4703bc86b276bad8a6160016ab75f33b0ee1b765
[mirror/dsa-puppet.git] / modules / buildd / manifests / init.pp
1 class buildd ($ensure=present) {
2
3         include schroot
4
5         package { 'sbuild':
6                 ensure => installed,
7                 tag    => extra_repo,
8         }
9         package { 'libsbuild-perl':
10                 ensure => installed,
11                 tag    => extra_repo,
12                 before => Package['sbuild']
13         }
14
15         package { 'apt-transport-https':
16                 ensure => installed,
17         }
18         if $ensure == present {
19                 package { 'dupload':
20                         ensure => installed,
21                 }
22                 file { '/etc/dupload.conf':
23                         source  => 'puppet:///modules/buildd/dupload.conf',
24                         require => Package['dupload'],
25                 }
26                 package { 'buildd':
27                         ensure => installed,
28                 }
29                 file { '/etc/buildd/buildd.conf':
30                         source  => 'puppet:///modules/buildd/buildd.conf',
31                         require => Package['buildd'],
32                 }
33                 if ($::lsbmajdistrelease >= 8) {
34                         file { '/etc/sbuild/sbuild.conf':
35                                 source  => 'puppet:///modules/buildd/sbuild.conf',
36                                 require => Package['sbuild'],
37                         }
38                 } else {
39                         file { '/etc/sbuild/sbuild.conf':
40                                 source  => 'puppet:///modules/buildd/sbuild.conf.wheezy',
41                                 require => Package['sbuild'],
42                         }
43                 }
44                 include ferm::ftp_conntrack
45         }
46
47         site::aptrepo { 'buildd':
48                 ensure => absent,
49         }
50
51         $suite = $::lsbdistcodename ? {
52                 wheezy   => $::lsbdistcodename,
53                 jessie   => $::lsbdistcodename,
54                 stretch  => $::lsbdistcodename,
55                 undef   => 'wheezy',
56                 default => 'jessie'
57         }
58
59         $buildd_apt_url = $::debarchitecture ? {
60                 /^sparc$/ => 'http://buildd.debian.org/apt/',
61                 default   => 'https://buildd.debian.org/apt/',
62         }
63
64         site::aptrepo { 'buildd.debian.org':
65                 key        => 'puppet:///modules/buildd/buildd.debian.org.gpg',
66                 url        => $buildd_apt_url,
67                 suite      => $suite,
68                 components => 'main',
69                 require    => Package['apt-transport-https'],
70         }
71
72         $buildd_prop_ensure = $::hostname ? {
73                 /^(alkman)$/ => 'present',
74                 default => 'absent',
75         }
76
77         if ($::lsbmajdistrelease >= 8) {
78                 file { '/etc/apt/apt.conf.d/puppet-https-buildd':
79                         content => "Acquire::https::buildd.debian.org::CaInfo \"/etc/ssl/ca-debian/ca-certificates.crt\";\n",
80                 }
81         } else {
82                 file { '/etc/apt/apt.conf.d/puppet-https-buildd':
83                         content => "Acquire::https::buildd.debian.org::CaInfo \"/etc/ssl/servicecerts/buildd.debian.org.crt\";\n",
84                 }
85         }
86         site::aptrepo { 'buildd.debian.org-proposed':
87                 ensure     => $buildd_prop_ensure,
88                 url        => 'https://buildd.debian.org/apt/',
89                 suite      => "${suite}-proposed",
90                 components => 'main',
91                 require    => [ Package['apt-transport-https'],
92                                 File['/etc/apt/apt.conf.d/puppet-https-buildd'] ],
93         }
94
95         # 'bad' extension
96         file { '/etc/apt/preferences.d/buildd.debian.org':
97                 ensure => absent,
98         }
99         file { '/etc/apt/preferences.d/buildd':
100                 ensure => absent,
101         }
102         file { '/etc/cron.d/dsa-buildd':
103                 source  => 'puppet:///modules/buildd/cron.d-dsa-buildd',
104                 require => Package['debian.org']
105         }
106
107         if ($::kernel == 'Linux') {
108                 package { 'python-psutil':
109                         ensure => installed,
110                 }
111                 if ($::lsbmajdistrelease >= 8) {
112                         file { '/usr/local/sbin/buildd-schroot-aptitude-kill':
113                                 source  => 'puppet:///modules/buildd/buildd-schroot-aptitude-kill',
114                                 mode    => '0555',
115                         }
116                 } else {
117                         file { '/usr/local/sbin/buildd-schroot-aptitude-kill':
118                                 source  => 'puppet:///modules/buildd/buildd-schroot-aptitude-kill.wheezy',
119                                 mode    => '0555',
120                         }
121                 }
122         } else {
123                 file { '/usr/local/sbin/buildd-schroot-aptitude-kill':
124                         source  => 'puppet:///modules/buildd/buildd-schroot-aptitude-kill.squeeze',
125                         mode    => '0555',
126                 }
127         }
128         file { '/etc/cron.d/puppet-buildd-aptitude':
129                 content => "*/5 * * * * root /usr/local/sbin/buildd-schroot-aptitude-kill\n",
130         }
131
132         if $has_srv_buildd {
133                 file { '/etc/cron.d/puppet-update-buildd-schroots':
134                         content  => "13 21 * * 0,3 root PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin setup-all-dchroots buildd\n",
135                 }
136         }
137
138         file { '/home/buildd':
139                 ensure  => directory,
140                 mode    => '2755',
141                 group   => buildd,
142                 owner   => buildd,
143         }
144         file { '/home/buildd/build':
145                 ensure  => directory,
146                 mode    => '2750',
147                 group   => buildd,
148                 owner   => buildd,
149         }
150         file { '/home/buildd/logs':
151                 ensure  => directory,
152                 mode    => '2750',
153                 group   => buildd,
154                 owner   => buildd,
155         }
156         file { '/home/buildd/old-logs':
157                 ensure  => directory,
158                 mode    => '2750',
159                 group   => buildd,
160                 owner   => buildd,
161         }
162         file { '/home/buildd/upload-security':
163                 ensure  => directory,
164                 mode    => '2750',
165                 group   => buildd,
166                 owner   => buildd,
167         }
168         file { '/home/buildd/stats':
169                 ensure  => directory,
170                 mode    => '2755',
171                 group   => buildd,
172                 owner   => buildd,
173         }
174         file { '/home/buildd/stats/graphs':
175                 ensure  => directory,
176                 mode    => '2755',
177                 group   => buildd,
178                 owner   => buildd,
179         }
180         file { '/home/buildd/upload':
181                 ensure  => directory,
182                 mode    => '2755',
183                 group   => buildd,
184                 owner   => buildd,
185         }
186         file { '/home/buildd/.forward':
187                 content  => "|/usr/bin/buildd-mail\n",
188                 group   => buildd,
189                 owner   => buildd,
190         }
191         file { '/home/buildd/.gnupg':
192                 ensure  => directory,
193                 mode    => '700',
194                 group   => buildd,
195                 owner   => buildd,
196         }
197         file { '/home/buildd/.gnupg/gpg.conf':
198                 content  => "personal-digest-preferences SHA512\n",
199                 group   => buildd,
200                 owner   => buildd,
201         }
202
203         if ! $::buildd_key {
204                 exec { 'create-buildd-key':
205                         command => '/bin/su - buildd -c \'mkdir -p -m 02700 .ssh && ssh-keygen -C "`whoami`@`hostname` (`date +%Y-%m-%d`)" -P "" -f .ssh/id_rsa -q\'',
206                         onlyif  => '/usr/bin/getent passwd buildd > /dev/null && ! [ -e /home/buildd/.ssh/id_rsa ]'
207                 }
208         }
209
210
211         if $::buildd_user_exists {
212                 exec { 'add-buildd-user-to-sbuild':
213                         command => 'adduser buildd sbuild',
214                         onlyif  => "getent group sbuild > /dev/null && ! getent group sbuild | grep '\\<buildd\\>' > /dev/null"
215                 }
216         }
217 }