set expires: headers on alioth-archive

[mirror/dsa-puppet.git] / modules / roles / manifests / static_base.pp

diff --git a/modules/roles/manifests/static_base.pp b/modules/roles/manifests/static_base.pp
index 267c8ba..fa756d6 100644 (file)
--- a/modules/roles/manifests/static_base.pp
+++ b/modules/roles/manifests/static_base.pp
@@ -1,17 +1,53 @@
 class roles::static_base {
-    if ! $::staticsync_key {
-        exec { 'create-staticsync-key':
-            command => '/bin/su - staticsync -c \'mkdir -p -m 02700 .ssh && ssh-keygen -C "`whoami`@`hostname` (`date +%Y-%m-%d`)" -P "" -f .ssh/id_rsa -q\'',
-            onlyif  => '/usr/bin/getent passwd staticsync > /dev/null && ! [ -e /home/staticsync/.ssh/id_rsa ]'
-        }
-    }
+       if ! $::staticsync_key {
+               exec { 'create-staticsync-key':
+                       command => '/bin/su - staticsync -c \'mkdir -p -m 02700 .ssh && ssh-keygen -C "`whoami`@`hostname` (`date +%Y-%m-%d`)" -P "" -f .ssh/id_rsa -q\'',
+                       onlyif  => '/usr/bin/getent passwd staticsync > /dev/null && ! [ -e /home/staticsync/.ssh/id_rsa ]'
+               }
+       }
 
-    file {
-        '/etc/static-components.conf':
-            source  => "puppet:///modules/roles/static-mirroring/static-components.conf",
-            ;
-    }
+       file { '/etc/static-components.conf':
+               content => template('roles/static-mirroring/static-components.conf.erb'),
+       }
+
+       file { '/etc/ssh/userkeys/staticsync':
+               content => template('roles/static-mirroring/staticsync-authorized_keys.erb'),
+       }
+
+       file { '/usr/local/bin/staticsync-ssh-wrap':
+               source => 'puppet:///modules/roles/static-mirroring/staticsync-ssh-wrap',
+               mode   => '0555',
+       }
+
+       file { '/usr/local/bin/static-update-component':
+               source => 'puppet:///modules/roles/static-mirroring/static-update-component',
+               mode    => '0555',
+       }
+
+       file { '/usr/local/bin/static-mirror-ssh-wrap': ensure => absent; }
+       file { '/usr/local/bin/static-master-ssh-wrap': ensure => absent; }
+
+       @ferm::rule { 'dsa-static-bt-v4':
+               description => 'Allow bt between static hosts',
+               rule        => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881:6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V4) ACCEPT; }',
+               notarule    => true,
+       }
+       @ferm::rule { 'dsa-static-bt-v6':
+               description => 'Allow bt between static hosts',
+               domain      => 'ip6',
+               rule        => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881:6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V6) ACCEPT; }',
+               notarule    => true,
+       }
+
+       file { "/etc/staticsync.conf":
+               content  => @("EOF"),
+                               # This file is sourced by bash
+                               # and parsed by python
+                               #  - empty lines and lines starting with a # are ignored.
+                               #  - other lines are key=value.  No extra spaces anywhere.  No quoting.
+                               base=/srv/static.debian.org
+                               masterbase=/home/staticsync/static-master/master
+                               staticuser=staticsync
+                               | EOF
+       }
 }
-# vim:set et:
-# vim:set sts=4 ts=4:
-# vim:set shiftwidth=4: