diff options
Diffstat (limited to 'modules/profiles/templates')
-rw-r--r-- | modules/profiles/templates/aconnect.epp | 8 | ||||
-rw-r--r-- | modules/profiles/templates/imagemagick-policy.xml.epp | 89 | ||||
-rw-r--r-- | modules/profiles/templates/keyvalue.epp | 4 | ||||
-rw-r--r-- | modules/profiles/templates/transmission.json.epp | 77 |
4 files changed, 178 insertions, 0 deletions
diff --git a/modules/profiles/templates/aconnect.epp b/modules/profiles/templates/aconnect.epp new file mode 100644 index 0000000..044ada6 --- /dev/null +++ b/modules/profiles/templates/aconnect.epp @@ -0,0 +1,8 @@ +<%- | String $input_unit, + String $output_unit +| -%> +# Where data comes from +INPUT_UNIT='<%= $input_unit %>' +# Where it should go +OUTPUT_UNIT='<%= $output_unit %>' + diff --git a/modules/profiles/templates/imagemagick-policy.xml.epp b/modules/profiles/templates/imagemagick-policy.xml.epp new file mode 100644 index 0000000..cbea9e9 --- /dev/null +++ b/modules/profiles/templates/imagemagick-policy.xml.epp @@ -0,0 +1,89 @@ +<%- | Array[Hash] $policies | -%> +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE policymap [ + <!ELEMENT policymap (policy)*> + <!ATTLIST policymap xmlns CDATA #FIXED ''> + <!ELEMENT policy EMPTY> + <!ATTLIST policy xmlns CDATA #FIXED '' domain NMTOKEN #REQUIRED + name NMTOKEN #IMPLIED pattern CDATA #IMPLIED rights NMTOKEN #IMPLIED + stealth NMTOKEN #IMPLIED value CDATA #IMPLIED> +]> +<!-- + Configure ImageMagick policies. + + Domains include system, delegate, coder, filter, path, or resource. + + Rights include none, read, write, execute and all. Use | to combine them, + for example: "read | write" to permit read from, or write to, a path. + + Use a glob expression as a pattern. + + Suppose we do not want users to process MPEG video images: + + <policy domain="delegate" rights="none" pattern="mpeg:decode" /> + + Here we do not want users reading images from HTTP: + + <policy domain="coder" rights="none" pattern="HTTP" /> + + The /repository file system is restricted to read only. We use a glob + expression to match all paths that start with /repository: + + <policy domain="path" rights="read" pattern="/repository/*" /> + + Lets prevent users from executing any image filters: + + <policy domain="filter" rights="none" pattern="*" /> + + Any large image is cached to disk rather than memory: + + <policy domain="resource" name="area" value="1GP"/> + + Use the default system font unless overwridden by the application: + + <policy domain="system" name="font" value="/usr/share/fonts/favorite.ttf"/> + + Define arguments for the memory, map, area, width, height and disk resources + with SI prefixes (.e.g 100MB). In addition, resource policies are maximums + for each instance of ImageMagick (e.g. policy memory limit 1GB, -limit 2GB + exceeds policy maximum so memory limit is 1GB). + + Rules are processed in order. Here we want to restrict ImageMagick to only + read or write a small subset of proven web-safe image types: + + <policy domain="delegate" rights="none" pattern="*" /> + <policy domain="filter" rights="none" pattern="*" /> + <policy domain="coder" rights="none" pattern="*" /> + <policy domain="coder" rights="read|write" pattern="{GIF,JPEG,PNG,WEBP}" /> +--> +<policymap> + <!-- Sample policies --> + <!-- <policy domain="resource" name="temporary-path" value="/tmp"/> --> + <!-- <policy domain="resource" name="memory" value="2GiB"/> --> + <!-- <policy domain="resource" name="map" value="4GiB"/> --> + <!-- <policy domain="resource" name="width" value="10KP"/> --> + <!-- <policy domain="resource" name="height" value="10KP"/> --> + <!-- <policy domain="resource" name="list-length" value="128"/> --> + <!-- <policy domain="resource" name="area" value="100MP"/> --> + <!-- <policy domain="resource" name="disk" value="16EiB"/> --> + <!-- <policy domain="resource" name="file" value="768"/> --> + <!-- <policy domain="resource" name="thread" value="4"/> --> + <!-- <policy domain="resource" name="throttle" value="0"/> --> + <!-- <policy domain="resource" name="time" value="3600"/> --> + <!-- <policy domain="coder" rights="none" pattern="MVG" /> --> + <!-- <policy domain="module" rights="none" pattern="{PS,PDF,XPS}" /> --> + <!-- <policy domain="delegate" rights="none" pattern="HTTPS" /> --> + <!-- <policy domain="path" rights="none" pattern="@*" /> --> + <!-- <policy domain="cache" name="memory-map" value="anonymous"/> --> + <!-- <policy domain="cache" name="synchronize" value="True"/> --> + <!-- <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/> --> + <!-- <policy domain="system" name="max-memory-request" value="256MiB"/> --> + <!-- <policy domain="system" name="shred" value="2"/> --> + <!-- <policy domain="system" name="precision" value="6"/> --> + <!-- <policy domain="system" name="font" value="/path/to/unicode-font.ttf"/> --> + <!-- Below policies generated from puppet --> + <% $policies.map |$policy| { %> + <policy domain="<%= $policy['domain'] %>" rights="<%= $policy['rights'] %>" pattern="<%= $policy['pattern'] %>" /> + <%- } %> +</policymap> +<!-- NOTE File managed by puppet, any manual changes will be overwritten. --> diff --git a/modules/profiles/templates/keyvalue.epp b/modules/profiles/templates/keyvalue.epp new file mode 100644 index 0000000..694978a --- /dev/null +++ b/modules/profiles/templates/keyvalue.epp @@ -0,0 +1,4 @@ +<%- | Hash $values | -%> +<% $values.map |$key, $value| { -%> +<%= $key %>=<%= $value %> +<%- } %> diff --git a/modules/profiles/templates/transmission.json.epp b/modules/profiles/templates/transmission.json.epp new file mode 100644 index 0000000..885ad5e --- /dev/null +++ b/modules/profiles/templates/transmission.json.epp @@ -0,0 +1,77 @@ +<%- | String $rpc_username, + String $rpc_password, + String $download_dir, + Integer $rpc_port, + String $rpc_url, + Integer $msg_level = 1, + Optional[String] $incomplete_dir = undef, + Optional[Array[String]] $rpc_whitelist = undef, +| -%> +{ + "alt-speed-down": 50, + "alt-speed-enabled": false, + "alt-speed-time-begin": 540, + "alt-speed-time-day": 127, + "alt-speed-time-enabled": false, + "alt-speed-time-end": 1020, + "alt-speed-up": 50, + "bind-address-ipv4": "0.0.0.0", + "bind-address-ipv6": "::", + "blocklist-enabled": false, + "blocklist-url": "http://www.example.com/blocklist", + "cache-size-mb": 4, + "dht-enabled": true, + "download-dir": "<%= $download_dir -%>", + "download-queue-enabled": true, + "download-queue-size": 5, + "encryption": 1, + "idle-seeding-limit": 30, + "idle-seeding-limit-enabled": false, + "incomplete-dir": "<%= $incomplete_dir -%>", + "incomplete-dir-enabled": <%= if ($incomplete_dir) { 'true' } else { 'false' } -%>, + "lpd-enabled": false, + "message-level": <%= $msg_level -%>, + "peer-congestion-algorithm": "", + "peer-id-ttl-hours": 6, + "peer-limit-global": 200, + "peer-limit-per-torrent": 50, + "peer-port": 51413, + "peer-port-random-high": 65535, + "peer-port-random-low": 49152, + "peer-port-random-on-start": false, + "peer-socket-tos": "default", + "pex-enabled": true, + "port-forwarding-enabled": true, + "preallocation": 1, + "prefetch-enabled": true, + "queue-stalled-enabled": true, + "queue-stalled-minutes": 30, + "ratio-limit": 2, + "ratio-limit-enabled": false, + "rename-partial-files": true, + "rpc-authentication-required": true, + "rpc-bind-address": "::", + "rpc-enabled": true, + "rpc-host-whitelist": "", + "rpc-host-whitelist-enabled": false, + "rpc-password": "<%= $rpc_password -%>", + "rpc-port": <%= $rpc_port -%>, + "rpc-url": "<%= $rpc_url -%>", + "rpc-username": "<%= $rpc_username -%>", + "rpc-whitelist": "<%= $rpc_whitelist.join(',') -%>", + "rpc-whitelist-enabled": <%= if ($rpc_whitelist) { 'false' } else { 'false' }-%>, + "scrape-paused-torrents-enabled": true, + "script-torrent-done-enabled": false, + "script-torrent-done-filename": "", + "seed-queue-enabled": false, + "seed-queue-size": 10, + "speed-limit-down": 100, + "speed-limit-down-enabled": false, + "speed-limit-up": 100, + "speed-limit-up-enabled": false, + "start-added-torrents": true, + "trash-original-torrent-files": false, + "umask": 18, + "upload-slots-per-torrent": 14, + "utp-enabled": true +} |