--- /dev/null
+# the base class defining tings common for all three static classes (master, mirror, source)
+class roles::static::base {
+ ssh::keygen {'staticsync': }
+ ssh::authorized_key_add { 'staticsync':
+ target_user => 'staticsync',
+ command => "/usr/local/bin/staticsync-ssh-wrap ${::fqdn}",
+ key => $facts['staticsync_key'],
+ restrict => 'no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-user-rc',
+ collect_tag => 'staticsync',
+ }
+ ssh::authorized_key_collect { 'staticsync':
+ target_user => 'staticsync',
+ collect_tag => 'staticsync',
+ }
+
+ file { '/etc/static-components.conf':
+ content => template('roles/static-mirroring/static-components.conf.erb'),
+ }
+
+ file { '/usr/local/bin/staticsync-ssh-wrap':
+ source => 'puppet:///modules/roles/static-mirroring/staticsync-ssh-wrap',
+ mode => '0555',
+ }
+
+ file { '/usr/local/bin/static-update-component':
+ source => 'puppet:///modules/roles/static-mirroring/static-update-component',
+ mode => '0555',
+ }
+
+ file { '/usr/local/bin/static-mirror-ssh-wrap': ensure => absent; }
+ file { '/usr/local/bin/static-master-ssh-wrap': ensure => absent; }
+
+ ferm::rule { 'dsa-static-bt-v4':
+ description => 'Allow bt between static hosts',
+ rule => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881:6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V4) ACCEPT; }',
+ notarule => true,
+ }
+ ferm::rule { 'dsa-static-bt-v6':
+ description => 'Allow bt between static hosts',
+ domain => 'ip6',
+ rule => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881:6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V6) ACCEPT; }',
+ notarule => true,
+ }
+
+ file { '/etc/staticsync.conf':
+ content => @("EOF"),
+ # This file is sourced by bash
+ # and parsed by python
+ # - empty lines and lines starting with a # are ignored.
+ # - other lines are key=value. No extra spaces anywhere. No quoting.
+ base=/srv/static.debian.org
+ masterbase=/home/staticsync/static-master/master
+ staticuser=staticsync
+ | EOF
+ }
+}
--- /dev/null
+# create the directory on static hosts and disable backups
+class roles::static::srvdir {
+ file { '/srv/static.debian.org':
+ ensure => directory,
+ mode => '0755',
+ owner => 'staticsync',
+ group => 'staticsync',
+ }
+
+ file { '/srv/static.debian.org/.nobackup':
+ content => '',
+ }
+}
+++ /dev/null
-# the base class defining tings common for all three static classes (master, mirror, source)
-class roles::static_base {
- ssh::keygen {'staticsync': }
- ssh::authorized_key_add { 'staticsync':
- target_user => 'staticsync',
- command => "/usr/local/bin/staticsync-ssh-wrap ${::fqdn}",
- key => $facts['staticsync_key'],
- restrict => 'no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-user-rc',
- collect_tag => 'staticsync',
- }
- ssh::authorized_key_collect { 'staticsync':
- target_user => 'staticsync',
- collect_tag => 'staticsync',
- }
-
- file { '/etc/static-components.conf':
- content => template('roles/static-mirroring/static-components.conf.erb'),
- }
-
- file { '/usr/local/bin/staticsync-ssh-wrap':
- source => 'puppet:///modules/roles/static-mirroring/staticsync-ssh-wrap',
- mode => '0555',
- }
-
- file { '/usr/local/bin/static-update-component':
- source => 'puppet:///modules/roles/static-mirroring/static-update-component',
- mode => '0555',
- }
-
- file { '/usr/local/bin/static-mirror-ssh-wrap': ensure => absent; }
- file { '/usr/local/bin/static-master-ssh-wrap': ensure => absent; }
-
- ferm::rule { 'dsa-static-bt-v4':
- description => 'Allow bt between static hosts',
- rule => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881:6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V4) ACCEPT; }',
- notarule => true,
- }
- ferm::rule { 'dsa-static-bt-v6':
- description => 'Allow bt between static hosts',
- domain => 'ip6',
- rule => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881:6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V6) ACCEPT; }',
- notarule => true,
- }
-
- file { '/etc/staticsync.conf':
- content => @("EOF"),
- # This file is sourced by bash
- # and parsed by python
- # - empty lines and lines starting with a # are ignored.
- # - other lines are key=value. No extra spaces anywhere. No quoting.
- base=/srv/static.debian.org
- masterbase=/home/staticsync/static-master/master
- staticuser=staticsync
- | EOF
- }
-}
# to the master, and from there to all the mirrors.
#
class roles::static_master {
- include roles::static_base
- include roles::static_srvdir
+ include roles::static::base
+ include roles::static::srvdir
file { '/usr/local/bin/static-master-run':
source => 'puppet:///modules/roles/static-mirroring/static-master-run',
#
# this receives pushes from the master and then usually serves the content to the public
class roles::static_mirror {
- include roles::static_base
- include roles::static_srvdir
+ include roles::static::base
+ include roles::static::srvdir
include apache2::expires
include apache2::rewrite
#
# origin of static content. From here it goes to the static master before that one pushes it to the mirrors
class roles::static_source {
- include roles::static_base
+ include roles::static::base
}
+++ /dev/null
-# create the directory on static hosts and disable backups
-class roles::static_srvdir {
- file { '/srv/static.debian.org':
- ensure => directory,
- mode => '0755',
- owner => 'staticsync',
- group => 'staticsync',
- }
-
- file { '/srv/static.debian.org/.nobackup':
- content => '',
- }
-}
projects / mirror / dsa-puppet.git / commitdiff