Add myself to samhain reports

[dsa-puppet.git] / modules / debian-org / manifests / init.pp
diff --git a/modules/debian-org/manifests/init.pp b/modules/debian-org/manifests/init.pp

index 5258dfbe6b54aa6e365806d432a77886d6405a77..86cea1bb468f8d66f4d1a8f3b834bc6acd653a0f 100644 (file)
--- a/modules/debian-org/manifests/init.pp
+++ b/modules/debian-org/manifests/init.pp
@@ -1,4 +1,14 @@
  class debian-org {
+       if getfromhash($site::nodeinfo, 'hoster', 'mirror-debian') {
+               $mirror = getfromhash($site::nodeinfo, 'hoster', 'mirror-debian')
+       } else {
+               $mirror = 'http://http.debian.net/debian/'
+       }
+       if $::lsbmajdistrelease < 7 {
+               $mirror_backports = 'http://backports.debian.org/debian-backports/'
+       } else {
+               $mirror_backports = $mirror
+       }
  
         $debianadmin = [
                 'debian-archive-debian-samhain-reports@master.debian.org',
@@ -6,6 +16,7 @@ class debian-org {
                 'weasel@debian.org',
                 'steve@lobefin.net',
                 'paravoid@debian.org'
+               'zumbi@kos.to'
         ]
  
         package { [
@@ -20,11 +31,9 @@ class debian-org {
                         'dsa-munin-plugins',
                 ]:
                 ensure => installed,
-               require => [
-                       File['/etc/apt/sources.list.d/db.debian.org.list'],
-                       Exec['apt-get update']
-               ]
+               tag    => extra_repo,
         }
+
         package { [
                         'apt-utils',
                         'bash-completion',
@@ -39,6 +48,12 @@ class debian-org {
                 ensure => installed,
         }
  
+       if $::lsbmajdistrelease >= 7 {
+               package { 'libfilesystem-ruby1.9.1':
+                       ensure => installed,
+               }
+       }
+
         munin::check { [
                         'cpu',
                         'entropy',
@@ -62,10 +77,7 @@ class debian-org {
         if getfromhash($site::nodeinfo, 'broken-rtc') {
                 package { 'fake-hwclock':
                         ensure => installed,
-                       require => [
-                               File['/etc/apt/sources.list.d/db.debian.org.list'],
-                               Exec['apt-get update']
-                       ]
+                       tag    => extra_repo,
                 }
         }
  
@@ -83,26 +95,16 @@ class debian-org {
                 require => Package['molly-guard'],
         }
  
-       # This really means 'not wheezy'
-
-       if $::debarchitecture != 'armhf' {
-               site::aptrepo { 'security':
-                       url        => 'http://security.debian.org/',
-                       suite      => "${::lsbdistcodename}/updates",
-                       components => ['main','contrib','non-free']
-               }
-
-               site::aptrepo { 'backports.debian.org':
-                       url        => 'http://backports.debian.org/debian-backports/',
-                       suite      => "${::lsbdistcodename}-backports",
-                       components => ['main','contrib','non-free']
-               }
+       site::aptrepo { 'security':
+               url        => 'http://security.debian.org/',
+               suite      => "${::lsbdistcodename}/updates",
+               components => ['main','contrib','non-free']
+       }
  
-               site::aptrepo { 'volatile':
-                       url        => 'http://ftp.debian.org/debian',
-                       suite      => "${::lsbdistcodename}-updates",
-                       components => ['main','contrib','non-free']
-               }
+       site::aptrepo { 'backports.debian.org':
+               url        => $mirror_backports,
+               suite      => "${::lsbdistcodename}-backports",
+               components => ['main','contrib','non-free']
         }
         site::aptrepo { 'backports.org':
                 ensure => absent,
@@ -110,6 +112,12 @@ class debian-org {
                 key => 'puppet:///modules/debian-org/backports.org.asc',
         }
  
+       site::aptrepo { 'volatile':
+               url        => $mirror,
+               suite      => "${::lsbdistcodename}-updates",
+               components => ['main','contrib','non-free']
+       }
+
         site::aptrepo { 'debian.org':
                 ensure => absent,
         }
@@ -121,6 +129,14 @@ class debian-org {
                 key        => 'puppet:///modules/debian-org/db.debian.org.asc',
         }
  
+       if getfromhash($site::nodeinfo, 'hoster', 'mirror-debian') {
+               site::aptrepo { 'debian':
+                       url        => getfromhash($site::nodeinfo, 'hoster', 'mirror-debian'),
+                       suite      => $::lsbdistcodename,
+                       components => ['main','contrib','non-free']
+               }
+       }
+
         file { '/etc/facter':
                 ensure  => directory,
                 purge   => true,
@@ -154,6 +170,10 @@ class debian-org {
                 source => 'puppet:///modules/debian-org/timezone',
                 notify => Exec['dpkg-reconfigure tzdata -pcritical -fnoninteractive'],
         }
+       if $::hostname == handel {
+               include puppetmaster::db
+               $dbpassword = $puppetmaster::db::password
+       }
         file { '/etc/puppet/puppet.conf':
                 content => template('debian-org/puppet.conf.erb'),
         }
@@ -189,12 +209,19 @@ class debian-org {
                 source  => 'puppet:///modules/debian-org/dsa-puppet-stuff.cron.ignore',
                 require => Package['debian.org']
         }
+       file { '/etc/nsswitch.conf':
+               mode   => '0755',
+               source => 'puppet:///modules/debian-org/nsswitch.conf',
+       }
  
         # set mmap_min_addr to 4096 to mitigate
         # Linux NULL-pointer dereference exploits
         site::sysctl { 'mmap_min_addr':
-               key   => 'vm.mmap_min_addr',
-               value => '4096',
+               ensure => absent
+       }
+       site::sysctl { 'perf_event_paranoid':
+               key   => 'kernel.perf_event_paranoid',
+               value => '2',
         }
         site::alternative { 'editor':
                 linkto => '/usr/bin/vim.basic',
@@ -212,6 +239,7 @@ class debian-org {
                 path        => '/usr/bin:/usr/sbin:/bin:/sbin',
                 refreshonly => true,
         }
+       Exec['apt-get update']->Package<| tag == extra_repo |>
  
         exec { 'dpkg-reconfigure tzdata -pcritical -fnoninteractive':
                 path        => '/usr/bin:/usr/sbin:/bin:/sbin',