From 71cc21394494ce9d3047caed725683c1f8beee23 Mon Sep 17 00:00:00 2001 From: Julien Cristau Date: Sat, 22 Oct 2016 14:32:57 +0200 Subject: [PATCH] Add fasolo as ftp-master --- hieradata/common.yaml | 1 + modules/exim/templates/eximconf.erb | 1 + modules/ferm/manifests/per-host.pp | 21 +++++++++++++++++++ .../postgres-make-base-backups.erb | 1 + modules/sudo/files/sudoers | 10 ++++----- 5 files changed, 29 insertions(+), 5 deletions(-) diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 63c9745eb..9b9b8a64a 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -34,6 +34,7 @@ roles: ftp.d.o: - klecker.debian.org ftp_master: + - fasolo.debian.org - franck.debian.org ftp.upload.d.o: - franck.debian.org diff --git a/modules/exim/templates/eximconf.erb b/modules/exim/templates/eximconf.erb index 9dc92818a..71fc945fc 100644 --- a/modules/exim/templates/eximconf.erb +++ b/modules/exim/templates/eximconf.erb @@ -1026,6 +1026,7 @@ check_message: begin rewrite \N^buildd_(.*)@franck\.debian\.org$\N buildd_$1@buildd.debian.org T +\N^buildd_(.*)@fasolo\.debian\.org$\N buildd_$1@buildd.debian.org T *@debian.org ${lookup{$1}cdb{/var/lib/misc/${primary_hostname}/mail-forward.cdb}{$value}fail} T *@people.debian.org ${lookup{$1}cdb{/var/lib/misc/${primary_hostname}/mail-forward.cdb}{$value}fail} T #*@${primary_hostname} "${if exists{/etc/exim4/email-addresses}{${lookup{$1}lsearch{/etc/exim4/email-addresses}{$value}fail}}fail}" fFs diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp index 005dd2de0..bf7e4c6a3 100644 --- a/modules/ferm/manifests/per-host.pp +++ b/modules/ferm/manifests/per-host.pp @@ -293,6 +293,27 @@ class ferm::per-host { rule => '&SERVICE_RANGE(tcp, 5452, ( 2001:41c8:1000:21::21:28/128 2001:41b8:202:deb:216:36ff:fe40:4001/128 2001:41c8:1000:21::21:11/32 2001:41c8:1000:21::21:21/128 ))' } } + fasolo: { + @ferm::rule { 'dsa-postgres-fasolo': + description => 'Allow postgress access', + rule => '&SERVICE_RANGE(tcp, 5433, ( 5.153.231.10/32 ))' + } + @ferm::rule { 'dsa-postgres-fasolo6': + domain => 'ip6', + description => 'Allow postgress access', + rule => '&SERVICE_RANGE(tcp, 5433, ( 2001:41c8:1000:21::21:10/128 ))' + } + + @ferm::rule { 'dsa-postgres-backup': + description => 'Allow postgress access', + rule => '&SERVICE_RANGE(tcp, 5433, ( $HOST_PGBACKUPHOST_V4 ))' + } + @ferm::rule { 'dsa-postgres-backup6': + domain => 'ip6', + description => 'Allow postgress access', + rule => '&SERVICE_RANGE(tcp, 5433, ( $HOST_PGBACKUPHOST_V6 ))' + } + } franck: { @ferm::rule { 'dsa-postgres-franck': description => 'Allow postgress access', diff --git a/modules/postgres/templates/backup_server/postgres-make-base-backups.erb b/modules/postgres/templates/backup_server/postgres-make-base-backups.erb index f7ffb2021..9913d13cf 100755 --- a/modules/postgres/templates/backup_server/postgres-make-base-backups.erb +++ b/modules/postgres/templates/backup_server/postgres-make-base-backups.erb @@ -91,6 +91,7 @@ seger.debian.org 5432 debian-backup dak 9.4 bmdb1.debian.org 5435 debian-backup main 9.4 bmdb1.debian.org 5436 debian-backup wannabuild 9.4 danzi.debian.org 5433 debian-backup main 9.4 +fasolo.debian.org 5433 debian-backup dak 9.4 franck.debian.org 5433 debian-backup dak 9.4 sibelius.debian.org 5433 debian-backup snapshot 9.4 vittoria.debian.org 5432 debian-backup main 9.4 diff --git a/modules/sudo/files/sudoers b/modules/sudo/files/sudoers index 50f959c3c..a512c6827 100644 --- a/modules/sudo/files/sudoers +++ b/modules/sudo/files/sudoers @@ -25,7 +25,7 @@ Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/ Host_Alias VOIPHOSTS = vogler Host_Alias WEBHOSTS = wolkenstein Host_Alias SECHOSTS = seger -Host_Alias FTPHOSTS = franck +Host_Alias FTPHOSTS = franck, fasolo Host_Alias ZIVITHOSTS = zelenka, zandonai Host_Alias AACRAIDHOSTS = pettersson Host_Alias MEGARAIDHOSTS = rautavaara, sibelius @@ -179,13 +179,13 @@ Defaults:buildd env_reset,env_keep+="APT_CONFIG DEBIAN_FRONTEND" buildd ALL=(ALL) NOPASSWD: ALL %appstream mekeel=(staticsync) NOPASSWD: /usr/local/bin/static-update-component appstream.debian.org -%backports franck,coccia=(staticsync) NOPASSWD: /usr/local/bin/static-update-component backports.debian.org +%backports FTPHOSTS,coccia=(staticsync) NOPASSWD: /usr/local/bin/static-update-component backports.debian.org %bootstrap boott=(staticsync) NOPASSWD: /usr/local/bin/static-update-component bootstrap.debian.net d-i dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component d-i.debian.org lucas dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component debaday.debian.net dsa dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component dsa.debian.org -dak franck=(staticsync) NOPASSWD: /usr/local/bin/static-update-component incoming.debian.org -dak franck=(staticsync) NOPASSWD: /usr/local/bin/static-update-component metadata.ftp-master.debian.org +dak FTPHOSTS=(staticsync) NOPASSWD: /usr/local/bin/static-update-component incoming.debian.org +dak FTPHOSTS=(staticsync) NOPASSWD: /usr/local/bin/static-update-component metadata.ftp-master.debian.org %publicity dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component bits.debian.org %publicity dillon=(staticsync) NOPASSWD: /usr/local/bin/static-update-component micronews.debian.org %debdelta donizetti=(staticsync) NOPASSWD: /usr/local/bin/static-update-component debdeltas.debian.net @@ -230,7 +230,7 @@ letsencrypt denis=(dnsadm) NOPASSWD: /srv/dns.debian.org/bin/update %wbadm BUILDD_MASTER=(root) /usr/local/bin/update-buildd-sshkeys # mirror push dak FTPHOSTS,SECHOSTS=(archvsync) NOPASSWD:/home/archvsync/runmirrors -dak franck=(backports) NOPASSWD: /home/backports/bin/update-archive +dak FTHOSTS=(backports) NOPASSWD: /home/backports/bin/update-archive # archvsync triggers snapshot archvsync sibelius=(snapshot) NOPASSWD: /srv/snapshot.debian.org/bin/update-trigger archvsync sibelius=(snapshot) NOPASSWD: /srv/2ndsnapshot/bin/update-trigger -- 2.20.1