Enforce SSL configuration using puppet, add dirs for debian and global CAs

[dsa-puppet.git] / modules / samhain / templates / samhainrc.erb

diff --git a/modules/samhain/templates/samhainrc.erb b/modules/samhain/templates/samhainrc.erb
index aabfd768691c70b580f658e0dc7efe613ffbe22b..2758d46765fbf068fcd5a0ea21c97fc535c56cc9 100644 (file)
--- a/modules/samhain/templates/samhainrc.erb
+++ b/modules/samhain/templates/samhainrc.erb
@@ -155,6 +155,7 @@ file=/etc/monit
 file=/etc/monit/monit.d
 file=/etc/pam.d
 file=/etc/schroot/default
+file=/etc/schroot/setup.d
 file=/etc/sysctl.d
 file=/etc/syslog-ng
 file=/etc/stunnel
@@ -367,7 +368,9 @@ file=/etc/apt/sources.list.d/backports.org.list
 file=/etc/apt/apt.conf.d/local-compression
 file=/etc/apt/apt.conf.d/local-recommends
 file=/etc/apt/apt.conf.d/local-pdiffs
+file=/etc/apt/apt.conf.d/local-ssl-ca-global
 file=/etc/apt/preferences.d/buildd
+file=/etc/systemd/system/puppet.service
 file=/etc/puppet/puppet.conf
 file=/etc/default/puppet
 file=/etc/default/postgrey
@@ -413,6 +416,8 @@ file=/etc/cron.d/dsa-buildd
 file=/etc/cron.weekly/stunnel-ekey-restart
 file=/etc/default/schroot
 file=/etc/schroot/default/nssdatabases
+file=/etc/schroot/setup.d/99porterbox-extra-sources
+file=/etc/schroot/setup.d/99porterbox-extra-apt-options
 file=/etc/openvswitch/conf.db
 
 <% if scope.function_has_role(['nagiosmaster']) -%>
@@ -448,7 +453,11 @@ file=/etc/ferm/conf.d/defs.conf
 file=/etc/ferm/ferm.conf
 dir=2/etc/ssl/debian
 dir=1/etc/ssl/certs
-dir=1/etc/ssl/servicecerts
+dir=1/etc/ssl/ca-debian
+dir=1/etc/ssl/ca-global
+file=/etc/ca-certificates.conf
+file=/etc/ca-certificates-debian.conf
+file=/etc/ca-certificates-global.conf
 file=/etc/unbound/unbound.conf
 <% if scope.lookupvar('::fqdn') == "draghi.debian.org" -%>
 file=/etc/openvpn/deb-mgmt-clients.pool