This repo is now deprecated: https://listes.ldn-fai.net/pipermail/benevoles/2017-December/003525.html

README.md

@@ -0,0 +1 @@
+# DEPRECATED: see https://listes.ldn-fai.net/pipermail/benevoles/2017-December/003525.html

docs/common.md

@@ -1,14 +0,0 @@
-# common
-
-## Description
-
-common puppet module for LDN (http://ldn-fai.net/)
-
-## Authors
-
-Lorraine Data Network (c) 2013
-
-* Author: Sebastien Badia (<seb@sebian.fr>)
-* Date: 2013-12-07 15:28:58 +0100
-* Maintainer: Sebastien Badia (<seb@sebian.fr>)
-

files/common/cronic

@@ -1,50 +0,0 @@
-#!/bin/bash
-# MANAGED BY PUPPET
-# Module:: sharedadm
-
-# Cronic v2 - cron job report wrapper
-# Copyright 2007 Chuck Houpt. No rights reserved, whatsoever.
-# Public Domain CC0: http://creativecommons.org/publicdomain/zero/1.0/
-
-set -eu
-
-OUT=/tmp/cronic.out.$$
-ERR=/tmp/cronic.err.$$
-TRACE=/tmp/cronic.trace.$$
-
-set +e
-"$@" >$OUT 2>$TRACE
-RESULT=$?
-set -e
-
-PATTERN="^${PS4:0:1}\\+${PS4:1}"
-if grep -aq "$PATTERN" $TRACE
-then
-    ! grep -av "$PATTERN" $TRACE > $ERR
-else
-    ERR=$TRACE
-fi
-
-if [ $RESULT -ne 0 -o -s "$ERR" ]
-    then
-    echo "Cronic detected failure or error output for the command:"
-    echo "$@"
-    echo
-    echo "RESULT CODE: $RESULT"
-    echo
-    echo "ERROR OUTPUT:"
-    cat "$ERR"
-    echo
-    echo "STANDARD OUTPUT:"
-    cat "$OUT"
-    if [ $TRACE != $ERR ]
-    then
-        echo
-        echo "TRACE-ERROR OUTPUT:"
-        cat "$TRACE"
-    fi
-fi
-
-rm -f "$OUT"
-rm -f "$ERR"
-rm -f "$TRACE"

files/dns/recursive/bind/named.conf

@@ -1,5 +0,0 @@
-// MANAGED BY PUPPET
-// Module:: dns::recursive
-// File:: dns/files/recursive/bind/named.conf
-
-include "/etc/bind/named.conf.options";

files/dns/recursive/bind/named.conf.options

@@ -1,65 +0,0 @@
-// MANAGED BY PUPPET
-// Module:: dns::recursive
-// File:: dns/files/recursive/bind/named.conf.options
-
-logging {
-  // Send named messages to syslog
-  channel syslog {
-    syslog local2;
-    severity error;
-  };
-  // Send security related messages to separate file
-  channel security {
-    file "/var/log/named/security.log" versions 3 size 2m;
-    print-time yes;
-    // http://www.zytrax.com/books/dns/ch7/logging.html
-    // Please do not set this value above error!
-    // For privacy reasons...
-    severity error;
-    print-severity yes;
-    print-category yes;
-  };
-  // Aiguillage
-  category default { syslog; };
-  category general { syslog; };
-  category security { security; syslog; };
-  category config { syslog; };
-  category resolver { security; };
-  category xfer-in { security; };
-  category xfer-out { security; };
-  category notify { security; };
-  category client { security; };
-  category network { security; };
-  category update { security; };
-  category queries { security; };
-  category lame-servers { security; };
-};
-
-options {
-
-  directory "/var/cache/bind";
-  version "42";
-
-  pid-file "/var/run/named/named.pid";
-  dump-file "/var/lib/bind/named.dump";
-
-  notify no;
-  interface-interval 0;
-
-  minimal-responses yes;
-  dnssec-validation auto;
-  auth-nxdomain no;
-
-  recursion yes;
-  recursive-clients 20;
-
-  listen-on { any; };
-  listen-on port 9000 { any; };
-  listen-on-v6 { any; };
-  listen-on-v6 port 9000 { any; };
-  allow-query { any; };
-
-  # Limite la taille des réponses sur UDP à 1460 octets
-  # Tronque la réponse au-delà, le client reviendra sur TCP
-  max-udp-size 1460;
-};

files/dns/tls_proxy/stunnel

@@ -1,11 +0,0 @@
-# /etc/default/stunnel
-# Julien LEMOINE <speedblue@debian.org>
-# September 2003
-
-# Change to one to enable stunnel automatic startup
-ENABLED=1
-FILES="/etc/stunnel/*.conf"
-OPTIONS=""
-
-# Change to one to enable ppp restart scripts
-PPP_RESTART=0

files/fdnbot/fdnbot.pl

@@ -1,161 +0,0 @@
-#!/usr/bin/perl
-
-package Bot;
-use Mail::Sendmail;
-use MIME::Base64;
-use MIME::Words qw(encode_mimewords);
-use base qw(Bot::BasicBot);
-use warnings;
-use strict;
-use utf8;
-
-if(@ARGV && ! -w "$ARGV[0]" || !@ARGV) {
-	if(@ARGV) {
-		print "ERREUR: $ARGV[0] est inexistant ou non-inscriptible.\n";
-	} else {
-		print "USAGE: $0 fichier-a-ecrire\n";
-	}
-
-	exit 1;
-}
-
-my $nick = "fdnAlertBot";
-my $server = "irc.geeknode.org";
-my $chan = "#fdn";
-my $flag = "[ALERT]";
-my $url = "https://fdn.ldn-fai.net";
-my $git = "git clone https://code.ffdn.org/ldn/puppet.git";
-my $subscribe = "https://listes.ldn-fai.net/cgi-bin/mailman/listinfo/fdn";
-
-my $mail_support = 'support@fdn.fr';
-my $mail_liste = 'fdn@listes.ldn-fai.net';
-my $mail_from = 'fdnAlertBot <fdnAlertBot@ldn-fai.net>';
-my $mail_subject = "[ALERTE FDN]";
-
-my $isacc = 0;
-my $file = $ARGV[0];
-my $bot;
-
-sub said {
-	my $self = shift;
-	my $message = shift;
-
-	return undef unless $message->{"address"};
-
-	if($message->{"address"} eq $nick || $message->{"address"} eq "msg") {
-		if($message->{"body"} =~ m/\br(?:e|é)ponse\b/i) {
-			$self->reply($message, "42.");
-
-		} elsif($message->{"body"} =~ m/\b(?:drapeau|flag|tag)\b/i) {
-			$self->reply($message, $flag);
-
-		} elsif($message->{"body"} =~ m/\b(?:url|adresse)\b/i) {
-			$self->reply($message, $url);
-
-		} elsif($message->{"body"} =~ m/\b(?:git|svn|source)\b/i) {
-			$self->reply($message, $git);
-
-		} elsif($message->{"body"} =~ m/\bliste\b/i) {
-			$self->reply($message, "$mail_liste ($subscribe)");
-
-		} elsif($message->{"body"} =~ m/\bmerci\b/i) {
-			$self->reply($message, "De rien.");
-
-		} else {
-			$self->reply($message, "Pour signaler un problème, ajouter $flag à la suite "
-				."du /topic, suivi d'un court descriptif. Ce dernier sera reporté sur "
-				."<$url>, qui sera mis à jour chaque fois qu'il changera. Retirer $flag "
-				."du /topic vide la page, ce qui signale la fin du problème.");
-		}
-	}
-}
-
-sub topic {
-	my $self = shift;
-	my $args = shift;
-
-	my %mail = (
-		From => $mail_from,
-		To => $mail_liste,
-		Cc => $mail_support
-	);
-
-	if($args->{"topic"}) {
-		if($args->{"topic"} =~ /\Q$flag\E\s*(.+)$/i) {
-
-			my $msg = $1;
-			$mail{"Message"} = $msg;
-			utf8::decode($msg);
-
-			open(OUT, ">$file");
-			binmode(OUT, ":utf8");
-			print OUT "$msg";
-			close(OUT);
-
-			if($isacc) {
-				$mail{"Subject"} = "$mail_subject Mise à jour de l'intitulé du problème";
-
-				$bot->emote(
-					channel => $chan,
-					body => "a bien actualisé le problème sur $url (et prévenu le support + $mail_liste)"
-				);
-
-			} else {
-				$isacc = 1;
-				$mail{"Subject"} = "$mail_subject Nouveau problème déclaré";
-
-				$bot->emote(
-					channel => $chan,
-					body => "a bien reporté le problème sur $url (et prévenu le support + $mail_liste)"
-				);
-			}
-
-			sendemail(\%mail) or die $Mail::Sendmail::error;
-
-		} elsif($isacc) {
-			$isacc = 0;
-
-			$mail{"Subject"} = "$mail_subject Problème résolu";
-			$mail{"Message"} = "Fin de l'alerte.";
-
-			open(OUT, ">$file");
-			print OUT "";
-			close(OUT);
-
-			$bot->emote(
-				channel => $chan,
-				body => "a bien pris en compte la fin du problème sur $url (et prévenu le support + $mail_liste)"
-			);
-
-			sendemail(\%mail) or die $Mail::Sendmail::error;
-		}
-	}
-}
-
-sub sendemail {
-	my $mail = shift;
-	my %mail = %{$mail};
-
-	utf8::encode($mail{"Subject"});
-
-	$mail{"Subject"} = encode_mimewords($mail{"Subject"}, Charset => "utf-8", Encoding => "Q");
-	$mail{"Message"} = encode_base64($mail{"Message"});
-	$mail{"Content-Type"} = 'text/plain; charset="utf-8"';
-	$mail{"Content-Transfer-Encoding"} = "base64";
-
-	sendmail(%mail) or die $Mail::Sendmail::error;
-}
-
-$bot = Bot->new(
-	server => $server,
-	port => "6667",
-	channels => [$chan],
-	nick => $nick,
-	alt_nicks => ["${nick}_"],
-	username => $nick,
-	name => $url
-);
-
-$bot->run();
-
-exit 0;

files/fdnbot/fdnbot.service

@@ -1,13 +0,0 @@
-[Unit]
-Description=FDN Alert Bot
-Requires=network.target
-After=network.target
-
-[Service]
-Type=simple
-User=fdnbot
-Group=fdnbot
-ExecStart=/usr/bin/perl /usr/local/bin/fdnbot.pl /var/www/fdn.ldn-fai.net/index.html
-
-[Install]
-WantedBy=multi-user.target

files/lookingglass/lgproxy/lgproxy.service

@@ -1,13 +0,0 @@
-[Unit]
-Description=Looking glass for Bird (proxy)
-Requires=network.target
-After=network.target
-
-[Service]
-Type=simple
-User=lgproxy
-Group=lgproxy
-ExecStart=/usr/bin/python /opt/bird-lg/lgproxy.py
-
-[Install]
-WantedBy=multi-user.target

files/lookingglass/lgweb/lgweb.service

@@ -1,13 +0,0 @@
-[Unit]
-Description=Looking glass for Bird (web)
-Requires=network.target
-After=network.target
-
-[Service]
-Type=simple
-User=lgweb
-Group=lgweb
-ExecStart=/usr/bin/python /opt/bird-lg/lg.py
-
-[Install]
-WantedBy=multi-user.target

files/rss2mail/rss2email.cfg

@@ -1,80 +0,0 @@
-[DEFAULT]
-from = annonces@listes.ldn-fai.net
-use-8bit = False
-force-from = False
-use-publisher-email = False
-name-format = {feed-title}: {author}
-to = annonces@listes.ldn-fai.net
-proxy = 
-feed-timeout = 60
-active = True
-digest = False
-date-header = False
-date-header-order = modified, issued, created, expired
-bonus-header = 
-trust-guid = True
-trust-link = False
-encodings = US-ASCII, ISO-8859-1, UTF-8, BIG5, ISO-2022-JP
-post-process = 
-digest-post-process = 
-html-mail = False
-use-css = False
-css = h1 {
-	font: 18pt Georgia, "Times New Roman";
-	}
-	body {
-	font: 12pt Arial;
-	}
-	a:link {
-	font: 12pt Arial;
-	font-weight: bold;
-	color: #0000cc;
-	}
-	blockquote {
-	font-family: monospace;
-	}
-	.header {
-	background: #e0ecff;
-	border-bottom: solid 4px #c3d9ff;
-	padding: 5px;
-	margin-top: 0px;
-	color: red;
-	}
-	.header a {
-	font-size: 20px;
-	text-decoration: none;
-	}
-	.footer {
-	background: #c3d9ff;
-	border-top: solid 4px #c3d9ff;
-	padding: 5px;
-	margin-bottom: 0px;
-	}
-	border: solid 4px #c3d9ff;
-	}
-	margin-left: 5px;
-	margin-right: 5px;
-	}
-unicode-snob = False
-links-after-each-paragraph = False
-body-width = 0
-email-protocol = sendmail
-sendmail = /usr/sbin/sendmail
-smtp-auth = False
-smtp-username = username
-smtp-password = password
-smtp-server = smtp.yourisp.net:25
-smtp-ssl = False
-smtp-ssl-protocol = SSLv3
-imap-auth = False
-imap-username = username
-imap-password = password
-imap-server = imap.yourisp.net
-imap-port = 143
-imap-ssl = False
-imap-mailbox = INBOX
-verbose = warning
-
-[feed.Annonces]
-url = https://ldn-fai.net/feed/
-

manifests/apt.pp

@@ -1,37 +0,0 @@
-# Module:: public
-# Manifest:: apt.pp
-#
-# Lorraine Data Network http://ldn-fai.net/
-
-class public::apt {
-
-  include '::apt'
-
-  # setup http://ftp.fr.debian.org/{debian,ubuntu}
-  $downcase_lsbdistid = downcase($::lsbdistid)
-
-  apt::source { "${downcase_lsbdistid}_${::lsbdistcodename}":
-    location => "http://ftp.fr.debian.org/${downcase_lsbdistid}/",
-    release  => $::lsbdistcodename,
-    repos    => 'main contrib non-free',
-  }
-
-  apt::source { "${downcase_lsbdistid}_${::lsbdistcodename}_security":
-    location => 'http://security.debian.org',
-    release  => "${::lsbdistcodename}/updates",
-    repos    => 'main',
-  }
-
-  apt::source { "${downcase_lsbdistid}_${::lsbdistcodename}_updates":
-    location => "http://ftp.fr.debian.org/${downcase_lsbdistid}/",
-    release  => "${::lsbdistcodename}-updates",
-    repos    => 'main',
-  }
-
-  apt::source { "${downcase_lsbdistid}_${::lsbdistcodename}_backports":
-    location => "http://ftp.fr.debian.org/${downcase_lsbdistid}/",
-    release  => "${::lsbdistcodename}-backports",
-    repos    => 'main',
-  }
-
-}

manifests/bttrack.pp

@@ -1,49 +0,0 @@
-# Module:: public
-# Manifest:: bttrack.pp
-
-class public::bttrack(
-  $port = 6969,
-  $ipv6_enabled = 0,
-  $ipv6_binds_v4 = 0,
-  $bind = '',
-  $logfile = '/var/log/bttrack.log',
-  $dfile = '/var/run/bttrack.state',
-  $allowed_dir = '/var/lib/bttrack',
-  $nat_check = 0,
-) {
-
-  package { 'bittornado':
-    ensure => installed,
-  }
-
-  file { '/etc/systemd/system/bttrack.service':
-    ensure  => file,
-    owner   => root,
-    group   => staff,
-    mode    => '0755',
-    content => template('public/bttrack/bttrack.service.erb'),
-    notify  => Service['bttrack'],
-    require => User['bttrack'],
-  }
-
-  user { 'bttrack':
-    ensure  => present,
-    system  => true,
-    comment => 'Bittorent Tracker User',
-    shell   => '/usr/sbin/nologin',
-  }
-
-  service { 'bttrack':
-    ensure  => running,
-    enable  => true,
-    require => File['/etc/systemd/system/bttrack.service'],
-  }
-
-  file { $allowed_dir:
-    ensure => directory,
-    owner  => 'bttrack',
-    group  => 'bttrack',
-    mode   => '0755',
-  }
-
-}

manifests/common.pp

@@ -1,135 +0,0 @@
-# Module:: public
-# Manifest:: common.pp
-#
-# Lorraine Data Network http://ldn-fai.net/
-
-# Class:: common
-#
-#
-class public::common {
-
-  # Internal
-  include '::public::apt'
-
-  # External (hiera for configuration)
-  include '::dnsclient'
-  include '::etckeeper'
-  include '::locales'
-  include '::rsyslog::client'
-  include '::sudo'
-  include '::timezone'
-  include '::unattended_upgrades'
-
-  # TODO, apt-proxy
-
-  # Remove apt-xapian-index (on low memory vm, xapian take a lot of RAM/CPU)
-  # https://bugs.launchpad.net/ubuntu/+source/apt-xapian-index/+bug/363695
-  package {'apt-xapian-index':
-    ensure => purged,
-  }
-
-  ensure_packages(['tmux','screen','netcat','htop','rsync','host','dmraid',
-    'man-db','vim','zsh','bash','iputils-ping','dnsutils','logrotate',
-    'python-apt','aptitude','debian-goodies','molly-guard','lrzip'])
-
-  # TODO, backup user
-
-  sudo::conf { 'ssh_auth_sock':
-    priority => 90,
-    content  => 'Defaults env_reset, env_keep += "SSH_AUTH_SOCK"',
-  }
-
-  sudo::conf { 'puppetdev':
-    priority =>  10,
-    content  => '%puppetdev ALL=(ALL) NOPASSWD: /usr/bin/puppet, /bin/mkdir, /bin/chown, /bin/rm',
-  }
-
-  file {
-    '/usr/local/bin/cronic':
-      ensure => file,
-      source => 'puppet:///modules/public/common/cronic',
-      owner  => root,
-      group  => root,
-      mode   => '0755';
-  }
-
-  file {
-    '/etc/alternatives/editor':
-      ensure  => link,
-      target  => '/usr/bin/vim',
-      require => Package['vim'];
-    '/bin/sh':
-      ensure => link,
-      target => '/bin/dash';
-  }
-
-  package { 'openssh-server': ensure => present; }
-  service { 'ssh':
-    ensure     => running,
-    hasstatus  => true,
-    hasrestart => true,
-    enable     => true,
-  }
-
-  # Setup ssh
-  # See ::private::common for other SSH configuration
-  case $::lsbdistcodename {
-    'stretch': {
-      public::ssh::configline {
-        'UseDNS':
-          value => 'no';
-      }
-    }
-    default: {
-      public::ssh::configline {
-        'LoginGraceTime':
-          value => '60';
-        'UsePrivilegeSeparation':
-          value => 'yes';
-        'PermitEmptyPasswords':
-          value => 'no';
-        'PasswordAuthentication':
-          value => 'no';
-        'StrictModes':
-          value => 'yes';
-        'UseDNS':
-          value => 'no';
-        'MaxStartups':
-          value => '10:30:60';
-      }
-    }
-  }
-
-  file {
-    '/etc/hostname':
-      ensure  => file,
-      content => $::hostname,
-      owner   => root,
-      group   => root,
-      mode    => '0644',
-      notify  => Exec['reload hostname'];
-    '/etc/mailname':
-      ensure  => file,
-      content => $::fqdn,
-      owner   => root,
-      group   => root,
-      mode    => '0644';
-  }
-
-  exec {
-    'reload hostname':
-      command     => "/usr/bin/hostnamectl set-hostname ${::hostname}",
-      user        => root,
-      refreshonly => true,
-      logoutput   => on_failure;
-  }
-
-  class {'::motd': template => 'public/common/motd.erb'; }
-
-  # Avoid a strange bug with facter
-  # Could not retrieve fact='selinux', resolution='<anonymous>'': Invalid argument - /proc/self/attr/current
-  if $::selinux == 'false' {
-    file {'/selinux/enforce': ensure => absent }
-  }
-
-} # Class:: common

manifests/deluser.pp

@@ -1,18 +0,0 @@
-# Module:: public
-# Manifest:: deluser.pp
-
-define public::deluser {
-
-  user { $name:
-    ensure => absent,
-    notify => Exec["backup ~${name} before remove"],
-  }
-  exec { "backup ~${name} before remove":
-    command     => "/bin/tar czf ${name}.tgz ${name} && rm -rf ${name}",
-    cwd         => '/home',
-    user        => root,
-    refreshonly => true,
-    onlyif      => "/usr/bin/test -d /home/${name}",
-    logoutput   => on_failure,
-  }
-}

manifests/dns/authoritative.pp

@@ -1,44 +0,0 @@
-# Module:: public
-# Manifest:: dns/authoritative.pp
-#
-# Lorraine Data Network http://ldn-fai.net/
-
-# Class:: public::dns::authoritative
-#
-#
-class public::dns::authoritative(
-  $zones = {}
-) {
-
-  include '::bind'
-
-  package { 'zonecheck':
-    ensure => installed,
-  }
-
-  # Configurations
-  bind::server::file { [
-    'named.conf',
-    # from named.conf
-    'acl.conf',
-    'named.conf.local',
-    'named.conf.options',
-    'divers.conf',
-    'adherents.conf',
-  ]:
-    zonedir     => '/etc/bind',
-    owner       => 'bind',
-    group       => 'bind',
-    source_base => 'puppet:///modules/private/authoritative/confs/',
-  }
-
-  file {
-    '/etc/bind/zones':
-      ensure => directory,
-      owner  => 'bind',
-      group  => 'bind',
-  }
-
-  create_resources(public::dns::zone, $zones)
-
-} # Class:: public::dns::authoritative

manifests/dns/recursive.pp

@@ -1,28 +0,0 @@
-# Module:: public
-# Manifest:: dns/autoritaire.pp
-#
-# Author:: Julien Vaubourg (<julien@vaubourg.com>)
-# Date:: 2013-09-21 13:36:02 +0200
-# Maintainer:: Julien Vaubourg (<julien@vaubourg.com>)
-#
-# Class:: public::dns::recursive inherits public::dns
-#
-#
-class public::dns::recursive {
-
-  include '::bind'
-
-  bind::server::file { [
-    'named.conf',
-
-    # from named.conf
-    'named.conf.options',
-
-  ]:
-    zonedir     => '/etc/bind/',
-    owner       => 'bind',
-    group       => 'bind',
-    source_base => 'puppet:///modules/public/dns/recursive/bind/',
-  }
-
-}

manifests/dns/slave.pp

@@ -1,44 +0,0 @@
-# Module:: public
-# Manifest:: dns/slave.pp
-#
-# Lorraine Data Network http://ldn-fai.net/
-
-# Class:: public::dns::slave
-#
-#
-class public::dns::slave(
-  $slave_name = '',
-  $master = '',
-  $zonedir = '/var/cache/bind',
-  $zones = [],
-  $zones_source_base = '',
-  $named_conf_source = '',
-) {
-
-  include '::bind'
-
-  public::dns::slave_zone { $slave_name:
-    slave_zones => $zones,
-    master      => $master,
-    zonedir     => $zonedir,
-  }
-
-  bind::server::file {[
-    'named.conf',
-    'acl.conf',
-  ]:
-    zonedir     => '/etc/bind',
-    owner       => 'bind',
-    group       => 'bind',
-    source_base => $zones_source_base,
-  }
-
-  bind::server::file {'named.conf.options':
-    zonedir => '/etc/bind',
-    owner   => 'bind',
-    group   => 'bind',
-    source  => $named_conf_source,
-  }
-
-
-} # Class:: dns::slave inherits dns

manifests/dns/slave_zone.pp

@@ -1,22 +0,0 @@
-# Define:: public::dns::slave_zone
-#
-# Args::
-#   $master  = dns master
-#   $zonedir = slave zone dir
-#
-define public::dns::slave_zone(
-  $master      = '0.0.0.0',
-  $zonedir     = '/etc/bing',
-  $slave_zones = [],
-) {
-
-  file {
-    '/etc/bind/named.conf.local':
-      ensure  => file,
-      content => template('public/dns/slave.conf.erb'),
-      owner   => 'bind',
-      group   => 'bind',
-      mode    => '0644',
-  }
-
-} # Define: defname

manifests/dns/tls_proxy.pp

@@ -1,48 +0,0 @@
-# Module:: public
-# Manifest:: dns/tls_proxy.pp
-#
-# Author:: Gabriel Corona (<gabriel.corona@enst-bretagne.fr>)
-# Date:: 2015-02-16 00:16:42 +0200
-# Maintainer:: Gabriel Corona (<gabriel.corona@enst-bretagne.fr>)
-#
-# Class:: public::dns::tls_proxy inherits public::dns
-#
-#
-class public::dns::tls_proxy {
-
-  # Mot this into a stunnel module:
-  ensure_packages(['stunnel4'])
-
-  service{'stunnel4':
-    ensure => running,
-    enable => true,
-  }
-
-  Package['stunnel4'] ->
-  file{'/etc/default/stunnel4':
-    ensure => present,
-    owner  => 'root',
-    group  => 'root',
-    mode   => 'u=r,go=r',
-    source => 'puppet:///modules/public/dns/tls_proxy/stunnel'
-  } ~> Service['stunnel4']
-
-  Package['stunnel4'] ->
-  file{'/etc/stunnel/dns.conf':
-    ensure => present,
-    owner  => 'root',
-    group  => 'root',
-    mode   => 'u=r,go=r',
-    source => 'puppet:///modules/public/dns/tls_proxy/dns.conf'
-  } ~> Service['stunnel4']
-
-  Package['stunnel4'] ->
-  file{'/etc/stunnel/dns.pem':
-    ensure  => file,
-    source  => "puppet:///private/dns.pem",
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0640';
-  } ~> Service['stunnel4']
-
-}

manifests/dns/zone.pp

@@ -1,14 +0,0 @@
-# Module:: public
-# Manifest:: dns/authoritative.pp
-#
-# Lorraine Data Network http://ldn-fai.net/
-
-define public::dns::zone {
-  bind::server::file {"db.${title}":
-    zonedir     => '/etc/bind/zones',
-    owner       => 'bind',
-    group       => 'bind',
-    source_base => 'puppet:///modules/private/authoritative/zones/',
-    require     => File['/etc/bind/zones'],
-  }
-}

manifests/fdnbot.pp

@@ -1,51 +0,0 @@
-# Module:: public
-# Manifest:: fdnbot.pp
-
-class public::fdnbot {
-
-  ensure_packages(['libmail-sendmail-perl','libbot-basicbot-perl','libmime-tools-perl'])
-
-  user { 'fdnbot':
-    ensure => present,
-    system => true,
-    shell  => '/usr/sbin/nologin',
-  }
-
-  file { '/etc/systemd/system/fdnbot.service':
-    ensure  => file,
-    owner   => root,
-    group   => staff,
-    mode    => '0755',
-    source  => 'puppet:///modules/public/fdnbot/fdnbot.service',
-    notify  => Service['fdnbot'],
-    require => User['fdnbot'],
-  }
-
-  service { 'fdnbot':
-    ensure  => running,
-    enable  => true,
-    require => File['/etc/systemd/system/fdnbot.service'],
-  }
-
-  file {
-    '/usr/local/bin/fdnbot.pl':
-      ensure  => file,
-      mode    => '0755',
-      owner   => 'fdnbot',
-      group   => 'fdnbot',
-      source  => 'puppet:///modules/public/fdnbot/fdnbot.pl',
-      notify  => Service['fdnbot'],
-      require => Package['libmail-sendmail-perl'];
-    '/var/www/fdn.ldn-fai.net':
-      ensure => directory,
-      owner  => 'fdnbot',
-      group  => 'fdnbot',
-      mode   => '0755';
-    '/var/www/fdn.ldn-fai.net/index.html':
-      ensure => file,
-      owner  => 'fdnbot',
-      group  => 'fdnbot',
-      mode   => '0644';
-  }
-
-}

manifests/init.pp

@@ -1,10 +0,0 @@
-# Module:: public
-# Manifest:: init.pp
-#
-# Lorraine Data Network http://ldn-fai.net/
-
-# Class:: public
-#
-#
-class public {
-}

manifests/lecm.pp

@@ -1,31 +0,0 @@
-# Module:: public
-# Manifest:: lecm.pp
-
-class public::lecm {
-  package { 'lecm':
-    ensure => installed,
-  }
-
-  file { '/etc/lecm.conf':
-    ensure  => present,
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0644',
-    source  => "puppet:///modules/private/lecm/${::fqdn}/lecm.conf",
-    require => [
-      Package['lecm'],
-      File['/etc/letsencrypt']
-    ]
-  }
-
-  file { '/etc/letsencrypt':
-    ensure => directory,
-  }
-
-  cron { 'Renew of lecm certificates':
-    user    => root,
-    command => '/usr/bin/lecm --renew',
-    minute  => 30,
-    hour    => 23,
-  }
-}

manifests/logger.pp

@@ -1,17 +0,0 @@
-# Module:: public
-# Manifest:: logger.pp
-#
-# Lorraine Data Network http://ldn-fai.net/
-
-class public::logger {
-  include '::rsyslog::server'
-  $log_path = hiera('log_path')
-
-  cron { 'compress old logs':
-    user    => root,
-    command => "/usr/bin/find ${log_path} -type f -mtime +7 -exec /bin/gzip -q {} \;",
-    minute  => '0',
-    hour    => '0',
-    weekday => '0',
-  }
-}

manifests/lookingglass/lgproxy.pp

@@ -1,70 +0,0 @@
-# Module:: public::lookingglass
-# Manifest:: lgproxy.pp
-
-# Sources
-# git clone https://github.com/sileht/bird-lg -C /opt/
-
-class public::lookingglass::lgproxy {
-
-  package { [ 'python-dnspython', 'python-pydot', 'python-flask' ]:
-    ensure => installed,
-  }
-
-  user { 'lgproxy':
-    ensure => present,
-    shell  => '/usr/sbin/nologin',
-    system => true,
-  }
-
-  file { '/etc/systemd/system/lgproxy.service':
-    ensure  => file,
-    owner   => root,
-    group   => staff,
-    mode    => '0755',
-    source  => 'puppet:///modules/public/lookingglass/lgproxy/lgproxy.service',
-    notify  => Service['lgproxy'],
-    require => User['lgproxy'],
-  }
-
-  service { 'lgproxy':
-    ensure  => running,
-    enable  => true,
-    require => File['/etc/systemd/system/lgproxy.service'],
-  }
-
-  file { '/opt/bird-lg/':
-    ensure => directory,
-    owner  => root,
-    group  => staff,
-    mode   => '0755',
-  }
-
-  file { '/var/log/bird-lg/':
-    ensure => directory,
-    owner  => 'lgproxy',
-    group  => staff,
-    mode   => '0755',
-  }
-
-  file { '/opt/bird-lg/lgproxy.cfg':
-    ensure => file,
-    owner  => root,
-    group  => staff,
-    mode   => '0644',
-    source => "puppet:///modules/private/lookingglass/lgproxy/lgproxy-${::hostname}.cfg",
-    notify => Service['lgproxy'],
-  }
-
-  file { '/opt/bird-lg/lgproxy.py':
-    ensure => file,
-    owner  => root,
-    group  => staff,
-    mode   => '0755',
-    notify => Service['lgproxy'],
-  }
-
-  file { [ '/var/run/bird/bird6.ctl', '/var/run/bird/bird.ctl' ]:
-    owner => 'root',
-    group => 'lgproxy',
-  }
-}

manifests/lookingglass/lgweb.pp

@@ -1,79 +0,0 @@
-# Module:: public::lookingglass
-# Manifest:: lgweb.pp
-
-# Sources
-# git clone https://github.com/sileht/bird-lg -C /opt/
-
-class public::lookingglass::lgweb(
-  $domains = ['lg.ldn-fai.net','lg.as60197.net'],
-  $ssl_cert_source = '/etc/letsencrypt/pem/lg.ldn-fai.net.pem',
-  $ssl_key_source = '/etc/letsencrypt/private/lg.ldn-fai.net.key',
-  $ssl_dhparam_source = '/etc/letsencrypt/dhparam.pem',
-  $add_config_source  = 'puppet:///modules/private/nginx/leela/lg.conf',
-) {
-
-  package { [ 'python-dnspython', 'python-pydot', 'python-flask' ]:
-    ensure => installed,
-  }
-
-  nginxpack::vhost::redirection { 'https-lgweb':
-    domains  => $domains,
-    to_https => true,
-  }
-  nginxpack::vhost::proxy { 'lgweb':
-    domains            => $domains,
-    to_domain          => '127.0.0.1',
-    to_port            => 5000,
-    https              => true,
-    ssl_cert_source    => $ssl_cert_source,
-    ssl_key_source     => $ssl_key_source,
-    ssl_dhparam_source => $ssl_dhparam_source,
-    add_config_source  => $add_config_source,
-  }
-
-  user { 'lgweb':
-    ensure => present,
-    shell  => '/usr/sbin/nologin',
-    system => true,
-  }
-
-  file { '/etc/systemd/system/lgweb.service':
-    ensure  => file,
-    owner   => root,
-    group   => staff,
-    mode    => '0755',
-    source  => 'puppet:///modules/public/lookingglass/lgweb/lgweb.service',
-    notify  => Service['lgweb'],
-    require => User['lgweb'],
-  }
-
-  service { 'lgweb':
-    ensure  => running,
-    enable  => true,
-    require => File['/etc/systemd/system/lgweb.service'],
-  }
-
-  file { '/opt/bird-lg/':
-    ensure => directory,
-    owner  => root,
-    group  => staff,
-    mode   => '0755',
-  }
-
-  file { '/opt/bird-lg/lg.cfg':
-    ensure => file,
-    owner  => root,
-    group  => staff,
-    mode   => '0644',
-    source => 'puppet:///modules/private/lookingglass/lgweb/lgweb.cfg',
-    notify => Service['lgweb'],
-  }
-
-  file { '/opt/bird-lg/lg.py':
-    ensure => file,
-    owner  => root,
-    group  => staff,
-    mode   => '0755',
-    notify => Service['lgweb'],
-  }
-}

manifests/mta.pp

@@ -1,18 +0,0 @@
-# Module:: public
-# Manifest:: apt.pp
-#
-# Lorraine Data Network http://ldn-fai.net/
-
-class public::mta {
-
-  include '::postfix::server'
-
-  mailalias { 'root':
-    ensure    => present,
-    recipient => 'root@ldn-fai.net',
-    notify    => Service['postfix'];
-  }
-
-  #TODO: nullmailer?
-
-}

manifests/rss2mail.pp

@@ -1,70 +0,0 @@
-# Si cela ne fonctionne pas, c'est sur Petit qu'il faut tapper !
-# Juin 2014
-
-class public::rss2mail($list, $feed)  {
-
-  # Vars (put in hiera ?)
-  $user = 'rss2mail'
-  $home_user = '/home/rss2mail'
-
-  if ($::operatingsystem =~ /Debian/) and ($::operatingsystemrelease =~ /^9/) {
-    # Install "rrr2email"
-    package { ['rss2email']:
-      ensure => installed,
-    }
-
-    # User creation
-    user { 'user_rss2mail':
-      ensure => present,
-      name   => $user,
-      home   => $home_user,
-    } ->
-    # home user creation
-    file { $home_user:
-      ensure  => 'directory',
-      owner   => $user,
-      group   => $user,
-      mode    => '0760',
-      require => User['user_rss2mail'],
-    } ->
-
-    # TODO, We should probably generate the file ourself instead (customize "from")
-    # Check if existing conf else create it
-    # "/usr/bin/r2e new $list" : declare mail adress target
-    # "/usr/bin/r2e add $feed" add feed
-    # "/usr/bin/r2e run" send a mail for each new entry in feed
-    # " --no-send" no send. Useful the first time
-
-    # This exec seems doesn't work now (201702)
-    # So Thinking create manually the configuration
-#    exec { 'rss2emailconf':
-#      creates     => "${home_user}/.rss2email/feeds.dat",
-#      user        => $user,
-#      environment => ["HOME=${home_user}"],
-#      # command    => "/usr/bin/r2e new $list && /usr/bin/r2e add main $feed && /usr/bin/r2e run --no-send",
-#      command     => "/usr/bin/r2e new ${list} && /usr/bin/r2e add main ${feed} && /usr/bin/r2e run",
-#      require     => [ Package['rss2email'], User['user_rss2mail'], File[$home_user] ],
-#    } ->
-
-    # Schedule process "/usr/bin/r2e run"
-    cron { 'r2e: use for automatic mailing a rss feed':
-      command => '/usr/bin/r2e run',
-      user    => $user,
-      hour    => '20',
-      minute  => '02',
-      require => User['user_rss2mail'],
-    }
-
-    file { '/home/rss2mail/.config/rss2email.cfg':
-      ensure  => file,
-      source  => 'puppet:///modules/public/rss2mail/rss2email.cfg',
-      owner   => $user,
-      group   => $user,
-      mode    => '0644',
-      require => File[$home_user],
-  }
-
-  } else {
-    notify {"[Error] OS not supported (${::osfamily} - ${::operatingsystemrealease})":}
-  }
-}

manifests/ssh/configline.pp

@@ -1,47 +0,0 @@
-# Module:: public::ssh
-# Manifest:: configline.pp
-#
-# Lorraine Data Network http://ldn-fai.net/
-
-# Define:: public::ssh::configline
-# Args::
-#   $ensure = present,
-#   $value  = false,
-#
-define public::ssh::configline(
-  $ensure = present,
-  $value = false
-) {
-
-  Augeas {
-    context => '/files/etc/ssh/sshd_config',
-    notify  => Service['ssh'],
-  }
-
-  case $ensure {
-    present: {
-      augeas { "sshd_config_${name}":
-        changes => "set ${name} ${value}",
-        onlyif  => "get ${name} != ${value}",
-      }
-    }
-    add: {
-      augeas { "sshd_config_${name}":
-        onlyif  => "get ${name}[. = '${value}'] != ${value}",
-        changes => [
-          "ins ${name} after ${name}[last()]",
-          "set ${name}[last()] ${value}"
-        ],
-      }
-    }
-    absent: {
-      augeas { "sshd_config_${name}":
-        changes => "rm ${name}",
-        onlyif  => "get ${name}",
-      }
-    }
-    default: {
-      fail("ensure value must be present, add or absent, not ${ensure}")
-    }
-  }
-} # Define: public::ssh::configline

metadata.json

@@ -1,26 +0,0 @@
-{
-  "name": "ldn-public",
-  "version": "0.0.1",
-  "author": "Lorraine Data Network",
-  "summary": "Lorraine Data Network public puppet module",
-  "license": "Apache-2.0",
-  "source": "git+ssh://git@ldn-fai.net:puppet/puppet-public.git",
-  "project_page": "https://wiki.ldn-fai.net/w/Puppet",
-  "issues_url": "https://repo.ldn-fai.net/redmine/",
-  "operatingsystem_support": [
-    {
-      "operatingsystem": "Debian",
-      "operatingsystemrelease": ["8"]
-    }
-  ],
-  "dependencies": [
-    { "name": "puppetlabs/stdlib", "version_requirement": ">= 4.2.0 <5.0.0" },
-    { "name": "puppetlabs/apt", "version_requirement": ">=1.8.0 <3.0.0" },
-    { "name": "saz/sudo", "version_requirement": ">=3.1.0 <4.0.0" },
-    { "name": "thias/bind", "version_requirement": ">=0.5.1 <1.0.0" },
-    { "name": "saz/rsyslog", "version_requirement": ">=3.3.0 <4.0.0" },
-    { "name": "thomasvandoren/etckeeper", "version_requirement": ">=0.0.9 <1.0.0" },
-    { "name": "puppet/unattended_upgrades", "version_requirement": ">=2.1.0 <3.0.0" }
-  ],
-  "data_provider": null
-}

templates/bttrack/bttrack.service.erb

@@ -1,17 +0,0 @@
-[Unit]
-Description=Bittorent LDN Tracker
-Requires=network.target
-After=network.target
-
-[Service]
-Type=simple
-User=bttrack
-Group=bttrack
-ExecStart=/usr/bin/bttrack --dfile <%= @dfile %> --logfile <%= @logfile %> --port <%= @port %> --nat_check <%= @nat_check %> --allowed_dir <%= @allowed_dir %> --ipv6_enabled <%= @ipv6_enabled %> --ipv6_binds_v4 <%= @ipv6_binds_v4 %> --bind <%= @bind %>
-ExecReload=/bin/kill -HUP $MAINPID
-KillMode=process
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target
-Alias=tracker.service

templates/common/motd.erb

@@ -1,15 +0,0 @@
-
-  server: <%= @fqdn %>
-  system: <%= @operatingsystem %> <%= @operatingsystemrelease %>, kernel <%= @kernelrelease %>, puppet <%= @puppetversion %>
-     cpu: <%= @physicalprocessorcount  %>/<%= @processorcount %> (<%= @processor0 %>)
-  memory: <%if has_variable?("memorytotal") %><%= @memorytotal %><% else %><%= @memorysize %><% end %>
-<% @interfaces.split(',').each do |i| -%>
-<%- if i != "lo" and not i.start_with?('phy_br','int_br','qbr','tap','qvo','qvb','veth','tmp','he','sit','ib') %>
-    <%= i -%>: <%= scope.lookupvar("macaddress_#{i}") -%><% if has_variable?("ipaddress_#{i}") -%> / <%= scope.lookupvar("ipaddress_#{i}") -%><% end -%><% if has_variable?("ipaddress6_#{i}") %> / <%= scope.lookupvar("ipaddress6_#{i}") -%><% end -%><% end -%>
-<% end %>
-
- modules: <% classes.each do |klass| -%>
-<% if klass != "settings" and klass[-6,6] != "params" and klass != @fqdn and klass != "concat::setup" -%>
-<%= klass %> <% end -%>
-<% end %>
-

templates/dns/slave.conf.erb

@@ -1,17 +0,0 @@
-// MANAGED BY PUPPET
-// Module:: public::dns
-// File:: public/templates/dns/slave.conf.erb
-
-<% if !@slave_zones.empty? -%>
-// <%= @title %>
-<% @slave_zones.each do |zname| -%>
-zone "<%= zname %>" {
-  type slave;
-  masters { <%= @master %>; };
-  allow-query { any; };
-  allow-transfer { xfer; };
-  file "<%= @zonedir %>/db.<%= zname %>";
-};
-
-<% end -%>
-<% end -%>