1 # the base class defining tings common for all three static classes (master, mirror, source)
2 class roles::static_base {
3 ssh::keygen {'staticsync': }
4 ssh::authorized_key_add { 'staticsync':
5 target_user => 'staticsync',
6 command => "/usr/local/bin/staticsync-ssh-wrap ${::fqdn}",
7 key => $facts['staticsync_key'],
8 collect_tag => 'staticsync',
10 ssh::authorized_key_collect { 'staticsync':
11 target_user => 'staticsync',
12 collect_tag => 'staticsync',
15 file { '/etc/static-components.conf':
16 content => template('roles/static-mirroring/static-components.conf.erb'),
19 file { '/usr/local/bin/staticsync-ssh-wrap':
20 source => 'puppet:///modules/roles/static-mirroring/staticsync-ssh-wrap',
24 file { '/usr/local/bin/static-update-component':
25 source => 'puppet:///modules/roles/static-mirroring/static-update-component',
29 file { '/usr/local/bin/static-mirror-ssh-wrap': ensure => absent; }
30 file { '/usr/local/bin/static-master-ssh-wrap': ensure => absent; }
32 ferm::rule { 'dsa-static-bt-v4':
33 description => 'Allow bt between static hosts',
34 rule => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881:6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V4) ACCEPT; }',
37 ferm::rule { 'dsa-static-bt-v6':
38 description => 'Allow bt between static hosts',
40 rule => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881:6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V6) ACCEPT; }',
44 file { '/etc/staticsync.conf':
46 # This file is sourced by bash
47 # and parsed by python
48 # - empty lines and lines starting with a # are ignored.
49 # - other lines are key=value. No extra spaces anywhere. No quoting.
50 base=/srv/static.debian.org
51 masterbase=/home/staticsync/static-master/master