3 # Stuff common to all debian.org servers
6 include debian_org::apt
10 $servicefiles = 'present'
12 $servicefiles = 'absent'
15 # the virtual facter needs virt-what on jessie to work
16 if versioncmp($::lsbmajdistrelease, '9') < 0 {
17 package { 'virt-what': ensure => installed }
19 package { 'virt-what': ensure => purged }
23 'debian-archive-debian-samhain-reports@master.debian.org',
24 'debian-admin@ftbfs.de',
42 'debian.org-recommended',
48 file { '/etc/ssh/ssh_known_hosts':
52 source => 'puppet:///modules/debian_org/basic-ssh_known_hosts'
55 if versioncmp($::lsbmajdistrelease, '8') >= 0 {
56 $rubyfs_package = 'ruby-filesystem'
58 $rubyfs_package = 'libfilesystem-ruby1.9'
93 if getfromhash($site::nodeinfo, 'broken-rtc') {
94 package { 'fake-hwclock':
100 package { 'molly-guard':
103 file { '/etc/molly-guard/run.d/10-check-kvm':
105 source => 'puppet:///modules/debian_org/molly-guard/10-check-kvm',
106 require => Package['molly-guard'],
108 file { '/etc/molly-guard/run.d/15-acquire-reboot-lock':
110 source => 'puppet:///modules/debian_org/molly-guard/15-acquire-reboot-lock',
111 require => Package['molly-guard'],
114 augeas { 'inittab_replicate':
115 context => '/files/etc/inittab',
117 'set ud/runlevels 2345',
118 'set ud/action respawn',
119 'set ud/process "/usr/bin/ud-replicated -d"',
121 notify => Exec['init q'],
125 file { '/etc/facter':
130 source => 'puppet:///files/empty/',
132 file { '/etc/facter/facts.d':
135 file { '/etc/facter/facts.d/debian_facts.yaml':
136 content => template('debian_org/debian_facts.yaml.erb')
138 file { '/etc/timezone':
139 source => 'puppet:///modules/debian_org/timezone',
140 notify => Exec['dpkg-reconfigure tzdata -pcritical -fnoninteractive'],
142 if $::hostname == handel {
143 include puppetmaster::db
144 $dbpassword = $puppetmaster::db::password
146 file { '/etc/puppet/puppet.conf':
147 content => template('debian_org/puppet.conf.erb'),
151 file { '/etc/default/puppet':
152 source => 'puppet:///modules/debian_org/puppet.default',
154 file { '/etc/systemd':
158 file { '/etc/systemd/system':
162 file { '/etc/systemd/system/ud-replicated.service':
163 ensure => $servicefiles,
164 source => 'puppet:///modules/debian_org/ud-replicated.service',
165 notify => Exec['systemctl daemon-reload'],
168 file { '/etc/systemd/system/multi-user.target.wants/ud-replicated.service':
170 target => '../ud-replicated.service',
171 notify => Exec['systemctl daemon-reload'],
174 file { '/etc/systemd/system/puppet.service':
176 target => '/dev/null',
177 notify => Exec['systemctl daemon-reload'],
179 file { '/etc/systemd/system/proc-sys-fs-binfmt_misc.automount':
181 target => '/dev/null',
182 notify => Exec['systemctl daemon-reload'],
185 file { '/etc/cron.d/dsa-puppet-stuff':
186 content => template('debian_org/dsa-puppet-stuff.cron.erb'),
187 require => Package['debian.org'],
189 file { '/etc/ldap/ldap.conf':
190 require => Package['debian.org'],
191 content => template('debian_org/ldap.conf.erb'),
193 file { '/etc/pam.d/common-session':
194 require => Package['debian.org'],
195 content => template('debian_org/pam.common-session.erb'),
197 file { '/etc/pam.d/common-session-noninteractive':
198 require => Package['debian.org'],
199 content => template('debian_org/pam.common-session-noninteractive.erb'),
201 file { '/etc/rc.local':
203 content => template('debian_org/rc.local.erb'),
204 notify => Exec['service rc.local restart'],
210 file { '/etc/dsa/cron.ignore.dsa-puppet-stuff':
211 source => 'puppet:///modules/debian_org/dsa-puppet-stuff.cron.ignore',
212 require => Package['debian.org']
214 file { '/etc/nsswitch.conf':
216 source => 'puppet:///modules/debian_org/nsswitch.conf',
219 file { '/etc/profile.d/timeout.sh':
221 source => 'puppet:///modules/debian_org/etc.profile.d/timeout.sh',
226 file { '/etc/zsh/zprofile':
228 source => 'puppet:///modules/debian_org/etc.zsh/zprofile',
231 # set mmap_min_addr to 4096 to mitigate
232 # Linux NULL-pointer dereference exploits
233 site::sysctl { 'mmap_min_addr':
236 site::sysctl { 'perf_event_paranoid':
237 key => 'kernel.perf_event_paranoid',
240 site::sysctl { 'puppet-vfs_cache_pressure':
241 key => 'vm.vfs_cache_pressure',
244 site::alternative { 'editor':
245 linkto => '/usr/bin/vim.basic',
247 site::alternative { 'view':
248 linkto => '/usr/bin/vim.basic',
250 mailalias { 'samhain-reports':
252 recipient => $debianadmin,
253 require => Package['debian.org']
256 file { '/usr/local/bin/check_for_updates':
257 source => 'puppet:///modules/debian_org/check_for_updates',
262 file { '/usr/local/bin/dsa-is-shutdown-scheduled':
263 source => 'puppet:///modules/debian_org/dsa-is-shutdown-scheduled',
267 exec { 'dpkg-reconfigure tzdata -pcritical -fnoninteractive':
268 path => '/usr/bin:/usr/sbin:/bin:/sbin',
271 exec { 'service puppetmaster restart':
274 exec { 'service rc.local restart':
281 exec { 'systemctl daemon-reload':
283 onlyif => "test -x /bin/systemctl"
286 exec { 'systemd-tmpfiles --create --exclude-prefix=/dev':
288 onlyif => "test -x /bin/systemd-tmpfiles"
291 tidy { '/var/lib/puppet/clientbucket/':
295 matches => [ 'paths', 'contents' ],
299 file { '/root/.bashrc':
300 source => 'puppet:///modules/debian_org/root-dotfiles/bashrc',
302 file { '/root/.profile':
303 source => 'puppet:///modules/debian_org/root-dotfiles/profile',
305 file { '/root/.selected_editor':
306 source => 'puppet:///modules/debian_org/root-dotfiles/selected_editor',
308 file { '/root/.screenrc':
309 source => 'puppet:///modules/debian_org/root-dotfiles/screenrc',
311 file { '/root/.tmux.conf':
312 source => 'puppet:///modules/debian_org/root-dotfiles/tmux.conf',
314 file { '/root/.vimrc':
315 source => 'puppet:///modules/debian_org/root-dotfiles/vimrc',
318 if versioncmp($::lsbmajdistrelease, '9') >= 0 { # older puppets do facts as strings.
319 if $::processorcount > 1 {
320 package { 'irqbalance': ensure => installed }
projects / mirror / dsa-puppet.git / blob