | location /mailman/ { 111 | # Use thttpd for CGI 112 | proxy_pass http://localhost:8080/mailman/; 113 | 114 | proxy_set_header Host $host; 115 | #proxy_intercept_errors on; 116 | } 117 | 118 | location /icons/ { 119 | alias /usr/local/mailman/icons/; 120 | } 121 | 122 | location /pipermail/ { 123 | alias /usr/local/mailman/archives/public/; 124 | } 125 | eos 126 | end 127 | 128 | # Proxy to some backend. 129 | def proxy(port, num = 1) 130 | pputs "upstream #{port}_cluster {" 131 | num.times {|i| pputs " server 127.0.0.1:#{port+i};"} 132 | pputs "}\n" 133 | 134 | oputs <<-eos 135 | location / { 136 | proxy_pass http://#{port}_cluster; 137 | proxy_redirect off; 138 | proxy_set_header Host $host; 139 | proxy_set_header X-Real-IP $remote_addr; 140 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 141 | } 142 | eos 143 | end 144 | 145 | # fcgi to some backend. 146 | def fcgi(port, additional = '') 147 | oputs <<-eos 148 | location / { 149 | fastcgi_pass 127.0.0.1:#{port}; 150 | fastcgi_param SCRIPT_FILENAME $root_pub/$subdomain/$fastcgi_script_name; 151 | include /etc/nginx/fastcgi_params; 152 | #{additional} 153 | } 154 | eos 155 | end 156 | 157 | # Remember to cap deploy && cap deploy:start 158 | def rails(port, num) 159 | pputs "upstream #{port}_cluster {" 160 | num.times {|i| pputs " server 127.0.0.1:#{port+i};"} 161 | pputs "}\n" 162 | 163 | oputs <<-eos 164 | location / { 165 | proxy_set_header X-Real-IP $remote_addr; 166 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 167 | proxy_set_header Host $http_host; 168 | proxy_redirect off; 169 | 170 | if (-f $request_filename/index.html) { 171 | rewrite (.*) $1/index.html break; 172 | } 173 | 174 | if (-f $request_filename.html) { 175 | rewrite (.*) $1.html break; 176 | } 177 | 178 | if (!-f $request_filename) { 179 | proxy_pass http://#{port}_cluster; 180 | break; 181 | } 182 | } 183 | eos 184 | end 185 | -------------------------------------------------------------------------------- /README.mkd: -------------------------------------------------------------------------------- 1 | Please README First! 2 | ==================== 3 | This is a collection of [Puppet](http://reductivelabs.com/trac/puppet/wiki/DocumentationStart) 0.24.8 configuration files for FreeBSD. I make heavy use of defaults and defines to heavily reduce code weight. Hopefully this will be of instructive value to new users of Puppet and inspirational value to old users. 4 | 5 | I am definitely willing to add additional documentation as necessary. Just [email](mailto:eshao@nekogiri.com) me. 6 | 7 | 8 | List of Modules 9 | --------------- 10 | TODO: Add link to each module. 11 | 12 | * __core__ -- System files for hypervisor and child jails. 13 | * __environment/project__ -- Baseline programming environments for projects to inherit and examples of some of those projects. 14 | * __exim/mailman__ -- Configuration for baseline exim/mailman install. Extensive documentation available on how to move from one server to another. Less, but still documented, on how to install. 15 | * __ezjail__ -- Jail manager for FreeBSD. Really useful for setting up/tearing down jails quickly. 16 | * __mount__ -- Very simple module to control jailed fstabs for ezjail. 17 | * __nginx__ -- Complete configuration to nginx, one of my specialties. It includes a copy of [stationx](http://github.com/eshao/stationx), a configuration generation tool for nginx -- it makes managing nginx configuration files much easier! 18 | * __mysql__ -- Simple mysql+[sphinx](http://www.sphinxsearch.com/) module. 19 | * __ports__ -- Controls installation of all software not covered above. (Basically, every port that requires installation but not configuration.) Includes simple ruby script to help automate this process. 20 | * __puppet__ -- Meta module that maintains Puppet's files. Essential for any Puppet setup. 21 | * __ssh__ -- Managed per-machine ssh keys. 22 | * __thttpd__ -- Configured specifically for nginx/mailman. 23 | * __user__ -- Shows how to setup the virtual/real user model advocated on Puppet's wiki. The examples there aren't as full, so this should be helpful to new users. 24 | 25 | 26 | Infrastructure 27 | -------------- 28 | My infrastructure consists of one physical machine separated into several jails for permission AND ease-of-use purposes. 29 | 30 | * __rescue__ -- Hypervisor machine and fileserver. 31 | * __hyper__ -- Jail, hosts puppetmasterd. 32 | * __neko__ -- Jail, personal sites. 33 | * __dso__ -- Jail, for [DSO](http://dsoglobal.org), a student org I founded. 34 | * __lp__ -- Jail, for experimental use. 35 | 36 | It was important for me to be able to quickly tear down a jail and put it up again with a preset environment already installed. In general, this is how I do it: 37 | 38 | 1. Use [ezjail-admin](http://erdgeist.org/arts/software/ezjail/) to drop the jail. 39 | 2. Use Puppet (node.pp) to configure the environment of the new jail: which {users,ports,development environments,daemons/services,projects} are present/running. 40 | 3. Use ezjail again to bring up the new jail. The ezjail module makes sure that puppetd is already running on the new jail. 41 | 4. Login to the new jail and run Puppet to bring it fully online. 42 | 43 | That is the main use case for my use of Puppet. Here are the secondary reasons: 44 | 45 | * __[DRY](http://en.wikipedia.org/wiki/Don%27t_repeat_yourself) configuration files__ -- When I create a configuration file, I usually want to use it on all machines. I hate the process of making sure each copy of a file is identical. 46 | * __Canonical location for files__ -- It was also nice to have one place to refer to for the "latest" copy of each file. 47 | * __Canonical location for documentation__ -- For software I use often, I usually have some sort of "how-to-install" notes for myself. Puppet is a great place to keep and share such notes. 48 | * There are probably others, I'll put them up as I think of them. 49 | 50 | 51 | Code Samples 52 | ------------ 53 | TODO: Walk through a canonical module that demonstrates language constructs I use. 54 | TODO: Walk through confusing modules here. (user, environment?) 55 | 56 | Would someone be kind enough to let me know which modules they find the most confusing or demonstrative/canonical of this repo? 57 | 58 | 59 | Caveats 60 | ------- 61 | These configuration files are all working and in production on my own server. However, because I redacted several files for privacy reasons (SSH id_rsa's, for example), I don't guarantee that the complete configuration will work out of the box for you. 62 | 63 | However, I still think they'll be of instructive value for those who think/code like me. I searched quite a while for a complete/simple/comprehensive Puppet public repository and failed to find one. There are [several](http://reductivelabs.com/trac/puppet/wiki/PuppetModules) [complete](http://reductivelabs.com/trac/puppet/wiki/DocumentationStart) ones, but were slightly confusing for me to follow along. 64 | 65 | My suggestion for you is try all of them and pick the author you find most lucid. 66 | 67 | - - - 68 | 69 | Files changed for privacy concerns: 70 | 71 | * __tagmail.conf__ -- redacted email addresses. 72 | * __modules/puppet/templates/tagmail.conf.erb__ -- redacted email addresses. 73 | * __modules/exim/templates/aliases.erb__ -- redacted email addresses. 74 | * __modules/user/manifests/virtual.pp__ -- removed users and changed to bogus password hashes. 75 | * __modules/user/manifests/real/dso.pp__ -- changed real users to bogus ones. 76 | * __modules/user/manifests/real/neko.pp__ -- changed real users to bogus ones. 77 | 78 | Files blanked to size 0 for privacy concerns: 79 | 80 | * __modules/nginx/files/passwords/personal.htaccess__ -- obvious reason. 81 | 82 | Files removed for privacy concerns: 83 | 84 | * __modules/nginx/files/enabled/*__ -- (5 files) -- unnecessary, as can generate it using included stationx. 85 | * __modules/ssh/files/*__ -- (15 files) -- files of format: ssh_host_{dsa,rsa,}_key. 86 | 87 | 88 | TODO 89 | ---- 90 | There is an embarassing amount TODO simply because I just open-sourced my modules. (Although the production version has been in development for a long time and represents years of experience.) Hints on how to prioritize would be nice. Again, hit up my email. 91 | 92 | * Logic behind the various files in /manifests and how they interact. 93 | * Document the use of defines and defaults within modules (through code samples?). 94 | * Make this TODO list comprehensive. 95 | -------------------------------------------------------------------------------- /modules/nginx/lib/README.mkd: -------------------------------------------------------------------------------- 1 | stationx -- An Nginx Configuration Generator 2 | ================================ 3 | 4 | Quick note: For now, an example configuration file can be found at but this will move to Github ASAP. 5 | 6 | stationx is an attempt to make creating and **maintaining** [nginx](http://nginx.net/) configuration files easier. 7 | 8 | Instead of writing something like this: 9 | 10 | 1 server { 11 | 2 set $name eshao.es; 12 | 3 set $root /var/www/eshao.es; 13 | 4 set $root_pub /var/www/eshao.es/public; 14 | 5 set $rel_root_pub eshao.es/public; 15 | 6 16 | 7 listen 80; 17 | 8 server_name .eshao.es; 18 | 9 access_log /var/www/eshao.es/log/access.log; 19 | 10 error_log /var/www/eshao.es/log/error.log info; 20 | 11 21 | 12 if ($host ~* ^www.(.*)) { 22 | 13 set $host_without_www $1; 23 | 14 rewrite ^(.*)$ http://$host_without_www$1 permanent; 24 | 15 } 25 | 16 26 | 17 if ($host ~ ^(.*?).?eshao.es) { 27 | 18 set $subdomain $1; 28 | 19 } 29 | 20 30 | 21 location ~ .php$ { 31 | 22 fastcgi_pass 127.0.0.1:9000; 32 | 23 fastcgi_index index.php; 33 | 24 fastcgi_param SCRIPT_FILENAME $root_pub/$subdomain/$fastcgi_script_name; 34 | 25 include /etc/nginx/fastcgi_params; 35 | 26 } 36 | 27 37 | 28 location ~ .py$ { 38 | 29 proxy_pass http://localhost:8080/$rel_root_pub/$subdomain/$uri; 39 | 30 proxy_set_header Host $host; 40 | 31 } 41 | 32 42 | 33 location ~ .pl$ { 43 | 34 proxy_pass http://localhost:8080/$rel_root_pub/$subdomain/$uri; 44 | 35 proxy_set_header Host $host; 45 | 36 } 46 | 37 47 | 38 location ~ .rb$ { 48 | 39 proxy_pass http://localhost:8080/$rel_root_pub/$subdomain/$uri; 49 | 40 proxy_set_header Host $host; 50 | 41 } 51 | 42 52 | 43 root $root_pub/$subdomain/; 53 | 44 index index.php index.html index.htm home.php home.html home.htm main.php main.html main.htm; 54 | 45 } 55 | 56 | Write something as simple as this: 57 | 58 | 1 N.new('.eshao.es') { pppr } >> 'nginx_configuration_file_for_server1' 59 | 60 | To summarize the benefits: 61 | 62 | * __Far smaller configurations__: In my personal sysadmin duties, this has reduced 52 kilobytes of messy non-standard nginx configurations into a sleek 6 kilobyte [file](http://dl.dropbox.com/u/146184/config.rb). 63 | * __Standardized configurations__: Instead of hunting best-practice configurations from Wiki, Google, and heresay, let geeks in the know provide the specifics of your configuration. If you don't want to deal with the details, they're happily abstracted away from you. 64 | * __[DRY](http://en.wikipedia.org/wiki/Don%27t_repeat_yourself) configurations__: Whenever I need to change anything, I change it in one place and run one ruby script to regenerate configurations for ALL my domains. 65 | * __Extensibility__: Out of the box, stationx comes with support for Wordpress, Doku, Rails, Sinatra, and other applications that need proxying or rewriting. If you need to add further customization for your favorite software, simply modify options_core.rb with the snippet of text you need included. 66 | * __Quicker generation of new configurations__: Now whenever a friend asks you to host their personal domain, you don't need to cringe at the thought of copy-pasting yet another nginx configuration. Just add one line and you're done! 67 | 68 | The only time you shouldn't use stationx is when you have many non-standard configurations. 69 | 70 | 71 | Philosophy 72 | ---------------- 73 | * __One-right-way__ -- Borrowing from Python, there is one correct place for your files for a given domain to go. Even though you can customize, we codify best practices into the framework. 74 | * __Declaritive language__ -- Taking a cue from Puppet, specify what you want your end result to be instead of how to get there. 75 | 76 | 77 | Configuration & Setup 78 | ------------------------------- 79 | The standard download includes an example file consisting of my own personal stationx configuration file. Please play around with it and slowly co-opt it for your own use. 80 | 81 | For now, it expects a folder hierarchy like this: 82 | 83 | * config.rb 84 | * lib/{nginx_server.rb,options_core.rb} 85 | * files/enabled/ 86 | 87 | After successfully running for `N.new('.example.com') >> 'server1'`, you will have an nginx config file in . This file should be copied into your enabled sites folder and expects the following web directory setup: 88 | 89 | * __/var/www__ -- Location of all served files. 90 | * __/var/www/eshao.es/public__ -- Location of all served files for `{www,}.eshao.es`. corresponds to `/var/www/eshao.es/public/index.html` . 91 | * __/var/www/eshao.es/public/sd__ -- Location of all served files for `sd.eshao.es`. http://sd.eshao.es corresponds to `/var/www/eshao.es/public/sd/index.html` . 92 | * __/var/www/eshao.es/log__ -- Location of log files. 93 | 94 | Here is a baseline setup for `N.new('.example.com') { php }`: 95 | 96 | TBD 97 | 98 | 99 | Timeline 100 | ------------ 101 | stationx is currently in a usable beta form. As it is a personal project, it needs to be cleaned up and its configurations need to be vetted by experts so we can authoritatively say we have best-practice configurations. 102 | 103 | Here is a roadmap of what needs to be done: 104 | 105 | * Freeze and document the API. 106 | * Provide copies of baseline nginx.conf to let people bootstrap. 107 | * Wiki-ish documentation and examples need to be added. 108 | * Give a walkthrough of setting up an nginx configuration with stationx on FreeBSD -- where different files should go, etc. 109 | * Document how nginx plays with {php's fastcgi, thttpd, rails, wordpress}. 110 | * Collect feedback and patches from experts on configurations themselves. 111 | * Refactor options_core.rb into smaller files that are considered modules or extensions. Some code from nginx_core.rb should also go into these modules. Extensibility is a priority. 112 | * Document and refactor nginx_core.rb so a newcomer can see what it is doing. 113 | 114 | 115 | -------------------------------------------------------------------------------- /modules/nginx/stationx: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | require 'lib/options_core.rb' 4 | require 'lib/nginx_server.rb' 5 | 6 | ################################################################################ 7 | # 8 | # 9 | # OVERTURE 10 | # 11 | # 12 | A = 'files/enabled' 13 | gen = { 14 | :hyper => File.join(A, "gen.host.hyper"), 15 | :neko => File.join(A, "gen.host.neko"), 16 | :dso => File.join(A, "gen.host.dso"), 17 | :lp => File.join(A, "gen.host.lp"), 18 | :default => File.join(A, "gen.all"), 19 | } 20 | P = '/etc/nginx/passwords' 21 | pw = { 22 | :personal => File.join(P, "personal.htaccess") 23 | } 24 | def www(str); File.join('/var/www', str); end 25 | def lh(str); File.join(www('localhost'), str); end 26 | 27 | # Clean . 28 | `sudo rm #{ A }/* && sudo touch #{A}/gen.host` 29 | 30 | ################################################################################ 31 | # 32 | # 33 | # Club websites 34 | # 35 | # 36 | N.new('.cmu-ucc.com') { php } >> gen[:neko] 37 | 38 | # DSO 39 | def dso(str); www(File.join('dsoglobal.org',str)); end 40 | dso_log = dso('log') 41 | 42 | N.new('.dsoglobal.org', dso('public'), dso_log) \ 43 | { php } >> gen[:dso] 44 | N.new('forms.dsoglobal.org', dso('forms'), dso_log) \ 45 | { index_redir('index.php?n='); php } >> gen[:dso] 46 | N.new('crm.dsoglobal.org', dso('crm'), dso_log) \ 47 | { php } >> gen[:dso] 48 | N.new('wiki.dsoglobal.org', dso('wiki'), dso_log) \ 49 | { doku; php } >> gen[:dso] 50 | N.new('research.dsoglobal.org', dso('research'), dso_log) \ 51 | { doku; php } >> gen[:dso] 52 | N.new('wishlist.dsoglobal.org', dso('wishlist'), dso_log) \ 53 | { rails(9474, 2) } >> gen[:dso] 54 | 55 | # Redirect from cmudso.org -> dsoglobal.org. 56 | redir('.cmudso.org', 'http://dsoglobal.org') >> gen[:dso] 57 | redir('crm.cmudso.org', 'http://crm.dsoglobal.org') >> gen[:dso] 58 | redir('research.cmudso.org', 'http://research.dsoglobal.org') >> gen[:dso] 59 | redir('wishlist.cmudso.org', 'http://wishlist.dsoglobal.org') >> gen[:dso] 60 | N.new('forms.cmudso.org', dso('forms'), dso_log) \ 61 | { index_redir('index.php?n='); php } >> gen[:dso] 62 | 63 | # Mailman 64 | N.new('lists.dsoglobal.org', :localhost) { mailman } >> gen[:dso] 65 | redir('lists.cmudso.org', 'http://lists.dsoglobal.org') >> gen[:dso] 66 | N.new('lists.nekogiri.com', :localhost) { mailman } >> gen[:dso] 67 | 68 | ################################################################################ 69 | # 70 | # 71 | # Wordpress 72 | # 73 | # 1) Edit . 74 | # 2) Run , . 75 | # 3) Run <(base)/wp-admin/install.php> OR restore an SQL dump. 76 | # 77 | # ref: 78 | ['.inditingcycles.com', '.photologu.es', 'wp.annotalia.com'].each do |domain| 79 | N.new(domain, lh('public/wordpress')) \ 80 | { index_redir('index.php?q='); php } >> gen[:neko] 81 | end 82 | N.new('indcyc.com', :localhost) { proxy(4632) } >> gen[:neko] 83 | N.new('annotalia.com', :localhost) { proxy(2666) } >> gen[:neko] 84 | N.new('alpha.photologu.es', lh('public/travelogue')) { php; } >> gen[:neko] 85 | 86 | ################################################################################ 87 | # 88 | # 89 | # My personal websites 90 | # 91 | # 92 | [ 93 | '.kamipad.com', 94 | '.eshao.es', 95 | '.lambdapress.com', 96 | '.friedneko.com', 97 | ].each {|domain| N.new(domain) { pppr } >> gen[:neko] } 98 | N.new('.ring0.org') { oputs 'default_type text/plain;'; php } >> gen[:neko] 99 | 100 | # Archive. 101 | def fn(str); File.join(www('friedneko.com'), str); end 102 | N.new('aimlog.friedneko.com', fn('archive/misc/aimlog'), fn('log')) \ 103 | { php; } >> gen[:neko] 104 | N.new('archive.friedneko.com', fn('archive'), fn('log')) \ 105 | { php; password pw[:personal] } >> gen[:neko] 106 | 107 | ################################################################################ 108 | # 109 | # 110 | # My projects 111 | # 112 | # 113 | N.new('graphafrica.com') { php } >> gen[:neko] 114 | N.new('wiki.graphafrica.com', \ 115 | www('graphafrica.com/doku'), \ 116 | www('graphafrica.com/log')) { doku; php } >> gen[:neko] 117 | 118 | # Al Howar 119 | N.new('alhowar.com', :localhost) { fcgi(7333) } >> gen[:lp] 120 | N.new('thin.alhowar.com', :localhost) { proxy(6927) } >> gen[:lp] 121 | N.new('arc.alhowar.com', :localhost) { proxy(6397) } >> gen[:lp] 122 | N.new('rails.alhowar.com', :localhost) { rails(46927, 2) } >> gen[:lp] 123 | 124 | ################################################################################ 125 | # 126 | # 127 | # Others' personal websites 128 | # 129 | # 130 | [ 131 | '.fieldsblack.com', 132 | '.ncrap.com', 133 | '.elementsofthemind.com', 134 | '.bysusanlin.com' 135 | ].each {|domain| N.new(domain) { php } >> gen[:neko] } 136 | redir('.eddafields.com', 'http://fieldsblack.com') >> gen[:neko] 137 | N.new('.asiakitchen.org', \ 138 | www('bysusanlin.com/public/asiakitchen.org'), \ 139 | www('bysusanlin.com/log')) { php } >> gen[:neko] 140 | 141 | ################################################################################ 142 | # 143 | # 144 | # Some defaults 145 | # 146 | # 147 | ['localhost', '.tunnel.sh', '.nekogiri.com'].each do |domain| 148 | N.new(domain, :localhost) { pppr } >> gen[:default] 149 | end 150 | 151 | # Some applications. 152 | N.new('cdb.tunnel.sh', :localhost) \ 153 | { proxy(5984); password pw[:personal] } >> gen[:default] 154 | N.new('pma.tunnel.sh', '/usr/share/phpmyadmin') { php } >> gen[:default] 155 | 156 | # Redirect/shortcuts. 157 | [ 158 | ['phpmyadmin.tunnel.sh', 'http://pma.tunnel.sh'], 159 | ['couchdb.tunnel.sh', 'http://cdb.tunnel.sh'], 160 | ['etc.tunnel.sh', 'https://github.com/eshao/etc'], 161 | ].each {|from_to| redir(from_to[0], from_to[1]) >> gen[:default] } 162 | 163 | # Indite. 164 | N.new('indite.tunnel.sh', lh('public/indite')) { 165 | oputs 'if (-f $request_filename.mm.html) { rewrite ^(.*)$ $1.mm.html last; } 166 | if (-f $request_filename.plain.html) { rewrite ^(.*)$ $1.plain.html last; } 167 | if (-f $request_filename.htm) { rewrite ^(.*)$ $1.htm last; } 168 | if (-f $request_filename.pdf) { rewrite ^(.*)$ $1.pdf last; } 169 | if (-f $request_filename.txt) { rewrite ^(.*)$ $1.txt last; } 170 | if (-f $request_filename.html) { rewrite ^(.*)$ $1.html last; }'; 171 | php } >> gen[:neko] 172 | 173 | 174 | -------------------------------------------------------------------------------- /modules/mysql/dist/sphinx.conf.sample: -------------------------------------------------------------------------------- 1 | # 2 | # Sphinx configuration file sample 3 | # 4 | # WARNING! While this sample file mentions all available options, 5 | # it contains (very) short helper descriptions only. Please refer to 6 | # doc/sphinx.html for details. 7 | # 8 | 9 | ############################################################################# 10 | ## data source definition 11 | ############################################################################# 12 | 13 | source src1 14 | { 15 | # data source type. mandatory, no default value 16 | # known types are 'mysql', 'pgsql', 'xmlpipe', 'xmlpipe2' 17 | type = mysql 18 | 19 | ##################################################################### 20 | ## SQL settings (for 'mysql' and 'pgsql' types) 21 | ##################################################################### 22 | 23 | # some straightforward parameters for SQL source types 24 | sql_host = localhost 25 | sql_user = test 26 | sql_pass = 27 | sql_db = test 28 | sql_port = 3306 # optional, default is 3306 29 | 30 | # UNIX socket name 31 | # optional, default is empty (reuse client library defaults) 32 | # usually '/var/lib/mysql/mysql.sock' on Linux 33 | # usually '/tmp/mysql.sock' on FreeBSD 34 | # 35 | # sql_sock = /tmp/mysql.sock 36 | 37 | 38 | # MySQL specific client connection flags 39 | # optional, default is 0 40 | # 41 | # mysql_connect_flags = 32 # enable compression 42 | 43 | 44 | # pre-query, executed before the main fetch query 45 | # multi-value, optional, default is empty list of queries 46 | # 47 | # sql_query_pre = SET NAMES utf8 48 | # sql_query_pre = SET SESSION query_cache_type=OFF 49 | 50 | 51 | # main document fetch query 52 | # mandatory, integer document ID field MUST be the first selected column 53 | sql_query = \ 54 | SELECT id, group_id, UNIX_TIMESTAMP(date_added) AS date_added, title, content \ 55 | FROM documents 56 | 57 | # range query setup, query that must return min and max ID values 58 | # optional, default is empty 59 | # 60 | # sql_query will need to reference $start and $end boundaries 61 | # if using ranged query: 62 | # 63 | # sql_query = \ 64 | # SELECT doc.id, doc.id AS group, doc.title, doc.data \ 65 | # FROM documents doc \ 66 | # WHERE id>=$start AND id<=$end 67 | # 68 | # sql_query_range = SELECT MIN(id),MAX(id) FROM documents 69 | 70 | 71 | # range query step 72 | # optional, default is 1024 73 | # 74 | # sql_range_step = 1000 75 | 76 | 77 | # unsigned integer attribute declaration 78 | # multi-value (an arbitrary number of attributes is allowed), optional 79 | # optional bit size can be specified, default is 32 80 | # 81 | # sql_attr_uint = author_id 82 | # sql_attr_uint = forum_id:9 # 9 bits for forum_id 83 | sql_attr_uint = group_id 84 | 85 | # boolean attribute declaration 86 | # multi-value (an arbitrary number of attributes is allowed), optional 87 | # equivalent to sql_attr_uint with 1-bit size 88 | # 89 | # sql_attr_bool = is_deleted 90 | 91 | 92 | # UNIX timestamp attribute declaration 93 | # multi-value (an arbitrary number of attributes is allowed), optional 94 | # similar to integer, but can also be used in date functions 95 | # 96 | # sql_attr_timestamp = posted_ts 97 | # sql_attr_timestamp = last_edited_ts 98 | sql_attr_timestamp = date_added 99 | 100 | # string ordinal attribute declaration 101 | # multi-value (an arbitrary number of attributes is allowed), optional 102 | # sorts strings (bytewise), and stores their indexes in the sorted list 103 | # sorting by this attr is equivalent to sorting by the original strings 104 | # 105 | # sql_attr_str2ordinal = author_name 106 | 107 | 108 | # floating point attribute declaration 109 | # multi-value (an arbitrary number of attributes is allowed), optional 110 | # values are stored in single precision, 32-bit IEEE 754 format 111 | # 112 | # sql_attr_float = lat_radians 113 | # sql_attr_float = long_radians 114 | 115 | 116 | # multi-valued attribute (MVA) attribute declaration 117 | # multi-value (an arbitrary number of attributes is allowed), optional 118 | # MVA values are variable length lists of unsigned 32-bit integers 119 | # 120 | # syntax is ATTR-TYPE ATTR-NAME 'from' SOURCE-TYPE [;QUERY] [;RANGE-QUERY] 121 | # ATTR-TYPE is 'uint' or 'timestamp' 122 | # SOURCE-TYPE is 'field', 'query', or 'ranged-query' 123 | # QUERY is SQL query used to fetch all ( docid, attrvalue ) pairs 124 | # RANGE-QUERY is SQL query used to fetch min and max ID values, similar to 'sql_query_range' 125 | # 126 | # sql_attr_multi = uint tag from query; SELECT id, tag FROM tags 127 | # sql_attr_multi = uint tag from ranged-query; \ 128 | # SELECT id, tag FROM tags WHERE id>=$start AND id<=$end; \ 129 | # SELECT MIN(id), MAX(id) FROM tags 130 | 131 | 132 | # post-query, executed on sql_query completion 133 | # optional, default is empty 134 | # 135 | # sql_query_post = 136 | 137 | 138 | # post-index-query, executed on successful indexing completion 139 | # optional, default is empty 140 | # $maxid expands to max document ID actually fetched from DB 141 | # 142 | # sql_query_post_index = REPLACE INTO counters ( id, val ) \ 143 | # VALUES ( 'max_indexed_id', $maxid ) 144 | 145 | 146 | # ranged query throttling, in milliseconds 147 | # optional, default is 0 which means no delay 148 | # enforces given delay before each query step 149 | sql_ranged_throttle = 0 150 | 151 | 152 | # document info query, ONLY for CLI search (ie. testing and debugging) 153 | # optional, default is empty 154 | # must contain $id macro and must fetch the document by that id 155 | sql_query_info = SELECT * FROM documents WHERE id=$id 156 | 157 | ##################################################################### 158 | ## xmlpipe settings 159 | ##################################################################### 160 | 161 | # type = xmlpipe 162 | 163 | # shell command to invoke xmlpipe stream producer 164 | # mandatory 165 | # 166 | # xmlpipe_command = cat /var/db/sphinxsearch/test.xml 167 | 168 | ##################################################################### 169 | ## xmlpipe2 settings 170 | ##################################################################### 171 | 172 | # type = xmlpipe2 173 | # xmlpipe_command = cat /var/db/sphinxsearch/test2.xml 174 | 175 | 176 | # xmlpipe2 field declaration 177 | # multi-value, optional, default is empty 178 | # 179 | # xmlpipe_field = subject 180 | # xmlpipe_field = content 181 | 182 | 183 | # xmlpipe2 attribute declaration 184 | # multi-value, optional, default is empty 185 | # all xmlpipe_attr_XXX options are fully similar to sql_attr_XXX 186 | # 187 | # xmlpipe_attr_timestamp = published 188 | # xmlpipe_attr_uint = author_id 189 | } 190 | 191 | 192 | # inherited source example 193 | # 194 | # all the parameters are copied from the parent source, 195 | # and may then be overridden in this source definition 196 | source src1throttled : src1 197 | { 198 | sql_ranged_throttle = 100 199 | } 200 | 201 | ############################################################################# 202 | ## index definition 203 | ############################################################################# 204 | 205 | # local index example 206 | # 207 | # this is an index which is stored locally in the filesystem 208 | # 209 | # all indexing-time options (such as morphology and charsets) 210 | # are configured per local index 211 | index test1 212 | { 213 | # document source(s) to index 214 | # multi-value, mandatory 215 | # document IDs must be globally unique across all sources 216 | source = src1 217 | 218 | # index files path and file name, without extension 219 | # mandatory, path must be writable, extensions will be auto-appended 220 | path = /var/db/sphinxsearch/data/test1 221 | 222 | # document attribute values (docinfo) storage mode 223 | # optional, default is 'extern' 224 | # known values are 'none', 'extern' and 'inline' 225 | docinfo = extern 226 | 227 | # memory locking for cached data (.spa and .spi), to prevent swapping 228 | # optional, default is 0 (do not mlock) 229 | # requires searchd to be run from root 230 | mlock = 0 231 | 232 | # a list of morphology preprocessors to apply 233 | # optional, default is empty 234 | # 235 | # builtin preprocessors are 'none', 'stem_en', 'stem_ru', 'stem_enru', 236 | # 'soundex', and 'metaphone'; additional preprocessors available from 237 | # libstemmer are 'libstemmer_XXX', where XXX is algorithm code 238 | # (see libstemmer_c/libstemmer/modules.txt) 239 | # 240 | # morphology = stem_en, stem_ru, soundex 241 | # morphology = libstemmer_german 242 | # morphology = libstemmer_sv 243 | morphology = none 244 | 245 | # stopword files list (space separated) 246 | # optional, default is empty 247 | # contents are plain text, charset_table and stemming are both applied 248 | # 249 | # stopwords = /var/db/sphinxsearch/data/stopwords.txt 250 | 251 | 252 | # wordforms file, in "mapfrom > mapto" plain text format 253 | # optional, default is empty 254 | # 255 | # wordforms = /var/db/sphinxsearch/data/wordforms.txt 256 | 257 | 258 | # tokenizing exceptions file 259 | # optional, default is empty 260 | # 261 | # plain text, case sensitive, space insensitive in map-from part 262 | # one "Map Several Words => ToASingleOne" entry per line 263 | # 264 | # exceptions = /var/db/sphinxsearch/data/exceptions.txt 265 | 266 | 267 | # minimum indexed word length 268 | # default is 1 (index everything) 269 | min_word_len = 1 270 | 271 | # charset encoding type 272 | # optional, default is 'sbcs' 273 | # known types are 'sbcs' (Single Byte CharSet) and 'utf-8' 274 | charset_type = sbcs 275 | 276 | # charset definition and case folding rules "table" 277 | # optional, default value depends on charset_type 278 | # 279 | # defaults are configured to include English and Russian characters only 280 | # you need to change the table to include additional ones 281 | # this behavior MAY change in future versions 282 | # 283 | # 'sbcs' default value is 284 | # charset_table = 0..9, A..Z->a..z, _, a..z, U+A8->U+B8, U+B8, U+C0..U+DF->U+E0..U+FF, U+E0..U+FF 285 | # 286 | # 'utf-8' default value is 287 | # charset_table = 0..9, A..Z->a..z, _, a..z, U+410..U+42F->U+430..U+44F, U+430..U+44F 288 | 289 | 290 | # ignored characters list 291 | # optional, default value is empty 292 | # 293 | # ignore_chars = U+00AD 294 | 295 | 296 | # minimum word prefix length to index 297 | # optional, default is 0 (do not index prefixes) 298 | # 299 | # min_prefix_len = 0 300 | 301 | 302 | # minimum word infix length to index 303 | # optional, default is 0 (do not index infixes) 304 | # 305 | # min_infix_len = 0 306 | 307 | 308 | # list of fields to limit prefix/infix indexing to 309 | # optional, default value is empty (index all fields in prefix/infix mode) 310 | # 311 | # prefix_fields = filename 312 | # infix_fields = url, domain 313 | 314 | 315 | # enable star-syntax (wildcards) when searching prefix/infix indexes 316 | # known values are 0 and 1 317 | # optional, default is 0 (do not use wildcard syntax) 318 | # 319 | # enable_star = 1 320 | 321 | 322 | # n-gram length to index, for CJK indexing 323 | # only supports 0 and 1 for now, other lengths to be implemented 324 | # optional, default is 0 (disable n-grams) 325 | # 326 | # ngram_len = 1 327 | 328 | 329 | # n-gram characters list, for CJK indexing 330 | # optional, default is empty 331 | # 332 | # ngram_chars = U+3000..U+2FA1F 333 | 334 | 335 | # phrase boundary characters list 336 | # optional, default is empty 337 | # 338 | # phrase_boundary = ., ?, !, U+2026 # horizontal ellipsis 339 | 340 | 341 | # phrase boundary word position increment 342 | # optional, default is 0 343 | # 344 | # phrase_boundary_step = 100 345 | 346 | 347 | # whether to strip HTML tags from incoming documents 348 | # known values are 0 (do not strip) and 1 (do strip) 349 | # optional, default is 0 350 | html_strip = 0 351 | 352 | # what HTML attributes to index if stripping HTML 353 | # optional, default is empty (do not index anything) 354 | # 355 | # html_index_attrs = img=alt,title; a=title; 356 | 357 | 358 | # what HTML elements contents to strip 359 | # optional, default is empty (do not strip element contents) 360 | # 361 | # html_remove_elements = style, script 362 | 363 | 364 | # whether to preopen index data files on startup 365 | # optional, default is 0 (do not preopen) 366 | # 367 | # preopen = 1 368 | } 369 | 370 | 371 | # inherited index example 372 | # 373 | # all the parameters are copied from the parent index, 374 | # and may then be overridden in this index definition 375 | index test1stemmed : test1 376 | { 377 | path = /var/db/sphinxsearch/data/test1stemmed 378 | morphology = stem_en 379 | } 380 | 381 | 382 | # distributed index example 383 | # 384 | # this is a virtual index which can NOT be directly indexed, 385 | # and only contains references to other local and/or remote indexes 386 | index dist1 387 | { 388 | # 'distributed' index type MUST be specified 389 | type = distributed 390 | 391 | # local index to be searched 392 | # there can be many local indexes configured 393 | local = test1 394 | local = test1stemmed 395 | 396 | # remote agent 397 | # multiple remote agents may be specified 398 | # syntax is 'hostname:port:index1,[index2[,...]] 399 | agent = localhost:3313:remote1 400 | agent = localhost:3314:remote2,remote3 401 | 402 | # remote agent connection timeout, milliseconds 403 | # optional, default is 1000 ms, ie. 1 sec 404 | agent_connect_timeout = 1000 405 | 406 | # remote agent query timeout, milliseconds 407 | # optional, default is 3000 ms, ie. 3 sec 408 | agent_query_timeout = 3000 409 | } 410 | 411 | ############################################################################# 412 | ## indexer settings 413 | ############################################################################# 414 | 415 | indexer 416 | { 417 | # memory limit, in bytes, kiloytes (16384K) or megabytes (256M) 418 | # optional, default is 32M, max is 2047M, recommended is 256M to 1024M 419 | mem_limit = 32M 420 | 421 | # maximum IO calls per second (for I/O throttling) 422 | # optional, default is 0 (unlimited) 423 | # 424 | # max_iops = 40 425 | 426 | 427 | # maximum IO call size, bytes (for I/O throttling) 428 | # optional, default is 0 (unlimited) 429 | # 430 | # max_iosize = 1048576 431 | } 432 | 433 | ############################################################################# 434 | ## searchd settings 435 | ############################################################################# 436 | 437 | searchd 438 | { 439 | # IP address to bind on 440 | # optional, default is 0.0.0.0 (ie. listen on all interfaces) 441 | # 442 | # address = 127.0.0.1 443 | # address = 192.168.0.1 444 | 445 | 446 | # searchd TCP port number 447 | # mandatory, default is 3312 448 | port = 3312 449 | 450 | # log file, searchd run info is logged here 451 | # optional, default is 'searchd.log' 452 | log = /var/log/sphinxsearch/searchd.log 453 | 454 | # query log file, all search queries are logged here 455 | # optional, default is empty (do not log queries) 456 | query_log = /var/log/sphinxsearch/sphinx-query.log 457 | 458 | # client read timeout, seconds 459 | # optional, default is 5 460 | read_timeout = 5 461 | 462 | # maximum amount of children to fork (concurrent searches to run) 463 | # optional, default is 0 (unlimited) 464 | max_children = 30 465 | 466 | # PID file, searchd process ID file name 467 | # mandatory 468 | pid_file = /var/run/sphinxsearch/searchd.pid 469 | 470 | # max amount of matches the daemon ever keeps in RAM, per-index 471 | # WARNING, THERE'S ALSO PER-QUERY LIMIT, SEE SetLimits() API CALL 472 | # default is 1000 (just like Google) 473 | max_matches = 1000 474 | 475 | # seamless rotate, prevents rotate stalls if precaching huge datasets 476 | # optional, default is 1 477 | seamless_rotate = 1 478 | 479 | # whether to forcibly preopen all indexes on startup 480 | # optional, default is 0 (do not preopen) 481 | preopen_indexes = 0 482 | 483 | # whether to unlink .old index copies on succesful rotation. 484 | # optional, default is 1 (do unlink) 485 | unlink_old = 1 486 | } 487 | 488 | # --eof-- 489 | -------------------------------------------------------------------------------- /modules/puppet/dist/puppetd.conf: -------------------------------------------------------------------------------- 1 | # The configuration file for puppet. Note that this file 2 | # is likely to have unused configuration parameters in it; any parameter that's 3 | # valid anywhere in Puppet can be in any config file, even if it's not used. 4 | # 5 | # Every section can specify three special parameters: owner, group, and mode. 6 | # These parameters affect the required permissions of any files specified after 7 | # their specification. Puppet will sometimes use these parameters to check its 8 | # own configured state, so they can be used to make Puppet a bit more self-managing. 9 | # 10 | # Generated on Mon Sep 28 16:05:00 +0000 2009. 11 | # 12 | [puppet] 13 | # Whether RRD information should be graphed. 14 | # rrdgraph = false 15 | 16 | # How often RRD should expect data. 17 | # This should match how often the hosts report back to the server. 18 | # The default value is '$runinterval'. 19 | rrdinterval = 1800 20 | 21 | # The directory where RRD database files are stored. 22 | # Directories for each reporting host will be created under 23 | # this directory. 24 | # The default value is '$vardir/rrd'. 25 | rrddir = /var/puppet/rrd 26 | 27 | # The 'from' email address for the reports. 28 | # The default value is 'report@hyper.nekogiri.com'. 29 | # reportfrom = report@hyper.nekogiri.com 30 | 31 | # The mapping between reporting tags and email addresses. 32 | # The default value is '$confdir/tagmail.conf'. 33 | tagmap = /usr/local/etc/puppet/tagmail.conf 34 | 35 | # The server through which to send email reports. 36 | # The default value is 'none'. 37 | # smtpserver = none 38 | 39 | # Where to find the sendmail binary with which to send email. 40 | # The default value is '/usr/sbin/sendmail'. 41 | # sendmail = /usr/sbin/sendmail 42 | 43 | # The HTTP proxy port to use for outgoing connections 44 | # The default value is '3128'. 45 | # http_proxy_port = 3128 46 | 47 | # The maximum time to delay before runs. Defaults to being the same as the 48 | # run interval. 49 | # The default value is '$runinterval'. 50 | splaylimit = 1800 51 | 52 | # Which port puppetd listens on. 53 | # The default value is '8139'. 54 | # puppetport = 8139 55 | 56 | # The server to which to send transaction reports. 57 | # The default value is '$server'. 58 | reportserver = puppet 59 | 60 | # The port to use for the certificate authority. 61 | # The default value is '$masterport'. 62 | ca_port = 8140 63 | 64 | # Where puppetd caches the local configuration. An 65 | # extension indicating the cache format is added automatically. 66 | # The default value is '$statedir/localconfig'. 67 | localconfig = /var/puppet/state/localconfig 68 | 69 | # How often puppetd applies the client configuration; in seconds. 70 | # The default value is '1800'. 71 | # runinterval = 1800 72 | 73 | # A lock file to temporarily stop puppetd from doing anything. 74 | # The default value is '$statedir/puppetdlock'. 75 | puppetdlockfile = /var/puppet/state/puppetdlock 76 | 77 | # Whether puppetd should be run in noop mode. 78 | # noop = false 79 | 80 | # Where the puppetd web server logs. 81 | # The default value is '$logdir/http.log'. 82 | httplog = /var/puppet/log/http.log 83 | 84 | # Whether facts should be made all lowercase when sent to the server. 85 | # downcasefacts = false 86 | 87 | # Boolean; wheter or not puppetd should validate the server 88 | # SSL certificate against the request hostname. 89 | # The default value is 'true'. 90 | # http_enable_post_connection_check = true 91 | 92 | # Whether to sleep for a pseudo-random (but consistent) amount of time before 93 | # a run. 94 | # splay = false 95 | 96 | # Whether puppetd should listen for 97 | # connections. If this is true, then by default only the 98 | # ``runner`` server is started, which allows remote authorized 99 | # and authenticated nodes to connect and trigger ``puppetd`` 100 | # runs. 101 | # listen = false 102 | 103 | # What format to use to dump the catalog. Only supports 104 | # 'marshal' and 'yaml'. Only matters on the client, since it asks the server 105 | # for a specific format. 106 | # The default value is 'yaml'. 107 | # catalog_format = yaml 108 | 109 | # The file in which puppetd stores a list of the classes 110 | # associated with the retrieved configuration. Can be loaded in 111 | # the separate ``puppet`` executable using the ``--loadclasses`` 112 | # option. 113 | # The default value is '$statedir/classes.txt'. 114 | classfile = /var/puppet/state/classes.txt 115 | 116 | # Where puppetd and puppetmasterd store state associated 117 | # with the running configuration. In the case of puppetmasterd, 118 | # this file reflects the state discovered through interacting 119 | # with clients. 120 | # The default value is '$statedir/state.yaml'. 121 | statefile = /var/puppet/state/state.yaml 122 | 123 | # Whether to use the cached configuration when the remote 124 | # configuration will not compile. This option is useful for testing 125 | # new configurations, where you want to fix the broken configuration 126 | # rather than reverting to a known-good one. 127 | # The default value is 'true'. 128 | # usecacheonfailure = true 129 | 130 | # Whether to send reports after every transaction. 131 | # report = false 132 | 133 | # The HTTP proxy host to use for outgoing connections. Note: You 134 | # may need to use a FQDN for the server hostname when using a proxy. 135 | # The default value is 'none'. 136 | # http_proxy_host = none 137 | 138 | # Facts that are dynamic; these facts will be ignored when deciding whether 139 | # changed facts should result in a recompile. Multiple facts should be 140 | # comma-separated. 141 | # The default value is 'memorysize,memoryfree,swapsize,swapfree'. 142 | # dynamicfacts = memorysize,memoryfree,swapsize,swapfree 143 | 144 | # Boolean; whether puppetd should ignore schedules. This is useful 145 | # for initial puppetd runs. 146 | # ignoreschedules = false 147 | 148 | # How long the client should wait for the configuration to be retrieved 149 | # before considering it a failure. This can help reduce flapping if too 150 | # many clients contact the server at one time. 151 | # The default value is '120'. 152 | # configtimeout = 120 153 | 154 | # The server to use for certificate 155 | # authority requests. It's a separate server because it cannot 156 | # and does not need to horizontally scale. 157 | # The default value is '$server'. 158 | ca_server = puppet 159 | 160 | # The server to which server puppetd should connect 161 | # The default value is 'puppet'. 162 | # server = puppet 163 | 164 | # The log file for puppetd. This is generally not used. 165 | # The default value is '$logdir/puppetd.log'. 166 | puppetdlog = /var/puppet/log/puppetd.log 167 | 168 | # Ignore cache and always recompile the configuration. This is 169 | # useful for testing new configurations, where the local cache may in 170 | # fact be stale even if the timestamps are up to date - if the facts 171 | # change or if the server changes. 172 | # ignorecache = false 173 | 174 | # The environment Puppet is running in. For clients 175 | # (e.g., ``puppetd``) this determines the environment itself, which 176 | # is used to find modules and much more. For servers (i.e., 177 | # ``puppetmasterd``) this provides the default environment for nodes 178 | # we know nothing about. 179 | # The default value is 'production'. 180 | # environment = production 181 | 182 | # Which diff command to use when printing differences between files. 183 | # The default value is 'diff'. 184 | # diff = diff 185 | 186 | # An external command that can produce node information. The output 187 | # must be a YAML dump of a hash, and that hash must have one or both of 188 | # ``classes`` and ``parameters``, where ``classes`` is an array and 189 | # ``parameters`` is a hash. For unknown nodes, the commands should 190 | # exit with a non-zero exit code. 191 | # This command makes it straightforward to store your node mapping 192 | # information in other data sources like databases. 193 | # The default value is 'none'. 194 | # external_nodes = none 195 | 196 | # Send the process into the background. This is the default. 197 | # The default value is 'true'. 198 | # daemonize = true 199 | 200 | # Whether to just print a manifest to stdout and exit. Only makes 201 | # sense when used interactively. Takes into account arguments specified 202 | # on the CLI. 203 | # genmanifest = false 204 | 205 | # Whether to just print a configuration to stdout and exit. Only makes 206 | # sense when used interactively. Takes into account arguments specified 207 | # on the CLI. 208 | genconfig = true 209 | 210 | # From where to retrieve plugins. The standard Puppet ``file`` type 211 | # is used for retrieval, so anything that is a valid file source can 212 | # be used here. 213 | # The default value is 'puppet://$server/plugins'. 214 | pluginsource = puppet://puppet/plugins 215 | 216 | # Whether log files should always flush to disk. 217 | # autoflush = false 218 | 219 | # Where Puppet should look for facts. Multiple directories should 220 | # be colon-separated, like normal PATH variables. 221 | # The default value is '$vardir/facts'. 222 | factpath = /var/puppet/lib/facter 223 | 224 | # The Puppet log directory. 225 | # The default value is '$vardir/log'. 226 | logdir = /var/puppet/log 227 | 228 | # Whether facts should be synced with the central server. 229 | # factsync = false 230 | 231 | # Where SSL certificates are kept. 232 | # The default value is '$confdir/ssl'. 233 | ssldir = /var/puppet/ssl 234 | 235 | # The configuration file that defines the rights to the different 236 | # namespaces and methods. This can be used as a coarse-grained 237 | # authorization system for both ``puppetd`` and ``puppetmasterd``. 238 | # The default value is '$confdir/namespaceauth.conf'. 239 | authconfig = /usr/local/etc/puppet/namespaceauth.conf 240 | 241 | # Whether to create the necessary user and group that puppetd will 242 | # run as. 243 | # mkusers = false 244 | 245 | # Where to find information about nodes. 246 | # The default value is 'plain'. 247 | # node_terminus = plain 248 | 249 | # The name of the service, if we are running as one. The 250 | # default is essentially $0 without the path or ``.rb``. 251 | # The default value is 'puppet'. 252 | # name = puppet 253 | 254 | # The maximum allowed UID. Some platforms use negative UIDs 255 | # but then ship with tools that do not know how to handle signed ints, so the UIDs show up as 256 | # huge numbers that can then not be fed back into the system. This is a hackish way to fail in a 257 | # slightly more useful way when that happens. 258 | # The default value is '4294967290'. 259 | # maximum_uid = 4294967290 260 | 261 | # The main Puppet configuration directory. The default for this parameter is calculated based on the user. If the process 262 | # is runnig as root or the user that ``puppetmasterd`` is supposed to run as, it defaults to a system directory, but if it's running as any other user, 263 | # it defaults to being in ``~``. 264 | # The default value is '/usr/local/etc/puppet'. 265 | # confdir = /usr/local/etc/puppet 266 | 267 | # Where Puppet should look for plugins. Multiple directories should 268 | # be colon-separated, like normal PATH variables. As of 0.23.1, this 269 | # option is deprecated; download your custom libraries to the $libdir 270 | # instead. 271 | # The default value is '$vardir/plugins'. 272 | pluginpath = /var/puppet/plugins 273 | 274 | # An extra search path for Puppet. This is only useful 275 | # for those files that Puppet will load on demand, and is only 276 | # guaranteed to work for those cases. In fact, the autoload 277 | # mechanism is responsible for making sure this directory 278 | # is in Ruby's search path 279 | # The default value is '$vardir/lib'. 280 | libdir = /var/puppet/lib 281 | 282 | # Whether plugins should be synced with the central server. 283 | pluginsync = true 284 | 285 | # Whether to use colors when logging to the console. 286 | # Valid values are ``ansi`` (equivalent to ``true``), ``html`` (mostly 287 | # used during testing with TextMate), and ``false``, which produces 288 | # no color. 289 | # The default value is 'ansi'. 290 | # color = ansi 291 | 292 | # Where Puppet stores dynamic and growing data. The default for this parameter is calculated specially, like `confdir`_. 293 | # The default value is '/var/puppet'. 294 | # vardir = /var/puppet 295 | 296 | # Where Puppet should store facts that it pulls down from the central 297 | # server. 298 | # The default value is '$vardir/facts'. 299 | factdest = /var/puppet/facts 300 | 301 | # Where Puppet PID files are kept. 302 | # The default value is '$vardir/run'. 303 | rundir = /var/puppet/run 304 | 305 | # What files to ignore when pulling down facts. 306 | # The default value is '.svn CVS'. 307 | # factsignore = .svn CVS 308 | 309 | # Whether matching in case statements and selectors 310 | # should be case-sensitive. Case insensitivity is 311 | # handled by downcasing all values before comparison. 312 | # casesensitive = false 313 | 314 | # Which arguments to pass to the diff command when printing differences between files. 315 | # The default value is ''. 316 | # diff_args = 317 | 318 | # Print the value of a specific configuration parameter. If a 319 | # parameter is provided for this, then the value is printed and puppet 320 | # exits. Comma-separate multiple values. For a list of all values, 321 | # specify 'all'. This feature is only available in Puppet versions 322 | # higher than 0.18.4. 323 | # The default value is ''. 324 | # configprint = 325 | 326 | # What syslog facility to use when logging to 327 | # syslog. Syslog has a fixed list of valid facilities, and you must 328 | # choose one of those; you cannot just make one up. 329 | # The default value is 'daemon'. 330 | # syslogfacility = daemon 331 | 332 | # Where Puppet should store plugins that it pulls down from the central 333 | # server. 334 | # The default value is '$libdir'. 335 | plugindest = /var/puppet/lib 336 | 337 | # Whether to print stack traces on some errors 338 | # trace = false 339 | 340 | # Whether to print a contextual diff when files are being replaced. The diff 341 | # is printed on stdout, so this option is meaningless unless you are running Puppet interactively. 342 | # This feature currently requires the ``diff/lcs`` Ruby library. 343 | # show_diff = false 344 | 345 | # The shell search path. Defaults to whatever is inherited 346 | # from the parent process. 347 | # The default value is 'none'. 348 | # path = none 349 | 350 | # The minimum time to wait (in seconds) between checking for updates in 351 | # configuration files. This timeout determines how quickly Puppet checks whether 352 | # a file (such as manifests or templates) has changed on disk. 353 | # The default value is '15'. 354 | # filetimeout = 15 355 | 356 | # What files to ignore when pulling down plugins. 357 | # The default value is '.svn CVS'. 358 | # pluginsignore = .svn CVS 359 | 360 | # From where to retrieve facts. The standard Puppet ``file`` type 361 | # is used for retrieval, so anything that is a valid file source can 362 | # be used here. 363 | # The default value is 'puppet://$server/facts'. 364 | factsource = puppet://puppet/facts 365 | 366 | # The directory where Puppet state is stored. Generally, 367 | # this directory can be removed without causing harm (although it 368 | # might result in spurious service restarts). 369 | # The default value is '$vardir/state'. 370 | statedir = /var/puppet/state 371 | 372 | # A parameter that can be used in commit 373 | # hooks, since it enables you to parse-check a single file rather 374 | # than requiring that all files exist. 375 | # ignoreimport = false 376 | 377 | # The root directory for the certificate authority. 378 | # The default value is '$ssldir/ca'. 379 | cadir = /var/puppet/ssl/ca 380 | 381 | # The CA public key. 382 | # The default value is '$cadir/ca_pub.pem'. 383 | capub = /var/puppet/ssl/ca/ca_pub.pem 384 | 385 | # Where the CA stores certificate requests 386 | # The default value is '$cadir/requests'. 387 | csrdir = /var/puppet/ssl/ca/requests 388 | 389 | # Where the serial number for certificates is stored. 390 | # The default value is '$cadir/serial'. 391 | serial = /var/puppet/ssl/ca/serial 392 | 393 | # The default TTL for new certificates; valid values 394 | # must be an integer, optionally followed by one of the units 395 | # 'y' (years of 365 days), 'd' (days), 'h' (hours), or 396 | # 's' (seconds). The unit defaults to seconds. If this parameter 397 | # is set, ca_days is ignored. Examples are '3600' (one hour) 398 | # and '1825d', which is the same as '5y' (5 years) 399 | # The default value is '5y'. 400 | # ca_ttl = 5y 401 | 402 | # The bit length of keys. 403 | # The default value is '1024'. 404 | # keylength = 1024 405 | 406 | # The CA certificate. 407 | # The default value is '$cadir/ca_crt.pem'. 408 | cacert = /var/puppet/ssl/ca/ca_crt.pem 409 | 410 | # The certificate revocation list (CRL) for the CA. Set this to 'false' if you do not want to use a CRL. 411 | # The default value is '$cadir/ca_crl.pem'. 412 | cacrl = /var/puppet/ssl/ca/ca_crl.pem 413 | 414 | # Where the CA stores signed certificates. 415 | # The default value is '$cadir/signed'. 416 | signeddir = /var/puppet/ssl/ca/signed 417 | 418 | # Whether to enable autosign. Valid values are true (which 419 | # autosigns any key request, and is a very bad idea), false (which 420 | # never autosigns any key request), and the path to a file, which 421 | # uses that configuration file to determine which keys to sign. 422 | # The default value is '$confdir/autosign.conf'. 423 | autosign = /usr/local/etc/puppet/autosign.conf 424 | 425 | # The type of hash used in certificates. 426 | # The default value is 'md5'. 427 | # ca_md = md5 428 | 429 | # A Complete listing of all certificates 430 | # The default value is '$cadir/inventory.txt'. 431 | cert_inventory = /var/puppet/ssl/ca/inventory.txt 432 | 433 | # The CA private key. 434 | # The default value is '$cadir/ca_key.pem'. 435 | cakey = /var/puppet/ssl/ca/ca_key.pem 436 | 437 | # Where the CA stores private certificate information. 438 | # The default value is '$cadir/private'. 439 | caprivatedir = /var/puppet/ssl/ca/private 440 | 441 | # Where the CA stores the password for the private key 442 | # The default value is '$caprivatedir/ca.pass'. 443 | capass = /var/puppet/ssl/ca/private/ca.pass 444 | 445 | # How long a certificate should be valid. 446 | # This parameter is deprecated, use ca_ttl instead 447 | # The default value is ''. 448 | # ca_days = 449 | 450 | # The bit length of the certificates. 451 | # The default value is '2048'. 452 | # req_bits = 2048 453 | 454 | # The database cache for client configurations. Used for 455 | # querying within the language. 456 | # The default value is '$statedir/clientconfigs.sqlite3'. 457 | dblocation = /var/puppet/state/clientconfigs.sqlite3 458 | 459 | # The name of the database to use. 460 | # The default value is 'puppet'. 461 | # dbname = puppet 462 | 463 | # The database password for Client caching. Only 464 | # used when networked databases are used. 465 | # The default value is 'puppet'. 466 | # dbpassword = puppet 467 | 468 | # The log level for Rails connections. The value must be 469 | # a valid log level within Rails. Production environments normally use ``info`` 470 | # and other environments normally use ``debug``. 471 | # The default value is 'info'. 472 | # rails_loglevel = info 473 | 474 | # The type of database to use. 475 | # The default value is 'sqlite3'. 476 | # dbadapter = sqlite3 477 | 478 | # The database server for Client caching. Only 479 | # used when networked databases are used. 480 | # The default value is 'localhost'. 481 | # dbserver = localhost 482 | 483 | # The database socket location. Only used when networked 484 | # databases are used. Will be ignored if the value is an empty string. 485 | # The default value is ''. 486 | # dbsocket = 487 | 488 | # Whether to automatically migrate the database. 489 | # dbmigrate = false 490 | 491 | # The database user for Client caching. Only 492 | # used when networked databases are used. 493 | # The default value is 'puppet'. 494 | # dbuser = puppet 495 | 496 | # Where Rails-specific logs are sent 497 | # The default value is '$logdir/rails.log'. 498 | railslog = /var/puppet/log/rails.log 499 | 500 | # Whether TLS should be used when searching for nodes. 501 | # Defaults to false because TLS usually requires certificates 502 | # to be set up on the client side. 503 | # ldaptls = false 504 | 505 | # The search string used to find an LDAP node. 506 | # The default value is '(&(objectclass=puppetClient)(cn=%s))'. 507 | # ldapstring = (&(objectclass=puppetClient)(cn=%s)) 508 | 509 | # The LDAP attributes to include when querying LDAP for nodes. All 510 | # returned attributes are set as variables in the top-level scope. 511 | # Multiple values should be comma-separated. The value 'all' returns 512 | # all attributes. 513 | # The default value is 'all'. 514 | # ldapattrs = all 515 | 516 | # The password to use to connect to LDAP. 517 | # The default value is ''. 518 | # ldappassword = 519 | 520 | # Whether to search for node configurations in LDAP. See 521 | # http://reductivelabs.com/puppet/trac/wiki/LdapNodes/ for more information. 522 | # ldapnodes = false 523 | 524 | # The LDAP server. Only used if ``ldapnodes`` is enabled. 525 | # The default value is 'ldap'. 526 | # ldapserver = ldap 527 | 528 | # The LDAP attributes to use to define Puppet classes. Values 529 | # should be comma-separated. 530 | # The default value is 'puppetclass'. 531 | # ldapclassattrs = puppetclass 532 | 533 | # The attribute to use to define the parent node. 534 | # The default value is 'parentnode'. 535 | # ldapparentattr = parentnode 536 | 537 | # The search base for LDAP searches. It's impossible to provide 538 | # a meaningful default here, although the LDAP libraries might 539 | # have one already set. Generally, it should be the 'ou=Hosts' 540 | # branch under your main directory. 541 | # The default value is ''. 542 | # ldapbase = 543 | 544 | # Whether SSL should be used when searching for nodes. 545 | # Defaults to false because SSL usually requires certificates 546 | # to be set up on the client side. 547 | # ldapssl = false 548 | 549 | # The LDAP port. Only used if ``ldapnodes`` is enabled. 550 | # The default value is '389'. 551 | # ldapport = 389 552 | 553 | # The LDAP attributes that should be stacked to arrays by adding 554 | # the values in all hierarchy elements of the tree. Values 555 | # should be comma-separated. 556 | # The default value is 'puppetvar'. 557 | # ldapstackedattrs = puppetvar 558 | 559 | # The user to use to connect to LDAP. Must be specified as a 560 | # full DN. 561 | # The default value is ''. 562 | # ldapuser = 563 | 564 | # Where the puppetmasterd web server logs. 565 | # The default value is '$logdir/masterhttp.log'. 566 | masterhttplog = /var/puppet/log/masterhttp.log 567 | 568 | # The search path for modules as a colon-separated list of 569 | # directories. 570 | # The default value is '$confdir/modules:/usr/share/puppet/modules'. 571 | modulepath = /usr/local/etc/puppet/modules:/usr/share/puppet/modules 572 | 573 | # Where FileBucket files are stored. 574 | # The default value is '$vardir/bucket'. 575 | bucketdir = /var/puppet/bucket 576 | 577 | # The directory in which YAML data is stored, usually in a subdirectory. 578 | # The default value is '$vardir/yaml'. 579 | yamldir = /var/puppet/yaml 580 | 581 | # The entry-point manifest for puppetmasterd. 582 | # The default value is '$manifestdir/site.pp'. 583 | manifest = /usr/local/etc/puppet/manifests/site.pp 584 | 585 | # The group puppetmasterd should run as. 586 | # The default value is 'puppet'. 587 | # group = puppet 588 | 589 | # Where puppetmasterd looks for its manifests. 590 | # The default value is '$confdir/manifests'. 591 | manifestdir = /usr/local/etc/puppet/manifests 592 | 593 | # Whether to store each client's configuration. This 594 | # requires ActiveRecord from Ruby on Rails. 595 | # storeconfigs = false 596 | 597 | # Which port puppetmasterd listens on. 598 | # The default value is '8140'. 599 | # masterport = 8140 600 | 601 | # The header containing an authenticated 602 | # client's SSL DN. Only used with Mongrel. This header must be set by the proxy 603 | # to the authenticated client's SSL DN (e.g., ``/CN=puppet.reductivelabs.com``). 604 | # See http://reductivelabs.com/puppet/trac/wiki/UsingMongrel for more information. 605 | # The default value is 'HTTP_X_CLIENT_DN'. 606 | # ssl_client_header = HTTP_X_CLIENT_DN 607 | 608 | # The directory in which client-side YAML data is stored. 609 | # The default value is '$vardir/client_yaml'. 610 | clientyamldir = /var/puppet/client_yaml 611 | 612 | # Just check the syntax of the manifests. 613 | # parseonly = false 614 | 615 | # Wether the master should function as a certificate authority. 616 | # The default value is 'true'. 617 | # ca = true 618 | 619 | # The user puppetmasterd should run as. 620 | # The default value is 'puppet'. 621 | # user = puppet 622 | 623 | # Code to parse directly. This is essentially only used 624 | # by ``puppet``, and should only be set if you're writing your own Puppet 625 | # executable 626 | # The default value is ''. 627 | # code = 628 | 629 | # Where puppetmasterd logs. This is generally not used, 630 | # since syslog is the default log destination. 631 | # The default value is '$logdir/puppetmaster.log'. 632 | masterlog = /var/puppet/log/puppetmaster.log 633 | 634 | # How the puppetmaster determines the client's identity 635 | # and sets the 'hostname', 'fqdn' and 'domain' facts for use in the manifest, 636 | # in particular for determining which 'node' statement applies to the client. 637 | # Possible values are 'cert' (use the subject's CN in the client's 638 | # certificate) and 'facter' (use the hostname that the client 639 | # reported in its facts) 640 | # The default value is 'cert'. 641 | # node_name = cert 642 | 643 | # The header containing the status 644 | # message of the client verification. Only used with Mongrel. This header must be set by the proxy 645 | # to 'SUCCESS' if the client successfully authenticated, and anything else otherwise. 646 | # See http://reductivelabs.com/puppet/trac/wiki/UsingMongrel for more information. 647 | # The default value is 'HTTP_X_CLIENT_VERIFY'. 648 | # ssl_client_verify_header = HTTP_X_CLIENT_VERIFY 649 | 650 | # The certificate directory. 651 | # The default value is '$ssldir/certs'. 652 | certdir = /var/puppet/ssl/certs 653 | 654 | # Where the client stores private certificate information. 655 | # The default value is '$ssldir/private'. 656 | privatedir = /var/puppet/ssl/private 657 | 658 | # Where individual hosts store and look for their certificates. 659 | # The default value is '$certdir/$certname.pem'. 660 | hostcert = /var/puppet/ssl/certs/hyper.nekogiri.com.pem 661 | 662 | # Where each client stores the CA certificate. 663 | # The default value is '$certdir/ca.pem'. 664 | localcacert = /var/puppet/ssl/certs/ca.pem 665 | 666 | # The public key directory. 667 | # The default value is '$ssldir/public_keys'. 668 | publickeydir = /var/puppet/ssl/public_keys 669 | 670 | # Where puppetd stores the password for its private key. 671 | # Generally unused. 672 | # The default value is '$privatedir/password'. 673 | passfile = /var/puppet/ssl/private/password 674 | 675 | # Where individual hosts store and look for their private key. 676 | # The default value is '$privatekeydir/$certname.pem'. 677 | hostprivkey = /var/puppet/ssl/private_keys/hyper.nekogiri.com.pem 678 | 679 | # The name to use when handling certificates. Defaults 680 | # to the fully qualified domain name. 681 | # The default value is 'hyper.nekogiri.com'. 682 | # certname = hyper.nekogiri.com 683 | 684 | # The DNS names on the Server certificate as a colon-separated list. 685 | # If it's anything other than an empty string, it will be used as an alias in the created 686 | # certificate. By default, only the server gets an alias set up, and only for 'puppet'. 687 | # The default value is ''. 688 | # certdnsnames = 689 | 690 | # The private key directory. 691 | # The default value is '$ssldir/private_keys'. 692 | privatekeydir = /var/puppet/ssl/private_keys 693 | 694 | # Where individual hosts store and look for their certificates. 695 | # The default value is '$ssldir/csr_$certname.pem'. 696 | hostcsr = /var/puppet/ssl/csr_hyper.nekogiri.com.pem 697 | 698 | # Where individual hosts store and look for their public key. 699 | # The default value is '$publickeydir/$certname.pem'. 700 | hostpubkey = /var/puppet/ssl/public_keys/hyper.nekogiri.com.pem 701 | 702 | # Where FileBucket files are stored locally. 703 | # The default value is '$vardir/clientbucket'. 704 | clientbucketdir = /var/puppet/clientbucket 705 | 706 | # Whether each resource should log when it is 707 | # being evaluated. This allows you to interactively see exactly 708 | # what is being done. 709 | # evaltrace = false 710 | 711 | # Tags to use to find resources. If this is set, then 712 | # only resources tagged with the specified tags will be applied. 713 | # Values must be comma-separated. 714 | # The default value is ''. 715 | # tags = 716 | 717 | # Whether to print a transaction summary. 718 | # summarize = false 719 | 720 | # Whether to create dot graph files for the different 721 | # configuration graphs. These dot files can be interpreted by tools 722 | # like OmniGraffle or dot (which is part of ImageMagick). 723 | # graph = false 724 | 725 | # Where to store dot-outputted graphs. 726 | # The default value is '$statedir/graphs'. 727 | graphdir = /var/puppet/state/graphs 728 | 729 | # Where Puppet looks for template files. Can be a list of colon-seperated 730 | # directories. 731 | # The default value is '$vardir/templates'. 732 | templatedir = /var/puppet/templates 733 | 734 | # Whether to validate parameters during parsing. 735 | # The default value is 'true'. 736 | # paramcheck = true 737 | 738 | # Whether to use lexical scoping (vs. dynamic). 739 | # lexical = false 740 | 741 | # Whether to validate types during parsing. 742 | # The default value is 'true'. 743 | # typecheck = true 744 | 745 | # The address to bind to. Mongrel servers 746 | # default to 127.0.0.1 and WEBrick defaults to 0.0.0.0. 747 | # The default value is ''. 748 | # bindaddress = 749 | 750 | # The configuration file for puppet. 751 | # The default value is '$confdir/puppet.conf'. 752 | config = /usr/local/etc/puppet/puppet.conf 753 | 754 | # The type of server to use. Currently supported 755 | # options are webrick and mongrel. If you use mongrel, you will need 756 | # a proxy in front of the process or processes, since Mongrel cannot 757 | # speak SSL. 758 | # The default value is 'webrick'. 759 | # servertype = webrick 760 | 761 | # The pid file 762 | # The default value is ''. 763 | # pidfile = 764 | 765 | # The list of reports to generate. All reports are looked for 766 | # in puppet/reports/.rb, and multiple report names should be 767 | # comma-separated (whitespace is okay). 768 | # The default value is 'store'. 769 | # reports = store 770 | 771 | # The directory in which to store reports 772 | # received from the client. Each client gets a separate 773 | # subdirectory. 774 | # The default value is '$vardir/reports'. 775 | reportdir = /var/puppet/reports 776 | 777 | # Where the fileserver configuration is stored. 778 | # The default value is '$confdir/fileserver.conf'. 779 | fileserverconfig = /usr/local/etc/puppet/fileserver.conf 780 | 781 | --------------------------------------------------------------------------------