}
}
- if $::hostname in [busoni,holter,lindberg,master,beach,buxtehude] {
+ if $::hostname in [busoni,holter,lindberg,master,beach,buxtehude,picconi] {
include apache2::dynamic
} else {
@ferm::rule { 'dsa-http':
nagiosmaster: tchaikovsky.debian.org
extranrpeclient:
- orff.debian.org
- #packagesmaster: powell.debian.org
+ packagesmaster: picconi.debian.org
packagesqamaster: quantz.debian.org
puppetmaster: handel.debian.org
rtmaster:
- morricone.debian.org
- muffat.debian.org
- nono.debian.org
+ - picconi.debian.org
- popov.debian.org
- quantz.debian.org
- ravel.debian.org
file_transport = address_file
pipe_transport = address_pipe
domains = packages.debian.org
- require_files = /org/packages.debian.org/conf/maintainer
- data = ${lookup{$local_part}cdb{/org/packages.debian.org/conf/maintainer.cdb}}
+ require_files = /srv/packages.debian.org/conf/maintainer
+ data = ${lookup{$local_part}cdb{/srv/packages.debian.org/conf/maintainer.cdb}}
headers_add = "Delivered-To: ${local_part}${local_part_suffix}@${domain}"
- transport_home_directory = /org/packages.debian.org/mail
- transport_current_directory = /org/packages.debian.org/mail
+ transport_home_directory = /srv/packages.debian.org/mail
+ transport_current_directory = /srv/packages.debian.org/mail
check_ancestor
retry_use_local_part
no_more
when "nono.debian.org" then "nm.debian.org: user=nm group=nm directory=/srv/nm.debian.org/mail/"
+ when "picconi.debian.org" then "packages.debian.org: user=pkg_user group=Debian directory=/srv/packages.debian.org/mail/"
+
when "popov.debian.org" then "popcon.debian.org: user=popcon group=popcon directory=/srv/popcon.debian.org/mail/"
when "quantz.debian.org" then "qa.debian.org: user=qa group=qa directory=/srv/qa.debian.org/mail/
}
} else {
file { '/etc/cron.d/puppet-weblog-provider':
- content => "SHELL=/bin/bash\n\n0 */4 * * * weblogsync sleep $((RANDOM % 1800)); rsync -a --delete-excluded --include '*-public-access.log-*gz' --exclude '**' /var/log/apache2/. weblogsync@ravel:-weblogs-incoming-\n",
+ content => "SHELL=/bin/bash\n\n0 */4 * * * weblogsync sleep $((RANDOM \% 1800)); rsync -a --delete-excluded --include '*-public-access.log-*gz' --exclude '**' /var/log/apache2/. weblogsync@ravel:-weblogs-incoming-\n",
}
}
}
when "mahler.debian.org" then "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1bAZGQUdVBdX5N8985OG25yYO6wybV0HmL0jeyun8qOmyi15RlkP8XiWXkvBLE98Nh9Ji2UgMZog7geT65zf+bE2crxu9LmAIbNiMgh+Yk6JFCy8ZFiKmCngHLlkWlD3Z4YTYdSxiETXkE4EB1arXi3wt9h7Iq/h7ZmpVL3njaqPGhdZmo9r+c8eZnwD77VIk+pcCB5Yqh3Nu/RaNAMr9hrHfvd62NnYRG3vcdj9aQo3Cshh8tTqzw10B8lCUKrHSbtL8aFzUrZqFilcNWs36mGVnzcLya/TM1uID9z41O47ZDOfZvLkSmGPb44Jwcdt1DK8r60OBdGoHBOa337N7w== noahm@crystalline-entity"
when "pergolesi.debian.org" then "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEA71vh3lytStDCr6df5u2tyzk45L7i8QoNysP51+ga6+v8kwMva30zw5fUD6BHYwNfwo1UZzUtsGLE5HTxKuBlfXs+myWjqpjbF3xSpPjbxKZYiLKMpJ5CVC0Mp6f2kSQ5sSC6Ue/etlAqs9D4rgbexo00QlOtBVof+Zolr3SyR6Y/Coo4UCHeFIAf8KQmhKhYEfPsIgsm+IsnpHglqZ8krOm60Fzo/K5xwb2raoVyg73cvBpaST3VGqqlT2+iTKLHUTaWSOvIj99KV6mYBdD4V8CCs3FWrKfM7wlXwBm/LVmr406Ho0QUo1zHZckvUITHtFQW0QwHpaR717fWB5lBz0d9VlQMz2JR7WfzX+iJqTAnVljjFYJIIHBQR8Xr0Z2rkSEjpi1Ar4iPQbYswMMnBQSGhITMPysHqZb75WYg17cubUbDwpiKPCdmDc5/iNoRFOLOW7vwcBISynUweRDDgeZI7sSFydEnIVK+hrLLmI/XZe4ekhZZXQYCc/tllc9kt2qpU8EWlFs0zSnUD/Lj0WOcgiSOJ3pzQWBBN2EHpM2FfdFa+qUhReSbIrWDgqLe9pkJ2emHFDRhBT4r2f85dw9BSUSVpxpA69fYCyZprJUs214Cq+nTZCSzKFfvflJR7VdCmEu0d5Wavf740OQ4gVipQHqydQVW5m4tYDQHR/s= hb@freenet-rz.de aka holger.baust@freenet-ag.de"
when "pettersson.debian.org" then "from=\"nixon.acc.umu.se\" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwDw56/XK0/uQB+ZIOZIfZ3vpz9zLRuv6G0U4eU4VavqvaL0dXSNhGJLBDLlfpxtJYwYf/mSoK4WZasbbfHxz8jtIxK9c9aGkVA0GKT+xiHWB3J1SlwJaA7S7Ed8nNcG5PNOVd30BD5LimkS53Nz841e+MgZRuL9SfLALq7er03U= root@nixon"
- when "powell.debian.org", "puccini.debian.org" then "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAvii/FxkFUlSmn4rIuz1AX6B2INlxYmGo4KW9a1qfXk/foZqO8Igaz/c0nULmaC4KTmwOjzoCp1ujeWlTbQhQTTJb/yMc+SjpPCev70OwigCmyfZrpLienlCDQfPHG69QKXgebydkQK7JkVKNT/mBYDeGYG7K23aCNVu9kLanL/4sDbpdPRBleRlUGV+pzgwSbtwlTyKrkPbr4LzNxkVJbkGPMzWxlALCtrH8jgfnbRqnLn36wJzuIWPuWxARr0D7kBOIQTxxH5TkmXk+XVjDDRsbKuRSOi4qKCknmIDGJyx8xEv1fErpAVgzsE6RLWCSVYoBgfaaIJsH0B4xp9ZPUKjvVbUPHM60zwYZcblsdbx5D6RJ04pihHEf58cfALoqLlHwes62aeqeTsEMmm5OK66tGroFoCmm+301i6QBNX4JrDdHODZixV945Q+X345Nth3kathcDCQB1jXvrXKkFRoMff6QQs+HxXlwAHsR+hkSv0YHbcptcGPZFTXpfsiyQTyPHpJOXZsYqCFz0387z4ldSH+Fmq98g1CVgQkNRF8TYHWNp1+pHnrq+gcT8hqv7JDLQ2X6joGmGBpdWkGBmSrRCVQmWmWK0BiDMxb6Z1ysAdLH6mzEwTg3gh4S0BDVmbRb5YNNVI9y5kBNcbX9c7yuiC7IOEKKV5gZOQ5Jv/0= joerg - debianla, 2010-01-15"
when "rem.debian.org" then "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAnHlDow0vUPDbi6OXKAkIV2zFi3xcDQAPLLmWJRY25HKvTLxkHlmXZH6CHrgx5deX4EogK6xWOvjUHdi/RD/BRU9DKFt6mepfGQvJQNeHK44S/yDrmPPWJq/bsCVu1ulOiLxGD4I2ei/4cDhWE5WypRC5Mn9+NOmNZp2kk9IL0UQChOQCXsPsVsch4wsuHns135TSzhH68X2iJK6GkqBeTvMs5DFqf2IbB4iLKASTxQITP1O3HYF4I5hVW9RGQD6i61TPAFKHkeruaMR0c4H7+f+jur9uo3URSTAidylspCST0/qg5xpDAcwDcfLItAtBuILQHyA6NSpBKEWA3zFzemJTDB3E/QEMMRInKJZFIhi08gtnETNxERG1+onss62lVCVn21SMYJQqHNW7GYmVqUlZLUKKUmTaualx0MHO8ODVJg2xzk/X0LWeE/0Nht/cg/DuqqA5DtSqXsw22kNAd+bTMnn0i+gahyCeLVswAhBVKjuLtU9SQXA4GsTxAvDd8rPRtusDI146fvPwgJCXMLStnZvs/22oXVdmMwwWbo5u5qUBqX51AjGI2i3b+JYQJrtBRnR0iNJV1VDiuRhsy48C4wUNRGX+DM78fldpKin5XMsSyEludyh9R7vFFtZMQFCqJelxfgDP5pU+jrxhFKY9rVcHTT0BqgWmpwPHkPs= rmurray@cyberhq
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAt3g97cGfOA9DnAKF6h8RlFDppPtyKfjlyvG4f+gTTYAkJVxeC8aCab4rSlhxNKho6r7OoZRj408J0/rr0INtbA4FnepQBZlvWwrV3vZRafVMq6rwXF3hh22d8iDv+g2HTDiGIlgANwaRlQP56gM9C8sF7gGw4PyaU7qG8+AAn3U= flo@paradigm
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwbRijHuvIC6cZUZwUfqLT5t/4GRvqiBBmYXkRRhwMajTOBeaR6vRx9mZ+UdTAUKno8LuMNvFoovvwXBqqwH7yMa/SHgpA0wXl+bcYUbtoRbOVQEXwX/70Yoo0HLMGwoeuddjUICYZQomLYYLlkrWt1in9g4AGzqtmyCcDrxaneGYOvwJIm4sBhhJfns3j8AK7wIAaOA5fU9azR6JofX8g7QhqVrTlww0yOTlHsqheGUnLVzqPTzcJTPLDWKs9DOZT8a+IOc1R5TS2k07IFZk4TjCodW+iLCKHdudqpS8MKOY9EtfDaANl7JeCNa0NUZRVeXX9H4jtPIJ5/naa6m1XQ== Florian.Lohoff(flo,mW-N,RSA,2048)"
%wbadm ALL=(wbadm) ALL
%mujeres ALL=(women) ALL
%wikiadm ALL=(wiki,wikiweb) ALL
-%qa-core QAHOSTS=(qa) ALL
+%qa-core QAHOSTS=(qa,qa-web-rolex) ALL
%gobby gombert=(gobby) ALL
# the dak user gets to run stuff as dak-unpriv (for things like lintian checks)
--- /dev/null
+; DS record, April 2013'
+29.172.in-addr.arpa. IN DS 29088 7 2 BAD9990C3107B7D30AB51ECEF6976CB1ABD4FF2060B641C9FCF11F4CF7459C4F
+
mode => '0644',
source => 'puppet:///modules/unbound/debian.org.key'
}
+ file { '/var/lib/unbound/29.172.in-addr.arpa.key':
+ ensure => present,
+ replace => false,
+ owner => unbound,
+ group => unbound,
+ mode => '0644',
+ source => 'puppet:///modules/unbound/29.172.in-addr.arpa.key'
+ }
file { '/etc/unbound/unbound.conf':
content => template('unbound/unbound.conf.erb'),
require => [
# auto-trust-anchor-file: ""
auto-trust-anchor-file: "/var/lib/unbound/root.key"
auto-trust-anchor-file: "/var/lib/unbound/debian.org.key"
+ auto-trust-anchor-file: "/var/lib/unbound/29.172.in-addr.arpa.key"
# recursive: <%= @is_recursor ? "y" : "n" %>
<% if not @is_recursor -%>
<% @ns.to_a.flatten.each do |nms| -%>
forward-addr: <%= nms %>
<% end -%>
+# XXX : we probably ought to forward 172.29 reverse queries to our nameserver
+# if our forwarders are not ours.
+<% else -%>
+local-zone: "29.172.in-addr.arpa" nodefault
+forward-zone:
+ name: "29.172.in-addr.arpa"
+ forward-host: ns1.debian.org
+ forward-host: ns2.debian.org
+ forward-host: ns3.debian.org
+ forward-host: ns4.debian.com
<% end -%>
<% if hostname == "zappa" -%>
edns-buffer-size: 512