Add fasolo as ftp-master

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index 63c9745..9b9b8a6 100644 (file)
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -34,6 +34,7 @@ roles:
   ftp.d.o:
     - klecker.debian.org
   ftp_master:
+    - fasolo.debian.org
     - franck.debian.org
   ftp.upload.d.o:
     - franck.debian.org

diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb
index 9dc9281..71fc945 100644 (file)
--- a/modules/exim/templates/eximconf.erb
+++ b/modules/exim/templates/eximconf.erb
@@ -1026,6 +1026,7 @@ check_message:
 begin rewrite
 
 \N^buildd_(.*)@franck\.debian\.org$\N buildd_$1@buildd.debian.org T
+\N^buildd_(.*)@fasolo\.debian\.org$\N buildd_$1@buildd.debian.org T
 *@debian.org ${lookup{$1}cdb{/var/lib/misc/${primary_hostname}/mail-forward.cdb}{$value}fail} T
 *@people.debian.org ${lookup{$1}cdb{/var/lib/misc/${primary_hostname}/mail-forward.cdb}{$value}fail} T
 #*@${primary_hostname} "${if exists{/etc/exim4/email-addresses}{${lookup{$1}lsearch{/etc/exim4/email-addresses}{$value}fail}}fail}" fFs

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 005dd2d..bf7e4c6 100644 (file)
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -293,6 +293,27 @@ class ferm::per-host {
                                rule            => '&SERVICE_RANGE(tcp, 5452, ( 2001:41c8:1000:21::21:28/128 2001:41b8:202:deb:216:36ff:fe40:4001/128 2001:41c8:1000:21::21:11/32 2001:41c8:1000:21::21:21/128 ))'
                        }
                }
+               fasolo: {
+                       @ferm::rule { 'dsa-postgres-fasolo':
+                               description     => 'Allow postgress access',
+                               rule            => '&SERVICE_RANGE(tcp, 5433, ( 5.153.231.10/32 ))'
+                       }
+                       @ferm::rule { 'dsa-postgres-fasolo6':
+                               domain          => 'ip6',
+                               description     => 'Allow postgress access',
+                               rule            => '&SERVICE_RANGE(tcp, 5433, ( 2001:41c8:1000:21::21:10/128 ))'
+                       }
+
+                       @ferm::rule { 'dsa-postgres-backup':
+                               description     => 'Allow postgress access',
+                               rule            => '&SERVICE_RANGE(tcp, 5433, ( $HOST_PGBACKUPHOST_V4 ))'
+                       }
+                       @ferm::rule { 'dsa-postgres-backup6':
+                               domain          => 'ip6',
+                               description     => 'Allow postgress access',
+                               rule            => '&SERVICE_RANGE(tcp, 5433, ( $HOST_PGBACKUPHOST_V6 ))'
+                       }
+               }
                franck: {
                        @ferm::rule { 'dsa-postgres-franck':
                                description     => 'Allow postgress access',

diff --git a/modules/postgres/templates/backup_server/postgres-make-base-backups.erb b/modules/postgres/templates/backup_server/postgres-make-base-backups.erb
index f7ffb20..9913d13 100755 (executable)
--- a/modules/postgres/templates/backup_server/postgres-make-base-backups.erb
+++ b/modules/postgres/templates/backup_server/postgres-make-base-backups.erb
@@ -91,6 +91,7 @@ seger.debian.org      5432    debian-backup           dak             9.4
 bmdb1.debian.org       5435    debian-backup           main            9.4
 bmdb1.debian.org       5436    debian-backup           wannabuild      9.4
 danzi.debian.org       5433    debian-backup           main            9.4
+fasolo.debian.org      5433    debian-backup           dak             9.4
 franck.debian.org      5433    debian-backup           dak             9.4
 sibelius.debian.org    5433    debian-backup           snapshot        9.4
 vittoria.debian.org    5432    debian-backup           main            9.4

diff --git a/modules/sudo/files/sudoers b/modules/sudo/files/sudoers
index 50f959c..a512c68 100644 (file)
--- a/modules/sudo/files/sudoers
+++ b/modules/sudo/files/sudoers
@@ -25,7 +25,7 @@ Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/
 Host_Alias     VOIPHOSTS       = vogler
 Host_Alias     WEBHOSTS        = wolkenstein
 Host_Alias     SECHOSTS        = seger
-Host_Alias     FTPHOSTS        = franck
+Host_Alias     FTPHOSTS        = franck, fasolo
 Host_Alias     ZIVITHOSTS      = zelenka, zandonai
 Host_Alias     AACRAIDHOSTS    = pettersson
 Host_Alias     MEGARAIDHOSTS   = rautavaara, sibelius
@@ -179,13 +179,13 @@ Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND"
 buildd         ALL=(ALL)               NOPASSWD: ALL
 
 %appstream     mekeel=(staticsync)             NOPASSWD: /usr/local/bin/static-update-component appstream.debian.org
-%backports     franck,coccia=(staticsync)      NOPASSWD: /usr/local/bin/static-update-component backports.debian.org
+%backports     FTPHOSTS,coccia=(staticsync)    NOPASSWD: /usr/local/bin/static-update-component backports.debian.org
 %bootstrap     boott=(staticsync)              NOPASSWD: /usr/local/bin/static-update-component bootstrap.debian.net
 d-i            dillon=(staticsync)             NOPASSWD: /usr/local/bin/static-update-component d-i.debian.org
 lucas          dillon=(staticsync)             NOPASSWD: /usr/local/bin/static-update-component debaday.debian.net
 dsa            dillon=(staticsync)             NOPASSWD: /usr/local/bin/static-update-component dsa.debian.org
-dak            franck=(staticsync)             NOPASSWD: /usr/local/bin/static-update-component incoming.debian.org
-dak            franck=(staticsync)             NOPASSWD: /usr/local/bin/static-update-component metadata.ftp-master.debian.org
+dak            FTPHOSTS=(staticsync)           NOPASSWD: /usr/local/bin/static-update-component incoming.debian.org
+dak            FTPHOSTS=(staticsync)           NOPASSWD: /usr/local/bin/static-update-component metadata.ftp-master.debian.org
 %publicity     dillon=(staticsync)             NOPASSWD: /usr/local/bin/static-update-component bits.debian.org
 %publicity     dillon=(staticsync)             NOPASSWD: /usr/local/bin/static-update-component micronews.debian.org
 %debdelta      donizetti=(staticsync)          NOPASSWD: /usr/local/bin/static-update-component debdeltas.debian.net
@@ -230,7 +230,7 @@ letsencrypt denis=(dnsadm)                  NOPASSWD: /srv/dns.debian.org/bin/update
 %wbadm         BUILDD_MASTER=(root)            /usr/local/bin/update-buildd-sshkeys
 # mirror push
 dak            FTPHOSTS,SECHOSTS=(archvsync)   NOPASSWD:/home/archvsync/runmirrors
-dak            franck=(backports)      NOPASSWD: /home/backports/bin/update-archive
+dak            FTHOSTS=(backports)     NOPASSWD: /home/backports/bin/update-archive
 # archvsync triggers snapshot
 archvsync      sibelius=(snapshot)     NOPASSWD: /srv/snapshot.debian.org/bin/update-trigger
 archvsync      sibelius=(snapshot)     NOPASSWD: /srv/2ndsnapshot/bin/update-trigger