# Stuff common to all debian.org servers
#
class debian-org {
- if getfromhash($site::nodeinfo, 'hoster', 'mirror-debian') {
- $mirror = getfromhash($site::nodeinfo, 'hoster', 'mirror-debian')
- } else {
- $mirror = 'http://http.debian.net/debian/'
- }
- if $::lsbmajdistrelease < 7 {
- $mirror_backports = 'http://backports.debian.org/debian-backports/'
+ include debian-org::apt
+
+ if $systemd {
+ include systemd
+ $servicefiles = 'present'
} else {
- $mirror_backports = $mirror
+ $servicefiles = 'absent'
}
$debianadmin = [
'debian-admin@ftbfs.de',
'weasel@debian.org',
'steve@lobefin.net',
- 'paravoid@debian.org',
- 'zumbi@kos.to'
+ 'zumbi@oron.es'
]
package { [
'sysklogd',
'rsyslog',
'os-prober',
+ 'apt-listchanges',
]:
ensure => purged,
}
source => 'puppet:///modules/debian-org/basic-ssh_known_hosts'
}
+ if ($::lsbmajdistrelease >= 8) {
+ $rubyfs_package = 'ruby-filesystem'
+ } else {
+ $rubyfs_package = 'libfilesystem-ruby1.9'
+ }
package { [
'apt-utils',
'bash-completion',
'dnsutils',
'less',
'lsb-release',
- 'libfilesystem-ruby1.8',
+ $rubyfs_package,
'mtr-tiny',
'nload',
'pciutils',
ensure => installed,
}
- if $::lsbmajdistrelease >= 7 {
- package { 'libfilesystem-ruby1.9.1':
- ensure => installed,
- }
- }
-
munin::check { [
'cpu',
'entropy',
require => Package['molly-guard'],
}
- file { '/etc/apt/trusted-keys.d':
- ensure => absent,
- force => true,
- }
-
- file { '/etc/apt/trusted.gpg':
- mode => '0600',
- content => "",
- }
-
- site::aptrepo { 'security':
- url => 'http://security.debian.org/',
- suite => "${::lsbdistcodename}/updates",
- components => ['main','contrib','non-free']
- }
- if $::lsbmajdistrelease < 7 {
- site::aptrepo { 'debian-lts':
- url => $mirror,
- suite => "${::lsbdistcodename}-lts",
- components => ['main','contrib','non-free']
- }
- } else {
- site::aptrepo { 'debian-lts':
- ensure => absent,
- }
- }
-
- site::aptrepo { 'backports.debian.org':
- url => $mirror_backports,
- suite => "${::lsbdistcodename}-backports",
- components => ['main','contrib','non-free']
- }
-
- site::aptrepo { 'volatile':
- url => $mirror,
- suite => "${::lsbdistcodename}-updates",
- components => ['main','contrib','non-free']
- }
-
- if ($::hostname in [ball, corelli, eysler, lucatelli, mayer, mayr, rem, pettersson]) or
- ($::hoster and ($::hoster in [bytemark, man-da, brown])) {
- site::aptrepo { 'proposed-updates':
- url => $mirror,
- suite => "${::lsbdistcodename}-proposed-updates",
- components => ['main','contrib','non-free']
- }
- } else {
- site::aptrepo { 'proposed-updates':
- ensure => absent,
- }
- }
-
- site::aptrepo { 'debian.org':
- ensure => absent,
- }
-
- site::aptrepo { 'db.debian.org':
- url => 'http://db.debian.org/debian-admin',
- suite => 'lenny',
- components => 'main',
- key => 'puppet:///modules/debian-org/db.debian.org.gpg',
- }
-
augeas { 'inittab_replicate':
context => '/files/etc/inittab',
changes => [
notify => Exec['init q'],
}
- if getfromhash($site::nodeinfo, 'hoster', 'mirror-debian') {
- site::aptrepo { 'debian':
- url => getfromhash($site::nodeinfo, 'hoster', 'mirror-debian'),
- suite => $::lsbdistcodename,
- components => ['main','contrib','non-free']
- }
- }
file { '/etc/facter':
ensure => directory,
file { '/etc/facter/facts.d/debian_facts.yaml':
content => template('debian-org/debian_facts.yaml.erb')
}
- file { '/etc/apt/preferences':
- source => 'puppet:///modules/debian-org/apt.preferences',
- }
- file { '/etc/apt/apt.conf.d/local-compression':
- source => 'puppet:///modules/debian-org/apt.conf.d/local-compression',
- }
- file { '/etc/apt/apt.conf.d/local-recommends':
- source => 'puppet:///modules/debian-org/apt.conf.d/local-recommends',
- }
- file { '/etc/apt/apt.conf.d/local-pdiffs':
- source => 'puppet:///modules/debian-org/apt.conf.d/local-pdiffs',
- }
file { '/etc/timezone':
source => 'puppet:///modules/debian-org/timezone',
notify => Exec['dpkg-reconfigure tzdata -pcritical -fnoninteractive'],
}
file { '/etc/puppet/puppet.conf':
content => template('debian-org/puppet.conf.erb'),
+ mode => 0440,
}
file { '/etc/default/puppet':
source => 'puppet:///modules/debian-org/puppet.default',
}
+ file { '/etc/systemd':
+ ensure => directory,
+ mode => 0755,
+ }
+ file { '/etc/systemd/system':
+ ensure => directory,
+ mode => 0755,
+ }
+ file { '/etc/systemd/system/ud-replicated.service':
+ ensure => $servicefiles,
+ source => 'puppet:///modules/debian-org/ud-replicated.service',
+ notify => Exec['systemctl daemon-reload'],
+ }
+ if $systemd {
+ file { '/etc/systemd/system/multi-user.target.wants/ud-replicated.service':
+ ensure => 'link',
+ target => '../ud-replicated.service',
+ notify => Exec['systemctl daemon-reload'],
+ }
+ }
+ file { '/etc/systemd/system/puppet.service':
+ ensure => 'link',
+ target => '/dev/null',
+ notify => Exec['systemctl daemon-reload'],
+ }
+ file { '/etc/systemd/system/proc-sys-fs-binfmt_misc.automount':
+ ensure => 'link',
+ target => '/dev/null',
+ notify => Exec['systemctl daemon-reload'],
+ }
+
file { '/etc/cron.d/dsa-puppet-stuff':
- source => 'puppet:///modules/debian-org/dsa-puppet-stuff.cron',
+ content => template('debian-org/dsa-puppet-stuff.cron.erb'),
require => Package['debian.org'],
}
file { '/etc/ldap/ldap.conf':
require => Package['debian.org'],
- source => 'puppet:///modules/debian-org/ldap.conf',
+ content => template('debian-org/ldap.conf.erb'),
}
file { '/etc/pam.d/common-session':
require => Package['debian.org'],
}
file { '/etc/rc.local':
mode => '0755',
- source => 'puppet:///modules/debian-org/rc.local',
- notify => Exec['rc.local start'],
+ content => template('debian-org/rc.local.erb'),
+ notify => Exec['service rc.local start'],
}
file { '/etc/dsa':
ensure => directory,
source => 'puppet:///modules/debian-org/nsswitch.conf',
}
+ file { '/etc/profile.d/timeout.sh':
+ mode => '0555',
+ source => 'puppet:///modules/debian-org/etc.profile.d/timeout.sh',
+ }
+ file { '/etc/zsh':
+ ensure => directory,
+ }
+ file { '/etc/zsh/zprofile':
+ mode => '0444',
+ source => 'puppet:///modules/debian-org/etc.zsh/zprofile',
+ }
+
# set mmap_min_addr to 4096 to mitigate
# Linux NULL-pointer dereference exploits
site::sysctl { 'mmap_min_addr':
group => root,
}
- exec { 'apt-get update':
- path => '/usr/bin:/usr/sbin:/bin:/sbin',
- onlyif => '/usr/local/bin/check_for_updates',
- require => File['/usr/local/bin/check_for_updates']
- }
- Exec['apt-get update']->Package<| tag == extra_repo |>
-
exec { 'dpkg-reconfigure tzdata -pcritical -fnoninteractive':
path => '/usr/bin:/usr/sbin:/bin:/sbin',
refreshonly => true
}
- exec { 'puppetmaster restart':
- path => '/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin',
+ exec { 'service puppetmaster restart':
refreshonly => true
}
- exec { 'rc.local start':
- path => '/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin',
+ exec { 'service rc.local start':
refreshonly => true
}
exec { 'init q':
refreshonly => true
}
+ exec { 'systemctl daemon-reload':
+ refreshonly => true,
+ onlyif => "test -x /bin/systemctl"
+ }
+
+ exec { 'systemd-tmpfiles --create --exclude-prefix=/dev':
+ refreshonly => true,
+ onlyif => "test -x /bin/systemd-tmpfiles"
+ }
+
tidy { '/var/lib/puppet/clientbucket/':
age => '2w',
recurse => 9,
file { '/root/.profile':
source => 'puppet:///modules/debian-org/root-dotfiles/profile',
}
+ file { '/root/.selected_editor':
+ source => 'puppet:///modules/debian-org/root-dotfiles/selected_editor',
+ }
file { '/root/.screenrc':
source => 'puppet:///modules/debian-org/root-dotfiles/screenrc',
}
+ file { '/root/.tmux.conf':
+ source => 'puppet:///modules/debian-org/root-dotfiles/tmux.conf',
+ }
file { '/root/.vimrc':
source => 'puppet:///modules/debian-org/root-dotfiles/vimrc',
}