move exim vs. postfix, heavy vs. not, into hiera

[mirror/dsa-puppet.git] / data / common.yaml

---

lookup_options:
  # with merge: unique entries in other hiera sources add to the array
  resolv::searchpaths:
    merge: unique
  apt::sources::debian::location:
    merge: unique

# class parameters
resolv::nameservers: []
resolv::searchpaths: ['debian.org']
staticsync::user: 'staticsync'
staticsync::basedir: '/srv/static.debian.org'
exim::smarthost: 'mailout.debian.org'

roles::dns_primary::allow_access:
  # easydns
  - '64.68.200.91'
  - '205.210.42.80'
  # rcode0
  - '83.136.34.0/27'
  - '2a02:850:8::/47'
  # netnod
  - '192.71.80.0/24'
  - '192.36.144.222'
  - '192.36.144.218'
  - '194.146.105.24'
  - '194.146.105.25'
  - '2a01:3f0:0:27::24'
  - '2a01:3f0:0:28::25'

# other variables
allow_dns_query: []
role_config__mirrors:
  mirror_basedir_prefix: '/srv/mirrors/'
role_config__syncproxy:
  mirror_basedir_prefix: '/srv/mirrors/'
samhain_recipients:
  - 'debian-archive-debian-samhain-reports@master.debian.org'
  - 'debian-admin@ftbfs.de'
  - 'weasel@debian.org'
  - 'zumbi@oron.es'
root_mail_alias:
  - 'debian-admin@debian.org'
paths:
  letsencrypt_dir: '/srv/puppet.debian.org/from-letsencrypt'
  auto_certs_dir: '/srv/puppet.debian.org/ca/RESULT/certs'
  auto_clientcerts_dir: '/srv/puppet.debian.org/ca/RESULT/clientcerts'
apt::sources::debian::location: 'https://deb.debian.org/debian/'


# all of these should be retired in favour of including the class role
# with the host. weasel, 2019-09
roles:
  ftp_master:
    # XXX - used by ferm templates/defs.conf.erb
    - fasolo.debian.org
  mailrelay:
    # XXX - ONLY used by ferm templates/defs.conf.erb
    - mailly.debian.org
    - muffat.debian.org
  muninmaster:
    # XXX - used by ferm templates/defs.conf.erb
    - menotti.debian.org
  nagiosmaster:
    # XXX - used by ferm templates/defs.conf.erb
    - tchaikovsky.debian.org
  security_master:
    # XXX - used by ferm templates/defs.conf.erb
    - seger.debian.org
  security_mirror:
    # XXX used also in ferm me.conf.erb
    mirror-anu.debian.org:
      fastly-backend: false
    mirror-csail.debian.org:
      fastly-backend: false
    mirror-isc.debian.org:
      onion_v4_address: 149.20.4.14
    mirror-umn.debian.org:
      onion_v4_address: 128.101.240.215
    mirror-accumu.debian.org:
      fastly-backend: false
    mirror-skroutz.debian.org:
      fastly-backend: false
    lobos.debian.org:
      service-hostname: lobos.security.backend.mirrors.debian.org
      fastly-backend: false
      onion_v4_address: 212.211.132.250
    santoro.debian.org:
      fastly-backend: false
    schmelzer.debian.org:
      fastly-backend: false
    schumann.debian.org:
      service-hostname: schumann.security.backend.mirrors.debian.org
      fastly-backend: true
    setoguchi.debian.org:
      fastly-backend: false
    sechter.debian.org:
      fastly-backend: false
    villa.debian.org:
      service-hostname: villa.security.backend.mirrors.debian.org
      fastly-backend: true
      onion_v4_address: 212.211.132.32
    wieck.debian.org:
      service-hostname: wieck.security.backend.mirrors.debian.org
      fastly-backend: true
  postgres_backup_server:
    # XXX - used by ferm templates/defs.conf.erb
    - backuphost.debian.org
    - storace.debian.org
  debian_mirror:
    # XXX used also in ferm me.conf.erb
    klecker.debian.org:
      listen-addresses:
        - '130.89.148.12:80'
        - '[2001:67c:2564:a119::148:12]:80'
      onion_v4_address: 130.89.148.12
    new-klecker.debian.org: {}
    mirror-accumu.debian.org:
      service-hostname: accumu.debian.backend.mirrors.debian.org
      fastly-backend: true
    mirror-skroutz.debian.org:
      service-hostname: skroutz.debian.backend.mirrors.debian.org
      fastly-backend: true
    mirror-isc.debian.org:
      listen-addresses:
        - '149.20.4.15:80'
        - '[2001:4f8:1:c::15]:80'
      onion_v4_address: 149.20.4.15
    schmelzer.debian.org:
      listen-addresses:
        - '217.196.149.232:80'
        - '[2a02:16a8:dc41:100::232]:80'
      fastly-backend: true
      service-hostname: conova.debian.backend.mirrors.debian.org
  historical_master:
    # XXX - used by ferm templates/defs.conf.erb
    - sibelius.debian.org
  historical_mirror:
    # XXX used also in ferm me.conf.erb
    - gretchaninov.debian.org
    - klecker.debian.org
    - schmelzer.debian.org
    - sibelius.debian.org
  debug_mirror:
    # XXX used also in ferm me.conf.erb
    mirror-accumu.debian.org:
      onion_v4_address: 130.242.6.199
      service-hostname: accumu.debug.backend.mirrors.debian.org
    schmelzer.debian.org:
      listen-addresses:
        - '217.196.149.232:80'
        - '[2a02:16a8:dc41:100::232]:80'
      onion_v4_address: 217.196.149.232
      service-hostname: conova.debug.backend.mirrors.debian.org
  debug_mirror_onion:
    - mirror-accumu.debian.org
    - schmelzer.debian.org
  ports_master:
    # XXX - used by ferm templates/defs.conf.erb
    - porta.debian.org
  bgp:
    - mirror-accumu.debian.org
    - mirror-skroutz.debian.org
  postgresql_server:
    # postgresql instances not managed by puppet otherwise
    - bmdb1.debian.org
    - buxtehude.debian.org
    - danzi.debian.org
    - fasolo.debian.org
    - lw07.debian.org
    - melartin.debian.org
    - postgresql-manda-01.debian.org
    - sallinen.debian.org
    - seger.debian.org
    - snapshotdb-manda-01.debian.org
    - vittoria.debian.org

classes:
  - base::includes