Skip to content
Snippets Groups Projects
Commit 3a2cb023 authored by Wolfgang Schweer's avatar Wolfgang Schweer
Browse files

Remove Cfengine2 related configuration files and tools.

parent 7de247c0
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 0 additions and 736 deletions
cf/cf.adduser deleted 100644 → 0
+ 0
28
View file @ 7de247c0
editfiles:
debian::
# The file /etc/adduser.conf control local user creation.
# For setting up a Debian Edu/Skolelinux server it is recommend
# to start with a local user on a workstation (that might even be
# tjener itself with additional workstation role).
#
# For local user creation we want to make sure that local users
# do not have conflicting uidNumbers, gidNumber with those in LDAP.
# Patch /etc/adduser.conf
{ /etc/adduser.conf
# FIRST_UID, LAST_UID for non-LDAP users is 500-999
ReplaceAll 'FIRST_UID=1000' With 'FIRST_UID=500'
ReplaceAll 'LAST_UID=29999' With 'LAST_UID=999'
# FIRST_GID, LAST_GID for non-LDAP groups is 500-999
ReplaceAll 'FIRST_GID=1000' With 'FIRST_GID=500'
ReplaceAll 'LAST_GID=29999' With 'LAST_GID=999'
# local users' homes have permissions 0700
ReplaceAll 'DIR_MODE=0755' With 'DIR_MODE=0700'
}
cf/cf.apache2 deleted 100644 → 0
+ 0
29
View file @ 7de247c0
links:
debian.server.installation::
/etc/php/apache2/php.ini ->! /etc/php/apache2/php-debian-edu.ini
/etc/apache2/mods-available/debian-edu-userdir.load ->! /etc/apache2/mods-available/userdir.load
shellcommands:
debian.server.installation::
# Generate certificates and keys (rootCA and multipurpose server) using
# the create-debian-edu-certs tool.
"/usr/share/debian-edu-config/tools/create-debian-edu-certs"
# Disable default userdir.
"/usr/sbin/a2dismod userdir"
# Enabling debian-edu-userdir; create a directory ~/public_html
# to make it available as https://www/~<username>.
"/usr/sbin/a2enmod debian-edu-userdir"
# Enabling ssl
"/usr/sbin/a2enmod ssl"
# Use our own default site configuration, and ssl site configuration.
"/usr/sbin/a2enconf debian-edu-config-doc.conf"
"/usr/sbin/a2ensite debian-edu-default.conf"
"/usr/sbin/a2ensite debian-edu-ssl-default.conf"
# Enable sitesummary with cgi, workaround for bug #760084
"/usr/sbin/a2enmod cgi"
"/usr/sbin/a2enconf sitesummary.conf"
# Disable the stock debian sitefile
"/usr/sbin/a2dissite 000-default.conf"
# Reload apache2 for changes to take effect
"/usr/sbin/service apache2 restart"
cf/cf.apt deleted 100644 → 0
+ 0
21
View file @ 7de247c0
editfiles:
debian::
{ /etc/apt/sources.list
HashCommentLinesStarting "deb cdrom:"
HashCommentLinesStarting "deb http://security.debian.org/ buster/updates main"
AppendIfNoSuchLine "deb http://security.debian.org/ buster/updates main contrib non-free"
AppendIfNoSuchLine "deb http://deb.debian.org/debian buster main contrib non-free"
}
debian.ltspserver::
# A copy of the above
{ /opt/ltsp/$(ltsp_arch)/etc/apt/sources.list
HashCommentLinesStarting "deb file:"
HashCommentLinesStarting "deb http://security.debian.org/ buster/updates main"
AppendIfNoSuchLine "deb http://security.debian.org/ buster/updates main contrib non-free"
AppendIfNoSuchLine "deb http://deb.debian.org/debian buster main contrib non-free"
}
cf/cf.bind deleted 100644 → 0
+ 0
26
View file @ 7de247c0
#
# Configure DNS setup with bind
#
directories:
debian.server::
# Make sure the members of group 'bind' can write to /etc/bind/:
/etc/bind mode=2775 owner=root group=bind
editfiles:
debian.server.installation::
# Configure ldap2bind for Debian Edu:
{ /etc/bind/named.conf.local
AppendIfNoSuchLine 'include "/etc/bind/named.conf.ldap2zone";'
}
# Disable IPv6 (to silence IPv6 lookup failure messages):
{ /etc/default/bind9
BeginGroupIfNoSuchLine 'OPTIONS="-4 -u bind"'
HashCommentLinesStarting 'OPTIONS='
LocateLineMatching '#.*OPTIONS=.*'
InsertLine 'OPTIONS="-4 -u bind"'
EndGroup
}
# Add alias for mails to user bind:
{ /etc/aliases
AppendIfNoSuchLine 'bind: root'
}
cf/cf.cfengine deleted 100644 → 0
+ 0
24
View file @ 7de247c0
groups:
cfclient = ( "/bin/ping -c 1 cfservd" )
editfiles:
cfclient::
# Activate cfservd if there is a cfengine server on the net
{ /etc/default/cfengine2
BeginGroupIfNoMatch "RUN_CFSERVD=1"
LocateLineMatching "RUN_CFSERVD=0"
ReplaceLineWith "RUN_CFSERVD=1"
EndGroup
}
# Run cfengine on reboot
# (to make sure that clients that are offline a lot, get their "fix", too
{ /etc/cron.d/cfengine
AutoCreate
AppendIfNoSuchLine "@reboot root /usr/sbin/cfagent -f update.conf && /usr/sbin/cfagent -f cfagent.conf"
}
shellcommands:
cfclient::
"/etc/init.d/cfengine restart"
cf/cf.chromium deleted 100644 → 0
+ 0
8
View file @ 7de247c0
shellcommands:
# Change default Chromium homepage. Standalone machines get our project page,
# while school machines get the school start page from LDAP.
# The clients using LDAP also update the pages at boot.
debian.installation.standalone::
"/usr/share/debian-edu-config/tools/update-chromium-homepage http\://www.skolelinux.org/"
debian.installation.!standalone::
"/usr/share/debian-edu-config/tools/update-chromium-homepage ldap\:homepage"
cf/cf.cups deleted 100644 → 0
+ 0
10
View file @ 7de247c0
links:
debian.installation::
/etc/cups/cupsd.conf ->! /etc/cups/cupsd-debian-edu.conf
/etc/cups/cups-files.conf ->! /etc/cups/cups-files-debian-edu.conf
/etc/cups/ssl/tjener.intern.crt ->! /etc/ssl/certs/debian-edu-server.crt
nofile=force
/etc/cups/ssl/tjener.intern.key ->! /etc/ssl/private/debian-edu-server.key
nofile=force
cf/cf.dhcpserver deleted 100644 → 0
+ 0
33
View file @ 7de247c0
links:
debian.server::
/etc/dhcp/dhcpd.conf ->! /etc/dhcp/dhcpd-debian-edu.conf
nofile=force
debian::
/etc/dhcp/dhclient.conf ->! /etc/dhcp/dhclient-debian-edu.conf
nofile=force
editfiles:
debian.server::
# The file /etc/default/isc-dhcp-server controls what interface the
# dhcp server will listen on. We will have one monster dhcpd.conf file
# that contains definitions for both the eth0 and eth1 interfaces and
# control which is active by manipulating this
# /etc/default/isc-dhcp-server
#
# Make sure this is synced with cf.ltsp (LTSP server)
# Enable DHCP server on eth0
{ /etc/default/isc-dhcp-server
BeginGroupIfNoMatch 'INTERFACESv4="eth0"'
LocateLineMatching 'INTERFACESv4=""'
ReplaceLineWith 'INTERFACESv4="eth0"'
EndGroup
}
cf/cf.exim deleted 100644 → 0
+ 0
25
View file @ 7de247c0
links:
# Serverinstallation
debian.server.installation::
/etc/exim4/exim4.conf ->! /etc/exim4/exim-ldap-server-v4.conf
nofile=force
editfiles:
debian.server.installation::
{ /etc/default/exim4
AppendIfNoSuchLine 'KRB5_KTNAME=/etc/krb5.keytab.smtp; export KRB5_KTNAME'
}
shellcommands:
debian.server.installation.fifthpass::
"/usr/share/debian-edu-config/tools/exim4-create-environment"
debian.installation::
"/usr/sbin/exim4 -qff"
cf/cf.firefox-esr deleted 100644 → 0
+ 0
30
View file @ 7de247c0
#
# Set up firefox to accept the default ssl certificate created through cf.apache2.
#
# On main server use /etc/skel/ to create a default profile for new
# users in case they start firefox the first time.
directories:
# Check file system is prepared for inclusion in new users home directories.
debian.installation.server::
/etc/skel/.mozilla/firefox/debian-edu.default mode=755 owner=root group=root
shellcommands:
# Enable the default profile.
debian.installation.server::
"/usr/bin/update-ini-file /etc/skel/.mozilla/firefox/profiles.ini General StartWithLastProfile 1"
"/usr/bin/update-ini-file /etc/skel/.mozilla/firefox/profiles.ini Profile0 Name default"
"/usr/bin/update-ini-file /etc/skel/.mozilla/firefox/profiles.ini Profile0 IsRelative 1"
"/usr/bin/update-ini-file /etc/skel/.mozilla/firefox/profiles.ini Profile0 Path debian-edu.default"
# Change default start page. Standalone machines get our project page,
# while school machines get the school start page from LDAP.
# The clients using LDAP also update the pages at boot.
debian.installation.standalone::
"/usr/share/debian-edu-config/tools/update-firefox-homepage http\://www.skolelinux.org/"
debian.installation.!standalone::
"/usr/share/debian-edu-config/tools/update-firefox-homepage ldap\:homepage"
files:
# Ensure file file is readable by everyone
debian.installation.server.secondpass::
/etc/skel/.mozilla/firefox/profiles.ini mode=a+r act=fixall
cf/cf.fstab deleted 100644 → 0
+ 0
9
View file @ 7de247c0
editfiles:
debian::
{ /etc/fstab
BeginGroupIfNoLineMatching ".* /tmp .*"
InsertLine "none /tmp tmpfs defaults,nosuid 0 0"
EndGroup
}
cf/cf.grub deleted 100644 → 0
+ 0
41
View file @ 7de247c0
#
# Configure GRUB:
# - for plymouth (everywhere except on servers and ltsp-clients)
# - handle the network interface setup (keep old device names) for networked
# systems (everywhere except on roaming machines and standalone)
editfiles:
debian.installation.(standalone|roaming)::
{ /etc/default/grub
BeginGroupIfNoSuchLine 'GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"'
HashCommentLinesStarting 'GRUB_CMDLINE_LINUX_DEFAULT'
LocateLineMatching '#.*GRUB_CMDLINE_LINUX_DEFAULT.*'
InsertLine 'GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"'
EndGroup
}
editfiles:
debian.installation.!roaming.!standalone::
{ /etc/default/grub
BeginGroupIfNoSuchLine 'GRUB_CMDLINE_LINUX_DEFAULT="net.ifnames=0 quiet"'
HashCommentLinesStarting 'GRUB_CMDLINE_LINUX_DEFAULT'
LocateLineMatching '#.*GRUB_CMDLINE_LINUX_DEFAULT.*'
InsertLine 'GRUB_CMDLINE_LINUX_DEFAULT="net.ifnames=0 quiet"'
EndGroup
}
editfiles:
debian.installation.!server.!ltspclient.!roaming.!standalone::
{ /etc/default/grub
BeginGroupIfNoSuchLine 'GRUB_CMDLINE_LINUX_DEFAULT="net.ifnames=0 quiet splash"'
HashCommentLinesStarting 'GRUB_CMDLINE_LINUX_DEFAULT'
LocateLineMatching '#.*GRUB_CMDLINE_LINUX_DEFAULT.*'
InsertLine 'GRUB_CMDLINE_LINUX_DEFAULT="net.ifnames=0 quiet splash"'
EndGroup
}
shellcommands:
debian.installation::
"/usr/sbin/update-grub"
debian.installation.!server.!ltspclient::
"/usr/sbin/plymouth-set-default-theme lines"
cf/cf.homes deleted 100644 → 0
+ 0
96
View file @ 7de247c0
#
# Handle the user home directory on the server
#
directories:
debian.server::
# Make sure /skole/tjener/home0/ exists even if using manual partitioning:
/skole/tjener/home0 mode=755 owner=root group=root
# Make sure /skole has right permissions if 'atomic' partitioning is used.
/skole mode=755 owner=root group=root
# Make sure /srv/nfs4/home0 exists:
/srv/nfs4/home0 mode=755 owner=root group=root
editfiles:
debian.installation.!standalone::
{ /etc/krb5.conf
## FIXME: needed because of #521878:
BeginGroupIfNoSuchLine ' allow_weak_crypto = true'
LocateLineMatching '.*\[libdefaults\].*'
InsertLine ' allow_weak_crypto = true'
InsertLine ' permitted_enctypes = des-cbc-crc rc4-hmac des3-cbc-sha1-kd aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96'
EndGroup
}
{ /etc/default/nfs-common
## start the idmapd daemon:
BeginGroupIfNoSuchLine 'NEED_IDMAPD=yes'
HashCommentLinesStarting 'NEED_IDMAPD='
LocateLineMatching '#.*NEED_IDMAPD=.*'
InsertLine 'NEED_IDMAPD=yes'
EndGroup
## start the gssd daemon:
BeginGroupIfNoSuchLine 'NEED_GSSD=yes'
HashCommentLinesStarting 'NEED_GSSD='
LocateLineMatching '#.*NEED_GSSD=.*'
InsertLine 'NEED_GSSD=yes'
EndGroup
}
{ /etc/idmapd.conf
## needed for correct ID mapping:
BeginGroupIfNoSuchLine 'Domain = intern'
HashCommentLinesStarting 'Domain ='
LocateLineMatching '#.*Domain =.*'
InsertLine 'Domain = intern'
EndGroup
}
debian.server::
{ /etc/exports
## NFS4 without the need to use kerberos for now:
AppendIfNoSuchLine "/srv/nfs4 @ltsp-server-hosts(sec=krb5p:krb5i:krb5:sys,rw,sync,fsid=0,crossmnt,no_subtree_check) @workstation-hosts(sec=krb5p:krb5i:krb5:sys,rw,sync,fsid=0,crossmnt,no_subtree_check) @server-hosts(sec=krb5p:krb5i:krb5:sys,rw,sync,fsid=0,crossmnt,no_subtree_check)"
AppendIfNoSuchLine "/srv/nfs4/home0 @ltsp-server-hosts(sec=krb5p:krb5i:krb5:sys,rw,sync,no_subtree_check) @workstation-hosts(sec=krb5p:krb5i:krb5:sys,rw,sync,no_subtree_check) @server-hosts(sec=krb5p:krb5i:krb5:sys,rw,sync,no_subtree_check)"
}
{ /etc/fstab
## bind the shared directory to the exported tree:
AppendIfNoSuchLine "/skole/tjener/home0 /srv/nfs4/home0 none bind 0 0"
}
{ /etc/default/nfs-kernel-server
## start the svcgssd daemon:
BeginGroupIfNoSuchLine 'NEED_SVCGSSD=yes'
HashCommentLinesStarting 'NEED_SVCGSSD='
LocateLineMatching '#.*NEED_SVCGSSD=.*'
InsertLine 'NEED_SVCGSSD=yes'
EndGroup
}
# Enable autofs using LDAP unless running the server.
# This is done by enabling autofs. Use SRV RRs to find ldap.
debian.!server.!standalone.!roaming::
{ /etc/default/autofs
AppendIfNoSuchLine "LDAPURI=ldap://$(ldapserver)"
}
# Just by logging in, each user by default fill up 144 MiB of disk
# space. Most of it is spend by akonadi. Following instructions
# in
# <URL: http://techbase.kde.org/Projects/PIM/Akonadi#Akonadi_needs_too_much_space_in_my_home_directory.21 >,
# we reduce this to 24 MiB by reducing the mysql innodb log file
# size. Enabling for GUI profiles, but not for Standalone where
# most likely only one user will be created.
debian.installation.workstation::
{ /etc/xdg/akonadi/mysql-global.conf
ReplaceAll 'innodb_log_file_size=64M' With 'innodb_log_file_size=4M'
}
# Enable our menu overrides on standalone installations
debian.standalone::
{ /etc/debian-edu/config
AppendIfNoSuchLine "MENUREORDER=true"
}
shellcommands:
# Make sure to disable autofs on the main-server, to avoid hiding
# local file systems.
debian.server::
"/bin/systemctl disable autofs"
cf/cf.imap deleted 100644 → 0
+ 0
17
View file @ 7de247c0
shellcommands:
debian.server.installation::
# pretend an IMAP authentication success in order to suppress dovecot's initial
# warning message: ,,This message goes away after the first successful login.''
"/usr/bin/touch /var/lib/dovecot/auth-success"
links:
debian.installation::
/etc/dovecot/private/dovecot.pem ->! /etc/ssl/certs/debian-edu-server.crt
nofile=force
/etc/dovecot/private/dovecot.key ->! /etc/ssl/private/debian-edu-server.key
nofile=force
cf/cf.inetd deleted 100644 → 0
+ 0
19
View file @ 7de247c0
#
# Remove the services we don't need from /etc/inetd.conf
#
editfiles:
debian::
{ /etc/inetd.conf
HashCommentLinesStarting "discard"
HashCommentLinesStarting "daytime"
HashCommentLinesStarting "time"
}
# Standalone hosts should not listen to incoming SMTP connections.
debian.standalone::
{ /etc/inetd.conf
HashCommentLinesStarting "smtp"
}
cf/cf.krb5client deleted 100644 → 0
+ 0
20
View file @ 7de247c0
#
# Configure KRB5 client
#
links:
debian.installation.!standalone::
/usr/share/pam-configs/edu-nopwdchange ->! /usr/share/debian-edu-config/pam-config-nopwdchange
shellcommands:
# setup-roaming generate its own krb5.conf, no need to do it here.
debian.installation.!standalone.!roaming.!server::
"/usr/share/debian-edu-config/tools/sssd-generate-config -k > /etc/krb5.conf"
debian.installation.!standalone.secondpass::
# Activate changes to pam-configs in /etc/pam.d/
"/usr/sbin/pam-auth-update --package"
files:
debian.secondpass.!standalone::
/etc/krb5.conf mode=644 act=fixall
cf/cf.ldapclient deleted 100644 → 0
+ 0
89
View file @ 7de247c0
#
# Configure NSS and PAM to use LDAP directory
#
editfiles:
debian.installation.!standalone.!roaming::
{ /etc/nsswitch.conf
LocateLineMatching "# Example configuration of GNU Name Service Switch functionality."
IncrementPointer "3"
BeginGroupIfNoSuchLine "passwd: files ldap"
HashCommentLinesStarting "passwd:"
InsertLine "passwd: files ldap"
EndGroup
BeginGroupIfNoSuchLine "group: files ldap"
HashCommentLinesStarting "group:"
InsertLine "group: files ldap"
EndGroup
# Fetching shadow from LDAP is useful for expiring accounts.
BeginGroupIfNoSuchLine "shadow: files ldap"
HashCommentLinesStarting "shadow:"
InsertLine "shadow: files ldap"
EndGroup
BeginGroupIfNoSuchLine "netgroup: files ldap"
HashCommentLinesStarting "netgroup:"
InsertLine "netgroup: files ldap"
EndGroup
BeginGroupIfNoSuchLine "automount: files ldap"
HashCommentLinesStarting "automount:"
InsertLine "automount: files ldap"
EndGroup
BeginGroupIfNoSuchLine "sudoers: files ldap"
HashCommentLinesStarting "sudoers:"
InsertLine "sudoers: files ldap"
EndGroup
}
debian.installation.!standalone::
{ /etc/ldap/ldap.conf
BeginGroupIfNoLineMatching "^HOST .*"
AppendIfNoSuchLine "HOST $(ldapserver)"
EndGroup
# needed for sudo-ldap:
BeginGroupIfNoLineMatching "^sudoers_base .*"
AppendIfNoSuchLine "sudoers_base ou=sudoers,$(ldapbase)"
EndGroup
# Insert the base-dn, to simplify searching the LDAP and reduce
# typing :-) [barbarossa 2004-07-01]
BeginGroupIfNoLineMatching "^BASE .*"
AppendIfNoSuchLine "BASE $(ldapbase)"
EndGroup
# We want to use the downloaded LDAP SSL certificate to verify the
# connection to the server, and disable the code to not check
# certificates, see bug #1211.
BeginGroupIfNoLineMatching "^TLS_REQCERT .*"
AppendIfNoSuchLine "TLS_REQCERT demand"
EndGroup
AppendIfNoSuchLine "TLS_CACERT /etc/ldap/ssl/ldap-server-pubkey.pem"
}
{ /etc/nslcd.conf
AppendIfNoSuchLine "tls_cacertfile /etc/ldap/ssl/ldap-server-pubkey.pem"
}
shellcommands:
debian.installation.roaming::
"/usr/share/debian-edu-config/tools/setup-roaming"
# Workaround for bug #591773 in nslcd
# FIXME Check if nslcd still pull in libpam-ldapd (bug #591773)
debian.installation.!standalone::
"/usr/bin/apt-get --auto-remove purge -y libpam-ldapd"
# Avoid Network Manager GUI client stationary machines. The users
# can not change the config anyway.
debian.installation.!standalone.!roaming::
"/usr/bin/apt-get --auto-remove purge -y plasma-widget-networkmanagement"
cf/cf.ldapserver deleted 100644 → 0
+ 0
57
View file @ 7de247c0
#
# Configure LDAP server and communication with the LDAP server
#
links:
debian.server.installation::
/etc/ldap/slapd.conf ->! /etc/ldap/slapd-squeeze_debian-edu.conf
editfiles:
debian.server.installation::
{ /etc/default/slapd
BeginGroupIfNoSuchLine 'SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"'
HashCommentLinesStarting "SLAPD_SERVICES"
LocateLineMatching '# SLAPD_SERVICES=.*'
InsertLine 'SLAPD_SERVICES="ldap:/// ldaps:/// ldapi:///"'
EndGroup
BeginGroupIfNoSuchLine 'KRB5_KTNAME=/etc/krb5.keytab.ldap; export KRB5_KTNAME'
HashCommentLinesStarting "KRB5_KTNAME="
HashCommentLinesStarting "export KRB5_KTNAME"
LocateLineMatching '#.*export KRB5_KTNAME=.*'
InsertLine 'KRB5_KTNAME=/etc/krb5.keytab.ldap; export KRB5_KTNAME'
EndGroup
BeginGroupIfNoSuchLine 'SLAPD_OPTIONS="-4"'
HashCommentLinesStarting "SLAPD_OPTIONS"
LocateLineMatching '# SLAPD_OPTIONS=.*'
InsertLine 'SLAPD_OPTIONS="-4"'
EndGroup
# Multiply LDAP server limit by 8 from 1024 to 32768 to handle
# more clients. With a limit on 1024, less then 150 clients can
# can connect.
AppendIfNoSuchLine 'ulimit -n 32768'
}
directories:
debian.server::
/var/run/slapd mode=755 owner=openldap group=openldap
files:
debian.server::
/var/lib/ldap r=2 owner=openldap group=openldap act=fixall
/etc/ldap/ssl r=2 owner=openldap group=openldap act=fixall
shellcommands:
debian.server.installation.thirdpass::
# Generating TLS certificates
"/usr/bin/mkslapdcert"
# Setting correct permisions to run ldap as the user openldap
# need to run them here, since shellscripts is after files
"/bin/chown openldap\:openldap /etc/ldap/ssl"
"/bin/chown openldap\:openldap /etc/ldap/ssl/slapd-cert.cnf"
# Need load the initial LDAP database, using the new slapd.conf.
# The Kerberos KDC is set up within this script too. Need to
# run after the ssl certs are made available (cf.apache2).
"/usr/bin/ldap-debian-edu-install"
cf/cf.ltsp deleted 100644 → 0
+ 0
130
View file @ 7de247c0
links:
debian::
# The dhcpd.conf will be be installed in by the server profile scripts
# But what the heck, just to be sure we do it again
/etc/dhcp/dhcpd.conf ->! /etc/dhcp/dhcpd-debian-edu.conf
nofile=force
# the cleanup script for network swap
/etc/cron.daily/nbdswap-cleanup ->! /usr/share/debian-edu-config/tools/nbdswap-cleanup
directories:
debian.ltspserver::
#correct ownership for nbd-server.
/var/opt/ltsp/swapfiles mode=700 owner=nbd group=nbd
files:
debian.ltspserver|debian.workstation|debian.standalone::
# ldm fail if Xsession is not executable
/etc/X11/Xsession mode=a+x act=fixall
debian.ltspserver::
#needed for nbd-server to startup
/opt/ltsp/$(ltsp_arch)/etc/nbd-server mode=a+r act=fixall
#Needed for nbdswapd config file
/etc/ltsp/nbdswapd.conf owner=root group=root mode=644 act=touch
editfiles:
debian.ltspserver::
#Set the correct swapfile area
{ /etc/ltsp/nbdswapd.conf
AppendIfNoSuchLine 'SWAPDIR=/var/opt/ltsp/swapfiles'
# timeout disabled as it does not work properly
# AppendIfNoSuchLine 'NBD_SERVER_OPTS="-a 3600"'
}
debian.server|ltspserver::
# Reduce NFS traffic by allowing NFS clients to talk to the FAM server instead
{ /etc/fam.conf
ReplaceAll "local_only = false" With "local_only = true"
}
# Make the tftp-daemon run change-rooted (-s switch) using the standard
# ltsp directory as root. Very messy otherwise.
{ /etc/inetd.conf
BeginGroupIfNoMatch "tftp dgram udp wait root /usr/sbin/in.tftpd -s /tftpboot"
ReplaceAll "\/var\/ftpd" With "-s /tftpboot"
EndGroup
}
# Make tftpd-hpa work with multiple subdirs in tftp root dir
{ /etc/default/tftpd-hpa
HashCommentLinesContaining '--secure'
}
debian.ltspserver::
# The file /etc/default/isc-dhcp-server controls what interface the dhcp
# server will listen on. We will have one monster dhcpd.conf file
# that contains definitions for both the eth0 and eth1 interfaces
# and control which is active by manipulating this
# /etc/default/isc-dhcp-server
# If this host is the primary server, then cf.dhcpserver will
# Replace 'INTERFACES=""' with 'INTERFACES="eth0". This rule will
# then append 'INTERFACES="$INTERFACE eth1"' to the shell script
# fragment to make sure both interfaces are used.
#
# Make sure this is synced with cf.dhcpserver
{ /etc/default/isc-dhcp-server
AppendIfNoSuchLine 'INTERFACESv4="$INTERFACESv4 eth1"'
}
# Set up NFS config file to allow thin clients to mount their
# root file system and the swap files.
# FIXME: Modify network definition to revert to 255.255.254.0 netmask:
{ /etc/exports
AppendIfNoSuchLine "/opt/ltsp/$(ltsp_arch) 10.0.0.0/255.0.0.0(ro,async,no_root_squash,subtree_check) 192.168.0.0/255.255.0.0(ro,async,no_root_squash,subtree_check) 127.0.0.1(ro,async,no_root_squash,subtree_check,insecure)"
}
# Allow authentication by host to various services
# Don't forget NFS uses portmap and needs this
# FIXME: Is all this still needed for NFSv4?
{ /etc/hosts.allow
AppendIfNoSuchLine "bootpd: 0.0.0.0"
AppendIfNoSuchLine "in.tftpd: 192.168.0."
AppendIfNoSuchLine "in.tftpd: 10."
AppendIfNoSuchLine "in.tftpd: 127.0.0.1"
AppendIfNoSuchLine "portmap: 192.168.0."
AppendIfNoSuchLine "portmap: 10."
AppendIfNoSuchLine "portmap: 127.0.0.1"
}
{ /etc/X11/fs/config
CommentLinesMatching "no-listen = tcp"
}
# Make sure LTSP servers by default allow access local devices on
# thin clients. Require pam_group in common-auth.
# http://www.die.net/doc/linux/man/man5/group.conf.5.html
# document # the format.
{ /etc/security/group.conf
AppendIfNoSuchLine "*; *; *; Al0000-2400; fuse"
}
# Make sure local device work out of the box (Bug #1184). In Ubuntu,
# this kernel loading is done by the fuse-utils package. It is not
# don in the 2.5.3-4.4 debian package.
{ /etc/modules
AppendIfNoSuchLine "fuse"
}
debian.ltspclient::
# FIXME: Could not find this in the chroot.
# However, if added, NFSv4 with sec=krb5X does still not work.
{ /etc/defaults/nfs-common
AppendIfNoSuchLine "RPCGSSDOPTS=-n"
}
cf/cf.nagios3 deleted 100644 → 0
+ 0
24
View file @ 7de247c0
#links:
#
# /etc/nagios3/cgi.cfg ->! /etc/nagios3/debian-edu/cgi.cfg
# /etc/nagios3/nagios.cfg ->! /etc/nagios3/debian-edu/nagios.cfg
# /etc/nagios3/htpasswd.users ->! /etc/nagios3/debian-edu/htpasswd.users
# /etc/nagios3/conf.d ->! /etc/nagios3/debian-edu
#
files:
debian.server.installation::
# create an empty web site password file to allow htpasswd to add
# users to it.
# TODO: This file should have mode 0640 and be owned by the same group
# the web server runs as, but I will not change this close to release.
# 20100121, werner
/etc/nagios3/htpasswd.users owner=root group=root mode=644 act=touch
# Workaround for a variant of bug #760084 triggered by #483997,
# apt/dpkg do not order recommends and suggests, causing sitesummary
# to be installed before nagios3, and thus failing to configure
# nagios3 properly.
shellcommands:
debian.fifthpass::
"/usr/sbin/dpkg-reconfigure sitesummary"
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment