# Stuff common to all debian.org servers
#
class debian-org {
- if getfromhash($site::nodeinfo, 'hoster', 'mirror-debian') {
- $mirror = getfromhash($site::nodeinfo, 'hoster', 'mirror-debian')
- } else {
- $mirror = 'http://ftp.debian.org/debian/'
- }
- if $::lsbmajdistrelease < 7 {
- $mirror_backports = 'http://backports.debian.org/debian-backports/'
- } else {
- $mirror_backports = $mirror
- }
-
- if $::lsbmajdistrelease <= 7 {
- $mungedcodename = $::lsbdistcodename
- } elsif ($::debarchitecture in ['kfreebsd-amd64', 'kfreebsd-i386']) {
- $mungedcodename = "${::lsbdistcodename}-kfreebsd"
- } else {
- $mungedcodename = $::lsbdistcodename
- }
+ include debian-org::apt
if $systemd {
include systemd
'debian-admin@ftbfs.de',
'weasel@debian.org',
'steve@lobefin.net',
- 'paravoid@debian.org',
- 'zumbi@kos.to'
+ 'zumbi@oron.es'
]
package { [
if ($::lsbmajdistrelease >= 8) {
$rubyfs_package = 'ruby-filesystem'
- } elsif $::lsbmajdistrelease == 7 {
- $rubyfs_package = 'libfilesystem-ruby1.9'
} else {
- $rubyfs_package = 'libfilesystem-ruby1.8'
+ $rubyfs_package = 'libfilesystem-ruby1.9'
}
package { [
'apt-utils',
require => Package['molly-guard'],
}
- file { '/etc/apt/trusted-keys.d':
- ensure => absent,
- force => true,
- }
-
- file { '/etc/apt/trusted.gpg':
- mode => '0600',
- content => "",
- }
-
- site::aptrepo { 'security':
- url => 'http://security.debian.org/',
- suite => "${mungedcodename}/updates",
- components => ['main','contrib','non-free']
- }
- if $::lsbmajdistrelease < 7 {
- site::aptrepo { 'debian-lts':
- url => $mirror,
- suite => "${::lsbdistcodename}-lts",
- components => ['main','contrib','non-free']
- }
- } else {
- site::aptrepo { 'debian-lts':
- ensure => absent,
- }
- }
-
- site::aptrepo { 'backports.debian.org':
- url => $mirror_backports,
- suite => "${::lsbdistcodename}-backports",
- components => ['main','contrib','non-free']
- }
-
- site::aptrepo { 'volatile':
- url => $mirror,
- suite => "${::lsbdistcodename}-updates",
- components => ['main','contrib','non-free']
- }
-
- if ($::hostname in [mips-aql-05, mipsel-aql-02]) or {
- site::aptrepo { 'proposed-updates':
- url => $mirror,
- suite => "${::lsbdistcodename}-proposed-updates",
- components => ['main','contrib','non-free']
- }
- } else {
- site::aptrepo { 'proposed-updates':
- ensure => absent,
- }
- }
-
- site::aptrepo { 'debian.org':
- ensure => absent,
- }
-
- site::aptrepo { 'db.debian.org':
- url => 'http://db.debian.org/debian-admin',
- suite => 'debian-all',
- components => 'main',
- key => 'puppet:///modules/debian-org/db.debian.org.gpg',
- }
- site::aptrepo { 'db.debian.org-suite':
- url => 'http://db.debian.org/debian-admin',
- suite => $::lsbdistcodename,
- components => 'main',
- }
-
augeas { 'inittab_replicate':
context => '/files/etc/inittab',
changes => [
notify => Exec['init q'],
}
- if getfromhash($site::nodeinfo, 'hoster', 'mirror-debian') {
- site::aptrepo { 'debian':
- url => getfromhash($site::nodeinfo, 'hoster', 'mirror-debian'),
- suite => $mungedcodename,
- components => ['main','contrib','non-free']
- }
- }
file { '/etc/facter':
ensure => directory,
file { '/etc/facter/facts.d/debian_facts.yaml':
content => template('debian-org/debian_facts.yaml.erb')
}
- file { '/etc/apt/preferences':
- source => 'puppet:///modules/debian-org/apt.preferences',
- }
- file { '/etc/apt/apt.conf.d/local-compression':
- source => 'puppet:///modules/debian-org/apt.conf.d/local-compression',
- }
- file { '/etc/apt/apt.conf.d/local-recommends':
- source => 'puppet:///modules/debian-org/apt.conf.d/local-recommends',
- }
- file { '/etc/apt/apt.conf.d/local-pdiffs':
- source => 'puppet:///modules/debian-org/apt.conf.d/local-pdiffs',
- }
file { '/etc/timezone':
source => 'puppet:///modules/debian-org/timezone',
notify => Exec['dpkg-reconfigure tzdata -pcritical -fnoninteractive'],
}
file { '/etc/puppet/puppet.conf':
content => template('debian-org/puppet.conf.erb'),
+ mode => 0440,
}
file { '/etc/default/puppet':
source => 'puppet:///modules/debian-org/puppet.default',
target => '/dev/null',
notify => Exec['systemctl daemon-reload'],
}
+ file { '/etc/systemd/system/proc-sys-fs-binfmt_misc.automount':
+ ensure => 'link',
+ target => '/dev/null',
+ notify => Exec['systemctl daemon-reload'],
+ }
file { '/etc/cron.d/dsa-puppet-stuff':
content => template('debian-org/dsa-puppet-stuff.cron.erb'),
source => 'puppet:///modules/debian-org/nsswitch.conf',
}
+ file { '/etc/profile.d/timeout.sh':
+ mode => '0555',
+ source => 'puppet:///modules/debian-org/etc.profile.d/timeout.sh',
+ }
+ file { '/etc/zsh':
+ ensure => directory,
+ }
+ file { '/etc/zsh/zprofile':
+ mode => '0444',
+ source => 'puppet:///modules/debian-org/etc.zsh/zprofile',
+ }
+
# set mmap_min_addr to 4096 to mitigate
# Linux NULL-pointer dereference exploits
site::sysctl { 'mmap_min_addr':
group => root,
}
- exec { 'apt-get update':
- path => '/usr/bin:/usr/sbin:/bin:/sbin',
- onlyif => '/usr/local/bin/check_for_updates',
- require => File['/usr/local/bin/check_for_updates']
- }
- Exec['apt-get update']->Package<| tag == extra_repo |>
-
exec { 'dpkg-reconfigure tzdata -pcritical -fnoninteractive':
path => '/usr/bin:/usr/sbin:/bin:/sbin',
refreshonly => true
file { '/root/.profile':
source => 'puppet:///modules/debian-org/root-dotfiles/profile',
}
+ file { '/root/.selected_editor':
+ source => 'puppet:///modules/debian-org/root-dotfiles/selected_editor',
+ }
file { '/root/.screenrc':
source => 'puppet:///modules/debian-org/root-dotfiles/screenrc',
}
+ file { '/root/.tmux.conf':
+ source => 'puppet:///modules/debian-org/root-dotfiles/tmux.conf',
+ }
file { '/root/.vimrc':
source => 'puppet:///modules/debian-org/root-dotfiles/vimrc',
}