3 # Stuff common to all debian.org servers
6 if $::lsbmajdistrelease <= 8 {
7 $fallbackmirror = 'http://cdn-fastly.deb.debian.org/debian/'
9 $fallbackmirror = 'http://deb.debian.org/debian/'
12 if getfromhash($site::nodeinfo, 'hoster', 'mirror-debian') {
13 $mirror = [ getfromhash($site::nodeinfo, 'hoster', 'mirror-debian'), $fallbackmirror ]
15 $mirror = [ $fallbackmirror ]
18 if $::lsbmajdistrelease <= 7 {
19 $mungedcodename = $::lsbdistcodename
20 } elsif ($::debarchitecture in ['kfreebsd-amd64', 'kfreebsd-i386']) {
21 $mungedcodename = "${::lsbdistcodename}-kfreebsd"
23 $mungedcodename = $::lsbdistcodename
28 $servicefiles = 'present'
30 $servicefiles = 'absent'
34 'debian-archive-debian-samhain-reports@master.debian.org',
35 'debian-admin@ftbfs.de',
57 file { '/etc/ssh/ssh_known_hosts':
61 source => 'puppet:///modules/debian-org/basic-ssh_known_hosts'
64 if ($::lsbmajdistrelease >= 8) {
65 $rubyfs_package = 'ruby-filesystem'
67 $rubyfs_package = 'libfilesystem-ruby1.9'
103 if getfromhash($site::nodeinfo, 'broken-rtc') {
104 package { 'fake-hwclock':
110 package { 'molly-guard':
113 file { '/etc/molly-guard/run.d/10-check-kvm':
115 source => 'puppet:///modules/debian-org/molly-guard/10-check-kvm',
116 require => Package['molly-guard'],
118 file { '/etc/molly-guard/run.d/15-acquire-reboot-lock':
120 source => 'puppet:///modules/debian-org/molly-guard/15-acquire-reboot-lock',
121 require => Package['molly-guard'],
124 file { '/etc/apt/trusted-keys.d':
129 file { '/etc/apt/trusted.gpg':
134 if ($::lsbmajdistrelease >= 8) {
135 site::aptrepo { 'security':
136 url => 'http://security-cdn.debian.org/',
137 suite => "${mungedcodename}/updates",
138 components => ['main','contrib','non-free']
141 site::aptrepo { 'security':
146 site::aptrepo { 'debian-lts':
150 site::aptrepo { 'backports.debian.org':
152 suite => "${::lsbdistcodename}-backports",
153 components => ['main','contrib','non-free']
156 site::aptrepo { 'volatile':
158 suite => "${::lsbdistcodename}-updates",
159 components => ['main','contrib','non-free']
162 if ($::hostname in [] or $::debarchitecture in ['kfreebsd-amd64', 'kfreebsd-i386']) {
163 site::aptrepo { 'proposed-updates':
165 suite => "${mungedcodename}-proposed-updates",
166 components => ['main','contrib','non-free']
169 site::aptrepo { 'proposed-updates':
174 site::aptrepo { 'db.debian.org':
175 url => 'http://db.debian.org/debian-admin',
176 suite => 'debian-all',
177 components => 'main',
178 key => 'puppet:///modules/debian-org/db.debian.org.gpg',
180 site::aptrepo { 'db.debian.org-suite':
181 url => 'http://db.debian.org/debian-admin',
182 suite => $::lsbdistcodename,
183 components => 'main',
186 augeas { 'inittab_replicate':
187 context => '/files/etc/inittab',
189 'set ud/runlevels 2345',
190 'set ud/action respawn',
191 'set ud/process "/usr/bin/ud-replicated -d"',
193 notify => Exec['init q'],
196 if getfromhash($site::nodeinfo, 'hoster', 'mirror-debian') {
197 site::aptrepo { 'debian':
198 url => getfromhash($site::nodeinfo, 'hoster', 'mirror-debian'),
199 suite => $mungedcodename,
200 components => ['main','contrib','non-free']
204 site::aptrepo { 'debian-cdn':
207 site::aptrepo { 'debian.org':
210 site::aptrepo { 'debian2':
211 url => "http://cdn-fastly.deb.debian.org/debian",
214 site::aptrepo { 'backports2.debian.org':
221 file { '/etc/facter':
226 source => 'puppet:///files/empty/',
228 file { '/etc/facter/facts.d':
231 file { '/etc/facter/facts.d/debian_facts.yaml':
232 content => template('debian-org/debian_facts.yaml.erb')
234 file { '/etc/apt/preferences':
235 source => 'puppet:///modules/debian-org/apt.preferences',
237 file { '/etc/apt/apt.conf.d/local-compression':
238 source => 'puppet:///modules/debian-org/apt.conf.d/local-compression',
240 file { '/etc/apt/apt.conf.d/local-recommends':
241 source => 'puppet:///modules/debian-org/apt.conf.d/local-recommends',
243 file { '/etc/apt/apt.conf.d/local-pdiffs':
244 source => 'puppet:///modules/debian-org/apt.conf.d/local-pdiffs',
246 file { '/etc/apt/apt.conf.d/local-langs':
247 source => 'puppet:///modules/debian-org/apt.conf.d/local-langs',
249 file { '/etc/timezone':
250 source => 'puppet:///modules/debian-org/timezone',
251 notify => Exec['dpkg-reconfigure tzdata -pcritical -fnoninteractive'],
253 if $::hostname == handel {
254 include puppetmaster::db
255 $dbpassword = $puppetmaster::db::password
257 file { '/etc/puppet/puppet.conf':
258 content => template('debian-org/puppet.conf.erb'),
260 file { '/etc/default/puppet':
261 source => 'puppet:///modules/debian-org/puppet.default',
263 file { '/etc/systemd':
267 file { '/etc/systemd/system':
271 file { '/etc/systemd/system/ud-replicated.service':
272 ensure => $servicefiles,
273 source => 'puppet:///modules/debian-org/ud-replicated.service',
274 notify => Exec['systemctl daemon-reload'],
277 file { '/etc/systemd/system/multi-user.target.wants/ud-replicated.service':
279 target => '../ud-replicated.service',
280 notify => Exec['systemctl daemon-reload'],
283 file { '/etc/systemd/system/puppet.service':
285 target => '/dev/null',
286 notify => Exec['systemctl daemon-reload'],
288 file { '/etc/systemd/system/proc-sys-fs-binfmt_misc.automount':
290 target => '/dev/null',
291 notify => Exec['systemctl daemon-reload'],
294 file { '/etc/cron.d/dsa-puppet-stuff':
295 content => template('debian-org/dsa-puppet-stuff.cron.erb'),
296 require => Package['debian.org'],
298 file { '/etc/ldap/ldap.conf':
299 require => Package['debian.org'],
300 content => template('debian-org/ldap.conf.erb'),
302 file { '/etc/pam.d/common-session':
303 require => Package['debian.org'],
304 content => template('debian-org/pam.common-session.erb'),
306 file { '/etc/pam.d/common-session-noninteractive':
307 require => Package['debian.org'],
308 content => template('debian-org/pam.common-session-noninteractive.erb'),
310 file { '/etc/rc.local':
312 content => template('debian-org/rc.local.erb'),
313 notify => Exec['service rc.local start'],
319 file { '/etc/dsa/cron.ignore.dsa-puppet-stuff':
320 source => 'puppet:///modules/debian-org/dsa-puppet-stuff.cron.ignore',
321 require => Package['debian.org']
323 file { '/etc/nsswitch.conf':
325 source => 'puppet:///modules/debian-org/nsswitch.conf',
328 file { '/etc/profile.d/timeout.sh':
330 source => 'puppet:///modules/debian-org/etc.profile.d/timeout.sh',
335 file { '/etc/zsh/zprofile':
337 source => 'puppet:///modules/debian-org/etc.zsh/zprofile',
340 # set mmap_min_addr to 4096 to mitigate
341 # Linux NULL-pointer dereference exploits
342 site::sysctl { 'mmap_min_addr':
345 site::sysctl { 'perf_event_paranoid':
346 key => 'kernel.perf_event_paranoid',
349 site::alternative { 'editor':
350 linkto => '/usr/bin/vim.basic',
352 site::alternative { 'view':
353 linkto => '/usr/bin/vim.basic',
355 mailalias { 'samhain-reports':
357 recipient => $debianadmin,
358 require => Package['debian.org']
361 file { '/usr/local/bin/check_for_updates':
362 source => 'puppet:///modules/debian-org/check_for_updates',
368 exec { 'apt-get update':
369 path => '/usr/bin:/usr/sbin:/bin:/sbin',
370 onlyif => '/usr/local/bin/check_for_updates',
371 require => File['/usr/local/bin/check_for_updates']
373 Exec['apt-get update']->Package<| tag == extra_repo |>
375 exec { 'dpkg-reconfigure tzdata -pcritical -fnoninteractive':
376 path => '/usr/bin:/usr/sbin:/bin:/sbin',
379 exec { 'service puppetmaster restart':
382 exec { 'service rc.local start':
389 exec { 'systemctl daemon-reload':
391 onlyif => "test -x /bin/systemctl"
394 exec { 'systemd-tmpfiles --create --exclude-prefix=/dev':
396 onlyif => "test -x /bin/systemd-tmpfiles"
399 tidy { '/var/lib/puppet/clientbucket/':
403 matches => [ 'paths', 'contents' ],
407 file { '/root/.bashrc':
408 source => 'puppet:///modules/debian-org/root-dotfiles/bashrc',
410 file { '/root/.profile':
411 source => 'puppet:///modules/debian-org/root-dotfiles/profile',
413 file { '/root/.selected_editor':
414 source => 'puppet:///modules/debian-org/root-dotfiles/selected_editor',
416 file { '/root/.screenrc':
417 source => 'puppet:///modules/debian-org/root-dotfiles/screenrc',
419 file { '/root/.vimrc':
420 source => 'puppet:///modules/debian-org/root-dotfiles/vimrc',