1 # = Class: roles::dbmaster
3 # Setup for db.debian.org master host
7 # include roles::dbmaster
9 class roles::dbmaster {
12 include roles::pubsub::parameters
14 $rabbit_password = $roles::pubsub::parameters::rabbit_password
16 ssl::service { 'db.debian.org':
17 notify => [ Exec['service apache2 reload'],
20 tlsaport => [443, 389, 636],
23 file { '/etc/ldap/db.debian.org.key':
27 content => inline_template('<%= File.read(scope().call_function("hiera", ["paths.letsencrypt_dir"]) + "/db.debian.org.key") %>'),
31 roles::pubsub::config { 'generate':
32 key => 'dsa-udgenerate',
34 topic => 'dsa.ud.replicate',
37 password => $rabbit_password
45 ssh::authorized_key_add { 'dbmaster::puppetmaster::nagios-build':
46 target_user => 'puppet',
47 command => '/srv/puppet.debian.org/sync/bin/puppet-ssh-wrap draghi.debian.org nagiosconfig',
48 key => $facts['dsa_key'],
49 collect_tag => 'puppetmaster',
52 exim::vdomain { 'db.debian.org':
53 mail_user => 'mail_db',
54 mail_group => 'nogroup',
57 ferm::rule::simple { 'finger':
60 ferm::rule::simple { 'ldap':
61 port => ['ldap', 'ldaps'],
64 concat { '/etc/apache2/conf-available/puppet-restricted-acl.conf':
66 ensure_newline => true,
67 warn => '# This file is maintained with puppet',
69 Concat::Fragment <<| tag == 'debian_org::apt_restricted::apache-acl' |>>
70 concat::fragment { 'debian_org::apt_restricted::apache-acl-head':
71 target => '/etc/apache2/conf-available/puppet-restricted-acl.conf',
74 <Macro dsa-apt-restricted-acl>
77 concat::fragment { 'debian_org::apt_restricted::apache-acl-tail':
78 target => '/etc/apache2/conf-available/puppet-restricted-acl.conf',
84 file { '/etc/apache2/conf-enabled/puppet-restricted-acl.conf':
86 target => '../conf-available/puppet-restricted-acl.conf',
87 notify => Exec['service apache2 reload'],