'debian-admin@ftbfs.de',
'weasel@debian.org',
'steve@lobefin.net',
- 'paravoid@debian.org'
+ 'paravoid@debian.org',
+ 'zumbi@kos.to'
]
package { [
}
site::aptrepo { 'backports.org':
ensure => absent,
- keyid => '16BA136C',
- key => 'puppet:///modules/debian-org/backports.org.asc',
+ keyid => '16BA136C',
+ key => 'puppet:///modules/debian-org/backports.org.asc',
}
site::aptrepo { 'volatile':
components => ['main','contrib','non-free']
}
+ if $::hostname in [ball, corelli, eysler, lucatelli, mayer, mayr, rem] {
+ site::aptrepo { 'proposed-updates':
+ url => $mirror,
+ suite => "${::lsbdistcodename}-proposed-updates",
+ components => ['main','contrib','non-free']
+ }
+ }
+
site::aptrepo { 'debian.org':
ensure => absent,
}
source => 'puppet:///modules/debian-org/puppet.default',
}
file { '/etc/cron.d/dsa-puppet-stuff':
- source => 'puppet:///modules/debian-org/dsa-puppet-stuff.cron',
+ source => 'puppet:///modules/debian-org/dsa-puppet-stuff.cron',
require => Package['debian.org'],
}
file { '/etc/ldap/ldap.conf':
require => Package['debian.org'],
- source => 'puppet:///modules/debian-org/ldap.conf',
+ source => 'puppet:///modules/debian-org/ldap.conf',
}
file { '/etc/pam.d/common-session':
require => Package['debian.org'],
# set mmap_min_addr to 4096 to mitigate
# Linux NULL-pointer dereference exploits
site::sysctl { 'mmap_min_addr':
- key => 'vm.mmap_min_addr',
- value => '4096',
+ ensure => absent
+ }
+ site::sysctl { 'perf_event_paranoid':
+ key => 'kernel.perf_event_paranoid',
+ value => '2',
}
site::alternative { 'editor':
linkto => '/usr/bin/vim.basic',
linkto => '/usr/bin/vim.basic',
}
mailalias { 'samhain-reports':
- ensure => present,
+ ensure => present,
recipient => $debianadmin,
- require => Package['debian.org']
+ require => Package['debian.org']
+ }
+
+ file { '/usr/local/bin/check_for_updates':
+ source => 'puppet:///modules/debian-org/check_for_updates',
+ mode => '0755',
+ owner => root,
+ group => root,
}
exec { 'apt-get update':
- path => '/usr/bin:/usr/sbin:/bin:/sbin',
- refreshonly => true,
+ path => '/usr/bin:/usr/sbin:/bin:/sbin',
+ onlyif => '/opt/bin/check_for_updates',
+ require => File['/opt/bin/check_for_updates']
}
Exec['apt-get update']->Package<| tag == extra_repo |>
exec { 'init q':
refreshonly => true
}
+
+ tidy { '/var/lib/puppet/clientbucket/':
+ age => '2w',
+ recurse => 9,
+ type => ctime,
+ matches => [ 'paths', 'contents' ],
+ schedule => weekly
+ }
}