X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fdebian-org%2Fmanifests%2Finit.pp;h=d49feca8cb3d8e19ea909f773ae4c7163d068e28;hb=382631d89f998e0cacd42a44464225780c8f8a0e;hp=ce88c13e606d908c060b0e2fa5b927e3878a5f03;hpb=fb8ec0aad286fe746ddc6c241ef9611e261edf38;p=mirror%2Fdsa-puppet.git diff --git a/modules/debian-org/manifests/init.pp b/modules/debian-org/manifests/init.pp index ce88c13e6..d49feca8c 100644 --- a/modules/debian-org/manifests/init.pp +++ b/modules/debian-org/manifests/init.pp @@ -6,12 +6,12 @@ class debian-org { if getfromhash($site::nodeinfo, 'hoster', 'mirror-debian') { $mirror = getfromhash($site::nodeinfo, 'hoster', 'mirror-debian') } else { - $mirror = 'http://ftp.debian.org/debian/' - } - if $::lsbmajdistrelease < 7 { - $mirror_backports = 'http://backports.debian.org/debian-backports/' - } else { - $mirror_backports = $mirror + #$mirror = 'http://ftp.debian.org/debian/' + if $::lsbmajdistrelease <= 8 { + $mirror = 'http://cdn-fastly.deb.debian.org/debian/' + } else { + $mirror = 'http://deb.debian.org/debian/' + } } if $::lsbmajdistrelease <= 7 { @@ -34,8 +34,7 @@ class debian-org { 'debian-admin@ftbfs.de', 'weasel@debian.org', 'steve@lobefin.net', - 'paravoid@debian.org', - 'zumbi@kos.to' + 'zumbi@oron.es' ] package { [ @@ -61,13 +60,18 @@ class debian-org { source => 'puppet:///modules/debian-org/basic-ssh_known_hosts' } + if ($::lsbmajdistrelease >= 8) { + $rubyfs_package = 'ruby-filesystem' + } else { + $rubyfs_package = 'libfilesystem-ruby1.9' + } package { [ 'apt-utils', 'bash-completion', 'dnsutils', 'less', 'lsb-release', - 'libfilesystem-ruby1.8', + $rubyfs_package, 'mtr-tiny', 'nload', 'pciutils', @@ -75,16 +79,6 @@ class debian-org { ensure => installed, } - if $::lsbmajdistrelease == 7 { - package { 'libfilesystem-ruby1.9.1': - ensure => installed, - } - } elsif $::lsbmajdistrelease >= 8 { - package { 'ruby-filesystem': - ensure => installed, - } - } - munin::check { [ 'cpu', 'entropy', @@ -136,53 +130,44 @@ class debian-org { content => "", } - site::aptrepo { 'security': - url => 'http://security.debian.org/', - suite => "${mungedcodename}/updates", - components => ['main','contrib','non-free'] - } - if $::lsbmajdistrelease < 7 { - site::aptrepo { 'debian-lts': - url => $mirror, - suite => "${::lsbdistcodename}-lts", + if ($::lsbmajdistrelease >= 8) { + site::aptrepo { 'security': + url => 'http://security-cdn.debian.org/', + suite => "${mungedcodename}/updates", components => ['main','contrib','non-free'] } } else { - site::aptrepo { 'debian-lts': + site::aptrepo { 'security': ensure => absent, } } + site::aptrepo { 'debian-lts': + ensure => absent, + } site::aptrepo { 'backports.debian.org': - url => $mirror_backports, + url => $mirror, suite => "${::lsbdistcodename}-backports", components => ['main','contrib','non-free'] } - if (($::lsbmajdistrelease) >= 8 and ($::debarchitecture in ['kfreebsd-amd64', 'kfreebsd-i386'])) { - site::aptrepo { 'volatile': - ensure => absent, - } - } else { - site::aptrepo { 'volatile': + site::aptrepo { 'volatile': + url => $mirror, + suite => "${::lsbdistcodename}-updates", + components => ['main','contrib','non-free'] + } + + if ($::hostname in [] or $::debarchitecture in ['kfreebsd-amd64', 'kfreebsd-i386']) { + site::aptrepo { 'proposed-updates': url => $mirror, - suite => "${::lsbdistcodename}-updates", + suite => "${mungedcodename}-proposed-updates", components => ['main','contrib','non-free'] } - } - - #if ($::hostname in [ball, corelli, eysler, lucatelli, mayer, mayr, pettersson]) or - # ($::hoster and ($::hoster in [bytemark, man-da, brown])) { - # site::aptrepo { 'proposed-updates': - # url => $mirror, - # suite => "${::lsbdistcodename}-proposed-updates", - # components => ['main','contrib','non-free'] - # } - #} else { + } else { site::aptrepo { 'proposed-updates': ensure => absent, } - #} + } site::aptrepo { 'debian.org': ensure => absent, @@ -217,6 +202,15 @@ class debian-org { components => ['main','contrib','non-free'] } } + site::aptrepo { 'debian-cdn': + ensure => absent, + } + + site::aptrepo { 'debian2': + url => "http://cdn-fastly.deb.debian.org/debian", + suite => $mungedcodename, + components => ['main','contrib','non-free'] + } file { '/etc/facter': ensure => directory, @@ -243,6 +237,9 @@ class debian-org { file { '/etc/apt/apt.conf.d/local-pdiffs': source => 'puppet:///modules/debian-org/apt.conf.d/local-pdiffs', } + file { '/etc/apt/apt.conf.d/local-langs': + source => 'puppet:///modules/debian-org/apt.conf.d/local-langs', + } file { '/etc/timezone': source => 'puppet:///modules/debian-org/timezone', notify => Exec['dpkg-reconfigure tzdata -pcritical -fnoninteractive'], @@ -289,7 +286,7 @@ class debian-org { } file { '/etc/ldap/ldap.conf': require => Package['debian.org'], - source => 'puppet:///modules/debian-org/ldap.conf', + content => template('debian-org/ldap.conf.erb'), } file { '/etc/pam.d/common-session': require => Package['debian.org'], @@ -317,6 +314,18 @@ class debian-org { source => 'puppet:///modules/debian-org/nsswitch.conf', } + file { '/etc/profile.d/timeout.sh': + mode => '0555', + source => 'puppet:///modules/debian-org/etc.profile.d/timeout.sh', + } + file { '/etc/zsh': + ensure => directory, + } + file { '/etc/zsh/zprofile': + mode => '0444', + source => 'puppet:///modules/debian-org/etc.zsh/zprofile', + } + # set mmap_min_addr to 4096 to mitigate # Linux NULL-pointer dereference exploits site::sysctl { 'mmap_min_addr': @@ -371,6 +380,11 @@ class debian-org { onlyif => "test -x /bin/systemctl" } + exec { 'systemd-tmpfiles --create --exclude-prefix=/dev': + refreshonly => true, + onlyif => "test -x /bin/systemd-tmpfiles" + } + tidy { '/var/lib/puppet/clientbucket/': age => '2w', recurse => 9,