From 3a36bb2220e5f0d420a23f1de07152cbea63a897 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 29 Oct 2016 09:26:54 +0200
Subject: [PATCH] remove dacs

---
 manifests/site.pp                             |   4 -
 modules/dacs/files/common/acl-noauth.0        |  10 --
 modules/dacs/files/common/acl-private.0       |  10 --
 modules/dacs/files/common/dacs.conf           |  44 -----
 modules/dacs/files/common/jurisdictions.grp   |   9 -
 modules/dacs/files/common/revocations         |   0
 modules/dacs/files/common/site.conf           | 163 ------------------
 .../per-host/nono.debian.org/acl-noauth.0     |  10 --
 .../per-host/nono.debian.org/acl-private.0    |  11 --
 .../files/per-host/nono.debian.org/dacs.conf  |  47 -----
 .../per-host/rossini.debian.org/acl-private.0 |  13 --
 .../per-host/spohr.debian.org/acl-private.0   |  13 --
 modules/dacs/manifests/init.pp                |  82 ---------
 modules/dacs/templates/dacs.logrotate.erb     |  16 --
 14 files changed, 432 deletions(-)
 delete mode 100644 modules/dacs/files/common/acl-noauth.0
 delete mode 100644 modules/dacs/files/common/acl-private.0
 delete mode 100644 modules/dacs/files/common/dacs.conf
 delete mode 100644 modules/dacs/files/common/jurisdictions.grp
 delete mode 100644 modules/dacs/files/common/revocations
 delete mode 100644 modules/dacs/files/common/site.conf
 delete mode 100644 modules/dacs/files/per-host/nono.debian.org/acl-noauth.0
 delete mode 100644 modules/dacs/files/per-host/nono.debian.org/acl-private.0
 delete mode 100644 modules/dacs/files/per-host/nono.debian.org/dacs.conf
 delete mode 100644 modules/dacs/files/per-host/rossini.debian.org/acl-private.0
 delete mode 100644 modules/dacs/files/per-host/spohr.debian.org/acl-private.0
 delete mode 100644 modules/dacs/manifests/init.pp
 delete mode 100644 modules/dacs/templates/dacs.logrotate.erb

diff --git a/manifests/site.pp b/manifests/site.pp
index 091e769bd..9b3aa43b5 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -98,10 +98,6 @@ node default {
 		include named::geodns
 	}
 
-	#if $::hostname in [diabelli,nono,tchaikovsky] {
-	#	include dacs
-	#}
-
 	if $::hostname in [buxtehude,glinka,milanollo,lw01,lw02,lw03,lw04,senfter,gretchaninov] {
 		include nfs-server
 	}
diff --git a/modules/dacs/files/common/acl-noauth.0 b/modules/dacs/files/common/acl-noauth.0
deleted file mode 100644
index a7f4a8eca..000000000
--- a/modules/dacs/files/common/acl-noauth.0
+++ /dev/null
@@ -1,10 +0,0 @@
-<acl_rule status="enabled">
-  <services>
-      <service url_pattern="/sso/*"/>
-      <service url_pattern="/static/*"/>
-  </services>
-  <rule order="allow,deny">
-   <allow>
-   </allow>
-  </rule>
-</acl_rule>
diff --git a/modules/dacs/files/common/acl-private.0 b/modules/dacs/files/common/acl-private.0
deleted file mode 100644
index 1da563da9..000000000
--- a/modules/dacs/files/common/acl-private.0
+++ /dev/null
@@ -1,10 +0,0 @@
-<acl_rule status="enabled">
-  <services>
-      <service url_pattern="/*"/>
-  </services>
-  <rule order="allow,deny" pass_http_cookie="yes">
-   <allow>
-       user("auth")
-   </allow>
-  </rule>
-</acl_rule>
diff --git a/modules/dacs/files/common/dacs.conf b/modules/dacs/files/common/dacs.conf
deleted file mode 100644
index 3919598f2..000000000
--- a/modules/dacs/files/common/dacs.conf
+++ /dev/null
@@ -1,44 +0,0 @@
-<Configuration xmlns="http://dss.ca/dacs/v1.4">
-
- <Default>
-   FEDERATION_DOMAIN "debian.org"
-   FEDERATION_NAME "DEBIANORG"
-   EVAL ${Conf::JURISDICTION_AUTHSERVER}="sso.debian.org"
-   LOG_LEVEL "notice"
- </Default>
- <Jurisdiction uri="*.debian.org">
-   JURISDICTION_NAME "DEBIAN"
-   ADMIN_IDENTITY "DEBIAN:zobel"
-   <Auth id="guest-apache-htpasswd">
-     URL "https://sso.debian.org/cgi-bin/dacs/local_apache_authenticate"
-     STYLE "pass"
-     CONTROL "sufficient"
-     OPTION "AUTH_FILE=/etc/apache2/dsa-guest-web-passwords"
-     OPTION "AUTH_MODULE=mod_auth"
-   </Auth>
-
-   <Auth id="debian-apache-htpasswd">
-     URL "https://sso.debian.org/cgi-bin/dacs/local_apache_authenticate"
-     STYLE "pass"
-     CONTROL "required"
-     OPTION "AUTH_FILE=/var/lib/misc/thishost/web-passwords"
-     OPTION "AUTH_MODULE=mod_auth"
-   </Auth>
-
-<!--
-   <Auth id="ldap">
-     URL "https://sso.debian.org/cgi-bin/dacs/local_ldap_authenticate"
-     STYLE "password"
-     CONTROL "required"
-     LDAP_BIND_METHOD "direct"
-     LDAP_USERNAME_URL* '"ldap://127.0.0.1/uid=" \
-        . encode(url, ${Args::USERNAME}) . ",ou=users,dc=debian,dc=org"'
-     LDAP_USERNAME_EXPR* '"${LDAP::uid}"'
-     LDAP_ROLES_SELECTOR* '"${LDAP::attrname}" eq "supplementaryGid" \
-       ? strtr(ldap(rdn_attrvalue, \
-           ldap(dn_index, "${LDAP::attrvalue}", 1)), " ", "_") \
-       : 0'
-   </Auth>
- -->
- </Jurisdiction>
-</Configuration>
diff --git a/modules/dacs/files/common/jurisdictions.grp b/modules/dacs/files/common/jurisdictions.grp
deleted file mode 100644
index eaae094f1..000000000
--- a/modules/dacs/files/common/jurisdictions.grp
+++ /dev/null
@@ -1,9 +0,0 @@
-<groups xmlns="http://dss.ca/dacs/v1.4">
- <group_definition jurisdiction="DEBIAN" name="jurisdictions"
-     mod_date="Tue, 14-Jun-2005 16:06:00 GMT" type="public">
-   <group_member jurisdiction="DEBIAN" name="DEBIAN Jurisdiction" type="meta"
-     alt_name="Test Jurisdiction for DEBIAN"
-     dacs_url="http://sso.debian.org/cgi-bin/dacs"
-     authenticates="yes" prompts="no"/>
- </group_definition>
-</groups>
diff --git a/modules/dacs/files/common/revocations b/modules/dacs/files/common/revocations
deleted file mode 100644
index e69de29bb..000000000
diff --git a/modules/dacs/files/common/site.conf b/modules/dacs/files/common/site.conf
deleted file mode 100644
index 2b60013b0..000000000
--- a/modules/dacs/files/common/site.conf
+++ /dev/null
@@ -1,163 +0,0 @@
-<!-- $Id: site.conf-std 2503 2010-06-23 16:56:53Z brachman $ -->
-
-<!-- ** DO NOT EDIT THIS FILE -->
-<!-- ** This is the standard site.conf file for your release of DACS. -->
-<!-- ** This file may be changed with each new release of DACS. -->
-<!-- ** Put customizations in your dacs.conf file. -->
-<!-- ** See dacs.conf(5) for information about these directives. -->
-
-<Configuration>
-
-<Default>
-# TURN OFF ONLY FOR TESTING PURPOSES!
-SECURE_MODE "on"
-
-STATUS_LINE "off"
-
-NAME_COMPARE "case"
-
-# Establish default URL prefixes for the default access control rules.
-# Examine acls/acl-* in the distribution directory to see how these
-# variables are used.
-# Adjust or override these as necessary for your environment.
-EVAL ${Conf::dacs_cgi_bin_prefix} = "/cgi-bin/dacs"
-#EVAL ${Conf::dacs_sbin_prefix} = "${Conf::DACS_HOME}/sbin"
-EVAL ${Conf::dacs_htdocs_prefix} = ""
-
-# You might consider setting this to ".cgi" or ".exe" so that the default
-# access control rules work for DACS CGI executables.
-#EVAL ${Conf::dacs_cgi_bin_suffix} = ${Conf::CGI_SUFFIX}
-
-# Used by ustamp(), this must be a pathname, not a vfs object
-#EVAL ${Conf::ustamp_seqno} = "${Conf::DACS_HOME}/federations/seqno"
-
-# Enable for testing purposes only!
-ALLOW_HTTP_COOKIE "no"
-
-# See dacs_auth_agent(8)
-AUTH_AGENT_ALLOW_ADMIN_IDENTITY "no"
-
-#LOG_FILE "${Conf::DACS_HOME}/logs/${Conf::JURISDICTION_NAME}-" . strftime("%d-%b-%y") . ".log"
-LOG_FILE "/var/log/dacs/${Conf::JURISDICTION_NAME}.log"
-#LOG_FORMAT ${Env::REMOTE_ADDR:e} ? "[%t] [%l] [%p,%c,%F] [%sp:\"%sm\",%sf:%sl]" : "%a[%l]:"
-#LOG_LEVEL ${Env::REMOTE_ADDR:e} ? "INFO" : undef()
-LOG_LEVEL "notice"
-LOG_SENSITIVE "no"
-# Since it produces a lot of logging when tracing, override the default log
-# level for messages produced by the file crypt.c; for that file only, set
-# the log level to "debug"
-LOG_FILTER 'filename exact debug "crypto.c"'
-
-
-AUTH_FAIL_DELAY_SECS 2
-
-VERIFY_IP "no"
-
-# Override this if you must, but this default will avoid potential problems
-# and assorted complications if a request can be associated with multiple
-# identities
-ACS_CREDENTIALS_LIMIT "1"
-
-# The backward compatible default is to chuck the arguments and continue
-# if there is a problem with POST arguments
-#ACS_POST_EXCEPTION_MODE "discard"
-
-AUTH_CREDENTIALS_ADMIN_LIFETIME_SECS "20"
-AUTH_CREDENTIALS_DEFAULT_LIFETIME_SECS "43200"
-
-# Optional: A single DACS username eligible for administrative rights
-# This directive may be repeated to define multiple admins
-#ADMIN_IDENTITY "METALOGIC:rmorriso"
-
-# Default access control handlers
-# Note that these error handlers use local web-paths (relative to the
-# DocumentRoot), not full file pathnames.  For the default configuration to
-# work properly, they require an Apache Alias directive to be configured to map
-# "/handlers" to "${Conf::DACS_HOME}/www/handlers".
-ACS_ERROR_HANDLER    "* https://${Conf::JURISDICTION_AUTHSERVER}/sso/acs_error"
-
-# Default authentication and signout handlers
-# Since these are relative URLs, the Alias directive must be used as
-# explained above.
-# Note that the syntaxes of these directives are different from that of
-# ACS_ERROR_HANDLER.
-#AUTH_SUCCESS_HANDLER "url /handlers/auth_ok.html"
-AUTH_SUCCESS_HANDLER "https://${Conf::JURISDICTION_AUTHSERVER}/sso/login"
-AUTH_ERROR_HANDLER   "* https://${Conf::JURISDICTION_AUTHSERVER}/sso/login_error"
-SIGNOUT_HANDLER      "https://${Conf::JURISDICTION_AUTHSERVER}/sso/logout"
-
-# These handlers can only be URLs (absolute or relative)
-NOTICES_ACCEPT_HANDLER "/handlers/notices_accepted.html"
-NOTICES_DECLINE_HANDLER "/handlers/notices_declined.html"
-
-NOTICES_ACK_HANDLER ""
-NOTICES_SECURE_HANDLER "yes"
-NOTICES_WORKFLOW_LIFETIME_SECS 120
-NOTICES_NAT_NAME_PREFIX "NAT-DACS"
-
-SSL_PROG "${Conf::DACS_HOME}/bin/sslclient"
-# Override this if you need it - this example is undoubtedly incorrect
-#SSL_PROG_CA_CRT "${Conf::APACHE_HOME}/conf/dacs.example.com/ssl.crt/server.crt"
-SSL_PROG_CA_CRT "/usr/share/ca-certificates/spi-inc.org/spi-cacert-2008.crt"
-
-# The default digest algorithm to use for DACS password entries
-PASSWORD_DIGEST "SHA1"
-
-# The URLs for schemas and DTDs used by DACS
-# Configure for your environment
-XSD_BASE_URL "/dtd-xsd"
-DTD_BASE_URL "/dtd-xsd"
-
-# The location of a directory containing the DTDs
-VFS "[dtds]dacs-fs:${Conf::DACS_HOME}/www/dtd-xsd"
-
-# The location of a file containing federation-wide encryption keys
-VFS "[federation_keys]dacs-fs:${Conf::FEDERATIONS_ROOT}/${Conf::FEDERATION_DOMAIN}/federation_keyfile"
-
-# The location of a file containing jurisdiction-specific encryption keys
-VFS "[jurisdiction_keys]dacs-fs:${Conf::FEDERATIONS_ROOT}/${Conf::FEDERATION_DOMAIN}/${Conf::JURISDICTION_NAME}/jurisdiction_keyfile"
-
-# The location of a directory containing the revocation file ("revocations")
-VFS "[revocations]dacs-fs:${Conf::FEDERATIONS_ROOT}/${Conf::FEDERATION_DOMAIN}/${Conf::JURISDICTION_NAME}/acls/revocations"
-
-# The location of the root directory containing jurisdictional ACLs
-VFS "[acls]dacs-fs:${Conf::FEDERATIONS_ROOT}/${Conf::FEDERATION_DOMAIN}/${Conf::JURISDICTION_NAME}/acls"
-
-# The location of the root directory containing default ACLs for DACS services
-#VFS "[dacs_acls]dacs-fs:${Conf::DACS_HOME}/acls"
-VFS "[dacs_acls]dacs-fs:/etc/dacs/acls"
-
-# The location of the root directory for groups
-VFS "[groups]dacs-fs:${Conf::FEDERATIONS_ROOT}/${Conf::FEDERATION_DOMAIN}/${Conf::JURISDICTION_NAME}/groups"
-
-# The pseudo-type mounted on the DACS password file
-VFS "[passwds]dacs-kwv-fs:${Conf::FEDERATIONS_ROOT}/${Conf::FEDERATION_DOMAIN}/${Conf::JURISDICTION_NAME}/passwd"
-
-# The pseudo-type mounted on the DACS roles file
-VFS "[roles]dacs-kwv-fs:${Conf::FEDERATIONS_ROOT}/${Conf::FEDERATION_DOMAIN}/${Conf::JURISDICTION_NAME}/roles"
-
-# For dacstoken/local_token_authenticate
-VFS "[auth_token]dacs-kwv-fs:${Conf::FEDERATIONS_ROOT}/${Conf::FEDERATION_DOMAIN}/${Conf::JURISDICTION_NAME}/auth_tokens"
-VFS "[auth_token_keys]dacs-fs:${Conf::FEDERATIONS_ROOT}/${Conf::FEDERATION_DOMAIN}/${Conf::JURISDICTION_NAME}/auth_token_keys"
-VFS "[auth_token_keys_prev]dacs-fs:${Conf::FEDERATIONS_ROOT}/${Conf::FEDERATION_DOMAIN}/${Conf::JURISDICTION_NAME}/auth_token_keys.prev"
-
-# This partially determines when a user agent will send a DACS cookie.
-# Set it to the most specific URL path under which all DACS-wrapped
-# services appear.  This is particularly important if some CGI programs
-# at the jurisdiction are not trusted, since they might be used to steal
-# DACS identities.
-COOKIE_PATH "/"
-
-HTTP_PROG "${Conf::DACS_HOME}/bin/http"
-
-# InfoCard-related defaults
-# This assumes there is an Apache 'Alias' directive; e.g.,
-#     Alias /infocards "/usr/local/dacs/www/infocards/"
-INFOCARD_CARD_IMAGE_BASE_URL  "${Conf::DACS_HOME}/www/infocards"
-INFOCARD_CARD_OUTPUTDIR       "${Conf::DACS_HOME}/www/infocards/output"
-INFOCARD_IP_PRIVACY_URL       "/infocards/managed_privacy_default.txt"
-INFOCARD_IP_PRIVACY_VERSION   "1"
-
-</Default>
-
-</Configuration>
diff --git a/modules/dacs/files/per-host/nono.debian.org/acl-noauth.0 b/modules/dacs/files/per-host/nono.debian.org/acl-noauth.0
deleted file mode 100644
index 00a1f24b2..000000000
--- a/modules/dacs/files/per-host/nono.debian.org/acl-noauth.0
+++ /dev/null
@@ -1,10 +0,0 @@
-<acl_rule status="enabled">
-  <services>
-      <service url_pattern="/*"/>
-      <service url_pattern="/public/*"/>
-  </services>
-  <rule order="allow,deny">
-   <allow>
-   </allow>
-  </rule>
-</acl_rule>
diff --git a/modules/dacs/files/per-host/nono.debian.org/acl-private.0 b/modules/dacs/files/per-host/nono.debian.org/acl-private.0
deleted file mode 100644
index 359a47fa8..000000000
--- a/modules/dacs/files/per-host/nono.debian.org/acl-private.0
+++ /dev/null
@@ -1,11 +0,0 @@
-<acl_rule status="enabled">
-  <services>
-      <service url_pattern="/am/*"/>
-      <service url_pattern="/login/dacs"/>
-  </services>
-  <rule order="allow,deny" pass_http_cookie="yes">
-   <allow>
-       user("auth")
-   </allow>
-  </rule>
-</acl_rule>
diff --git a/modules/dacs/files/per-host/nono.debian.org/dacs.conf b/modules/dacs/files/per-host/nono.debian.org/dacs.conf
deleted file mode 100644
index 3f55d1e17..000000000
--- a/modules/dacs/files/per-host/nono.debian.org/dacs.conf
+++ /dev/null
@@ -1,47 +0,0 @@
-<Configuration xmlns="http://dss.ca/dacs/v1.4">
-
- <Default>
-   FEDERATION_DOMAIN "debian.org"
-   FEDERATION_NAME "DEBIANORG"
-   EVAL ${Conf::JURISDICTION_AUTHSERVER}="sso.debian.org"
-   LOG_LEVEL "notice"
- </Default>
- <Jurisdiction uri="209.87.16.26">
-   JURISDICTION_NAME "DEBIAN"
-   ADMIN_IDENTITY "DEBIAN:zobel"
-   <Auth id="guest-apache-htpasswd">
-     URL "https://sso.debian.org/cgi-bin/dacs/local_apache_authenticate"
-     STYLE "pass"
-     CONTROL "sufficient"
-     OPTION "AUTH_FILE=/etc/apache2/dsa-guest-web-passwords"
-     OPTION "AUTH_MODULE=mod_auth"
-   </Auth>
-
-   <Auth id="debian-apache-htpasswd">
-     URL "https://sso.debian.org/cgi-bin/dacs/local_apache_authenticate"
-     STYLE "pass"
-     CONTROL "required"
-     OPTION "AUTH_FILE=/var/lib/misc/thishost/web-passwords"
-     OPTION "AUTH_MODULE=mod_auth"
-   </Auth>
- </Jurisdiction>
- <Jurisdiction uri="*.debian.org">
-   JURISDICTION_NAME "DEBIAN"
-   ADMIN_IDENTITY "DEBIAN:zobel"
-   <Auth id="guest-apache-htpasswd">
-     URL "https://sso.debian.org/cgi-bin/dacs/local_apache_authenticate"
-     STYLE "pass"
-     CONTROL "sufficient"
-     OPTION "AUTH_FILE=/etc/apache2/dsa-guest-web-passwords"
-     OPTION "AUTH_MODULE=mod_auth"
-   </Auth>
-
-   <Auth id="debian-apache-htpasswd">
-     URL "https://sso.debian.org/cgi-bin/dacs/local_apache_authenticate"
-     STYLE "pass"
-     CONTROL "required"
-     OPTION "AUTH_FILE=/var/lib/misc/thishost/web-passwords"
-     OPTION "AUTH_MODULE=mod_auth"
-   </Auth>
- </Jurisdiction>
-</Configuration>
diff --git a/modules/dacs/files/per-host/rossini.debian.org/acl-private.0 b/modules/dacs/files/per-host/rossini.debian.org/acl-private.0
deleted file mode 100644
index 9f891825e..000000000
--- a/modules/dacs/files/per-host/rossini.debian.org/acl-private.0
+++ /dev/null
@@ -1,13 +0,0 @@
-<acl_rule status="enabled">
-  <services>
-      <service url_pattern="/*"/>
-  </services>
-  <rule order="allow,deny" pass_http_cookie="yes">
-   <allow>
-       from("206.12.19.118")
-   </allow>
-   <allow>
-       user("auth")
-   </allow>
-  </rule>
-</acl_rule>
diff --git a/modules/dacs/files/per-host/spohr.debian.org/acl-private.0 b/modules/dacs/files/per-host/spohr.debian.org/acl-private.0
deleted file mode 100644
index 9f891825e..000000000
--- a/modules/dacs/files/per-host/spohr.debian.org/acl-private.0
+++ /dev/null
@@ -1,13 +0,0 @@
-<acl_rule status="enabled">
-  <services>
-      <service url_pattern="/*"/>
-  </services>
-  <rule order="allow,deny" pass_http_cookie="yes">
-   <allow>
-       from("206.12.19.118")
-   </allow>
-   <allow>
-       user("auth")
-   </allow>
-  </rule>
-</acl_rule>
diff --git a/modules/dacs/manifests/init.pp b/modules/dacs/manifests/init.pp
deleted file mode 100644
index 3eb939200..000000000
--- a/modules/dacs/manifests/init.pp
+++ /dev/null
@@ -1,82 +0,0 @@
-# = Class: dacs
-#
-# This class installs and configures dacs for web auth
-#
-# == Sample Usage:
-#
-#   include dacs
-#
-class dacs {
-	package { 'dacs':
-		ensure => installed,
-	}
-	package { 'libapache2-mod-dacs':
-		ensure => installed,
-	}
-
-	File {
-		owner => root,
-		group => www-data,
-		mode  => '0640',
-	}
-
-	file { '/var/log/dacs':
-		ensure  => directory,
-		mode    => '0770',
-		purge   => true,
-	}
-	file { [
-			'/etc/dacs/federations',
-			'/etc/dacs/federations/debian.org/',
-			'/etc/dacs/federations/debian.org/DEBIAN',
-			'/etc/dacs/federations/debian.org/DEBIAN/acls',
-			'/etc/dacs/federations/debian.org/DEBIAN/groups',
-			'/etc/dacs/federations/debian.org/DEBIAN/groups/DACS'
-		]:
-		ensure  => directory,
-		mode    => '0750',
-		require => Package['libapache2-mod-dacs'],
-		purge   => true
-	}
-	file { '/etc/logrotate.d/dacs':
-		content => template('dacs/dacs.logrotate.erb'),
-		owner => root,
-		group => root,
-		mode  => '0644',
-	}
-	file { '/etc/dacs/federations/site.conf':
-		source  => 'puppet:///modules/dacs/common/site.conf',
-	}
-	file { '/etc/dacs/federations/debian.org/DEBIAN/dacs.conf':
-		source  => [ "puppet:///modules/dacs/per-host/${::fqdn}/dacs.conf",
-			'puppet:///modules/dacs/common/dacs.conf', ],
-	}
-	file { '/etc/dacs/federations/debian.org/DEBIAN/acls/revocations':
-		source  => 'puppet:///modules/dacs/common/revocations',
-	}
-	file { '/etc/dacs/federations/debian.org/DEBIAN/groups/DACS/jurisdictions.grp':
-		source  => 'puppet:///modules/dacs/common/jurisdictions.grp',
-	}
-	file { '/etc/dacs/federations/debian.org/DEBIAN/acls/acl-noauth.0':
-		source  => [ "puppet:///modules/dacs/per-host/${::fqdn}/acl-noauth.0",
-			'puppet:///modules/dacs/common/acl-noauth.0' ],
-		notify  => Exec['dacsacl']
-	}
-	file { '/etc/dacs/federations/debian.org/DEBIAN/acls/acl-private.0':
-		source  => [ "puppet:///modules/dacs/per-host/${::fqdn}/acl-private.0",
-			'puppet:///modules/dacs/common/acl-private.0' ],
-		notify  => Exec['dacsacl']
-	}
-	file { '/etc/dacs/federations/debian.org/federation_keyfile':
-		source  => 'puppet:///modules/dacs/private/debian.org_federation_keyfile',
-	}
-	file { '/etc/dacs/federations/debian.org/DEBIAN/jurisdiction_keyfile':
-		source  => 'puppet:///modules/dacs/private/DEBIAN_jurisdiction_keyfile',
-	}
-
-	exec { 'dacsacl':
-		command     => 'dacsacl -sc /etc/dacs/federations/site.conf -c /etc/dacs/federations/debian.org/DEBIAN/dacs.conf -uj DEBIAN && chown root:www-data /etc/dacs/federations/debian.org/DEBIAN/acls/INDEX',
-		refreshonly => true,
-	}
-
-}
diff --git a/modules/dacs/templates/dacs.logrotate.erb b/modules/dacs/templates/dacs.logrotate.erb
deleted file mode 100644
index 789e3344c..000000000
--- a/modules/dacs/templates/dacs.logrotate.erb
+++ /dev/null
@@ -1,16 +0,0 @@
-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-##
-
-/var/log/dacs/*log {
-	daily
-	dateext
-	missingok
-	rotate 28
-	compress
-	delaycompress
-	create 640 www-data www-data
-	su root www-data
-	sharedscripts
-}
-- 
2.20.1