hiera -> hiera role; explicitly include apache2

[mirror/dsa-puppet.git] / modules / roles / manifests / init.pp

# = Class: roles
#
# Lookup role and include relevant classes for roles
#
# == Sample Usage:
#
#   include roles
#
class roles {
        if has_role('muninmaster') {
                include munin::master
        }

        if has_role('nagiosmaster') {
                include nagios::server
        }

        if has_role('manpages-dyn') {
                include roles::manpages_dyn
        }

        # archive.debian.org
        if has_role('historical_mirror') {
                include roles::historical_mirror
        }

        # debug archive
        if has_role('debug_mirror') {
                include roles::debug_mirror
        }

        # ftp.debian.org and its ecosystem
        if has_role('debian_mirror') {
                include roles::debian_mirror
        }
        if has_role('ftp_master') {
                include roles::ftp_master
                include roles::dakmaster
                include roles::signing
        }
        if has_role('ftp.upload.d.o') {
                include roles::ftp_upload
        }
        if has_role('ssh.upload.d.o') {
                include roles::ssh_upload
        }
        if has_role('security_upload') {
                include roles::security_upload
        }
        #
        # security.debian.org
        if has_role('security_master') {
                include roles::security_master
                include roles::dakmaster
        }

        if has_role('security_mirror') {
                include roles::security_mirror
        }

        if has_role('git_master') {
                include roles::git_master
        }

        if has_role('people') {
                ssl::service { 'people.debian.org': notify  => Exec['service apache2 reload'], key => true, }
                onion::service { 'people.debian.org': port => 80, target_address => 'people.debian.org', target_port => 80, direct => true }
        }

        if has_role('www_master') {
                include roles::www_master
        }

        if has_role('cgi.d.o') {
                ssl::service { 'cgi.debian.org': notify  => Exec['service apache2 reload'], key => true, }
        }

        if has_role('wiki') {
                include roles::wiki
        }

        if has_role('syncproxy') {
                include roles::syncproxy
        }

        if has_role('mailrelay') {
                include roles::mailrelay
        }

        if has_role('pubsub') {
                include roles::pubsub
        }

        if has_role('dns_primary') {
                include roles::dns_primary
        }

        if has_role('dns_geo') {
                include roles::dns_geodns
        }

        if has_role('security_tracker') {
                include roles::security_tracker
        }

        if has_role('rtmaster') {
                include roles::rtmaster
        }

        if has_role('udd') {
                include roles::udd
        }

        if has_role('sso') {
                include roles::sso
        }

        if has_role('sso_rp') {
                include roles::sso_rp
        }

        if has_role('contributors') {
                include roles::contributors
        }

        if has_role('nm') {
                include roles::nm
        }

        if has_role('postgres_backup_server') {
                include postgres::backup_server
        }

        if has_role('packages') {
                ssl::service { 'packages.debian.org': notify  => Exec['service apache2 reload'], key => true, }
        }

        if has_role('historicalpackages') {
                ssl::service { 'historical.packages.debian.org': notify  => Exec['service apache2 reload'], key => true, }
        }

        if has_role('qamaster') {
                ssl::service { 'qa.debian.org': notify  => Exec['service apache2 reload'], key => true, }
        }

        if has_role('packagesqamaster') {
                ssl::service { 'packages.qa.debian.org': notify  => Exec['service apache2 reload'], key => true, }
        }

        if has_role('gobby_debian_org') {
                ssl::service { 'gobby.debian.org':
                        notify  => [ Exec['service apache2 reload'], Exec['reload gobby'] ],
                        key => true,
                        tlsaport => [443, 6523],
                }
                file { '/etc/ssl/debian-local/other-keys/gobby.debian.org.key':
                        ensure => present,
                        mode => '0440',
                        group => 'gobby',
                        content => inline_template('<%= File.read(scope().call_function("hiera", ["paths.letsencrypt_dir"]) + "/gobby.debian.org.key") %>'),
                        links => follow,
                        notify => Exec['reload gobby'],
                }
                exec { 'reload gobby':
                        command => 'pkill -u gobby -HUP -x infinoted',
                        refreshonly => true,
                }
        }

        if has_role('search_backend') {
                include roles::search_backend
        }
        if has_role('search_frontend') {
                include roles::search_frontend
        }

        if has_role('dgit_browse') {
                include roles::dgit_browse
        }
        if has_role('dgit_git') {
                include roles::dgit_git
        }

        if $::hostname in [lw01, lw02, lw03, lw04, lw09, lw10] {
                include roles::snapshot
        }

        if has_role('snapshot_web') {
                include roles::snapshot_web
        }

        if has_role('snapshot_shell') {
                include roles::snapshot_shell
        }

        if has_role('debtags') {
                include roles::debtags
        }

        if has_role('planet_master') {
                include roles::planet_master
        }
        if has_role('planet_search') {
                ssl::service { 'planet-search.debian.org': notify  => Exec['service apache2 reload'], key => true, }
        }

        if has_role('i18n.d.o') {
                ssl::service { 'i18n.debian.org': notify  => Exec['service apache2 reload'], key => true, }
        }

        if has_role('l10n.d.o') {
                ssl::service { 'l10n.debian.org': notify  => Exec['service apache2 reload'], key => true, }
        }

        if has_role('dedup.d.n') {
                ssl::service { 'dedup.debian.net': notify  => Exec['service apache2 reload'], key => true, }
        }

        if has_role('pet.d.n') {
                ssl::service { 'pet.debian.net': notify  => Exec['service apache2 reload'], key => true, }
                ssl::service { 'pet-devel.debian.net': notify  => Exec['service apache2 reload'], key => true, }
        }

        if has_role('ports_master') {
                include roles::ports_master
        }
        if has_role('ports_mirror') {
                include roles::ports_mirror
        }

        if has_role('onionbalance') {
                include onion::balance
        }
        if has_role('bgp') {
                include roles::bgp
        }
        if has_role('cdimage-search') {
                include roles::cdimage_search
        }

        if has_role('postgresql_server') {
                include postgres::backup_source
        }

        if has_role('bacula_director') {
                include bacula::director
        } else {
                package { 'bacula-console': ensure => purged; }
                file { '/etc/bacula/bconsole.conf': ensure => absent; }
        }
        if has_role('bacula_storage') {
                include bacula::storage
        }

        if $::keyring_debian_org_mirror {
                include roles::keyring_debian_org_mirror
        }

        if has_role('popcon') {
                include roles::popcon
        }

        if has_role('debsources') {
                include roles::debsources
        }
}