No backports for buster
[mirror/dsa-puppet.git] / modules / debian_org / manifests / apt.pp
1 # == Class: debian_org
2 #
3 # Stuff common to all debian.org servers
4 #
5 class debian_org::apt {
6         if versioncmp($::lsbmajdistrelease, '8') <= 0 {
7                 $fallbackmirror = 'http://cdn-fastly.deb.debian.org/debian/'
8         } else {
9                 $fallbackmirror = 'http://deb.debian.org/debian/'
10         }
11
12         if getfromhash($site::nodeinfo, 'hoster', 'mirror-debian') {
13                 $mirror = [ getfromhash($site::nodeinfo, 'hoster', 'mirror-debian'), $fallbackmirror ]
14         } else {
15                 $mirror = [ $fallbackmirror ]
16         }
17
18         if versioncmp($::lsbmajdistrelease, '9') <= 0 {
19                 site::aptrepo { 'debian':
20                         url        => $mirror,
21                         suite      => [ $::lsbdistcodename, "${::lsbdistcodename}-backports", "${::lsbdistcodename}-updates" ],
22                         components => ['main','contrib','non-free']
23                 }
24         } else {
25                 site::aptrepo { 'debian':
26                         url        => $mirror,
27                         suite      => [ $::lsbdistcodename, "${::lsbdistcodename}-updates" ],
28                         components => ['main','contrib','non-free']
29                 }
30         }
31
32         if versioncmp($::lsbmajdistrelease, '8') <= 0 {
33                 site::aptrepo { 'security':
34                         url        => [ 'http://security-cdn.debian.org/', 'http://security.debian.org/' ],
35                         suite      => "${::lsbdistcodename}/updates",
36                         components => ['main','contrib','non-free']
37                 }
38         } else {
39                 site::aptrepo { 'security':
40                         url        => [ 'http://security.debian.org/' ],
41                         suite      => "${::lsbdistcodename}/updates",
42                         components => ['main','contrib','non-free']
43                 }
44         }
45
46         # ca-certificates is installed by the ssl module
47         if versioncmp($::lsbmajdistrelease, '9') <= 0 {
48                 package { 'apt-transport-https':
49                         ensure => installed,
50                 }
51         } else {
52                 # transitional package in buster
53                 package { 'apt-transport-https':
54                         ensure => purged,
55                 }
56         }
57         $dbdosuites = [ 'debian-all', $::lsbdistcodename ]
58         site::aptrepo { 'db.debian.org':
59                 url        => 'https://db.debian.org/debian-admin',
60                 suite      => $dbdosuites,
61                 components => 'main',
62                 key        => 'puppet:///modules/debian_org/db.debian.org.gpg',
63         }
64
65         if ($::hostname in []) {
66                 site::aptrepo { 'proposed-updates':
67                         url        => $mirror,
68                         suite      => "${::lsbdistcodename}-proposed-updates",
69                         components => ['main','contrib','non-free']
70                 }
71         } else {
72                 site::aptrepo { 'proposed-updates':
73                         ensure => absent,
74                 }
75         }
76
77         site::aptrepo { 'debian-cdn':
78                 ensure => absent,
79         }
80         site::aptrepo { 'debian.org':
81                 ensure => absent,
82         }
83         site::aptrepo { 'debian2':
84                 ensure => absent,
85         }
86         site::aptrepo { 'backports2.debian.org':
87                 ensure => absent,
88         }
89         site::aptrepo { 'backports.debian.org':
90                 ensure => absent,
91         }
92         site::aptrepo { 'volatile':
93                 ensure => absent,
94         }
95         site::aptrepo { 'db.debian.org-suite':
96                 ensure => absent,
97         }
98         site::aptrepo { 'debian-lts':
99                 ensure => absent,
100         }
101
102
103
104
105         file { '/etc/apt/trusted-keys.d':
106                 ensure => absent,
107                 force  => true,
108         }
109
110         file { '/etc/apt/trusted.gpg':
111                 mode    => '0600',
112                 content => "",
113         }
114
115         file { '/etc/apt/preferences':
116                 source => 'puppet:///modules/debian_org/apt.preferences',
117         }
118         file { '/etc/apt/apt.conf.d/local-compression':
119                 source => 'puppet:///modules/debian_org/apt.conf.d/local-compression',
120         }
121         file { '/etc/apt/apt.conf.d/local-recommends':
122                 source => 'puppet:///modules/debian_org/apt.conf.d/local-recommends',
123         }
124         file { '/etc/apt/apt.conf.d/local-pdiffs':
125                 source => 'puppet:///modules/debian_org/apt.conf.d/local-pdiffs',
126         }
127         file { '/etc/apt/apt.conf.d/local-langs':
128                 source => 'puppet:///modules/debian_org/apt.conf.d/local-langs',
129         }
130         file { '/etc/apt/apt.conf.d/local-cainfo':
131                 source => 'puppet:///modules/debian_org/apt.conf.d/local-cainfo',
132         }
133
134         exec { 'apt-get update':
135                 path    => '/usr/bin:/usr/sbin:/bin:/sbin',
136                 onlyif  => '/usr/local/bin/check_for_updates',
137                 require => File['/usr/local/bin/check_for_updates']
138         }
139         Exec['apt-get update']->Package<| tag == extra_repo |>
140 }