"/srv/www/default.debian.org/htdocs/index.html":
content => template("apache2/default-index.html");
- "/var/log/apache2":
- mode => 755,
- ensure => directory;
+ # sometimes this is a symlink
+ #"/var/log/apache2":
+ # mode => 755,
+ # ensure => directory;
}
exec { "apache2 reload":
--- /dev/null
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# Source all the configuration files from upstream, Debian and elsewhere
+for f in /usr/share/clamav-unofficial-sigs/conf.d/*.conf ; do
+ if [ -s "$f" ] ; then
+ . $f
+ fi
+done
+
+. /etc/clamav-unofficial-sigs.dsa.conf
--- /dev/null
+ss_dbs="
+ junk.ndb
+ jurlbl.ndb
+ lott.ndb
+ phish.ndb
+ rogue.hdb
+ sanesecurity.ftm
+ scam.ndb
+ spam.ldb
+ spamimg.hdb
+ spear.ndb
+ winnow_malware.hdb
+ winnow_malware_links.ndb
+ winnow_phish_complete_url.ndb
+"
+
+si_dbs="
+ honeynet.hdb
+ securiteinfo.hdb
+ vx.hdb
+"
+
"clamav-freshclam": ensure => installed;
"clamav-unofficial-sigs": ensure => installed;
}
+ file {
+ "/etc/clamav-unofficial-sigs.dsa.conf":
+ require => Package["clamav-unofficial-sigs"],
+ source => [ "puppet:///clamav/clamav-unofficial-sigs.dsa.conf" ]
+ ;
+ "/etc/clamav-unofficial-sigs.conf":
+ require => Package["clamav-unofficial-sigs"],
+ source => [ "puppet:///clamav/clamav-unofficial-sigs.conf" ]
+ ;
+ }
}
zelenka.debian.org: "Debian s390 porter system kindly provided by Zentrum fuer Informationsverarbeitung und Informationstechnik [zivit]"
services:
bugsmaster: rietz.debian.org
- qamaster: merkel.debian.org
mailrelay: spohr.debian.org
- rtmaster: spohr.debian.org
packagesmaster: powell.debian.org
packagesqamaster: master.debian.org
+ qamaster: merkel.debian.org
+ rtmaster: spohr.debian.org
host_settings:
heavy_exim:
- - raff.debian.org
- - merkel.debian.org
- - spohr.debian.org
- draghi.debian.org
+ - klecker.debian.org
- master.debian.org
+ - merkel.debian.org
+ - powell.debian.org
+ - raff.debian.org
- ries.debian.org
- rietz.debian.org
- - klecker.debian.org
- - powell.debian.org
+ - spohr.debian.org
apache2_defaultconfig:
- bellini.debian.org
- carver.debian.org
- lafayette.debian.org
- malo.debian.org
- murphy.debian.org
+ - paer.debian.org
- praetorius.debian.org
- puccini.debian.org
- - paer.debian.org
smarthost:
- ancina.debian.org: mailout.debian.org
allegri.debian.org: mailout.debian.org
+ ancina.debian.org: mailout.debian.org
piatti.debian.org: mailout.debian.org
mail_port:
- ancina.debian.org: 2025
allegri.debian.org: 2025
- piatti.debian.org: 2025
+ ancina.debian.org: 2025
kassia.debian.org: 587
+ piatti.debian.org: 2025
reservedaddrs:
ball.debian.org: "0.0.0.0/8 : 127.0.0.0/8 : 10.0.0.0/8 : 169.254.0.0/16 : 172.16.0.0/12 : 192.0.0.0/17 : 192.168.0.0/16 : 224.0.0.0/4 : 240.0.0.0/5 : 248.0.0.0/5"
---
# postfix:
verdi.debian.org: verdi.debian.org::2025
volatile.debian.org: verdi.debian.org::2025
-volatile-master.debian.org: verdi.debian.org::2025
accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}}
+ warn domains = +virtual_domains
+ condition = ${if exists {${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction}}}}
+ condition = ${if eq{${lookup{$local_part}lsearch*{${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction}}}{$value}{}}}{markup}}
+ set acl_m_rprf = markup
+
+ accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}}
+
+ warn condition = ${if eq{${lookup{$local_part}cdb{/var/lib/misc/${primary_hostname}/mail-contentinspectionaction.cdb}{$value}{}}}{markup}}
+ set acl_m_rprf = markup
+
+ accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}}
+
+ warn condition = ${if eq{${lookup{$local_part}cdb{/var/lib/misc/${primary_hostname}/mail-contentinspectionaction.cdb}{$value}{}}}{blackhole}}
+ set acl_m_rprf = blackhole
+
+ accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}}
+
+ warn domains = +virtual_domains
+ condition = ${if exists {${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction}}}}
+ condition = ${if eq{${lookup{$local_part}lsearch*{${extract{directory}{VDOMAINDATA}{${value}/contentinspectionaction}}}{$value}{}}}{blackhole}}
+ set acl_m_rprf = blackhole
+
+ accept condition = ${if eq {$acl_m_rprf}{}{no}{yes}}
+
warn set acl_m_rprf = normal
accept
out='
acl_check_mime:
+ warn condition = ${if <{$message_size}{256000}}
+ condition = ${if eq {$acl_m_prf}{markup}}
+ set acl_m_srb = ${perl{surblspamcheck}}
+ condition = ${if eq{$acl_m_srb}{false}{no}{yes}}
+ message = X-Surbl-Hit: $primary_hostname: $acl_m_srb
+
+ accept condition = ${if eq {$acl_m_prf}{markup}}
+
deny condition = ${if <{$message_size}{256000}}
set acl_m_srb = ${perl{surblspamcheck}}
condition = ${if eq{$acl_m_srb}{false}{no}{yes}}
out = ""
if has_variable?("clamd") && clamd == "true"
out = '
- deny
+ # FIXME: make blackhole work
+ deny condition = ${if eq {$acl_m_prf}{markup}{no}{yes}}
demime = *
malware = */defer_ok
message = malware detected: $malware_name: message rejected
+
+ warn condition = ${if eq {$acl_m_prf}{markup}}
+ demime = *
+ malware = */defer_ok
+ message = X-malware detected: $malware_name
'
end
out
out=''
if nodeinfo.has_key?('heavy_exim') and not nodeinfo['heavy_exim'].empty?
out='
+ warn condition = ${if <{$message_size}{256000}}
+ condition = ${if eq {$acl_m_prf}{markup}}
+ set acl_m_srb = ${perl{surblspamcheck}}
+ condition = ${if eq{$acl_m_srb}{false}{no}{yes}}
+ message = X-Surbl-Hit: $primary_hostname: $acl_m_srb
+
+ accept condition = ${if eq {$acl_m_prf}{markup}}
+
deny condition = ${if <{$message_size}{256000}}
set acl_m_srb = ${perl{surblspamcheck}}
condition = ${if eq{$acl_m_srb}{false}{no}{yes}}
when "tartini.debian.org" then "forums.debian.net: user=forums group=forums directory=/srv/forums.debian.net/mail"
+ when "valente.debian.org" then "volatile.debian.org: user=volatile group=volatile directory=/srv/volatile-master.debian.org/mail"
+
when "widor.debian.org" then "wiki.debian.org: user=wiki group=wikiadm directory=/org/wiki.debian.org/mail"
end
vdoms
--- /dev/null
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+kvm
file=/etc/exim4/surbl_whitelist.txt
file=/etc/exim4/exim_surbl.pl
file=/etc/exim4/ccTLD.txt
+file=/etc/clamav-unofficial-sigs.conf
+file=/etc/clamav-unofficial-sigs.dsa.conf
'
end
out
%secretary ALL=(secretary) ALL
%snapshot ALL=(snapshot) ALL
%uddadm ALL=(udd) ALL
+%volatile ALL=(volatile) ALL
%wbadm ALL=(wbadm) ALL
%wikiadm ALL=(wiki) ALL
QACORE QAHOSTS=(qa) ALL