collect slightly fewer packages

[dsa-puppet.git] / modules / debian-org / manifests / init.pp
diff --git a/modules/debian-org/manifests/init.pp b/modules/debian-org/manifests/init.pp

index 9da7de5381bba4e5733bd1e49be6e686244b9ff0..1c42d5f59cea63ca311f16501b66ed7b19ce94bc 100644 (file)
--- a/modules/debian-org/manifests/init.pp
+++ b/modules/debian-org/manifests/init.pp
@@ -13,23 +13,34 @@ class debian-org {
                         'sysklogd',
                         'rsyslog',
                 ]:
-                       ensure => purged,
+               ensure => purged,
         }
+       package { [
+                       'debian.org',
+                       'dsa-munin-plugins',
+               ]:
+               ensure => installed,
+               tag    => extra_repo,
+       }
+
         package { [
                         'apt-utils',
                         'bash-completion',
-                       'debian.org',
                         'dnsutils',
-                       'dsa-munin-plugins',
                         'less',
                         'lsb-release',
                         'libfilesystem-ruby1.8',
-                       'molly-guard',
                         'mtr-tiny',
                         'nload',
                         'pciutils',
                 ]:
+               ensure => installed,
+       }
+
+       if $::lsbmajdistrelease >= 7 {
+               package { 'libfilesystem-ruby1.9':
                         ensure => installed,
+               }
         }
  
         munin::check { [
@@ -54,21 +65,50 @@ class debian-org {
  
         if getfromhash($site::nodeinfo, 'broken-rtc') {
                 package { 'fake-hwclock':
-                       ensure => installed
+                       ensure => installed,
+                       tag    => extra_repo,
                 }
         }
  
-       # This really means 'not wheezy'
+       package { 'molly-guard':
+               ensure => installed,
+       }
+       file { '/etc/molly-guard/run.d/10-check-kvm':
+               mode    => '0755',
+               source  => 'puppet:///modules/debian-org/molly-guard/10-check-kvm',
+               require => Package['molly-guard'],
+       }
+       file { '/etc/molly-guard/run.d/15-acquire-reboot-lock':
+               mode    => '0755',
+               source  => 'puppet:///modules/debian-org/molly-guard/15-acquire-reboot-lock',
+               require => Package['molly-guard'],
+       }
+
+       site::aptrepo { 'security':
+               url        => 'http://security.debian.org/',
+               suite      => "${::lsbdistcodename}/updates",
+               components => ['main','contrib','non-free']
+       }
  
-       if $::debarchitecture != 'armhf' {
-               site::aptrepo { 'security':
-                       content => template('debian-org/etc/apt/sources.list.d/security.list.erb'),
-               }
+       if $::lsbdistcodename != 'wheezy' {
                 site::aptrepo { 'backports.debian.org':
-                       content => template('debian-org/etc/apt/sources.list.d/backports.debian.org.list.erb'),
+                       url        => 'http://backports.debian.org/debian-backports/',
+                       suite      => "${::lsbdistcodename}-backports",
+                       components => ['main','contrib','non-free']
                 }
-               site::aptrepo { 'volatile':
-                       content => template('debian-org/etc/apt/sources.list.d/volatile.list.erb'),
+
+               if getfromhash($site::nodeinfo, 'hoster', 'mirror-debian') {
+                       site::aptrepo { 'volatile':
+                               url        => getfromhash($site::nodeinfo, 'hoster', 'mirror-debian'),
+                               suite      => "${::lsbdistcodename}-updates",
+                               components => ['main','contrib','non-free']
+                       }
+               } else {
+                       site::aptrepo { 'volatile':
+                               url        => 'http://ftp.debian.org/debian',
+                               suite      => "${::lsbdistcodename}-updates",
+                               components => ['main','contrib','non-free']
+                       }
                 }
         }
         site::aptrepo { 'backports.org':
@@ -82,8 +122,18 @@ class debian-org {
         }
  
         site::aptrepo { 'db.debian.org':
-               content => template('debian-org/etc/apt/sources.list.d/debian.org.list.erb'),
-               key     => 'puppet:///modules/debian-org/db.debian.org.asc',
+               url        => 'http://db.debian.org/debian-admin',
+               suite      => 'lenny',
+               components => 'main',
+               key        => 'puppet:///modules/debian-org/db.debian.org.asc',
+       }
+
+       if getfromhash($site::nodeinfo, 'hoster', 'mirror-debian') {
+               site::aptrepo { 'debian':
+                       url        => getfromhash($site::nodeinfo, 'hoster', 'mirror-debian'),
+                       suite      => $::lsbdistcodename,
+                       components => ['main','contrib','non-free']
+               }
         }
  
         file { '/etc/facter':
@@ -119,8 +169,12 @@ class debian-org {
                 source => 'puppet:///modules/debian-org/timezone',
                 notify => Exec['dpkg-reconfigure tzdata -pcritical -fnoninteractive'],
         }
+       if $::hostname == handel {
+               include puppetmaster::db
+               $dbpassword = $puppetmaster::db::password
+       }
         file { '/etc/puppet/puppet.conf':
-               source => 'puppet:///modules/debian-org/puppet.conf',
+               content => template('debian-org/puppet.conf.erb'),
         }
         file { '/etc/default/puppet':
                 source => 'puppet:///modules/debian-org/puppet.default',
@@ -137,16 +191,15 @@ class debian-org {
                 require => Package['debian.org'],
                 content => template('debian-org/pam.common-session.erb'),
         }
+       file { '/etc/pam.d/common-session-noninteractive':
+               require => Package['debian.org'],
+               content => template('debian-org/pam.common-session-noninteractive.erb'),
+       }
         file { '/etc/rc.local':
                 mode   => '0755',
                 source => 'puppet:///modules/debian-org/rc.local',
                 notify => Exec['rc.local start'],
         }
-       file { '/etc/molly-guard/run.d/15-acquire-reboot-lock':
-               mode    => '0755',
-               source  => 'puppet:///modules/debian-org/molly-guard-acquire-reboot-lock',
-               require => Package['molly-guard'],
-       }
         file { '/etc/dsa':
                 ensure => directory,
                 mode   => '0755',
@@ -165,15 +218,20 @@ class debian-org {
         site::alternative { 'editor':
                 linkto => '/usr/bin/vim.basic',
         }
+       site::alternative { 'view':
+               linkto => '/usr/bin/vim.basic',
+       }
         mailalias { 'samhain-reports':
                 ensure => present,
                 recipient => $debianadmin,
+               require => Package['debian.org']
         }
  
         exec { 'apt-get update':
                 path        => '/usr/bin:/usr/sbin:/bin:/sbin',
                 refreshonly => true,
-       }-> Package <| |>
+       }
+       Exec['apt-get update']->Package<| tag == extra_repo |>
  
         exec { 'dpkg-reconfigure tzdata -pcritical -fnoninteractive':
                 path        => '/usr/bin:/usr/sbin:/bin:/sbin',