include samhain
case $hostname {
- byrd,schuetz,tchaikovsky: {
+ byrd,schuetz,tchaikovsky,draghi,quantz,lamb,locke,rautavaara,rietz: {
include krb
}
- draghi,quantz: {
- include krb
- include afs
- }
- lamb,locke,rautavaara,rietz: {
- include krb
- include afs::server
- }
}
case $hostname {
+++ /dev/null
->debian.org
-82.195.75.101 #lamb.debian.org
-194.177.211.199 #rautavaara.debian.org
-206.12.19.120 #locke.debian.org
+++ /dev/null
-debian.org
+++ /dev/null
-AFS_CLIENT=true
-AFS_AFSDB=true
-AFS_CRYPT=true
-AFS_DYNROOT=true
-AFS_FAKESTAT=true
+++ /dev/null
-class afs {
- package {
- "openafs-client":
- ensure => installed,
- require => File['/etc/openafs/CellServDB',
- '/etc/openafs/ThisCell',
- '/etc/openafs/afs.conf.client'],
- ;
- "openafs-krb5":
- ensure => installed,
- ;
- }
- file {
- "/etc/openafs":
- ensure => directory,
- mode => 755,
- ;
- "/etc/openafs/CellServDB":
- source => "puppet:///modules/afs/CellServDB",
- # notify => # something to call fs newcell maybe?
- mode => 444
- ;
- "/etc/openafs/ThisCell":
- source => "puppet:///modules/afs/ThisCell",
- mode => 444
- ;
- "/etc/openafs/afs.conf.client":
- source => "puppet:///modules/afs/afs.conf.client",
- mode => 444
- ;
- }
-
- @ferm::rule { "dsa-afs callback":
- domain => "(ip ip6)",
- description => "afs callback",
- rule => "&SERVICE(udp, afs3-callback)"
- }
-}
-# vim:set et:
-# vim:set sts=4 ts=4:
-# vim:set shiftwidth=4:
+++ /dev/null
-class afs::server inherits afs {
- @ferm::rule { "dsa-afs fileserver":
- domain => "(ip ip6)",
- description => "afs callback",
- rule => "&SERVICE(udp, afs3-fileserver)"
- }
- @ferm::rule { "dsa-afs prserver":
- domain => "(ip ip6)",
- description => "afs callback",
- rule => "&SERVICE(udp, afs3-prserver)"
- }
- @ferm::rule { "dsa-afs vlserver":
- domain => "(ip ip6)",
- description => "afs callback",
- rule => "&SERVICE(udp, afs3-vlserver)"
- }
- @ferm::rule { "dsa-afs kaserver":
- domain => "(ip ip6)",
- description => "afs callback",
- rule => "&SERVICE(udp, afs3-kaserver)"
- }
- @ferm::rule { "dsa-afs volser":
- domain => "(ip ip6)",
- description => "afs callback",
- rule => "&SERVICE(udp, afs3-volser)"
- }
- #@ferm::rule { "dsa-afs bos":
- # domain => "(ip ip6)",
- # description => "afs callback",
- # rule => "&SERVICE(udp, afs3-bos)"
- #}
-}
-# vim:set et:
-# vim:set sts=4 ts=4:
-# vim:set shiftwidth=4:
- zandonai.debian.org
- zee.debian.org
squeeze:
+ - abel.debian.org
+ - agricola.debian.org
- alain.debian.org
- alkman.debian.org
- alwyn.debian.org
+ - antheil.debian.org
+ - arcadelt.debian.org
- arne.debian.org
- ball.debian.org
- barber.debian.org
transport_home_directory = ${extract{directory}{VDOMAINDATA}}
user = ${extract{user}{VDOMAINDATA}}
+# No direct match, so try doing a regex match if there's an
+# aliases.regex
+virt_aliases_regex:
+ debug_print = "R: virt_aliases_regex for $local_part$local_part_suffix@$domain"
+ driver = redirect
+ allow_defer
+ allow_fail
+ data = ${if exists{\
+ ${extract{directory}{VDOMAINDATA}{${value}/aliases.regex}}}\
+ {${lookup{$local_part}nwildlsearch*{\
+ ${extract{directory}{VDOMAINDATA}{$value/aliases.regex}}\
+ }}}}
+ directory_transport = address_directory
+ domains = +virtual_domains
+ file_transport = ${if eq {${extract{group_writable}{VDOMAINDATA}}}{true}{address_file_group}{address_file}}
+ cannot_route_message = Unknown user
+ group = ${extract{group}{VDOMAINDATA}}
+ headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}"
+ pipe_transport = address_pipe
+ qualify_preserve_domain
+ retry_use_local_part
+ transport_current_directory = ${extract{directory}{VDOMAINDATA}}
+ transport_home_directory = ${extract{directory}{VDOMAINDATA}}
+ user = ${extract{user}{VDOMAINDATA}}
+
userforward:
debug_print = "R: userforward for $local_part${local_part_suffix}@$domain"
driver = redirect
pipe_transport = rt_pipe
data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --action ${if match{$local_part}{.*-comment.*}{comment}{correspond}}"
headers_remove = Subject
- headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nSubject: ${if and {{first_delivery}{match {$h_subject:}{(?i)(.*?)debian rt\\s*(.*)}}} {$1$2}{$h_subject:}}"
+ headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nSubject: ${if and {{first_delivery}{match {$h_subject:}{(?i)(.*?)\\\\[?debian rt\\\\]?\\s*(.*)}}} {$1$2}{$h_subject:}}"
# FIXME: figure out how to generalize this approach so that all of the following would work
# - rt+NNNN@rt.debian.org : attach correspondence to ticket (verbose)
pipe_transport = rt_pipe
data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --action ${if match{$local_part}{.*-comment.*}{comment}{correspond}}"
headers_remove = Subject
- headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nX-RT-Mode: quiesce\nSubject: ${if and {{first_delivery}{match {$h_subject:}{(?i)(.*?)debian rt\\s*(.*)}}} {$1$2}{$h_subject:}}"
+ headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nX-RT-Mode: quiesce\nSubject: ${if and {{first_delivery}{match {$h_subject:}{(?i)(.*?)\\\\[?debian rt\\\\]?\\s*(.*)}}} {$1$2}{$h_subject:}}"
rt_otherwise:
debug_print = "R: rt for $local_part@$domain"
pipe_transport = rt_pipe
data = "|/usr/bin/rt-mailgate --queue '${lookup{${sg{$local_part}{-comment}{}}}lsearch{RT_QUEUE_MAP}}' --url https://rt.debian.org/ --extension ticket --action ${if match{$local_part}{.*-comment.*}{comment}{correspond}}"
headers_remove = Subject
- headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nSubject: ${if and {{first_delivery}{match {$h_subject:}{(?i)(.*?)debian rt\\s*(.*)}}} {$1$2}{$h_subject:}}"
+ headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}\nSubject: ${if and {{first_delivery}{match {$h_subject:}{(?i)(.*?)\\\\[?debian rt\\\\]?\\s*(.*)}}} {$1$2}{$h_subject:}}"
<%- end -%>
#when /(draghi|orff|ravel|klecker|geo[123]).debian.org/: ignore << %w{libdns69 libdns66 libdns64 bind9 libbind9-60 liblwres60 bind9-host libisccfg62 libisccfg60 libisc62 libisc60 dnsutils bind9utils libisccc60}
#end
-ignore << '/openafs-modules-.*/'
ignore.flatten.join("\n")
%>
server ntp.ugent.be iburst dynamic
<% elsif nodeinfo['misc']['natted'] -%>
# autokey doesn't work behind nat
+
+# merikanto's and orff's ipv4 IP, hard coded for the benefit of hosts
+# that do not have RTC's (since they won't be able to do DNS until
+# they have a reasonable clock).
+server 86.59.118.147 iburst
+server 194.177.211.209 iburst
+
server merikanto.debian.org iburst
server orff.debian.org iburst
server ravel.debian.org iburst