From 8d5d8fbb2cdb5bde6c1ef95b060073bfb5189c31 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 15 Sep 2019 18:25:06 +0200
Subject: [PATCH] security_upload -> hiera role

---
 hieradata/common.yaml                      |  2 --
 hieradata/nodes/suchon.debian.org.yaml     |  1 +
 modules/roles/manifests/init.pp            |  3 --
 modules/roles/manifests/security_upload.pp | 42 +++++++++++-----------
 4 files changed, 22 insertions(+), 26 deletions(-)

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index 4c39fc1a7..00b256df9 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -105,8 +105,6 @@ roles:
       fastly-backend: true
   security_tracker:
     - soriano.debian.org
-  security_upload:
-    - suchon.debian.org
   sso:
     - diabelli.debian.org
   # single sign on relying party (host) - also required apache2 module enabled on that host via other means
diff --git a/hieradata/nodes/suchon.debian.org.yaml b/hieradata/nodes/suchon.debian.org.yaml
index 49ef5b055..336dd06da 100644
--- a/hieradata/nodes/suchon.debian.org.yaml
+++ b/hieradata/nodes/suchon.debian.org.yaml
@@ -1,3 +1,4 @@
 ---
 classes:
+  - roles::security_upload
   - roles::ssh_upload
diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp
index bc752fb87..4e4a9a27d 100644
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -34,9 +34,6 @@ class roles {
 		include roles::dakmaster
 		include roles::signing
 	}
-	if has_role('security_upload') {
-		include roles::security_upload
-	}
 	#
 	# security.debian.org
 	if has_role('security_master') {
diff --git a/modules/roles/manifests/security_upload.pp b/modules/roles/manifests/security_upload.pp
index 3963136da..c972d417f 100644
--- a/modules/roles/manifests/security_upload.pp
+++ b/modules/roles/manifests/security_upload.pp
@@ -1,25 +1,25 @@
 class roles::security_upload {
-	file { '/srv/security.upload.debian.org':
-		ensure	=> directory,
-		mode	=> '2755',
-		owner	=> dak,
-		group	=> debadmin,
-	}
+  file { '/srv/security.upload.debian.org':
+    ensure => directory,
+    mode   => '2755',
+    owner  => dak,
+    group  => debadmin,
+  }
 
-	file { '/etc/ssh/userkeys/dak':
-		ensure  => present,
-		mode    => '644',
-		owner   => dak,
-		group   => debadmin,
-	}
+  file { '/etc/ssh/userkeys/dak':
+    ensure => present,
+    mode   => '0644',
+    owner  => dak,
+    group  => debadmin,
+  }
 
-	vsftpd::site { 'security-upload':
-		banner     => 'ftp.security.upload.debian.org FTP server',
-		logfile    => '/var/log/ftp/vsftpd-security.upload.debian.org.log',
-		writable   => true,
-		readable   => false,
-		listable   => false,
-		chown_user => dak-unpriv,
-		root       => '/srv/security.upload.debian.org/ftp',
-	}
+  vsftpd::site { 'security-upload':
+    banner     => 'ftp.security.upload.debian.org FTP server',
+    logfile    => '/var/log/ftp/vsftpd-security.upload.debian.org.log',
+    writable   => true,
+    readable   => false,
+    listable   => false,
+    chown_user => dak-unpriv,
+    root       => '/srv/security.upload.debian.org/ftp',
+  }
 }
-- 
2.20.1