diff options
-rw-r--r-- | modules/apache/templates/vhost_catalyst_app.conf | 2 | ||||
-rw-r--r-- | modules/apache/templates/vhost_django_app.conf | 2 | ||||
-rw-r--r-- | modules/buildsystem/manifests/init.pp | 16 | ||||
-rw-r--r-- | modules/pam/manifests/init.pp | 27 | ||||
-rw-r--r-- | modules/pam/templates/system-auth | 35 | ||||
-rw-r--r-- | modules/postfix/manifests/init.pp | 15 | ||||
-rw-r--r-- | modules/transifex/manifests/init.pp | 4 |
7 files changed, 99 insertions, 2 deletions
diff --git a/modules/apache/templates/vhost_catalyst_app.conf b/modules/apache/templates/vhost_catalyst_app.conf index e40e5a61..57867fc4 100644 --- a/modules/apache/templates/vhost_catalyst_app.conf +++ b/modules/apache/templates/vhost_catalyst_app.conf @@ -15,6 +15,8 @@ end ServerName <%= name %> # Serve static content directly DocumentRoot /dev/null +# header + <% if location then %> Alias /static <%= location %>/root/static <% end %> diff --git a/modules/apache/templates/vhost_django_app.conf b/modules/apache/templates/vhost_django_app.conf index 270e14d0..9d64865f 100644 --- a/modules/apache/templates/vhost_django_app.conf +++ b/modules/apache/templates/vhost_django_app.conf @@ -4,7 +4,7 @@ DocumentRoot /dev/null WSGIScriptAlias / /usr/local/lib/wsgi/<%= name %>.wsgi - +#footer <Location /> Allow from all </Location> diff --git a/modules/buildsystem/manifests/init.pp b/modules/buildsystem/manifests/init.pp index 10fcdb72..65fce7dd 100644 --- a/modules/buildsystem/manifests/init.pp +++ b/modules/buildsystem/manifests/init.pp @@ -4,6 +4,22 @@ class buildsystem { include iurt } + class scheduler { + # ulri + } + + class dispatcher { + # emi + } + + class repsys { + package { 'repsys': + + } + + + } + class iurt { include sudo diff --git a/modules/pam/manifests/init.pp b/modules/pam/manifests/init.pp new file mode 100644 index 00000000..4c68a80c --- /dev/null +++ b/modules/pam/manifests/init.pp @@ -0,0 +1,27 @@ +class pam { + + package { ["pam_ldap","nss_ldap", "pam_mkhomedir"]: + ensure => installed, + } + + + file { "system-auth": + path => "/etc/pam.d/system-auth", + owner => root, + group => root, + mode => 644, + content => template("openldap/system-auth") + } + + # for server where only admin can connect + class admin_access { + $access_class = "admin" + file { "system-auth": } + } + + # for server where people can connect with ssh ( git, svn ) + class commiters_access { + $access_class = "commiters" + file { "system-auth": } + } +} diff --git a/modules/pam/templates/system-auth b/modules/pam/templates/system-auth new file mode 100644 index 00000000..b02aec3a --- /dev/null +++ b/modules/pam/templates/system-auth @@ -0,0 +1,35 @@ +auth required pam_env.so +# this part is here if the module don't exist +# basically, the idea is to copy the exact detail of sufficient, +# and add abort=ignore +auth [abort=ignore success=done new_authtok_reqd=done default=ignore] pam_tcb.so shadow fork nullok prefix=$2a$ count=8 +auth sufficient pam_unix.so likeauth nullok +auth sufficient pam_ldap.so use_first_pass +<% if access_class = 'admin' %> +auth required pam_wheel.so group=mga-sysadmin +<% end %> +<% if access_class = 'commiters' %> +auth required pam_wheel.so group=mga-commiters +<% end %> +auth required pam_deny.so + + +account sufficient pam_localuser.so +account sufficient pam_ldap.so +account required pam_deny.so + + +password required pam_cracklib.so retry=3 minlen=8 dcredit=-1 ucredit=-1 ocredit=-1 lcredit=-1 dcredit=0 ucredit=0 ucredit=0 +# TODO check this part too +password sufficient pam_tcb.so use_authtok shadow write_to=shadow fork nullok prefix=$2a$ count=8 abort=ignore +password sufficient pam_ldap.so use_authtok +password sufficient pam_unix.so use_authtok nullok md5 shadow +password required pam_deny.so + +session optional pam_keyinit.so revoke +# optional if there is a problem when creating the account +session optional pam_mkhomedir.so +session required pam_limits.so +session required pam_unix.so +session optional pam_ldap.so + diff --git a/modules/postfix/manifests/init.pp b/modules/postfix/manifests/init.pp index 980e3271..3cdff360 100644 --- a/modules/postfix/manifests/init.pp +++ b/modules/postfix/manifests/init.pp @@ -4,7 +4,7 @@ class postfix { package { postfix: ensure => installed } - package { 'nail': + package { 'nail': ensure => installed } service { postfix: @@ -30,4 +30,17 @@ class postfix { content => template("postfix/simple_relay_main.cf"), } } + + class primary_smtp inherits base { + file { '/etc/postfix/main.cf': + content => template("postfix/primary_main.cf"), + } + } + + class secondary_smtp inherits base { + file { '/etc/postfix/main.cf': + content => template("postfix/secondary_main.cf"), + } + } + } diff --git a/modules/transifex/manifests/init.pp b/modules/transifex/manifests/init.pp index 9485a6b7..9199d6a4 100644 --- a/modules/transifex/manifests/init.pp +++ b/modules/transifex/manifests/init.pp @@ -12,4 +12,8 @@ class transifex { mode => 755, content => template("transifex/20-engines.conf") } + + apache::vhost_django_app { "transifex.$domain": + module => "transifex" + } } |