4 files changed, 178 insertions, 0 deletions

diff --git a/modules/profiles/templates/aconnect.epp b/modules/profiles/templates/aconnect.epp
new file mode 100644
index 0000000..044ada6
--- /dev/null
+++ b/modules/profiles/templates/aconnect.epp
@@ -0,0 +1,8 @@
+<%- | String $input_unit,
+      String $output_unit
+| -%>
+# Where data comes from
+INPUT_UNIT='<%= $input_unit %>'
+# Where it should go
+OUTPUT_UNIT='<%= $output_unit %>'
+
diff --git a/modules/profiles/templates/imagemagick-policy.xml.epp b/modules/profiles/templates/imagemagick-policy.xml.epp
new file mode 100644
index 0000000..cbea9e9
--- /dev/null
+++ b/modules/profiles/templates/imagemagick-policy.xml.epp
@@ -0,0 +1,89 @@
+<%- | Array[Hash] $policies | -%>
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policymap [
+  <!ELEMENT policymap (policy)*>
+  <!ATTLIST policymap xmlns CDATA #FIXED ''>
+  <!ELEMENT policy EMPTY>
+  <!ATTLIST policy xmlns CDATA #FIXED '' domain NMTOKEN #REQUIRED
+    name NMTOKEN #IMPLIED pattern CDATA #IMPLIED rights NMTOKEN #IMPLIED
+    stealth NMTOKEN #IMPLIED value CDATA #IMPLIED>
+]>
+<!--
+  Configure ImageMagick policies.
+
+  Domains include system, delegate, coder, filter, path, or resource.
+
+  Rights include none, read, write, execute and all.  Use | to combine them,
+  for example: "read | write" to permit read from, or write to, a path.
+
+  Use a glob expression as a pattern.
+
+  Suppose we do not want users to process MPEG video images:
+
+    <policy domain="delegate" rights="none" pattern="mpeg:decode" />
+
+  Here we do not want users reading images from HTTP:
+
+    <policy domain="coder" rights="none" pattern="HTTP" />
+
+  The /repository file system is restricted to read only.  We use a glob
+  expression to match all paths that start with /repository:
+
+    <policy domain="path" rights="read" pattern="/repository/*" />
+
+  Lets prevent users from executing any image filters:
+
+    <policy domain="filter" rights="none" pattern="*" />
+
+  Any large image is cached to disk rather than memory:
+
+    <policy domain="resource" name="area" value="1GP"/>
+
+  Use the default system font unless overwridden by the application:
+
+    <policy domain="system" name="font" value="/usr/share/fonts/favorite.ttf"/>
+
+  Define arguments for the memory, map, area, width, height and disk resources
+  with SI prefixes (.e.g 100MB).  In addition, resource policies are maximums
+  for each instance of ImageMagick (e.g. policy memory limit 1GB, -limit 2GB
+  exceeds policy maximum so memory limit is 1GB).
+
+  Rules are processed in order.  Here we want to restrict ImageMagick to only
+  read or write a small subset of proven web-safe image types:
+
+    <policy domain="delegate" rights="none" pattern="*" />
+    <policy domain="filter" rights="none" pattern="*" />
+    <policy domain="coder" rights="none" pattern="*" />
+    <policy domain="coder" rights="read|write" pattern="{GIF,JPEG,PNG,WEBP}" />
+-->
+<policymap>
+  <!-- Sample policies -->
+  <!-- <policy domain="resource" name="temporary-path" value="/tmp"/> -->
+  <!-- <policy domain="resource" name="memory" value="2GiB"/> -->
+  <!-- <policy domain="resource" name="map" value="4GiB"/> -->
+  <!-- <policy domain="resource" name="width" value="10KP"/> -->
+  <!-- <policy domain="resource" name="height" value="10KP"/> -->
+  <!-- <policy domain="resource" name="list-length" value="128"/> -->
+  <!-- <policy domain="resource" name="area" value="100MP"/> -->
+  <!-- <policy domain="resource" name="disk" value="16EiB"/> -->
+  <!-- <policy domain="resource" name="file" value="768"/> -->
+  <!-- <policy domain="resource" name="thread" value="4"/> -->
+  <!-- <policy domain="resource" name="throttle" value="0"/> -->
+  <!-- <policy domain="resource" name="time" value="3600"/> -->
+  <!-- <policy domain="coder" rights="none" pattern="MVG" /> -->
+  <!-- <policy domain="module" rights="none" pattern="{PS,PDF,XPS}" /> -->
+  <!-- <policy domain="delegate" rights="none" pattern="HTTPS" /> -->
+  <!-- <policy domain="path" rights="none" pattern="@*" /> -->
+  <!-- <policy domain="cache" name="memory-map" value="anonymous"/> -->
+  <!-- <policy domain="cache" name="synchronize" value="True"/> -->
+  <!-- <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/> -->
+  <!-- <policy domain="system" name="max-memory-request" value="256MiB"/> -->
+  <!-- <policy domain="system" name="shred" value="2"/> -->
+  <!-- <policy domain="system" name="precision" value="6"/> -->
+  <!-- <policy domain="system" name="font" value="/path/to/unicode-font.ttf"/> -->
+  <!-- Below policies generated from puppet -->
+  <% $policies.map |$policy| { %>
+  <policy domain="<%= $policy['domain'] %>" rights="<%= $policy['rights'] %>" pattern="<%= $policy['pattern'] %>" />
+  <%- } %>
+</policymap>
+<!-- NOTE File managed by puppet, any manual changes will be overwritten. -->
diff --git a/modules/profiles/templates/keyvalue.epp b/modules/profiles/templates/keyvalue.epp
new file mode 100644
index 0000000..694978a
--- /dev/null
+++ b/modules/profiles/templates/keyvalue.epp
@@ -0,0 +1,4 @@
+<%- | Hash $values | -%>
+<% $values.map |$key, $value| { -%>
+<%= $key %>=<%= $value %>
+<%- } %>
diff --git a/modules/profiles/templates/transmission.json.epp b/modules/profiles/templates/transmission.json.epp
new file mode 100644
index 0000000..885ad5e
--- /dev/null
+++ b/modules/profiles/templates/transmission.json.epp
@@ -0,0 +1,77 @@
+<%- | String $rpc_username,
+      String $rpc_password,
+      String $download_dir,
+      Integer $rpc_port,
+      String $rpc_url,
+      Integer $msg_level = 1,
+      Optional[String] $incomplete_dir = undef,
+      Optional[Array[String]] $rpc_whitelist = undef,
+| -%>
+{
+    "alt-speed-down": 50,
+    "alt-speed-enabled": false,
+    "alt-speed-time-begin": 540,
+    "alt-speed-time-day": 127,
+    "alt-speed-time-enabled": false,
+    "alt-speed-time-end": 1020,
+    "alt-speed-up": 50,
+    "bind-address-ipv4": "0.0.0.0",
+    "bind-address-ipv6": "::",
+    "blocklist-enabled": false,
+    "blocklist-url": "http://www.example.com/blocklist",
+    "cache-size-mb": 4,
+    "dht-enabled": true,
+    "download-dir": "<%= $download_dir -%>",
+    "download-queue-enabled": true,
+    "download-queue-size": 5,
+    "encryption": 1,
+    "idle-seeding-limit": 30,
+    "idle-seeding-limit-enabled": false,
+    "incomplete-dir": "<%= $incomplete_dir -%>",
+    "incomplete-dir-enabled": <%= if ($incomplete_dir) { 'true' } else { 'false' } -%>,
+    "lpd-enabled": false,
+    "message-level": <%= $msg_level -%>,
+    "peer-congestion-algorithm": "",
+    "peer-id-ttl-hours": 6,
+    "peer-limit-global": 200,
+    "peer-limit-per-torrent": 50,
+    "peer-port": 51413,
+    "peer-port-random-high": 65535,
+    "peer-port-random-low": 49152,
+    "peer-port-random-on-start": false,
+    "peer-socket-tos": "default",
+    "pex-enabled": true,
+    "port-forwarding-enabled": true,
+    "preallocation": 1,
+    "prefetch-enabled": true,
+    "queue-stalled-enabled": true,
+    "queue-stalled-minutes": 30,
+    "ratio-limit": 2,
+    "ratio-limit-enabled": false,
+    "rename-partial-files": true,
+    "rpc-authentication-required": true,
+    "rpc-bind-address": "::",
+    "rpc-enabled": true,
+    "rpc-host-whitelist": "",
+    "rpc-host-whitelist-enabled": false,
+    "rpc-password": "<%= $rpc_password -%>",
+    "rpc-port": <%= $rpc_port -%>,
+    "rpc-url": "<%= $rpc_url -%>",
+    "rpc-username": "<%= $rpc_username -%>",
+    "rpc-whitelist": "<%= $rpc_whitelist.join(',') -%>",
+    "rpc-whitelist-enabled": <%= if ($rpc_whitelist) { 'false' } else { 'false' }-%>,
+    "scrape-paused-torrents-enabled": true,
+    "script-torrent-done-enabled": false,
+    "script-torrent-done-filename": "",
+    "seed-queue-enabled": false,
+    "seed-queue-size": 10,
+    "speed-limit-down": 100,
+    "speed-limit-down-enabled": false,
+    "speed-limit-up": 100,
+    "speed-limit-up-enabled": false,
+    "start-added-torrents": true,
+    "trash-original-torrent-files": false,
+    "umask": 18,
+    "upload-slots-per-torrent": 14,
+    "utp-enabled": true
+}