Add a comment to hieradata/common.yaml/roles

[mirror/dsa-puppet.git] / hieradata / common.yaml

---
nameservers: []
searchpaths: []
resolvoptions: []
allow_dns_query: []
role_config__mirrors:
  mirror_basedir_prefix: '/srv/mirrors/'
role_config__syncproxy:
  mirror_basedir_prefix: '/srv/mirrors/'
samhain_recipients:
  - 'debian-archive-debian-samhain-reports@master.debian.org'
  - 'debian-admin@ftbfs.de'
  - 'weasel@debian.org'
  - 'zumbi@oron.es'
root_mail_alias:
  - 'debian-admin@debian.org'
paths:
  letsencrypt_dir: '/srv/puppet.debian.org/from-letsencrypt'
  auto_certs_dir: '/srv/puppet.debian.org/ca/RESULT/certs'
  auto_clientcerts_dir: '/srv/puppet.debian.org/ca/RESULT/clientcerts'

# all of these should be retired in favour of including the class role
# with the host. weasel, 2019-09
roles:
  bugsmx:
    - buxtehude.debian.org
  bugs_master:
    - buxtehude.debian.org
  bugs_mirror:
    - beach.debian.org
  bugs_base:
    - buxtehude.debian.org
    - beach.debian.org
  contributors:
    - nono.debian.org
  dbmaster:
    - draghi.debian.org
  debtags:
    - tate.debian.org
  dns_primary:
    - denis.debian.org
  dns_geo:
    - geo1.debian.org
    - geo2.debian.org
    - geo3.debian.org
  extranrpeclient:
    - denis.debian.org
  ftp_master:
    - fasolo.debian.org
  ftp.upload.d.o:
    - coccia.debian.org
    - usper.debian.org
  api.ftp-master:
    - coccia.debian.org
  dgit_browse:
    - cgi-grnet-01.debian.org
  dgit_git:
    - cgi-grnet-01.debian.org
  git_master:
    - adayevskaya.debian.org
  historicalpackages:
    - hier.debian.org
  keyring:
    - kaufmann.debian.org
  lists:
    - bendel.debian.org
  mailrelay:
    - mailly.debian.org
    - muffat.debian.org
  manpages-dyn:
    - manziarly.debian.org
    - cgi-grnet-01.debian.org
  mirrormaster:
    - melartin.debian.org
  muninmaster:
    - menotti.debian.org
  nagiosmaster:
    - tchaikovsky.debian.org
  nm:
    - nono.debian.org
  packages:
    - picconi.debian.org
    - pkgmirror-csail.debian.org
  packagesmaster:
    - picconi.debian.org
  packagesqamaster:
    - quantz.debian.org
  people:
    - paradis.debian.org
  piuparts:
    - pejacevic.debian.org
  piuparts_slave:
    - piu-slave-bm-a.debian.org
    - piu-slave-ubc-01.debian.org
  popcon:
    - pinel.debian.org
  pubsub:
    - rainier.debian.org
    - rapoport.debian.org
  qamaster:
    - quantz.debian.org
  rtmaster:
    - reger.debian.org
  rtc:
    - vogler.debian.org
  search_backend:
    - wolkenstein.debian.org
  search_frontend:
    - cgi-grnet-01.debian.org
  archvsync_base_additional:
  # this is usually pulled in by *-mirror or syncproxy roles
    - dummy
  security_master:
    - seger.debian.org
  security_mirror:
    mirror-anu.debian.org:
      fastly-backend: false
    mirror-csail.debian.org:
      fastly-backend: false
    mirror-isc.debian.org:
      onion_v4_address: 149.20.4.14
    mirror-umn.debian.org:
      onion_v4_address: 128.101.240.215
    mirror-accumu.debian.org:
      fastly-backend: false
    mirror-skroutz.debian.org:
      fastly-backend: false
    lobos.debian.org:
      service-hostname: lobos.security.backend.mirrors.debian.org
      fastly-backend: false
      onion_v4_address: 212.211.132.250
    santoro.debian.org:
      fastly-backend: false
    schmelzer.debian.org:
      fastly-backend: false
    schumann.debian.org:
      service-hostname: schumann.security.backend.mirrors.debian.org
      fastly-backend: true
    setoguchi.debian.org:
      fastly-backend: false
    sechter.debian.org:
      fastly-backend: false
    villa.debian.org:
      service-hostname: villa.security.backend.mirrors.debian.org
      fastly-backend: true
      onion_v4_address: 212.211.132.32
    wieck.debian.org:
      service-hostname: wieck.security.backend.mirrors.debian.org
      fastly-backend: true
  security_tracker:
    - soriano.debian.org
  security_upload:
    - suchon.debian.org
  ssh.upload.d.o:
    - coccia.debian.org
    - suchon.debian.org
    - usper.debian.org
  sso:
    - diabelli.debian.org
  # single sign on relying party (host) - also required apache2 module enabled on that host via other means
  sso_rp:
    - debussy.debian.org
    - diabelli.debian.org
    - jerea.debian.org
    - nono.debian.org
    - quantz.debian.org
    - tate.debian.org
    - ticharich.debian.org
    - wilder.debian.org
    - wuiet.debian.org
  static_master:
    - dillon.debian.org
    - fasolo.debian.org
    - porta.debian.org
    - static-master-grnet-01.debian.org
  static_mirror:
    - klecker.debian.org
    - mirror-anu.debian.org
    - mirror-csail.debian.org
    - mirror-isc.debian.org
    - senfter.debian.org
    - santoro.debian.org
  static_mirror_onion:
    - klecker.debian.org
    - mirror-isc.debian.org
    - senfter.debian.org
  # when adding a new static mirror, allow it to sync etc, but do not push to it and wait for it.  For this, also add it to static_mirror_nopush.
  static_mirror_nopush:
    - dummy
  static_source:
    - boott.debian.org
    - casulana.debian.org
    - coccia.debian.org
    - dillon.debian.org
    - donizetti.debian.org
    - fasolo.debian.org
    - kaufmann.debian.org
    - lindsay.debian.org
    - manziarly.debian.org
    - mekeel.debian.org
    - melartin.debian.org
    - porta.debian.org
    - philp.debian.org
    - respighi.debian.org
    - wolkenstein.debian.org
    - wuiet.debian.org
  syncproxy:
    - gretchaninov.debian.org
    - klecker.debian.org
    - milanollo.debian.org
    - mirror-anu.debian.org
    - mirror-isc.debian.org
    - mirror-umn.debian.org
    - schmelzer.debian.org
    - smit.debian.org
  tracker:
    - ticharich.debian.org
  udd:
    - ullmann.debian.org
  vote:
    - vento.debian.org
  weblog_destination:
    - wolkenstein.debian.org
  weblog_provider:
    - klecker.debian.org
    - mirror-anu.debian.org
    - mirror-csail.debian.org
    - mirror-isc.debian.org
    - mirror-umn.debian.org
    - santoro.debian.org
    - senfter.debian.org
  wiki:
    - wilder.debian.org
  www_master:
    - wolkenstein.debian.org
  cgi.d.o:
    - wolkenstein.debian.org
  postgres_backup_server:
    - backuphost.debian.org
    - storace.debian.org
  bacula_director:
    - dinis.debian.org
  bacula_storage:
    - storace.debian.org
  dabackup_client:
    - lw03.debian.org
  gobby_debian_org:
    - gombert.debian.org
  veyepar.debian.org:
    - vittoria.debian.org
  sreview.debian.org:
    - vittoria.debian.org
  debian_mirror:
    klecker.debian.org:
      listen-addresses:
        - '130.89.148.12:80'
        - '[2001:67c:2564:a119::148:12]:80'
      onion_v4_address: 130.89.148.12
    mirror-accumu.debian.org:
      service-hostname: accumu.debian.backend.mirrors.debian.org
      fastly-backend: true
    mirror-skroutz.debian.org:
      service-hostname: skroutz.debian.backend.mirrors.debian.org
      fastly-backend: true
    mirror-isc.debian.org:
      listen-addresses:
        - '149.20.4.15:80'
        - '[2001:4f8:1:c::15]:80'
      onion_v4_address: 149.20.4.15
    schmelzer.debian.org:
      listen-addresses:
        - '217.196.149.232:80'
        - '[2a02:16a8:dc41:100::232]:80'
      fastly-backend: true
      service-hostname: conova.debian.backend.mirrors.debian.org
  historical_master:
    - sibelius.debian.org
  historical_mirror:
    - gretchaninov.debian.org
    - klecker.debian.org
    - schmelzer.debian.org
    - sibelius.debian.org
  debug_mirror:
    mirror-accumu.debian.org:
      onion_v4_address: 130.242.6.199
      service-hostname: accumu.debug.backend.mirrors.debian.org
    schmelzer.debian.org:
      listen-addresses:
        - '217.196.149.232:80'
        - '[2a02:16a8:dc41:100::232]:80'
      onion_v4_address: 217.196.149.232
      service-hostname: conova.debug.backend.mirrors.debian.org
  debug_mirror_onion:
    - mirror-accumu.debian.org
    - schmelzer.debian.org
  ports_mirror:
    - klecker.debian.org
    - mirror-isc.debian.org
  ports_mirror_onion:
    - klecker.debian.org
    - mirror-isc.debian.org
  planet_master:
    - philp.debian.org
  planet_search:
    - philp.debian.org
  i18n.d.o:
    - tye.debian.org
  l10n.d.o:
    - tye.debian.org
  dedup.d.n:
    - delfin.debian.org
  pet.d.n:
    - petrova.debian.org
  ports_master:
    - porta.debian.org
  onionbalance:
    - olin.debian.org
  bgp:
    - mirror-accumu.debian.org
    - mirror-skroutz.debian.org
  cdimage-search:
    - cgi-grnet-01.debian.org
  apache_prefork:
    # php needs this
    - quantz.debian.org
    - tchaikovsky.debian.org
    - wuiet.debian.org
  postgresql_server:
    # postgresql instances not managed by puppet otherwise
    - bmdb1.debian.org
    - buxtehude.debian.org
    - danzi.debian.org
    - fasolo.debian.org
    - lw07.debian.org
    - melartin.debian.org
    - sallinen.debian.org
    - seger.debian.org
    - snapshotdb-manda-01.debian.org
    - vittoria.debian.org
  salsa.debian.org:
    - godard.debian.org
  insecure_ssl:
    - debussy.debian.org
    - godard.debian.org
  debsources:
    - sor.debian.org
  ipsec:
    - fasolo.debian.org
    - storace.debian.org
  debconf_wafer:
    - debussy.debian.org
  apache_not_public:
    # Hosts that run apache but where it should not be open to the internet by
    # default
    - casulana.debian.org
  apache_ratelimited:
    - beach.debian.org
    - buxtehude.debian.org
    - lw07.debian.org
    - picconi.debian.org
    - pkgmirror-csail.debian.org
    - sallinen.debian.org
  cdbuilder_local_mirror:
    - casulana.debian.org
  alioth_archive:
    - grabbe.debian.org
  snapshot_web:
    - lw07.debian.org
    - sallinen.debian.org
  snapshot_shell:
    - lw08.debian.org
  anonscm:
    - cgi-grnet-01.debian.org

classes:
  - base::includes