1 class roles::static_base {
2 ssh::keygen {'staticsync': }
4 file { '/etc/static-components.conf':
5 content => template('roles/static-mirroring/static-components.conf.erb'),
8 file { '/etc/ssh/userkeys/staticsync':
9 content => template('roles/static-mirroring/staticsync-authorized_keys.erb'),
12 file { '/usr/local/bin/staticsync-ssh-wrap':
13 source => 'puppet:///modules/roles/static-mirroring/staticsync-ssh-wrap',
17 file { '/usr/local/bin/static-update-component':
18 source => 'puppet:///modules/roles/static-mirroring/static-update-component',
22 file { '/usr/local/bin/static-mirror-ssh-wrap': ensure => absent; }
23 file { '/usr/local/bin/static-master-ssh-wrap': ensure => absent; }
25 ferm::rule { 'dsa-static-bt-v4':
26 description => 'Allow bt between static hosts',
27 rule => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881:6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V4) ACCEPT; }',
30 ferm::rule { 'dsa-static-bt-v6':
31 description => 'Allow bt between static hosts',
33 rule => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881:6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V6) ACCEPT; }',
37 file { "/etc/staticsync.conf":
39 # This file is sourced by bash
40 # and parsed by python
41 # - empty lines and lines starting with a # are ignored.
42 # - other lines are key=value. No extra spaces anywhere. No quoting.
43 base=/srv/static.debian.org
44 masterbase=/home/staticsync/static-master/master