content => template('apache2/disabled-index.html'),
}
+ file { '/var/log/apache2':
+ ensure => directory,
+ mode => '0755',
+ }
file { '/var/log/apache2/.nobackup':
mode => '0644',
content => '',
--- /dev/null
+class ferm::aql {
+ @ferm::rule { 'dsa-drop-multicast':
+ domain => 'ip',
+ description => 'drop multicast traffic to avoid triggering protection',
+ table => 'filter',
+ chain => 'OUTPUT',
+ rule => 'destination 224.0.0.0/24 jump log_or_drop'
+ }
+}
+
include ferm::zivit
}
+ if (getfromhash($site::nodeinfo, 'hoster', 'name') == "aql") {
+ include ferm::aql
+ }
+
case $::hostname {
czerny,clementi: {
@ferm::rule { 'dsa-upsmon':
onlyif => '/usr/bin/getent passwd weblogsync > /dev/null && ! [ -e /home/weblogsync/.ssh/id_rsa ]'
}
} else {
- file { '/var/log/apache2':
- ensure => directory,
- mode => '0755',
- }
file { '/etc/cron.d/puppet-weblog-provider':
content => "SHELL=/bin/bash\n\n0 1 * * * weblogsync sleep $((RANDOM \% 1800)); rsync -a --delete-excluded --include 'www.debian.org-access.log-*gz' --include '*-public-access.log-*gz' --exclude '**' /var/log/apache2/. weblogsync@wolkenstein.debian.org:-weblogs-incoming-\n",
}
file=/etc/cron.weekly/stunnel-ekey-restart
file=/etc/default/schroot
file=/etc/schroot/default/nssdatabases
+file=/etc/schroot/setup.d/99builddsourceslist
file=/etc/schroot/setup.d/99porterbox-extra-sources
file=/etc/schroot/setup.d/99porterbox-extra-apt-options
file=/etc/openvswitch/conf.db
domirror "http://security-master.debian.org/debian-security-buildd buildd-${SUITE_BASE}/updates COMPONENT" ${APT_LIST}
elif [ "${SUITE_VARIANT%%-sloppy}" = 'backports' ]; then
- SUITES="${SUITE_BASE}"
+ # Hack: for kfreebsd-* the base suite for jessie-backports and jessie-backports-sloppy is jessie-kfreebsd (and not jessie)
+ if echo "${CHROOT_ALIAS}" | grep -q 'kfreebsd-\w\+-sbuild$' ; then
+ SUITES="${SUITE_BASE}-kfreebsd"
+ else
+ SUITES="${SUITE_BASE}"
+ fi
[ -n "${debian_mirror}" ] && domirror "${debian_mirror} SUITE COMPONENT" ${APT_LIST}
domirror "http://ftp.debian.org/debian SUITE COMPONENT" ${APT_LIST}
+ SUITES="${SUITE_BASE}"
[ -n "${debian_mirror}" ] && domirror "${debian_mirror} SUITE-backports COMPONENT" ${APT_LIST}
domirror "http://ftp.debian.org/debian SUITE-backports COMPONENT" ${APT_LIST}
if [ "${debian_incoming}" != 'no' ]; then
case "${SUITE_VARIANT:-}" in
backports)
- echo "deb $mirror ${suite_alias}-${SUITE_VARIANT} main" >> "$SRCL"
- echo "deb-src $mirror ${suite_alias}-${SUITE_VARIANT} main" >> "$SRCL"
+ echo "deb $mirror ${SUITE_BASE}-${SUITE_VARIANT} main" >> "$SRCL"
+ echo "deb-src $mirror ${SUITE_BASE}-${SUITE_VARIANT} main" >> "$SRCL"
;;
esac
;;
local name="${suite}_${arch}-dchroot"
fi
+ local fullname="$name"
case "$arch" in
kfreebsd-*)
aliases="$name"
cat << EOF
[${name}]
-description=[${name}] Debian $suite chroot for $arch
+description=[${fullname}] Debian $suite chroot for $arch
type=file
file=$target
EOF