1 class roles::static_base {
2 if ! $::staticsync_key {
3 exec { 'create-staticsync-key':
4 command => '/bin/su - staticsync -c \'mkdir -p -m 02700 .ssh && ssh-keygen -C "`whoami`@`hostname` (`date +%Y-%m-%d`)" -P "" -f .ssh/id_rsa -q\'',
5 onlyif => '/usr/bin/getent passwd staticsync > /dev/null && ! [ -e /home/staticsync/.ssh/id_rsa ]'
9 file { '/etc/static-components.conf':
10 content => template('roles/static-mirroring/static-components.conf.erb'),
13 file { '/etc/ssh/userkeys/staticsync':
14 content => template('roles/static-mirroring/staticsync-authorized_keys.erb'),
17 file { '/usr/local/bin/staticsync-ssh-wrap':
18 source => 'puppet:///modules/roles/static-mirroring/staticsync-ssh-wrap',
22 file { '/usr/local/bin/static-update-component':
23 source => 'puppet:///modules/roles/static-mirroring/static-update-component',
27 file { '/usr/local/bin/static-mirror-ssh-wrap': ensure => absent; }
28 file { '/usr/local/bin/static-master-ssh-wrap': ensure => absent; }
30 @ferm::rule { 'dsa-static-bt-v4':
31 description => 'Allow bt between static hosts',
32 rule => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881:6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V4) ACCEPT; }',
35 @ferm::rule { 'dsa-static-bt-v6':
36 description => 'Allow bt between static hosts',
38 rule => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881:6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V6) ACCEPT; }',
42 file { "/etc/staticsync.conf":
44 # This file is sourced by bash
45 # and parsed by python
46 # - empty lines and lines starting with a # are ignored.
47 # - other lines are key=value. No extra spaces anywhere. No quoting.
48 base=/srv/static.debian.org
49 masterbase=/home/staticsync/static-master/master