+++ /dev/null
-//
-// THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-// USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-//
-
-Acquire::PDiffs "false";
+++ /dev/null
-//
-// THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-// USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-//
-
-APT::Install-Recommends 0;
+++ /dev/null
-Explanation:
-Explanation: THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-Explanation: USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-Explanation:
-Package: *
-Pin: release o=Debian Backports
-Pin-Priority: 200
-
-Package: sbuild
-Pin: release o=buildd.debian.org
-Pin-Priority: 500
-
-Package: buildd
-Pin: release o=buildd.debian.org
-Pin-Priority: 500
-
-Package: buildd-builder-meta
-Pin: release o=buildd.debian.org
-Pin-Priority: 500
-
-Package: libsbuild-perl
-Pin: release o=buildd.debian.org
-Pin-Priority: 500
-
-Package: *
-Pin: release o=buildd.debian.org
-Pin-Priority: -1
+++ /dev/null
-SHELL=/bin/bash
-@hourly root [ ! -d /var/cache/dsa ] || touch /var/cache/dsa/cron.alive
-34 */4 * * * root if [ -x /usr/sbin/puppetd ]; then sleep $(( $RANDOM \% 3600 )); if [ -x /usr/bin/timeout ]; then TO="timeout 3600"; else TO=""; fi; $TO /usr/sbin/puppetd --factsync -o --no-daemonize 2>&1 | grep -v 'v6: error fetching interface information: Device not found' ; fi
+++ /dev/null
-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-##
-
-# Defaults for puppet - sourced by /etc/init.d/puppet
-
-# Start puppet on boot?
-START=no
-exit 0
-
-# Startup options
-DAEMON_OPTS="-w 5 --factsync"
+++ /dev/null
-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-##
-
-#
-# LDAP Defaults
-#
-
-# See ldap.conf(5) for details
-# This file should be world readable but not world writable.
-
-#BASE dc=example,dc=com
-#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
-
-#SIZELIMIT 12
-#TIMELIMIT 15
-#DEREF never
-
-URI ldap://db.debian.org
-BASE dc=debian,dc=org
-
-TLS_CACERT /etc/ssl/certs/spi-cacert-2008.pem
-TLS_REQCERT hard
+++ /dev/null
-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-##
-
-#
-# /etc/pam.d/common-session - session-related modules common to all services
-#
-# This file is included from other service-specific PAM config files,
-# and should contain a list of modules that define tasks to be performed
-# at the start and end of sessions of *any* kind (both interactive and
-# non-interactive). The default is pam_unix.
-#
-session required pam_unix.so
-session optional pam_mkhomedir.so skel=/etc/skel umask=0022
+++ /dev/null
-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-##
-
-[main]
-logdir=/var/log/puppet
-vardir=/var/lib/puppet
-ssldir=/var/lib/puppet/ssl
-rundir=/var/run/puppet
-factpath=$vardir/facts
-pluginsync=false
-# This is the default environment for all clients
-environment=production
-
-[puppetmasterd]
-templatedir=/etc/puppet/templates
-libdir=/etc/puppet/lib
-environments = development,testing,production,staging
-
-[puppetd]
-environments = development,testing,production,staging
-
-[staging]
-libdir=/etc/puppet/lib
-manifestdir=/srv/puppet.debian.org/stages/staging/manifests
-templatedir=/srv/puppet.debian.org/stages/staging/templates
-fileserverconfig=/srv/puppet.debian.org/stages/staging/fileserver.conf
-modulepath=/srv/puppet.debian.org/stages/staging/modules
Linux: {
include ferm
include ferm::per-host
+ case $rsyncd {
+ "true": { include ferm::rsync }
+ }
}
}
--- /dev/null
+//
+// THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+// USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+//
+
+Acquire::PDiffs "false";
--- /dev/null
+//
+// THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+// USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+//
+
+APT::Install-Recommends 0;
--- /dev/null
+Explanation:
+Explanation: THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+Explanation: USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+Explanation:
+Package: *
+Pin: release o=Debian Backports
+Pin-Priority: 200
+
+Package: sbuild
+Pin: release o=buildd.debian.org
+Pin-Priority: 500
+
+Package: buildd
+Pin: release o=buildd.debian.org
+Pin-Priority: 500
+
+Package: buildd-builder-meta
+Pin: release o=buildd.debian.org
+Pin-Priority: 500
+
+Package: libsbuild-perl
+Pin: release o=buildd.debian.org
+Pin-Priority: 500
+
+Package: *
+Pin: release o=buildd.debian.org
+Pin-Priority: -1
--- /dev/null
+SHELL=/bin/bash
+@hourly root [ ! -d /var/cache/dsa ] || touch /var/cache/dsa/cron.alive
+34 */4 * * * root if [ -x /usr/sbin/puppetd ]; then sleep $(( $RANDOM \% 3600 )); if [ -x /usr/bin/timeout ]; then TO="timeout 3600"; else TO=""; fi; $TO /usr/sbin/puppetd --factsync -o --no-daemonize 2>&1 | grep -v 'v6: error fetching interface information: Device not found' ; fi
--- /dev/null
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+#
+# LDAP Defaults
+#
+
+# See ldap.conf(5) for details
+# This file should be world readable but not world writable.
+
+#BASE dc=example,dc=com
+#URI ldap://ldap.example.com ldap://ldap-master.example.com:666
+
+#SIZELIMIT 12
+#TIMELIMIT 15
+#DEREF never
+
+URI ldap://db.debian.org
+BASE dc=debian,dc=org
+
+TLS_CACERT /etc/ssl/certs/spi-cacert-2008.pem
+TLS_REQCERT hard
--- /dev/null
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+#
+# /etc/pam.d/common-session - session-related modules common to all services
+#
+# This file is included from other service-specific PAM config files,
+# and should contain a list of modules that define tasks to be performed
+# at the start and end of sessions of *any* kind (both interactive and
+# non-interactive). The default is pam_unix.
+#
+session required pam_unix.so
+session optional pam_mkhomedir.so skel=/etc/skel umask=0022
--- /dev/null
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+[main]
+logdir=/var/log/puppet
+vardir=/var/lib/puppet
+ssldir=/var/lib/puppet/ssl
+rundir=/var/run/puppet
+factpath=$vardir/facts
+pluginsync=false
+# This is the default environment for all clients
+environment=production
+
+[puppetmasterd]
+templatedir=/etc/puppet/templates
+libdir=/etc/puppet/lib
+environments = development,testing,production,staging
+
+[puppetd]
+environments = development,testing,production,staging
+
+[staging]
+libdir=/etc/puppet/lib
+manifestdir=/srv/puppet.debian.org/stages/staging/manifests
+templatedir=/srv/puppet.debian.org/stages/staging/templates
+fileserverconfig=/srv/puppet.debian.org/stages/staging/fileserver.conf
+modulepath=/srv/puppet.debian.org/stages/staging/modules
--- /dev/null
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+# Defaults for puppet - sourced by /etc/init.d/puppet
+
+# Start puppet on boot?
+START=no
+exit 0
+
+# Startup options
+DAEMON_OPTS="-w 5 --factsync"
"nload": ensure => installed;
"pciutils": ensure => installed;
"pdksh": ensure => installed;
- "puppet": ensure => installed;
"rsyslog": ensure => purged;
"sysklogd": ensure => purged;
"syslog-ng": ensure => installed;
}
file {
"/etc/apt/preferences":
- source => "puppet:///files/etc/apt/preferences";
+ source => "puppet:///modules/debian-org/apt.preferences";
"/etc/apt/sources.list.d/backports.org.list":
content => template("debian-org/etc/apt/sources.list.d/backports.org.list.erb"),
notify => Exec["apt-get update"];
content => template("debian-org/etc/apt/sources.list.d/volatile.list.erb"),
notify => Exec["apt-get update"];
"/etc/apt/apt.conf.d/local-recommends":
- source => "puppet:///files/etc/apt/apt.conf.d/local-recommends";
+ source => "puppet:///modules/debian-org/apt.conf.d/local-recommends";
"/etc/apt/apt.conf.d/local-pdiffs":
- source => "puppet:///files/etc/apt/apt.conf.d/local-pdiffs";
+ source => "puppet:///modules/debian-org/apt.conf.d/local-pdiffs";
"/etc/timezone":
- source => "puppet:///files/etc/timezone",
+ source => "puppet:///modules/debian-org/timezone",
notify => Exec["dpkg-reconfigure tzdata -pcritical -fnoninteractive"];
"/etc/puppet/puppet.conf":
- require => Package["puppet"],
- source => "puppet:///files/etc/puppet/puppet.conf"
+ # require => Package["puppet"],
+ source => "puppet:///modules/debian-org/puppet.conf"
;
"/etc/default/puppet":
- require => Package["puppet"],
- source => "puppet:///files/etc/default/puppet"
+ # require => Package["puppet"],
+ source => "puppet:///modules/debian-org/puppet.default"
;
-
+
"/etc/cron.d/dsa-puppet-stuff":
- source => "puppet:///files/etc/cron.d/dsa-puppet-stuff",
+ source => "puppet:///modules/debian-org/dsa-puppet-stuff.cron",
require => Package["cron"]
;
"/etc/ldap/ldap.conf":
require => Package["userdir-ldap"],
- source => "puppet:///files/etc/ldap/ldap.conf",
+ source => "puppet:///modules/debian-org/ldap.conf",
;
"/etc/pam.d/common-session":
require => Package["libpam-pwdfile"],
- source => "puppet:///files/etc/pam.d/common-session",
+ source => "puppet:///modules/debian-org/pam.common-session",
;
"/etc/rc.local":
mode => 0755,
}
}
- case $hostname {
- chopin,franck,gluck,kaufmann,kassia,klecker,lobos,merikanto,merkel,morricone,ravel,ries,rietz,saens,schein,senfl,stabile,steffani,valente,villa,wieck,wolkenstein: {
- include ferm::rsync
- }
- }
-
case $hostname {
chopin,franck,gluck,kassia,klecker,lobos,morricone,ravel,ries,rietz,saens,schein,steffani,valente,villa,wieck,stabile: {
include ferm::ftp
rule => "&SERVICE_RANGE(tcp, http-alt, ( 192.25.206.16 70.103.162.29 217.196.43.134 ))"
}
}
- danzi: {
- @ferm::rule { "dsa-postgres-danzi":
- description => "Allow postgress access",
- rule => "&SERVICE_RANGE(tcp, 5433, ( 206.12.19.0/24 ))"
- }
+ danzi: {
+ @ferm::rule { "dsa-postgres-danzi":
+ description => "Allow postgress access",
+ rule => "&SERVICE_RANGE(tcp, 5433, ( 206.12.19.0/24 ))"
+ }
- }
+ }
paganini: {
@ferm::rule { "dsa-dhcp":
description => "Allow dhcp access",
description => "Allow powell to seed BT",
rule => "proto tcp dport 8000:8100 jump ACCEPT"
}
- @ferm::rule { "dsa-powell-rsync":
- description => "Hoster wants to sync from here, and why not",
- rule => "&SERVICE_RANGE(tcp, rsync, ( 195.20.242.90 192.25.206.33 82.195.75.106 206.12.19.118 ))"
- }
}
heininen,lotti: {
@ferm::rule { "dsa-syslog":
@ferm::rule { "dsa-nat-snapshot-varnish":
table => 'nat',
chain => 'PREROUTING',
- rule => 'proto tcp daddr 193.62.202.28 dport 80 REDIRECT to-ports 6081',
+ rule => 'proto tcp daddr 193.62.202.30 dport 80 REDIRECT to-ports 6081',
}
}
stabile: {
view "AF" {
match-clients { AF; };
+ zone "archive.debian.org" {
+ type master;
+ file "/etc/bind/geodns/zonefiles/db.archive.debian.org.AF";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "volatile.debian.org" {
type master;
file "/etc/bind/geodns/zonefiles/db.volatile.debian.org.AF";
view "AN" {
match-clients { AN; };
+ zone "archive.debian.org" {
+ type master;
+ file "/etc/bind/geodns/zonefiles/db.archive.debian.org.AN";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "volatile.debian.org" {
type master;
file "/etc/bind/geodns/zonefiles/db.volatile.debian.org.AN";
view "AS" {
match-clients { AS; };
+ zone "archive.debian.org" {
+ type master;
+ file "/etc/bind/geodns/zonefiles/db.archive.debian.org.AS";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "volatile.debian.org" {
type master;
file "/etc/bind/geodns/zonefiles/db.volatile.debian.org.AS";
view "EU" {
match-clients { EU; };
+ zone "archive.debian.org" {
+ type master;
+ file "/etc/bind/geodns/zonefiles/db.archive.debian.org.EU";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "volatile.debian.org" {
type master;
file "/etc/bind/geodns/zonefiles/db.volatile.debian.org.EU";
view "NA" {
match-clients { NA; };
+ zone "archive.debian.org" {
+ type master;
+ file "/etc/bind/geodns/zonefiles/db.archive.debian.org.NA";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "volatile.debian.org" {
type master;
file "/etc/bind/geodns/zonefiles/db.volatile.debian.org.NA";
view "OC" {
match-clients { OC; };
+ zone "archive.debian.org" {
+ type master;
+ file "/etc/bind/geodns/zonefiles/db.archive.debian.org.OC";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "volatile.debian.org" {
type master;
file "/etc/bind/geodns/zonefiles/db.volatile.debian.org.OC";
view "SA" {
match-clients { SA; };
+ zone "archive.debian.org" {
+ type master;
+ file "/etc/bind/geodns/zonefiles/db.archive.debian.org.SA";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "volatile.debian.org" {
type master;
file "/etc/bind/geodns/zonefiles/db.volatile.debian.org.SA";
view "undef" {
match-clients { undef; };
+ zone "archive.debian.org" {
+ type master;
+ file "/etc/bind/geodns/zonefiles/db.archive.debian.org.undef";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "volatile.debian.org" {
type master;
file "/etc/bind/geodns/zonefiles/db.volatile.debian.org.undef";
view "default" {
match-clients { any; };
+ zone "archive.debian.org" {
+ type master;
+ file "/etc/bind/geodns/zonefiles/db.archive.debian.org";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "volatile.debian.org" {
type master;
file "/etc/bind/geodns/zonefiles/db.volatile.debian.org";