}
file { '/etc/static-components.conf':
- source => 'puppet:///modules/roles/static-mirroring/static-components.conf',
+ content => template('roles/static-mirroring/static-components.conf.erb'),
+ }
+
+ file { '/etc/ssh/userkeys/staticsync':
+ content => template('roles/static-mirroring/staticsync-authorized_keys.erb'),
+ }
+
+ file { '/usr/local/bin/staticsync-ssh-wrap':
+ source => 'puppet:///modules/roles/static-mirroring/staticsync-ssh-wrap',
+ mode => '0555',
+ }
+
+ file { '/usr/local/bin/static-update-component':
+ source => 'puppet:///modules/roles/static-mirroring/static-update-component',
+ mode => '0555',
+ }
+
+ file { '/usr/local/bin/static-mirror-ssh-wrap': ensure => absent; }
+ file { '/usr/local/bin/static-master-ssh-wrap': ensure => absent; }
+
+ @ferm::rule { 'dsa-static-bt-v4':
+ description => 'Allow bt between static hosts',
+ rule => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881:6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V4) ACCEPT; }',
+ notarule => true,
+ }
+ @ferm::rule { 'dsa-static-bt-v6':
+ description => 'Allow bt between static hosts',
+ domain => 'ip6',
+ rule => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881:6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V6) ACCEPT; }',
+ notarule => true,
+ }
+
+ file { "/etc/staticsync.conf":
+ content => @("EOF"),
+ # This file is sourced by bash
+ # and parsed by python
+ # - empty lines and lines starting with a # are ignored.
+ # - other lines are key=value. No extra spaces anywhere. No quoting.
+ base=/srv/static.debian.org
+ masterbase=/home/staticsync/static-master/master
+ staticuser=staticsync
+ | EOF
}
}