}
}
- if $::hostname in [busoni,holter,lindberg,master,powell,beach,buxtehude] {
+ if $::hostname in [busoni,holter,lindberg,master,beach,buxtehude] {
include apache2::dynamic
} else {
@ferm::rule { 'dsa-http':
nagiosmaster: tchaikovsky.debian.org
extranrpeclient:
- orff.debian.org
- packagesmaster: powell.debian.org
+ #packagesmaster: powell.debian.org
packagesqamaster: quantz.debian.org
puppetmaster: handel.debian.org
rtmaster:
- muffat.debian.org
- nono.debian.org
- popov.debian.org
- - powell.debian.org
- quantz.debian.org
- ravel.debian.org
- reger.debian.org
when "popov.debian.org" then "popcon.debian.org: user=popcon group=popcon directory=/srv/popcon.debian.org/mail/"
- when "powell.debian.org" then "packages.debian.org: user=pkg_user group=Debian directory=/org/packages.debian.org/mail/"
-
when "quantz.debian.org" then "qa.debian.org: user=qa group=qa directory=/srv/qa.debian.org/mail/
packages.qa.debian.org: user=qa group=qa directory=/srv/packages.qa.debian.org/mail"
include ferm::zivit
}
- if $::hostname in [glinka,klecker,merikanto,powell,ravel,rietz,senfl,sibelius,stabile] {
+ if $::hostname in [glinka,klecker,merikanto,ravel,rietz,senfl,sibelius,stabile] {
ferm::rule { 'dsa-rsync':
domain => '(ip ip6)',
description => 'Allow rsync access',
rule => '&SERVICE(udp, 69)'
}
}
- powell: {
- @ferm::rule { 'dsa-powell-v6-tunnel':
- description => 'Allow powell to use V6 tunnel broker',
- rule => 'proto ipv6 saddr 212.227.117.6 jump ACCEPT'
- }
- @ferm::rule { 'dsa-powell-btseed':
- domain => '(ip ip6)',
- description => 'Allow powell to seed BT',
- rule => 'proto tcp dport 8000:8100 jump ACCEPT'
- }
- }
lotti,lully: {
@ferm::rule { 'dsa-syslog':
description => 'Allow syslog access',
when /(zappa|zemlinsky).debian.org/: ignore << %w{samhain}
when /(mayer|corelli).debian.org/: ignore << "linux-base"
when /(alkman|caballero|merulo|mundy).debian.org/: ignore << "samhain"
-when "powell.debian.org": ignore << %w{e2fslibs e2fsprogs libblkid1 libcomerr2 libss2 libuuid1 uuid-runtime}
when "rossini.debian.org": ignore << %w{ganeti2}
when "franck.debian.org": ignore << %w{python-apt}
when /(abel|arnold|alain|alwyn|antheil|arne).debian.org/: ignore << %w{flash-kernel linux-firmware-image}
zones << "192-27.211.177.194.in-addr.arpa"
zones << "b.e.d.0.c.f.f.2.8.4.6.0.1.0.0.2.ip6.arpa"
-# ipv6 at 1&1 - powell: 2001:08d8:0081:1520::/60
-zones << "2.5.1.1.8.0.0.8.d.8.0.1.0.0.2.ip6.arpa"
-
# ipv6 at 1&1 - wieck and schumann - old range April 2011
zones << "2.6.a.0.4.6.5.6.1.0.0.0.2.0.0.0.8.d.8.0.1.0.0.2.ip6.arpa"
nagios franck=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=1 enclosure 1E\:1 show detail
# other raid controllers
-nagios powell=(ALL) NOPASSWD: /usr/local/sbin/areca-cli vsf info
+#nagios powell=(ALL) NOPASSWD: /usr/local/sbin/areca-cli vsf info
nagios puccini=(ALL) NOPASSWD: /usr/local/bin/tw_cli info c0 u0 status
nagios MPTRAIDHOSTS=(ALL) NOPASSWD: /usr/sbin/mpt-status -s
nagios AACRAIDHOSTS=(ALL) NOPASSWD: /usr/local/bin/arcconf GETCONFIG 1 LD, /usr/local/bin/arcconf GETCONFIG 1 AD
# The piuparts slave needs to handle chroots
piupartss piatti=(ALL) NOPASSWD: ALL
# trigger of mirror run for packages
-pkg_user powell=(archvsync) NOPASSWD: /home/archvsync/bin/pushpdo
+#pkg_user powell=(archvsync) NOPASSWD: /home/archvsync/bin/pushpdo
# on draghi, the domains git thing will run bind9 reload afterwards
%dnsadm draghi,orff=(root) NOPASSWD: /etc/init.d/bind9 reload
%dnsadm draghi,orff=(geodnssync) NOPASSWD: /usr/bin/make -C /srv/dns.debian.org/geo
projects / mirror / dsa-puppet.git / commitdiff