projects / mirror / dsa-puppet.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Actually install apt https config
[mirror/dsa-puppet.git] / modules / debian_org / manifests / apt.pp
1 # == Class: debian_org
2 #
3 # Stuff common to all debian.org servers
4 #
5 class debian_org::apt {
6         if versioncmp($::lsbmajdistrelease, '8') <= 0 {
7                 $fallbackmirror = 'http://cdn-fastly.deb.debian.org/debian/'
8         } else {
9                 $fallbackmirror = 'http://deb.debian.org/debian/'
10         }
11
12         if getfromhash($site::nodeinfo, 'hoster', 'mirror-debian') {
13                 $mirror = [ getfromhash($site::nodeinfo, 'hoster', 'mirror-debian'), $fallbackmirror ]
14         } else {
15                 $mirror = [ $fallbackmirror ]
16         }
17
18         site::aptrepo { 'debian':
19                 url        => $mirror,
20                 suite      => [ $::lsbdistcodename, "${::lsbdistcodename}-backports", "${::lsbdistcodename}-updates" ],
21                 components => ['main','contrib','non-free']
22         }
23
24         if versioncmp($::lsbmajdistrelease, '8') <= 0 {
25                 site::aptrepo { 'security':
26                         url        => [ 'http://security-cdn.debian.org/', 'http://security.debian.org/' ],
27                         suite      => "${::lsbdistcodename}/updates",
28                         components => ['main','contrib','non-free']
29                 }
30         } else {
31                 site::aptrepo { 'security':
32                         url        => [ 'http://security.debian.org/' ],
33                         suite      => "${::lsbdistcodename}/updates",
34                         components => ['main','contrib','non-free']
35                 }
36         }
37
38         # ca-certificates is installed by the ssl module
39         if versioncmp($::lsbmajdistrelease, '9') <= 0 {
40                 package { 'apt-transport-https':
41                         ensure => installed,
42                 }
43         } else {
44                 # transitional package in buster
45                 package { 'apt-transport-https':
46                         ensure => purged,
47                 }
48         }
49         $dbdosuites = [ 'debian-all', $::lsbdistcodename ]
50         site::aptrepo { 'db.debian.org':
51                 url        => 'https://db.debian.org/debian-admin',
52                 suite      => $dbdosuites,
53                 components => 'main',
54                 key        => 'puppet:///modules/debian_org/db.debian.org.gpg',
55         }
56
57         if ($::hostname in []) {
58                 site::aptrepo { 'proposed-updates':
59                         url        => $mirror,
60                         suite      => "${::lsbdistcodename}-proposed-updates",
61                         components => ['main','contrib','non-free']
62                 }
63         } else {
64                 site::aptrepo { 'proposed-updates':
65                         ensure => absent,
66                 }
67         }
68
69         site::aptrepo { 'debian-cdn':
70                 ensure => absent,
71         }
72         site::aptrepo { 'debian.org':
73                 ensure => absent,
74         }
75         site::aptrepo { 'debian2':
76                 ensure => absent,
77         }
78         site::aptrepo { 'backports2.debian.org':
79                 ensure => absent,
80         }
81         site::aptrepo { 'backports.debian.org':
82                 ensure => absent,
83         }
84         site::aptrepo { 'volatile':
85                 ensure => absent,
86         }
87         site::aptrepo { 'db.debian.org-suite':
88                 ensure => absent,
89         }
90         site::aptrepo { 'debian-lts':
91                 ensure => absent,
92         }
93
94
95
96
97         file { '/etc/apt/trusted-keys.d':
98                 ensure => absent,
99                 force  => true,
100         }
101
102         file { '/etc/apt/trusted.gpg':
103                 mode    => '0600',
104                 content => "",
105         }
106
107         file { '/etc/apt/preferences':
108                 source => 'puppet:///modules/debian_org/apt.preferences',
109         }
110         file { '/etc/apt/apt.conf.d/local-compression':
111                 source => 'puppet:///modules/debian_org/apt.conf.d/local-compression',
112         }
113         file { '/etc/apt/apt.conf.d/local-recommends':
114                 source => 'puppet:///modules/debian_org/apt.conf.d/local-recommends',
115         }
116         file { '/etc/apt/apt.conf.d/local-pdiffs':
117                 source => 'puppet:///modules/debian_org/apt.conf.d/local-pdiffs',
118         }
119         file { '/etc/apt/apt.conf.d/local-langs':
120                 source => 'puppet:///modules/debian_org/apt.conf.d/local-langs',
121         }
122         file { '/etc/apt/apt.conf.d/local-cainfo':
123                 source => 'puppet:///modules/debian_org/apt.conf.d/local-cainfo',
124         }
125
126         exec { 'apt-get update':
127                 path    => '/usr/bin:/usr/sbin:/bin:/sbin',
128                 onlyif  => '/usr/local/bin/check_for_updates',
129                 require => File['/usr/local/bin/check_for_updates']
130         }
131         Exec['apt-get update']->Package<| tag == extra_repo |>
132 }
Unnamed repository; edit this file 'description' to name the repository.