retire old-style firewalling for mirrormaster sshing to the mirror nodes
[mirror/dsa-puppet.git] / hieradata / common.yaml
1 ---
2
3 lookup_options:
4   # with merge: unique entries in other hiera sources add to the array
5   resolv::searchpaths:
6     merge: unique
7   apt::sources::debian::location:
8     merge: unique
9
10 # class parameters
11 resolv::nameservers: []
12 resolv::searchpaths: ['debian.org']
13 staticsync::user: 'staticsync'
14 staticsync::basedir: '/srv/static.debian.org'
15
16 roles::dns_primary::allow_access:
17   # easydns
18   - '64.68.200.91'
19   - '205.210.42.80'
20   # rcode0
21   - '83.136.34.0/27'
22   - '2a02:850:8::/47'
23   # netnod
24   - '192.71.80.0/24'
25   - '192.36.144.222'
26   - '192.36.144.218'
27   - '194.146.105.24'
28   - '194.146.105.25'
29   - '2a01:3f0:0:27::24'
30   - '2a01:3f0:0:28::25'
31
32 # other variables
33 allow_dns_query: []
34 role_config__mirrors:
35   mirror_basedir_prefix: '/srv/mirrors/'
36 role_config__syncproxy:
37   mirror_basedir_prefix: '/srv/mirrors/'
38 samhain_recipients:
39   - 'debian-archive-debian-samhain-reports@master.debian.org'
40   - 'debian-admin@ftbfs.de'
41   - 'weasel@debian.org'
42   - 'zumbi@oron.es'
43 root_mail_alias:
44   - 'debian-admin@debian.org'
45 paths:
46   letsencrypt_dir: '/srv/puppet.debian.org/from-letsencrypt'
47   auto_certs_dir: '/srv/puppet.debian.org/ca/RESULT/certs'
48   auto_clientcerts_dir: '/srv/puppet.debian.org/ca/RESULT/clientcerts'
49 apt::sources::debian::location: 'https://deb.debian.org/debian/'
50
51
52 # all of these should be retired in favour of including the class role
53 # with the host. weasel, 2019-09
54 roles:
55   ftp_master:
56     # XXX - used by ferm templates/defs.conf.erb
57     - fasolo.debian.org
58   mailrelay:
59     # XXX - ONLY used by ferm templates/defs.conf.erb
60     - mailly.debian.org
61     - muffat.debian.org
62   muninmaster:
63     # XXX - used by ferm templates/defs.conf.erb
64     - menotti.debian.org
65   nagiosmaster:
66     # XXX - used by ferm templates/defs.conf.erb
67     - tchaikovsky.debian.org
68   security_master:
69     # XXX - used by ferm templates/defs.conf.erb
70     - seger.debian.org
71   security_mirror:
72     # XXX used also in ferm me.conf.erb
73     mirror-anu.debian.org:
74       fastly-backend: false
75     mirror-csail.debian.org:
76       fastly-backend: false
77     mirror-isc.debian.org:
78       onion_v4_address: 149.20.4.14
79     mirror-umn.debian.org:
80       onion_v4_address: 128.101.240.215
81     mirror-accumu.debian.org:
82       fastly-backend: false
83     mirror-skroutz.debian.org:
84       fastly-backend: false
85     lobos.debian.org:
86       service-hostname: lobos.security.backend.mirrors.debian.org
87       fastly-backend: false
88       onion_v4_address: 212.211.132.250
89     santoro.debian.org:
90       fastly-backend: false
91     schmelzer.debian.org:
92       fastly-backend: false
93     schumann.debian.org:
94       service-hostname: schumann.security.backend.mirrors.debian.org
95       fastly-backend: true
96     setoguchi.debian.org:
97       fastly-backend: false
98     sechter.debian.org:
99       fastly-backend: false
100     villa.debian.org:
101       service-hostname: villa.security.backend.mirrors.debian.org
102       fastly-backend: true
103       onion_v4_address: 212.211.132.32
104     wieck.debian.org:
105       service-hostname: wieck.security.backend.mirrors.debian.org
106       fastly-backend: true
107   syncproxy:
108     # XXX - used by ferm templates/defs.conf.erb
109     - gretchaninov.debian.org
110     - klecker.debian.org
111     - milanollo.debian.org
112     - mirror-anu.debian.org
113     - mirror-isc.debian.org
114     - mirror-umn.debian.org
115     - schmelzer.debian.org
116     - smit.debian.org
117   postgres_backup_server:
118     # XXX - used by ferm templates/defs.conf.erb
119     - backuphost.debian.org
120     - storace.debian.org
121   debian_mirror:
122     # XXX used also in ferm me.conf.erb
123     klecker.debian.org:
124       listen-addresses:
125         - '130.89.148.12:80'
126         - '[2001:67c:2564:a119::148:12]:80'
127       onion_v4_address: 130.89.148.12
128     new-klecker.debian.org: {}
129     mirror-accumu.debian.org:
130       service-hostname: accumu.debian.backend.mirrors.debian.org
131       fastly-backend: true
132     mirror-skroutz.debian.org:
133       service-hostname: skroutz.debian.backend.mirrors.debian.org
134       fastly-backend: true
135     mirror-isc.debian.org:
136       listen-addresses:
137         - '149.20.4.15:80'
138         - '[2001:4f8:1:c::15]:80'
139       onion_v4_address: 149.20.4.15
140     schmelzer.debian.org:
141       listen-addresses:
142         - '217.196.149.232:80'
143         - '[2a02:16a8:dc41:100::232]:80'
144       fastly-backend: true
145       service-hostname: conova.debian.backend.mirrors.debian.org
146   historical_master:
147     # XXX - used by ferm templates/defs.conf.erb
148     - sibelius.debian.org
149   historical_mirror:
150     # XXX used also in ferm me.conf.erb
151     - gretchaninov.debian.org
152     - klecker.debian.org
153     - schmelzer.debian.org
154     - sibelius.debian.org
155   debug_mirror:
156     # XXX used also in ferm me.conf.erb
157     mirror-accumu.debian.org:
158       onion_v4_address: 130.242.6.199
159       service-hostname: accumu.debug.backend.mirrors.debian.org
160     schmelzer.debian.org:
161       listen-addresses:
162         - '217.196.149.232:80'
163         - '[2a02:16a8:dc41:100::232]:80'
164       onion_v4_address: 217.196.149.232
165       service-hostname: conova.debug.backend.mirrors.debian.org
166   debug_mirror_onion:
167     - mirror-accumu.debian.org
168     - schmelzer.debian.org
169   ports_master:
170     # XXX - used by ferm templates/defs.conf.erb
171     - porta.debian.org
172   bgp:
173     - mirror-accumu.debian.org
174     - mirror-skroutz.debian.org
175   postgresql_server:
176     # postgresql instances not managed by puppet otherwise
177     - bmdb1.debian.org
178     - buxtehude.debian.org
179     - danzi.debian.org
180     - fasolo.debian.org
181     - lw07.debian.org
182     - melartin.debian.org
183     - sallinen.debian.org
184     - seger.debian.org
185     - snapshotdb-manda-01.debian.org
186     - vittoria.debian.org
187
188 classes:
189   - base::includes