PeterJCLaw · PeterJCLaw · Apr 21, 2025 · Apr 21, 2025 · Apr 21, 2025 · Apr 21, 2025
diff --git a/Vagrantfile b/Vagrantfile
@@ -1,5 +1,5 @@
 Vagrant.configure("2") do |config|
-    config.vm.box = "ubuntu/jammy64"
+    config.vm.box = "bento/ubuntu-24.04"
 
     config.vm.provider "virtualbox" do |v|
         v.memory = 1024

diff --git a/manifests/public.pp b/manifests/public.pp
@@ -5,7 +5,7 @@
         # main_user                 => 'root',
         manual_npm_installs         => false,
         enable_tls                  => true,
-        secondary_domains           => $::fqdn ? {
+        secondary_domains           => $facts['fqdn'] ? {
             'srcomp.studentrobotics.org'    => ['srcomp.srobo.org'],
             default                         => [],
         },

diff --git a/modules/compbox/manifests/firewall.pp b/modules/compbox/manifests/firewall.pp
@@ -16,53 +16,53 @@
   firewall { '100 allow ssh access':
     dport  => 22,
     proto  => tcp,
-    action => accept,
+    jump   => accept,
   }
   firewall { '100 allow ssh access (v6)':
     dport     => 22,
     proto     => tcp,
-    action    => accept,
-    provider  => 'ip6tables',
+    jump      => accept,
+    protocol  => 'ip6tables',
   }
 
   # NTP
   firewall { '100 allow ntp access':
     dport  => 123,
     proto  => udp,
-    action => accept,
+    jump   => accept,
   }
   firewall { '100 allow ntp access (v6)':
     dport     => 123,
     proto     => udp,
-    action    => accept,
-    provider  => 'ip6tables',
+    jump      => accept,
+    protocol  => 'ip6tables',
   }
 
   # HTTP(S)
   firewall { '100 allow http and https access':
     dport  => [80, 443],
     proto  => tcp,
-    action => accept,
+    jump   => accept,
   }
   firewall { '100 allow http and https access (v6)':
     dport     => [80, 443],
     proto     => tcp,
-    action    => accept,
-    provider  => 'ip6tables',
+    jump      => accept,
+    protocol  => 'ip6tables',
   }
 
   # Mythic Beasts
-  firewall { '200 allow Mythic Beasts\' munin monitoring access':
+  firewall { '200 allow Mythic Beasts’ munin monitoring access':
     dport     => 4949,
     source    => '93.93.128.100',
     proto     => tcp,
-    action    => accept,
+    jump      => accept,
   }
-  firewall { '200 allow Mythic Beasts\' munin monitoring access (v6)':
+  firewall { '200 allow Mythic Beasts’ munin monitoring access (v6)':
     dport     => 4949,
     source    => '2a00:1098:0:80:1000::100',
     proto     => tcp,
-    action    => accept,
-    provider  => 'ip6tables',
+    jump      => accept,
+    protocol  => 'ip6tables',
   }
 }
diff --git a/modules/compbox/manifests/fw_post.pp b/modules/compbox/manifests/fw_post.pp
@@ -1,13 +1,13 @@
 class compbox::fw_post {
   firewall { '999 drop all':
     proto  => 'all',
-    action => 'drop',
+    jump   => 'drop',
     before => undef,
   }
   firewall { '999 drop all (v6)':
     proto     => 'all',
-    action    => 'drop',
+    jump      => 'drop',
     before    => undef,
-    provider  => 'ip6tables',
+    protocol  => 'ip6tables',
   }
 }
diff --git a/modules/compbox/manifests/fw_pre.pp b/modules/compbox/manifests/fw_pre.pp
@@ -6,48 +6,48 @@
   # Default firewall rules (IPv4)
   firewall { '000 accept all icmp':
     proto  => 'icmp',
-    action => 'accept',
+    jump   => 'accept',
   }->
   firewall { '001 accept all to lo interface':
     proto   => 'all',
     iniface => 'lo',
-    action  => 'accept',
+    jump    => 'accept',
   }->
   firewall { '002 reject local traffic not on loopback interface':
     iniface     => '! lo',
     proto       => 'all',
     destination => '127.0.0.1/8',
-    action      => 'reject',
+    jump        => 'reject',
   }->
   firewall { '003 accept related established rules':
     proto  => 'all',
     state  => ['RELATED', 'ESTABLISHED'],
-    action => 'accept',
+    jump   => 'accept',
   }
 
   # Default firewall rules (IPv6)
   firewall { '000 accept all icmp (v6)':
     proto     => 'ipv6-icmp',
-    action    => 'accept',
-    provider  => 'ip6tables',
+    jump      => 'accept',
+    protocol  => 'ip6tables',
   }->
   firewall { '001 accept all to lo interface (v6)':
     proto     => 'all',
     iniface   => 'lo',
-    action    => 'accept',
-    provider  => 'ip6tables',
+    jump      => 'accept',
+    protocol  => 'ip6tables',
   }->
   firewall { '002 reject local traffic not on loopback interface (v6)':
     iniface     => '! lo',
     proto       => 'all',
     destination => '::1',
-    action      => 'reject',
-    provider    => 'ip6tables',
+    jump        => 'reject',
+    protocol    => 'ip6tables',
   }->
   firewall { '003 accept related established rules (v6)':
     proto     => 'all',
     state     => ['RELATED', 'ESTABLISHED'],
-    action    => 'accept',
-    provider  => 'ip6tables',
+    jump      => 'accept',
+    protocol  => 'ip6tables',
   }
 }
diff --git a/modules/compbox/manifests/hostname.pp b/modules/compbox/manifests/hostname.pp
@@ -3,14 +3,14 @@
 
 class compbox::hostname ( $hostname = hiera('hostname') ) {
 
-  if $::fqdn != $hostname {
-    host { $::fqdn:
+  if $facts['fqdn'] != $hostname {
+    host { $facts['fqdn']:
       ensure  => absent,
       before  => Exec['hostnamectl'],
     }
 
-    if $::fqdn != $::hostname {
-      host { $::hostname:
+    if $facts['fqdn'] != $facts['hostname'] {
+      host { $facts['hostname']:
         ensure  => absent,
         before  => Exec['hostnamectl'],
       }

diff --git a/modules/compbox/manifests/init.pp b/modules/compbox/manifests/init.pp
@@ -192,7 +192,7 @@
 
     # Screens and stream
     class { '::nodejs':
-        repo_url_suffix         => '20.x',
+        repo_version        => '20',
     } ->
     compbox::npm_install { 'yarn':
         ensure              => present,
@@ -447,7 +447,7 @@
     }
 
     # Nginx configuration
-    $www_hostname = $::fqdn
+    $www_hostname = $facts['fqdn']
     if $enable_tls {
         package { 'snapd':
             ensure      => present,
@@ -539,7 +539,7 @@
     }
     service { 'sshd':
         ensure  => running,
-        name    => $::osfamily ? {
+        name    => $facts['os']['family'] ? {
             'Debian'  => 'ssh',
             default   => 'sshd',
         },

diff --git a/modules/firewall b/modules/firewall
diff --git a/modules/nodejs b/modules/nodejs
diff --git a/modules/stdlib b/modules/stdlib
+38 −0		.devcontainer/README.md
+5 −11		.devcontainer/devcontainer.json
+15 −0		.github/pull_request_template.md
+0 −90		.github/workflows/auto_release.yml
+21 −0		.github/workflows/ci.yml
+15 −0		.github/workflows/mend.yml
+12 −200		.github/workflows/nightly.yml
+0 −189		.github/workflows/pr_test.yml
+4 −42		.github/workflows/release.yml
+15 −0		.github/workflows/release_prep.yml
+0 −130		.github/workflows/spec.yml
+8 −1		.gitignore
+10 −6		.pdkignore
+218 −6		.rubocop.yml
+90 −0		.rubocop_todo.yml
+7 −8		.sync.yml
+1 −1		.vscode/extensions.json
+651 −680		CHANGELOG.md
+29 −13		Gemfile
+103 −43		README.md
+966 −672		REFERENCE.md
+2 −84		Rakefile
+3 −6		lib/facter/ip6tables_version.rb
+3 −11		lib/facter/iptables_persistent_version.rb
+3 −6		lib/facter/iptables_version.rb
+0 −39		lib/puppet/provider/firewall.rb
+1,084 −0		lib/puppet/provider/firewall/firewall.rb
+0 −319		lib/puppet/provider/firewall/ip6tables.rb
+0 −986		lib/puppet/provider/firewall/iptables.rb
+236 −0		lib/puppet/provider/firewallchain/firewallchain.rb
+0 −178		lib/puppet/provider/firewallchain/iptables_chain.rb
+1,163 −2,154		lib/puppet/type/firewall.rb
+61 −232		lib/puppet/type/firewallchain.rb
+0 −257		lib/puppet/util/firewall.rb
+5 −2		lib/puppet_x/puppetlabs/firewall/ipcidr.rb
+284 −0		lib/puppet_x/puppetlabs/firewall/utility.rb
+12 −12		manifests/init.pp
+12 −12		manifests/linux.pp
+6 −6		manifests/linux/archlinux.pp
+15 −36		manifests/linux/debian.pp
+6 −6		manifests/linux/gentoo.pp
+51 −36		manifests/linux/redhat.pp
+24 −15		manifests/params.pp
+13 −15		metadata.json
+4 −5		provision.yaml
+3 −5		spec/acceptance/class_spec.rb
+488 −564		spec/acceptance/firewall_attributes_exceptions_spec.rb
+227 −148		spec/acceptance/firewall_attributes_happy_path_spec.rb
+225 −255		spec/acceptance/firewall_attributes_ipv6_exceptions_spec.rb
+178 −137		spec/acceptance/firewall_attributes_ipv6_happy_path_spec.rb
+16 −53		spec/acceptance/firewall_duplicate_comment_spec.rb
+61 −11		spec/acceptance/firewallchain_spec.rb
+10 −6		spec/acceptance/resource_cmd_spec.rb
+47 −48		spec/acceptance/rules_spec.rb
+8 −8		spec/acceptance/standard_usage_spec.rb
+4 −3		spec/default_facts.yml
+139 −1		spec/fixtures/ip6tables/conversion_hash.rb
+177 −67		spec/fixtures/iptables/conversion_hash.rb
+4 −3		spec/spec_helper.rb
+8 −12		spec/spec_helper_acceptance_local.rb
+44 −4		spec/spec_helper_local.rb
+10 −12		spec/unit/classes/firewall_linux_archlinux_spec.rb
+61 −78		spec/unit/classes/firewall_linux_debian_spec.rb
+45 −61		spec/unit/classes/firewall_linux_redhat_spec.rb
+19 −15		spec/unit/classes/firewall_linux_spec.rb
+5 −3		spec/unit/classes/firewall_spec.rb
+28 −22		spec/unit/facter/iptables_persistent_version_spec.rb
+9 −4		spec/unit/facter/iptables_spec.rb
+354 −0		spec/unit/puppet/provider/firewall/firewall_output_parsing_spec.rb
+415 −0		spec/unit/puppet/provider/firewall/firewall_private_get_spec.rb
+491 −0		spec/unit/puppet/provider/firewall/firewall_private_set_spec.rb
+237 −0		spec/unit/puppet/provider/firewall/firewall_public_spec.rb
+346 −0		spec/unit/puppet/provider/firewallchain/firewallchain_spec.rb
+0 −61		spec/unit/puppet/provider/ip6tables_spec.rb
+0 −233		spec/unit/puppet/provider/iptables_chain_spec.rb
+0 −460		spec/unit/puppet/provider/iptables_spec.rb
+731 −871		spec/unit/puppet/type/firewall_spec.rb
+82 −169		spec/unit/puppet/type/firewallchain_spec.rb
+0 −221		spec/unit/puppet/util/firewall_spec.rb
+22 −20		spec/unit/puppet_x/puppetlabs/firewall/ipcidr_spec.rb
+238 −0		spec/unit/puppet_x/puppetlabs/firewall/utility_spec.rb
+2 −1		.editorconfig
+4 −4		.fixtures.yml
+25 −44		.github/CONTRIBUTING.md
+0 −3		.github/SECURITY.md
+24 −0		.github/workflows/ci.yml
+22 −0		.github/workflows/release.yml
+23 −18		.gitignore
+5 −1		.msync.yml
+3 −2		.overcommit.yml
+36 −19		.pmtignore
+3 −0		.puppet-lint.rc
+3 −0		.rspec
+3 −0		.rspec_parallel
+4 −0		.rubocop.yml
+4 −12		.sync.yml
+0 −108		.travis.yml
+0 −2		.yardopts
+88 −7		CHANGELOG.md
+0 −21		Dockerfile
+13 −29		Gemfile
+23 −193		README.md
+24 −34		Rakefile
+26 −25		files/repo/nodesource/NODESOURCE-GPG-SIGNING-KEY-EL
+52 −0		files/repo/nodesource/ns-operations-public.key
+2 −0		lib/puppet/feature/npm.rb
+4 −2		lib/puppet/provider/package/npm.rb
+2 −0		lib/puppet/util/npm.rb
+3 −4		manifests/init.pp
+17 −7		manifests/install.pp
+11 −0		manifests/npm.pp
+14 −6		manifests/npm/global_config_entry.pp
+28 −91		manifests/params.pp
+24 −0		manifests/repo/dnfmodule.pp
+2 −37		manifests/repo/nodesource.pp
+3 −8		manifests/repo/nodesource/apt.pp
+26 −38		manifests/repo/nodesource/yum.pp
+36 −17		metadata.json
+188 −33		spec/acceptance/class_spec.rb
+0 −13		spec/acceptance/nodesets/archlinux-2-x64.yml
+350 −271		spec/classes/nodejs_spec.rb
+22 −12		spec/defines/global_config_entry_spec.rb
+50 −40		spec/defines/nodejs_npm_spec.rb
+6 −0		spec/setup_acceptance_helper.pp
+10 −8		spec/spec_helper.rb
+10 −2		spec/spec_helper_acceptance.rb
+8 −0		spec/support/acceptance/purge.rb
+16 −6		spec/support/acceptance/shared_examples.rb
+3 −1		spec/unit/puppet/provider/package/npm_spec.rb