more amazon networks to blacklist
[mirror/dsa-puppet.git] / modules / roles / manifests / init.pp
1 # = Class: roles
2 #
3 # Lookup role and include relevant classes for roles
4 #
5 # == Sample Usage:
6 #
7 #   include roles
8 #
9 class roles {
10
11         if has_role('puppetmaster') {
12                 include puppetmaster
13         }
14
15         if has_role('muninmaster') {
16                 include munin::master
17         }
18
19         if has_role('nagiosmaster') {
20                 include nagios::server
21         }
22
23         # XXX: turn this into a real role
24         if getfromhash($site::nodeinfo, 'buildd') {
25                 include buildd
26         }
27
28         # XXX: turn this into a real role
29         if getfromhash($site::nodeinfo, 'porterbox') {
30                 include porterbox
31         }
32
33         if has_role('bugs_mirror') {
34                 include roles::bugs_mirror
35         }
36
37         if has_role('bugs_base') {
38                 ssl::service { 'bugs.debian.org':
39                         notify  => Exec['service apache2 reload'],
40                         key => true,
41                 }
42                 @ferm::rule { 'dsa-bugs-abusers':
43                         prio    => "005",
44                         rule    => "saddr (220.243.135/24 220.243.136/24) DROP",
45                 }
46         }
47         if has_role('bugs_master') {
48                 ssl::service { 'bugs-devel.debian.org': notify  => Exec['service apache2 reload'], key => true, }
49                 ssl::service { 'bugs-master.debian.org': notify  => Exec['service apache2 reload'], key => true, }
50         }
51
52         if has_role('manpages-dyn') {
53                 include roles::manpages_dyn
54         }
55
56         if has_role('archvsync_base_additional') {
57                 include archvsync_base
58         }
59
60         # archive.debian.org
61         if has_role('historical_mirror') {
62                 include roles::historical_mirror
63         }
64
65         # debug archive
66         if has_role('debug_mirror') {
67                 include roles::debug_mirror
68         }
69
70         # ftp.debian.org and its ecosystem
71         if has_role('debian_mirror') {
72                 include roles::debian_mirror
73         }
74         if has_role('ftp_master') {
75                 include roles::ftp_master
76                 include roles::dakmaster
77                 include roles::signing
78         }
79         if has_role('ftp.upload.d.o') {
80                 include roles::ftp_upload
81         }
82         if has_role('ssh.upload.d.o') {
83                 include roles::ssh_upload
84         }
85         if has_role('security_upload') {
86                 include roles::security_upload
87         }
88         if has_role('api.ftp-master') {
89                 ssl::service { 'api.ftp-master.debian.org':
90                         notify  => Exec['service apache2 reload'],
91                         key => true,
92                 }
93         }
94         #
95         # security.debian.org
96         if has_role('security_master') {
97                 include roles::security_master
98                 include roles::dakmaster
99         }
100
101         if has_role('security_mirror') {
102                 include roles::security_mirror
103         }
104
105         if has_role('git_master') {
106                 include roles::git_master
107         }
108
109         if has_role('people') {
110                 ssl::service { 'people.debian.org': notify  => Exec['service apache2 reload'], key => true, }
111                 onion::service { 'people.debian.org': port => 80, target_address => 'people.debian.org', target_port => 80, direct => true }
112         }
113
114         if has_role('www_master') {
115                 include roles::www_master
116         }
117
118         if has_role('cgi.d.o') {
119                 ssl::service { 'cgi.debian.org': notify  => Exec['service apache2 reload'], key => true, }
120         }
121
122         if has_role('keyring') {
123                 include roles::keyring
124         }
125
126         if has_role('wiki') {
127                 include roles::wiki
128         }
129
130         if has_role('syncproxy') {
131                 include roles::syncproxy
132         }
133
134         if has_role('static_master') {
135                 include roles::static_master
136         }
137
138         if has_role('static_mirror') {
139                 include roles::static_mirror
140         } elsif has_role('static_source') {
141                 include roles::static_source
142         }
143
144         if has_role('weblog_provider') {
145                 include roles::weblog_provider
146         }
147
148         if has_role('mailrelay') {
149                 include roles::mailrelay
150         }
151
152         if has_role('pubsub') {
153                 include roles::pubsub
154         }
155
156         if has_role('dbmaster') {
157                 include roles::dbmaster
158         }
159
160         if has_role('dns_primary') {
161                 include named::primary
162         }
163
164         if has_role('weblog_destination') {
165                 include roles::weblog_destination
166         }
167
168         if has_role('vote') {
169                 include roles::vote
170         }
171
172         if has_role('security_tracker') {
173                 include roles::security_tracker
174         }
175
176         if has_role('lists') {
177                 include roles::lists
178         }
179
180         if has_role('rtmaster') {
181                 include roles::rtmaster
182         }
183
184         if has_role('udd') {
185                 include roles::udd
186         }
187
188         if has_role('sso') {
189                 include roles::sso
190         }
191
192         if has_role('sso_rp') {
193                 include roles::sso_rp
194         }
195
196         if has_role('tracker') {
197                 include roles::tracker
198         }
199
200         if has_role('buildd_master') {
201                 include roles::buildd_master
202         }
203
204         if has_role('piuparts') {
205                 include roles::piuparts
206         }
207         if has_role('piuparts_slave') {
208                 include roles::piuparts_slave
209         }
210
211         if has_role('contributors') {
212                 include roles::contributors
213         }
214
215         if has_role('nm') {
216                 include roles::nm
217         }
218
219         if has_role('rtc') {
220                 include roles::rtc
221         }
222
223         if has_role('jenkins') {
224                 include roles::jenkins
225         }
226
227         if has_role('postgres_backup_server') {
228                 include postgres::backup_server
229         }
230
231         if has_role('packages') {
232                 ssl::service { 'packages.debian.org': notify  => Exec['service apache2 reload'], key => true, }
233         }
234
235         if has_role('historicalpackages') {
236                 ssl::service { 'historical.packages.debian.org': notify  => Exec['service apache2 reload'], key => true, }
237         }
238
239         if has_role('qamaster') {
240                 ssl::service { 'qa.debian.org': notify  => Exec['service apache2 reload'], key => true, }
241         }
242
243         if has_role('packagesqamaster') {
244                 ssl::service { 'packages.qa.debian.org': notify  => Exec['service apache2 reload'], key => true, }
245         }
246
247         if has_role('gobby_debian_org') {
248                 ssl::service { 'gobby.debian.org':
249                         notify  => [ Exec['service apache2 reload'], Exec['reload gobby'] ],
250                         key => true,
251                         tlsaport => [443, 6523],
252                 }
253                 file { '/etc/ssl/debian-local/other-keys/gobby.debian.org.key':
254                         ensure => present,
255                         mode => '0440',
256                         group => 'gobby',
257                         content => inline_template('<%= File.read(scope().call_function("hiera", ["paths.letsencrypt_dir"]) + "/gobby.debian.org.key") %>'),
258                         links => follow,
259                         notify => Exec['reload gobby'],
260                 }
261                 exec { 'reload gobby':
262                         command => 'pkill -u gobby -HUP -x infinoted',
263                         refreshonly => true,
264                 }
265         }
266
267         if has_role('search_backend') {
268                 include roles::search_backend
269         }
270         if has_role('search_frontend') {
271                 include roles::search_frontend
272         }
273
274         if has_role('dgit_browse') {
275                 include roles::dgit_browse
276         }
277         if has_role('dgit_git') {
278                 include roles::dgit_git
279         }
280
281         if $::hostname in [lw01, lw02, lw03, lw04, lw09, lw10] {
282                 include roles::snapshot
283         }
284
285         if has_role('snapshot_web') {
286                 include roles::snapshot_web
287         }
288
289         if has_role('snapshot_shell') {
290                 include roles::snapshot_shell
291         }
292
293         if has_role('veyepar.debian.org') {
294                 ssl::service { 'veyepar.debian.org': notify  => Exec['service apache2 reload'], key => true, }
295         }
296         if has_role('sreview.debian.org') {
297                 ssl::service { 'sreview.debian.net': notify  => Exec['service apache2 reload'], key => true, }
298         }
299
300         if has_role('debtags') {
301                 include roles::debtags
302         }
303
304         if has_role('planet_master') {
305                 include roles::planet_master
306         }
307         if has_role('planet_search') {
308                 ssl::service { 'planet-search.debian.org': notify  => Exec['service apache2 reload'], key => true, }
309         }
310
311         if has_role('i18n.d.o') {
312                 ssl::service { 'i18n.debian.org': notify  => Exec['service apache2 reload'], key => true, }
313         }
314
315         if has_role('l10n.d.o') {
316                 ssl::service { 'l10n.debian.org': notify  => Exec['service apache2 reload'], key => true, }
317         }
318
319         if has_role('dedup.d.n') {
320                 ssl::service { 'dedup.debian.net': notify  => Exec['service apache2 reload'], key => true, }
321         }
322
323         if has_role('pet.d.n') {
324                 ssl::service { 'pet.debian.net': notify  => Exec['service apache2 reload'], key => true, }
325                 ssl::service { 'pet-devel.debian.net': notify  => Exec['service apache2 reload'], key => true, }
326         }
327
328         if has_role('ports_master') {
329                 include roles::ports_master
330         }
331         if has_role('ports_mirror') {
332                 include roles::ports_mirror
333         }
334
335         if has_role('onionbalance') {
336                 include onion::balance
337         }
338         if has_role('bgp') {
339                 include roles::bgp
340         }
341         if has_role('cdimage-search') {
342                 include roles::cdimage_search
343         }
344
345         if has_role('postgresql_server') {
346                 include postgres::backup_source
347         }
348
349         if has_role('bacula_director') {
350                 include bacula::director
351         } else {
352                 package { 'bacula-console': ensure => purged; }
353                 file { '/etc/bacula/bconsole.conf': ensure => absent; }
354         }
355         if has_role('bacula_storage') {
356                 include bacula::storage
357         }
358
359         if has_role('salsa.debian.org') {
360                 include salsa
361         }
362
363         if $::keyring_debian_org_mirror {
364                 include roles::keyring_debian_org_mirror
365         }
366
367         if has_role('popcon') {
368                 include roles::popcon
369         }
370
371         if has_role('debsources') {
372                 include roles::debsources
373         }
374
375         if has_role('ipsec') {
376                 include ipsec
377         }
378
379         if has_role('debconf_wafer') {
380                 include roles::debconf_wafer
381         }
382
383         if has_role('cdbuilder_local_mirror') {
384                 include roles::cdbuilder_local_mirror
385         }
386
387         if has_role('alioth_archive') {
388                 include roles::alioth_archive
389         }
390         if has_role('anonscm') {
391                 include roles::anonscm
392         }
393
394 }