---
-nameservers: []
-searchpaths: []
-resolvoptions: []
+
+lookup_options:
+ # with merge: unique entries in other hiera sources add to the array
+ resolv::searchpaths:
+ merge: unique
+ apt::sources::debian::location:
+ merge: unique
+
+# class parameters
+resolv::nameservers: []
+resolv::searchpaths: ['debian.org']
+staticsync::user: 'staticsync'
+staticsync::basedir: '/srv/static.debian.org'
+
+roles::dns_primary::allow_access:
+ # easydns
+ - '64.68.200.91'
+ - '205.210.42.80'
+ # rcode0
+ - '83.136.34.0/27'
+ - '2a02:850:8::/47'
+ # netnod
+ - '192.71.80.0/24'
+ - '192.36.144.222'
+ - '192.36.144.218'
+ - '194.146.105.24'
+ - '194.146.105.25'
+ - '2a01:3f0:0:27::24'
+ - '2a01:3f0:0:28::25'
+
+# other variables
allow_dns_query: []
role_config__mirrors:
mirror_basedir_prefix: '/srv/mirrors/'
letsencrypt_dir: '/srv/puppet.debian.org/from-letsencrypt'
auto_certs_dir: '/srv/puppet.debian.org/ca/RESULT/certs'
auto_clientcerts_dir: '/srv/puppet.debian.org/ca/RESULT/clientcerts'
+apt::sources::debian::location: 'https://deb.debian.org/debian/'
+
+
+# all of these should be retired in favour of including the class role
+# with the host. weasel, 2019-09
roles:
- bugsmx:
- - buxtehude.debian.org
- bugs_master:
- - buxtehude.debian.org
- bugs_mirror:
- - beach.debian.org
- bugs_base:
- - buxtehude.debian.org
- - beach.debian.org
- buildd_master:
- - wuiet.debian.org
- contributors:
- - nono.debian.org
- dbmaster:
- - draghi.debian.org
- debtags:
- - tate.debian.org
- dns_primary:
- - denis.debian.org
- dns_geo:
- - geo1.debian.org
- - geo2.debian.org
- - geo3.debian.org
- extranrpeclient:
- - denis.debian.org
ftp_master:
+ # XXX - used by ferm templates/defs.conf.erb
- fasolo.debian.org
- ftp.upload.d.o:
- - coccia.debian.org
- - usper.debian.org
- api.ftp-master:
- - coccia.debian.org
- dgit_browse:
- - cgi-grnet-01.debian.org
- dgit_git:
- - cgi-grnet-01.debian.org
- git_master:
- - adayevskaya.debian.org
- historicalpackages:
- - hier.debian.org
- jenkins:
- - jerea.debian.org
- keyring:
- - kaufmann.debian.org
- lists:
- - bendel.debian.org
mailrelay:
+ # XXX - ONLY used by ferm templates/defs.conf.erb
- mailly.debian.org
- muffat.debian.org
- manpages-dyn:
- - manziarly.debian.org
- - cgi-grnet-01.debian.org
- mirrormaster:
- - melartin.debian.org
muninmaster:
+ # XXX - used by ferm templates/defs.conf.erb
- menotti.debian.org
nagiosmaster:
+ # XXX - used by ferm templates/defs.conf.erb
- tchaikovsky.debian.org
- nm:
- - nono.debian.org
- packages:
- - picconi.debian.org
- - pkgmirror-csail.debian.org
- packagesmaster:
- - picconi.debian.org
- packagesqamaster:
- - quantz.debian.org
- people:
- - paradis.debian.org
- piuparts:
- - pejacevic.debian.org
- piuparts_slave:
- - piu-slave-bm-a.debian.org
- - piu-slave-ubc-01.debian.org
- popcon:
- - pinel.debian.org
- pubsub:
- - rainier.debian.org
- - rapoport.debian.org
- qamaster:
- - quantz.debian.org
- rtmaster:
- - reger.debian.org
- rtc:
- - vogler.debian.org
- search_backend:
- - wolkenstein.debian.org
- search_frontend:
- - cgi-grnet-01.debian.org
- archvsync_base_additional:
- # this is usually pulled in by *-mirror or syncproxy roles
- - dummy
security_master:
+ # XXX - used by ferm templates/defs.conf.erb
- seger.debian.org
security_mirror:
+ # XXX used also in ferm me.conf.erb
mirror-anu.debian.org:
fastly-backend: false
mirror-csail.debian.org:
wieck.debian.org:
service-hostname: wieck.security.backend.mirrors.debian.org
fastly-backend: true
- security_tracker:
- - soriano.debian.org
- security_upload:
- - suchon.debian.org
- ssh.upload.d.o:
- - coccia.debian.org
- - suchon.debian.org
- - usper.debian.org
- sso:
- - diabelli.debian.org
- # single sign on relying party (host) - also required apache2 module enabled on that host via other means
- sso_rp:
- - debussy.debian.org
- - diabelli.debian.org
- - jerea.debian.org
- - nono.debian.org
- - quantz.debian.org
- - tate.debian.org
- - ticharich.debian.org
- - wilder.debian.org
- - wuiet.debian.org
- static_master:
- - dillon.debian.org
- - fasolo.debian.org
- - porta.debian.org
- - static-master-grnet-01.debian.org
- static_mirror:
- - klecker.debian.org
- - mirror-anu.debian.org
- - mirror-csail.debian.org
- - mirror-isc.debian.org
- - senfter.debian.org
- - santoro.debian.org
- static_mirror_onion:
- - klecker.debian.org
- - mirror-isc.debian.org
- - senfter.debian.org
- # when adding a new static mirror, allow it to sync etc, but do not push to it and wait for it. For this, also add it to static_mirror_nopush.
- static_mirror_nopush:
- - dummy
- static_source:
- - boott.debian.org
- - casulana.debian.org
- - coccia.debian.org
- - dillon.debian.org
- - donizetti.debian.org
- - fasolo.debian.org
- - kaufmann.debian.org
- - lindsay.debian.org
- - manziarly.debian.org
- - mekeel.debian.org
- - melartin.debian.org
- - porta.debian.org
- - philp.debian.org
- - respighi.debian.org
- - wolkenstein.debian.org
- - wuiet.debian.org
- syncproxy:
- - gretchaninov.debian.org
- - klecker.debian.org
- - milanollo.debian.org
- - mirror-anu.debian.org
- - mirror-isc.debian.org
- - mirror-umn.debian.org
- - schmelzer.debian.org
- - smit.debian.org
- tracker:
- - ticharich.debian.org
- udd:
- - ullmann.debian.org
- vote:
- - vento.debian.org
- weblog_destination:
- - wolkenstein.debian.org
- weblog_provider:
- - klecker.debian.org
- - mirror-anu.debian.org
- - mirror-csail.debian.org
- - mirror-isc.debian.org
- - mirror-umn.debian.org
- - santoro.debian.org
- - senfter.debian.org
- wiki:
- - wilder.debian.org
- www_master:
- - wolkenstein.debian.org
- cgi.d.o:
- - wolkenstein.debian.org
postgres_backup_server:
+ # XXX - used by ferm templates/defs.conf.erb
- backuphost.debian.org
- storace.debian.org
- bacula_director:
- - dinis.debian.org
- bacula_storage:
- - storace.debian.org
- dabackup_client:
- - lw03.debian.org
- gobby_debian_org:
- - gombert.debian.org
- veyepar.debian.org:
- - vittoria.debian.org
- sreview.debian.org:
- - vittoria.debian.org
debian_mirror:
+ # XXX used also in ferm me.conf.erb
klecker.debian.org:
listen-addresses:
- '130.89.148.12:80'
- '[2001:67c:2564:a119::148:12]:80'
onion_v4_address: 130.89.148.12
+ new-klecker.debian.org: {}
mirror-accumu.debian.org:
service-hostname: accumu.debian.backend.mirrors.debian.org
fastly-backend: true
fastly-backend: true
service-hostname: conova.debian.backend.mirrors.debian.org
historical_master:
+ # XXX - used by ferm templates/defs.conf.erb
- sibelius.debian.org
historical_mirror:
+ # XXX used also in ferm me.conf.erb
- gretchaninov.debian.org
- klecker.debian.org
- schmelzer.debian.org
- sibelius.debian.org
debug_mirror:
+ # XXX used also in ferm me.conf.erb
mirror-accumu.debian.org:
onion_v4_address: 130.242.6.199
service-hostname: accumu.debug.backend.mirrors.debian.org
debug_mirror_onion:
- mirror-accumu.debian.org
- schmelzer.debian.org
- ports_mirror:
- - klecker.debian.org
- - mirror-isc.debian.org
- ports_mirror_onion:
- - klecker.debian.org
- - mirror-isc.debian.org
- planet_master:
- - philp.debian.org
- planet_search:
- - philp.debian.org
- i18n.d.o:
- - tye.debian.org
- l10n.d.o:
- - tye.debian.org
- dedup.d.n:
- - delfin.debian.org
- pet.d.n:
- - petrova.debian.org
ports_master:
+ # XXX - used by ferm templates/defs.conf.erb
- porta.debian.org
- onionbalance:
- - olin.debian.org
bgp:
- mirror-accumu.debian.org
- mirror-skroutz.debian.org
- cdimage-search:
- - cgi-grnet-01.debian.org
- apache_prefork:
- # php needs this
- - quantz.debian.org
- - tchaikovsky.debian.org
- - wuiet.debian.org
postgresql_server:
# postgresql instances not managed by puppet otherwise
- bmdb1.debian.org
- fasolo.debian.org
- lw07.debian.org
- melartin.debian.org
+ - postgresql-manda-01.debian.org
- sallinen.debian.org
- seger.debian.org
- - sibelius.debian.org
- snapshotdb-manda-01.debian.org
- vittoria.debian.org
- salsa.debian.org:
- - godard.debian.org
- insecure_ssl:
- - debussy.debian.org
- - godard.debian.org
- debsources:
- - sor.debian.org
- ipsec:
- - fasolo.debian.org
- - storace.debian.org
- debconf_wafer:
- - debussy.debian.org
- apache_not_public:
- # Hosts that run apache but where it should not be open to the internet by
- # default
- - casulana.debian.org
- apache_ratelimited:
- - beach.debian.org
- - buxtehude.debian.org
- - lw07.debian.org
- - picconi.debian.org
- - pkgmirror-csail.debian.org
- - sallinen.debian.org
- cdbuilder_local_mirror:
- - casulana.debian.org
- alioth_archive:
- - grabbe.debian.org
- snapshot_web:
- - lw07.debian.org
- - sallinen.debian.org
- snapshot_shell:
- - lw08.debian.org
- anonscm:
- - cgi-grnet-01.debian.org
classes:
- - base
+ - base::includes
projects / mirror / dsa-puppet.git / blobdiff