end
end
+Facter.add(:debarchitecture) do
+ setcode do
+ %x{/usr/bin/dpkg --print-architecture}
+ end
+end
+
--- /dev/null
+Facter.add("kvmdomain") do
+ setcode do
+ if File.new('/proc/cpuinfo').read().index('QEMU Virtual CPU')
+ result = true
+ else
+ result = false
+ end
+ end
+end
module Puppet::Parser::Functions
newfunction(:allnodeinfo, :type => :rvalue) do |attributes|
- require '/etc/puppet/lib/puppet/parser/functions/ldapinfo.rb'
attributes.unshift('*')
return (function_ldapinfo(attributes))
end
yamlfile = args[1]
require '/etc/puppet/lib/puppet/parser/functions/ldapinfo.rb'
- require '/etc/puppet/lib/puppet/parser/functions/yamlinfo.rb'
results = function_yamlinfo(host, yamlfile)
results['ldap'] = function_ldapinfo(host, '*')
rundir=/var/run/puppet
factpath=$vardir/facts
pluginsync=true
+# This is the default environment for all clients
+environment=production
[puppetmasterd]
templatedir=/etc/puppet/templates
libdir=/etc/puppet/lib
+environments = development,testing,production,staging
+
+[puppetd]
+environments = development,testing,production,staging
+
+[staging]
+libdir=/etc/puppet/lib
+manifestdir=/srv/puppet.debian.org/stages/staging/manifests
+templatedir=/srv/puppet.debian.org/stages/staging/templates
+fileserverconfig=/srv/puppet.debian.org/stages/staging/fileserver.conf
+modulepath=/srv/puppet.debian.org/stages/staging/modules
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
# This file consists of arbitrarily named sections/modules
# defining where files are served from and to whom
}
node default {
+ $localinfo = yamlinfo('*', "/etc/puppet/modules/debian-org/misc/local.yaml")
$nodeinfo = nodeinfo($fqdn, "/etc/puppet/modules/debian-org/misc/local.yaml")
$hoster = whohosts($nodeinfo, "/etc/puppet/modules/debian-org/misc/hoster.yaml")
notice("hoster for ${fqdn} is ${hoster}")
- $localinfo = yamlinfo('*', "/etc/puppet/modules/debian-org/misc/local.yaml")
$mxinfo = allnodeinfo("mXRecord")
include munin-node
case $smartarraycontroller {
"true": { include debian-proliant }
}
+ case $kvmdomain {
+ "true": { package { acpid: ensure => installed } }
+ }
case $mta {
"exim4": {
}
}
- case extractnodeinfo($nodeinfo, 'apache2_defaultconfig') {
- "true": { include apache2 }
+ case $apache2 {
+ "true": {
+ case extractnodeinfo($nodeinfo, 'apache2_security_mirror') {
+ "true": { include apache2::security_mirror }
+ default: { include apache2 }
+ }
+ }
}
case extractnodeinfo($nodeinfo, 'buildd') {
"true": { include buildd }
}
- case extractnodeinfo($nodeinfo, 'apache2_security_mirror') {
- "true": { include apache2::security_mirror }
- }
-
-# maybe wait for rietz to be upgraded to lenny
case $hostname {
- rietz,raff,klecker: { include named::secondary }
+ rietz,klecker,ravel,senfl: { include named::secondary }
}
case $hostname {
"true": { include hosts }
}
case $hoster {
- "ubcece", "darmstadt": { include resolv }
+ "ubcece", "darmstadt", "ftcollins": { include resolv }
}
}
+++ /dev/null
-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-##
-
-<VirtualHost *:80>
- ServerAdmin debian-admin@debian.org
-
- ErrorLog /var/log/apache2/error.log
- CustomLog /var/log/apache2/access.log combined
-
- DocumentRoot /srv/www/default.debian.org/htdocs
-
- HostnameLookups Off
- UseCanonicalName Off
- ServerSignature On
- <IfModule mod_userdir.c>
- UserDir disabled
- </IfModule>
-</VirtualHost>
-# vim:set syn=apache:
+++ /dev/null
-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-##
-
-<VirtualHost *:80>
- ServerAdmin debian-admin@debian.org
-
- ErrorLog /var/log/apache2/error.log
- CustomLog /var/log/apache2/access.log combined
-
- DocumentRoot /srv/www/default.debian.org/htdocs
-
- Alias /debian /org/mirrors/ftp.debian.org/ftp
- HostnameLookups Off
- UseCanonicalName Off
- ServerSignature On
- <IfModule mod_userdir.c>
- UserDir disabled
- </IfModule>
-</VirtualHost>
-# vim:set syn=apache:
"logrotate": ensure => installed;
}
+ define activate_apache_site($ensure=present, $site=$name) {
+ case $site {
+ "": { $base = $name }
+ default: { $base = $site }
+ }
+
+ case $ensure {
+ present: {
+ file { "/etc/apache2/sites-enabled/$name":
+ ensure => "/etc/apache2/sites-available/$base",
+ require => Package["apache2"],
+ notify => Exec["reload-apache2"];
+ }
+ }
+ absent: {
+ file { "/etc/apache2/sites-enabled/$name":
+ ensure => $ensure,
+ notify => Exec["reload-apache2"];
+ }
+ }
+ default: { err ( "Unknown ensure value: '$ensure'" ) }
+ }
+ }
+
define enable_module($ensure=present) {
case $ensure {
present: {
"status":;
}
+ activate_apache_site {
+ "00-default": site => "default-debian.org";
+ "000-default": ensure => absent;
+ }
+
file {
"/etc/apache2/conf.d/ressource-limits":
content => template("apache2/ressource-limits.erb"),
notify => Exec["reload-apache2"];
"/etc/apache2/sites-available/default-debian.org":
- source => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/sites-available/default-debian.org",
- "puppet:///apache2/common/etc/apache2/sites-available/default-debian.org" ],
+ content => template("apache2/default-debian.org.erb"),
require => Package["apache2"],
notify => Exec["reload-apache2"];
file {
"/etc/apache2/sites-available/security.debian.org":
source => [ "puppet:///apache2/per-host/$fqdn/etc/apache2/sites-available/security.debian.org",
- "puppet:///apache2/common/etc/apache2/sites-available/security.debian.org" ],
- require => Package["apache2"],
- notify => Exec["reload-apache2"];
+ "puppet:///apache2/common/etc/apache2/sites-available/security.debian.org" ];
}
+ activate_apache_site {
+ "010-security.debian.org": site => "security.debian.org";
+ "security.debian.org": ensure => absent;
+ }
+
}
--- /dev/null
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+<VirtualHost *:80>
+ ServerAdmin debian-admin@debian.org
+
+ ErrorLog /var/log/apache2/error.log
+ CustomLog /var/log/apache2/access.log combined
+
+ DocumentRoot /srv/www/default.debian.org/htdocs
+
+ HostnameLookups Off
+ UseCanonicalName Off
+ ServerSignature On
+<%=
+out = case fqdn
+ when "merkel.debian.org"
+ then "
+ RemoveType .php .phtml .php3 .phps
+ php_admin_flag engine off
+ <Directory /home/don/public_html/cgi>
+ SetEnv PERLLIB \"/home/don/perl/usr/share/perl5:/home/don/source/\"
+ SetEnv DEBBUGS_CONFIG_FILE \"/home/don/config_internal\"
+ SetHandler cgi-script
+ AllowOverride None
+ Options +ExecCGI
+ Order allow,deny
+ Allow from all
+ </Directory>
+"
+ when "master.debian.org" then ""
+else
+"
+ <IfModule mod_userdir.c>
+ UserDir disabled
+ </IfModule>
+"
+end
+case fqdn
+ when "spohr.debian.org" then
+ out += "
+ Alias /debian \"/org/mirrors/ftp.debian.org/ftp\"
+"
+ when "piatti.debian.org" then
+ out += "
+ # for piuparts, RT#1218
+ Alias /debian/ \"/org/mirrors/ftp.debian.org/ftp/\"
+ <Directory \"/org/mirrors/ftp.debian.org/ftp/\">
+ Options Indexes MultiViews FollowSymLinks
+ AllowOverride None
+ Order deny,allow
+ Deny from all
+ Allow from 127.0.0.0/255.0.0.0 ::1/128 193.167.161.225/32
+ </Directory>
+"
+end
+out
+%>
+</VirtualHost>
+# vim:set syn=apache:
RLimitCPU 180
<%=
case fqdn
+ when "merkel.debian.org" then "" # maybe unlimited will be better
when "cimarosa.debian.org" then
# buildd.debian.org
"RLimitMEM "+(96 * 1024**2).to_s
-@reboot buildd [ -f ~buildd/NO-DAEMON-PLEASE ] && grep 'delete-on-boot' ~buildd/NO-DAEMON-PLEASE > /dev/null && rm -f ~buildd/NO-DAEMON-PLEASE && buildd-watcher
+@reboot buildd [ -f ~buildd/NO-DAEMON-PLEASE ] && grep 'delete-on-boot' ~buildd/NO-DAEMON-PLEASE > /dev/null && rm -f ~buildd/NO-DAEMON-PLEASE && if [ -x ~buildd/.bootscript ]; then ~buildd/.bootscript; else buildd-watcher; fi
class debian-proliant inherits debian-org {
package {
"hpacucli": ensure => installed;
+ "hp-health": ensure => installed;
"cpqarrayd": ensure => installed;
"arrayprobe": ensure => installed;
}
+ case $debarchitecture {
+ "amd64": {
+ package { "lib32gcc1": ensure => installed; }
+ }
+ }
file {
"/etc/apt/sources.list.d/debian.restricted.list":
content => template("debian-org/etc/apt/sources.list.d/debian.restricted.list.erb"),
- 128.31.0.0/24
darmstadt:
- 82.195.75.64/26
+ - 82.195.75.32/28
- 2001:41b8:202:deb::/64
dgi:
- 93.94.130.128/26
- 140.211.166.0/25
sanger:
- 193.62.202.24/29
+sil:
+ - 86.59.118.153/28
+scanplus:
+ - 212.211.132.0/26
+ - 212.211.132.248/29
+ - 2001:a78::/64
ubcece:
- 137.82.84.64/27
- 206.12.19.0/24
mahler.debian.org: Gustav Mahler (7 July 1860 - 18 May 1911)
mayr.debian.org: Johann(es) Simon Mayr (June 14, 1763 - December 2, 1845)
merkel.debian.org: Gustav (Adolf) Merkel (November 12, 1827 - October 30, 1885)
+ mendes.debian.org: Manuel Mendes (c. 1547 - September 24, 1605)
merulo.debian.org: Claudio Merulo (8 April 1533 - 4 May 1604)
+ monteverdi.debian.org: Claudio Giovanni Antonio Monteverdi (15 May 1567 - 29 November 1643)
morales.debian.org: Cristóbal de Morales (c. 1500 - between September 4 and October 7, 1553)
morricone.debian.org: Ennio Morricone (November 10, 1928 - )
mundy.debian.org: William Mundy (c. 1529 - 1591)
rietz.debian.org: August Wilhelm Julius Rietz (December 28, 1812 - September 12, 1877)
rore.debian.org: Cipriano de Rore (occasionally Cypriano) (1515 or 1516 - between September 11 and September 20, 1565)
saens.debian.org: Charles-Camille Saint-Saëns (9 October 1835 - 16 December 1921)
- sarti.debian.org: Giuseppe Sarti (baptised December 1, 1729 - July 28, 1802)
schein.debian.org: Johann Hermann Schein (January 20, 1586 - November 19, 1630)
schroeder.debian.org: Hermann Schroeder (1904 - 1984)
schumann.debian.org: Robert Alexander Schumann (8 June 1810 - 29 July 1856)
spontini.debian.org: Gaspare Luigi Pacifico Spontini (14 November 1774 - 24 January 1851)
stabile.debian.org: Annibale Stabile (~1535 - April 1595)
steffani.debian.org: Agostino Steffani (25 July 1653 - 12 February 1728)
- strauss.debian.org: Johann Baptist Strauß (October 25, 1825 - June 3, 1899)
tartini.debian.org: Giuseppe Tartini (April 8, 1692 - February 26, 1770)
unger.debian.org: Caroline Unger (October 28, 1803 - March 23, 1877)
valente.debian.org: Vincenzo Valente (February 21, 1855 - September 6, 1921)
vivaldi.debian.org: Antonio Lucio Vivaldi (March 4, 1678 - July 28, 1741)
voltaire.debian.org: François-Marie Arouet (Voltaire) (21 November 1694 - 30 May 1778)
- wagner.debian.org: Wilhelm Richard Wagner (22 May 1813 - 13 February 1883)
widor.debian.org: Charles-Marie Jean Albert Widor (February 21, 1844 - March 12, 1937)
wieck.debian.org: Clara Josephine Wieck (September 13, 1819 - May 20, 1896)
wolkenstein.debian.org: Oswald von Wolkenstein (1377 - August 2nd, 1445)
zandonai.debian.org: Riccardo Zandonai (May 30th, 1883 - June 5th, 1944)
zelenka.debian.org: Jan Dismas Zelenka (16 October 1679 - 23 December 1745)
footer:
- bartok.debian.org: "Documentation: gluck:/org/admin.debian.org/doc/backup.debian.org"
lebrun.debian.org: "- This host is using an iptables firewall. See /etc/rc.boot/firewall{,6}"
schroeder.debian.org: "- This host is using an iptables firewall. See /etc/rc.boot/firewall{,6}"
zandonai.debian.org: "Debian s390 buildd system kindly provided by Zentrum fuer Informationsverarbeitung und Informationstechnik [zivit]"
zelenka.debian.org: "Debian s390 porter system kindly provided by Zentrum fuer Informationsverarbeitung und Informationstechnik [zivit]"
services:
- bugsmaster: rietz.debian.org
+ bugsmaster:
+ - busoni.debian.org
+ - rietz.debian.org
bugsmx:
- byrd.debian.org
mailrelay:
host_settings:
heavy_exim:
- bellini.debian.org
+ - busoni.debian.org
- byrd.debian.org
+ - chopin.debian.org
+ - cimarosa.debian.org
- draghi.debian.org
- klecker.debian.org
- master.debian.org
- merkel.debian.org
+ - morricone.debian.org
- powell.debian.org
- - raff.debian.org
- - ries.debian.org
- - rietz.debian.org
- - spohr.debian.org
- apache2_defaultconfig:
- - bellini.debian.org
- - carver.debian.org
- - cimarosa.debian.org
- - draghi.debian.org
- - duarte.debian.org
- - gluck.debian.org
- - kaufmann.debian.org
- - klecker.debian.org
- - liszt.debian.org
- - lobos.debian.org
- - piatti.debian.org
- - raff.debian.org
- ravel.debian.org
- - respighi.debian.org
- ries.debian.org
- - rore.debian.org
- - saens.debian.org
- - samosa.debian.org
- - schein.debian.org
- - senfl.debian.org
- - soler.debian.org
+ - rietz.debian.org
- spohr.debian.org
- - steffani.debian.org
- - tartini.debian.org
- - villa.debian.org
+ - valente.debian.org
- widor.debian.org
- - wieck.debian.org
- - wolkenstein.debian.org
apache2_security_mirror:
- gluck.debian.org
- kassia.debian.org
- lobos.debian.org
+ - raff.debian.org
- saens.debian.org
- schein.debian.org
- steffani.debian.org
squeeze:
- fano.debian.org
- finzi.debian.org
- smarthost_port:
- voltaire.debian.org: 25
smarthost:
agnesi.debian.org: mailout.debian.org
agricola.debian.org: mailout.debian.org
bartok.debian.org: mailout.debian.org
brahms.debian.org: mailout.debian.org
caballero.debian.org: mailout.debian.org
+ carver.debian.org: mailout.debian.org
crest.debian.org: mailout.debian.org
dijkstra.debian.org: mailout.debian.org
+ duarte.debian.org: mailout.debian.org
escher.debian.org: mailout.debian.org
fano.debian.org: mailout.debian.org
finzi.debian.org: mailout.debian.org
malo.debian.org: mailout.debian.org
mayer.debian.org: mailout.debian.org
mayr.debian.org: mailout.debian.org
+ mendes.debian.org: mailout.debian.org
merulo.debian.org: mailout.debian.org
+ monteverdi.debian.org: mailout.debian.org
morales.debian.org: mailout.debian.org
mundy.debian.org: mailout.debian.org
murphy.debian.org: mailout.debian.org
paer.debian.org: mailout.debian.org
+ paganini.debian.org: mailout.debian.org
penalosa.debian.org: mailout.debian.org
pergolesi.debian.org: mailout.debian.org
peri.debian.org: mailout.debian.org
piatti.debian.org: mailout.debian.org
praetorius.debian.org: mailout.debian.org
puccini.debian.org: mailout.debian.org
+ raff.debian.org: mailout.debian.org
rem.debian.org: mailout.debian.org
+ respighi.debian.org: mailout.debian.org
rore.debian.org: mailout.debian.org
saens.debian.org: mailout.debian.org
schein.debian.org: mailout.debian.org
soler.debian.org: mailout.debian.org
sperger.debian.org: mailout.debian.org
spontini.debian.org: mailout.debian.org
+ stabile.debian.org: mailout.debian.org
steffani.debian.org: mailout.debian.org
unger.debian.org: mailout.debian.org
villa.debian.org: mailout.debian.org
+ vivaldi.debian.org: mailout.debian.org
voltaire.debian.org: mailout.debian.org
wieck.debian.org: mailout.debian.org
+ wolkenstein.debian.org: mailout.debian.org
zee.debian.org: mailout.debian.org
zandonai.debian.org: mailout.debian.org
zelenka.debian.org: mailout.debian.org
##
193.146.156.252
112.78.115.101
+198.143.4.176
+64.255.101.196
*.bp06.net
+++ /dev/null
-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-##
-
mode => 755,
purge => true
;
+ "/etc/exim4/Git":
+ ensure => directory,
+ purge => true,
+ force => true,
+ recurse => true,
+ source => "puppet:///files/empty/"
+ ;
+ "/etc/exim4/conf.d":
+ ensure => directory,
+ purge => true,
+ force => true,
+ recurse => true,
+ source => "puppet:///files/empty/"
+ ;
"/etc/exim4/ssl":
ensure => directory,
owner => root,
source => [ "puppet:///exim/per-host/$fqdn/rbllist",
"puppet:///exim/common/rbllist" ]
;
- "/etc/exim4/rcpthosts":
- require => Package["exim4-daemon-heavy"],
- source => [ "puppet:///exim/per-host/$fqdn/rcpthosts",
- "puppet:///exim/common/rcpthosts" ]
- ;
"/etc/exim4/rhsbllist":
require => Package["exim4-daemon-heavy"],
source => [ "puppet:///exim/per-host/$fqdn/rhsbllist",
source => [ "puppet:///exim/per-host/$fqdn/logrotate-exim4-paniclog",
"puppet:///exim/common/logrotate-exim4-paniclog" ]
;
- "/etc/exim4/local-auto.conf":
- require => Package["exim4-daemon-heavy"],
- content => template("exim-local-auto.erb"),
- notify => Exec["exim4 reload"]
- ;
"/etc/exim4/ssl/thishost.crt":
require => Package["exim4-daemon-heavy"],
source => "puppet:///exim/certs/$fqdn.crt",
group => Debian-exim,
mode => 640
;
+ "/var/log/exim4":
+ mode => 2750,
+ ensure => directory,
+ owner => Debian-exim,
+ group => maillog
+ ;
}
exec { "exim4 reload":
# is much like a local domain, execpt that the delivery location
# and allowed set of users is controlled by a virtual domain
# alias file and not /etc/passwd. Wildcards are permitted
-# rcpthosts - recipient hosts or relay domains. This is a list of
-# all hosts that we mail exchange for. All domains that list
-# this host in their MX records should be listed here. Wildcards
-# are permitted.
# relayhosts - Hostnames that can send any arbitarily addressed mail to
# us. This is primarily only usefull for emergancy 'queue
# flushing' operations, but should be populated with a list
# Domains we relay for; that is domains that aren't considered local but we
# accept mail for them.
-domainlist rcpthosts = partial-lsearch;/etc/exim4/rcpthosts
hostlist debianhosts = 127.0.0.1 : net-lsearch;/var/lib/misc/thishost/debianhosts
<%=
out = ""
<% if nodeinfo.has_key?('heavy_exim') and not nodeinfo['heavy_exim'].empty? %>
queue_run_max = 50
deliver_queue_load_max = 50
-queue_only_load = 15
+queue_only_load = 35
+smtp_load_reserve = 20
<% else %>
queue_run_max = 5
deliver_queue_load_max = 10
accept domains = +local_domains
hosts = +debianhosts
endpass
- message = unknown user
verify = recipient
<%=
out = '
accept domains = +mailhubdomains
endpass
- message = unknown user
verify = recipient/callout=30s,defer_ok,use_sender,no_cache
'
end
accept domains = +submission_domains
endpass
- message = unknown user
verify = recipient
deny message = relay not permitted
{/var/lib/greylistd/whitelist-hosts}{}}
condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
!authenticated = *
- domains = +handled_domains : +rcpthosts
+ domains = +handled_domains
condition = ${readsocket{/var/run/greylistd/socket}\
{--grey \
$sender_host_address \
!hosts = : +debianhosts : WHITELIST
condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
!authenticated = *
- domains = +handled_domains : +rcpthosts
+ domains = +handled_domains
local_parts = GREYLIST_LOCAL_PARTS
set acl_m_pgr = request=smtpd_access_policy\n\
protocol_state=RCPT\n\
!hosts = : +debianhosts : WHITELIST
condition = ${if eq {$acl_m_prf}{PopconMail}{no}{yes}}
!authenticated = *
- domains = +handled_domains : +rcpthosts
+ domains = +handled_domains
local_parts = GREYLIST_LOCAL_PARTS
condition = ${if eq{${uc:${substr_0_7:$acl_m_pgr}}}{PREPEND}}
message = ${sg{$acl_m_pgr}{^\\\\w+\\\\s*}{}}
%>
accept local_parts = +postmasterish
- domains = +handled_domains : +rcpthosts
+ domains = +handled_domains
deny hosts = ${if exists{/etc/exim4/host_blacklist}{/etc/exim4/host_blacklist}{}}
message = I'm terribly sorry, but it seems you have been blacklisted
{${lookup{$local_part}lsearch*{${extract{directory}{VDOMAINDATA}{${value}/rbllist}}}{$value}{}}}{}}}\
{${lookup{$local_part}lsearch{/etc/exim4/rbllist}{$value}{}} : \
${lookup{$local_part}lsearch{/var/lib/misc/$primary_hostname/mail-rbl}{$value}{}}}}
- domains = +handled_domains : +rcpthosts
+ domains = +handled_domains
!hosts = +debianhosts : WHITELIST
'
end
{${expand:${lookup{$local_part}lsearch*{${extract{directory}{VDOMAINDATA}{${value}/rhsbllist}}}{$value}{}}}}{}}}\
{${expand:${lookup{$local_part}lsearch{/etc/exim4/rhsbllist}{$value}{}}} : \
${expand:${lookup{$local_part}lsearch{/var/lib/misc/$primary_hostname/mail-rhsbl}{$value}{}}}}}
- domains = +handled_domains : +rcpthosts
+ domains = +handled_domains
!hosts = +debianhosts : WHITELIST
<%=
out = ""
if nodeinfo['smarthost'].empty?
out = '
- deny domains = +handled_domains : +rcpthosts
+ deny domains = +handled_domains
local_parts = ${if match_domain{$domain}{+virtual_domains}\
{${if exists {${extract{directory}{VDOMAINDATA}{${value}/callout_users}}}\
{${lookup{$local_part}lsearch*{${extract{directory}{VDOMAINDATA}{${value}/callout_users}}}{$local_part}{}}}{}}}\
out = '
accept domains = +mailhubdomains
endpass
- message = unknown user
verify = recipient/callout=30s,defer_ok,use_sender,no_cache
'
end
%>
accept domains = +handled_domains
endpass
- message = unknown user
verify = recipient/defer_ok
- accept domains = +rcpthosts
- endpass
- message = unrouteable address
- verify = recipient
-
accept hosts = +debianhosts
accept authenticated = *
out
%>
-virt_alias_verify:
- debug_print = "R: virt_aliases for $local_part@$domain"
- driver = redirect
- data = ${if exists{\
- ${extract{directory}{VDOMAINDATA}{${value}/aliases}}}\
- {${lookup{$local_part}lsearch*{\
- ${extract{directory}{VDOMAINDATA}{$value/aliases}}\
- }}}}
- directory_transport = address_directory
- cannot_route_message = Unknown user
- domains = +virtual_domains
- file_transport = address_file
- pipe_transport = address_pipe
- qualify_preserve_domain
- retry_use_local_part
- transport_current_directory = ${extract{directory}{VDOMAINDATA}}
- transport_home_directory = ${extract{directory}{VDOMAINDATA}}
- verify_only
-
virt_direct_verify:
debug_print = "R: virt_direct for $local_part@$domain"
driver = redirect
retry_use_local_part
transport_current_directory = ${extract{directory}{VDOMAINDATA}}
transport_home_directory = ${extract{directory}{VDOMAINDATA}}
- no_verify
user = ${extract{user}{VDOMAINDATA}}
# This is a qmailesque deliver into a directory of .forward files
when "powell.debian.org" then "packages.debian.org: user=pkg_user group=Debian directory=/org/packages.debian.org/mail/"
- #when "raff.debian.org" then "buildd.debian.org: user=wbadm group=wbadm directory=/srv/buildd.debian.org/mail
-#logs.buildd.debian.org: user=wbadm group=wbadm directory=/srv/logs.buildd.debian.org/mail"
-
when "ravel.debian.org" then "women.debian.org: user=nobody group=mujeres directory=/org/women.debian.org/mail"
when "ries.debian.org" then "release.debian.org: user=release group=debian-release directory=/org/release.debian.org/mail
+++ /dev/null
-
-20050413 flo - Finally the machine is up and running in its final destination
- - Reachability problems should be solved - bogus objects
- in firewall
- - Added user joey
-20060401 flo - Reduced ram to 512MB as the 1GB setup was producing
- random hicups ...
-20070411 flo - Maschine was dead - no connect, nothing on the console
- rebooted.
-20071008 flo - Planned but unannounced power-outage from 0:00-03:00 CEST
- Machine didnt power up itself - needed a powerbutton
-20080127 flo - Maschine died - rebooted by helping hands on site
-20080222 flo - Put in a promise controller and a PATA 120GB Disk
-20080302 flo - Create 2G swap on the UDMA capable disk and remove swap files
-20080313 flo - rsynced /home to new disk and mounted it instead of /home
- (old content in /home.backup.20080313)
- - Installed smartmontools
-20080819 weasel - moved this host under DSA control. account passwords, sudo
- passwords and ssh keys are taken from ldap (db.debian.org).
-20090221 weasel - moved to lenny.
[bind*]
<%=
out = case hostname
- when "geo1","geo2","geo3","raff" then "group bind
+ when "geo1","geo2","geo3" then "group bind
env.logfile /var/log/bind9/geoip-query.log"
else "group adm"
end
--- /dev/null
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+geoip-database
+libgeoip1
+geoip-bin
--- /dev/null
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+geoip-database
+libgeoip1
+geoip-bin
--- /dev/null
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+geoip-database
+libgeoip1
+geoip-bin
country_AE;
country_AF;
country_AM;
+ country_AP; // global region Asia/Pacific
country_AZ;
country_BD;
country_BH;
country_DK;
country_EE;
country_ES;
+ country_EU; // global region Europe
country_FI;
country_FO;
country_FR;
country_HM;
country_TF;
};
+
+acl undef {
+ country_A1;
+ country_A2;
+ 8.8.8.8/32; // Google DNS Server fails with GeoIP
+ 8.8.4.4/32; // Google DNS Server fails with GeoIP
+ 208.67.222.222/32; // OpenDNS fails with GeoIP
+ 208.67.220.220/32; // OpenDNS fails with GeoIP
+};
// Slave domains, includ in bind.conf
-// NOT USED YET - SYNC UP WITH dsa-misc/config/bind/ before enabling finally
-
zone "debian.org" {
type slave;
notify no;
allow-transfer { };
};
+// debian rack with grnet
+zone "192/27.211.177.194.in-addr.arpa" {
+ type slave;
+ notify no;
+ file "db.194.177.211.192";
+ masters {
+ 82.195.75.106; // draghi
+ 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi
+ };
+ allow-query { any; };
+ allow-transfer { };
+};
+zone "b.e.d.0.c.f.f.2.8.4.6.0.1.0.0.2.ip6.arpa" {
+ type slave;
+ notify no;
+ file "db.2001:0648:2ffc:0deb";
+ masters {
+ 82.195.75.106; // draghi
+ 2001:41b8:202:deb:216:36ff:fe40:3906; //draghi
+ };
+ allow-query { any; };
+ allow-transfer { };
+};
+
+
// ipv6 at 1&1 - powell: 2001:08d8:0081:1520::/60
zone "2.5.1.1.8.0.0.8.d.8.0.1.0.0.2.ip6.arpa" {
type slave;
view "AF" {
match-clients { AF; };
+ zone "volatile.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.volatile.debian.org.AF";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "security.geo.debian.org" {
type master;
file "/etc/bind/geodns/db.security.debian.org.AF";
allow-transfer { };
};
+ zone "ftp.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.ftp.debian.org.AF";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "bugs.debian.org" {
type master;
file "/etc/bind/geodns/db.bugs.debian.org.AF";
view "AN" {
match-clients { AN; };
+ zone "volatile.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.volatile.debian.org.AN";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "security.geo.debian.org" {
type master;
file "/etc/bind/geodns/db.security.debian.org.AN";
allow-transfer { };
};
+ zone "ftp.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.ftp.debian.org.AN";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "bugs.debian.org" {
type master;
file "/etc/bind/geodns/db.bugs.debian.org.AN";
view "AS" {
match-clients { AS; };
+ zone "volatile.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.volatile.debian.org.AS";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "security.geo.debian.org" {
type master;
file "/etc/bind/geodns/db.security.debian.org.AS";
allow-transfer { };
};
+ zone "ftp.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.ftp.debian.org.AS";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "bugs.debian.org" {
type master;
file "/etc/bind/geodns/db.bugs.debian.org.AS";
view "EU" {
match-clients { EU; };
+ zone "volatile.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.volatile.debian.org.EU";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "security.geo.debian.org" {
type master;
file "/etc/bind/geodns/db.security.debian.org.EU";
allow-transfer { };
};
+ zone "ftp.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.ftp.debian.org.EU";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "bugs.debian.org" {
type master;
file "/etc/bind/geodns/db.bugs.debian.org.EU";
view "NA" {
match-clients { NA; };
+ zone "volatile.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.volatile.debian.org.NA";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "security.geo.debian.org" {
type master;
file "/etc/bind/geodns/db.security.debian.org.NA";
allow-transfer { };
};
+ zone "ftp.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.ftp.debian.org.NA";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "bugs.debian.org" {
type master;
file "/etc/bind/geodns/db.bugs.debian.org.NA";
view "OC" {
match-clients { OC; };
+ zone "volatile.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.volatile.debian.org.OC";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "security.geo.debian.org" {
type master;
file "/etc/bind/geodns/db.security.debian.org.OC";
allow-transfer { };
};
+ zone "ftp.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.ftp.debian.org.OC";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "bugs.debian.org" {
type master;
file "/etc/bind/geodns/db.bugs.debian.org.OC";
view "SA" {
match-clients { SA; };
+ zone "volatile.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.volatile.debian.org.SA";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "security.geo.debian.org" {
type master;
file "/etc/bind/geodns/db.security.debian.org.SA";
allow-transfer { };
};
+ zone "ftp.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.ftp.debian.org.SA";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "bugs.debian.org" {
type master;
file "/etc/bind/geodns/db.bugs.debian.org.SA";
allow-transfer { };
};
+};
+view "undef" {
+ match-clients { undef; };
+
+ zone "volatile.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.volatile.debian.org.undef";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "security.geo.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.security.debian.org.undef";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "security.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.security.debian.org.undef";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "ftp.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.ftp.debian.org.undef";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "bugs.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.bugs.debian.org.undef";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "www.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.www.debian.org.undef";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
+ zone "packages.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.packages.debian.org.undef";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
};
view "default" {
match-clients { any; };
+ zone "volatile.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.volatile.debian.org";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "security.geo.debian.org" {
type master;
file "/etc/bind/geodns/db.security.debian.org";
allow-transfer { };
};
+ zone "ftp.debian.org" {
+ type master;
+ file "/etc/bind/geodns/db.ftp.debian.org";
+ notify no;
+ allow-query { any; };
+ allow-transfer { };
+ };
+
zone "bugs.debian.org" {
type master;
file "/etc/bind/geodns/db.bugs.debian.org";
allow-update { none; };
allow-transfer { none; };
allow-recursion { Nagios; };
+ blackhole { 192.168.0.0/16; 10.0.0.0/8; 172.16.0.0/12; };
};
logging {
group geodnssync
precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.AS
postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.bugs.debian.org.undef
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.undef
+ postcommand sudo /etc/init.d/bind9 reload
file etc/bind/geodns/db.bugs.debian.org.AF
perms 0644
user geodnssync
group geodnssync
precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail bugs.debian.org etc/bind/geodns/db.bugs.debian.org.NA
postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.ftp.debian.org.AN
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.AN
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.ftp.debian.org.SA
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.SA
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.ftp.debian.org.OC
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.OC
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.ftp.debian.org.AS
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.AS
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.ftp.debian.org.undef
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.undef
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.ftp.debian.org.AF
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.AF
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.ftp.debian.org
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.ftp.debian.org.EU
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.EU
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.ftp.debian.org.NA
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail ftp.debian.org etc/bind/geodns/db.ftp.debian.org.NA
+ postcommand sudo /etc/init.d/bind9 reload
file etc/bind/geodns/db.packages.debian.org.AN
perms 0644
user geodnssync
group geodnssync
precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.AS
postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.packages.debian.org.undef
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail packages.debian.org etc/bind/geodns/db.packages.debian.org.undef
+ postcommand sudo /etc/init.d/bind9 reload
file etc/bind/geodns/db.packages.debian.org.AF
perms 0644
user geodnssync
group geodnssync
precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.AS
postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.security.debian.org.undef
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.undef
+ postcommand sudo /etc/init.d/bind9 reload
file etc/bind/geodns/db.security.debian.org.AF
perms 0644
user geodnssync
group geodnssync
precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail security.debian.org etc/bind/geodns/db.security.debian.org.NA
postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.volatile.debian.org.AN
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail volatile.debian.org etc/bind/geodns/db.volatile.debian.org.AN
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.volatile.debian.org.SA
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail volatile.debian.org etc/bind/geodns/db.volatile.debian.org.SA
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.volatile.debian.org.OC
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail volatile.debian.org etc/bind/geodns/db.volatile.debian.org.OC
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.volatile.debian.org.AS
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail volatile.debian.org etc/bind/geodns/db.volatile.debian.org.AS
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.volatile.debian.org.undef
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail volatile.debian.org etc/bind/geodns/db.volatile.debian.org.undef
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.volatile.debian.org.AF
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail volatile.debian.org etc/bind/geodns/db.volatile.debian.org.AF
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.volatile.debian.org
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail volatile.debian.org etc/bind/geodns/db.volatile.debian.org
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.volatile.debian.org.EU
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail volatile.debian.org etc/bind/geodns/db.volatile.debian.org.EU
+ postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.volatile.debian.org.NA
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail volatile.debian.org etc/bind/geodns/db.volatile.debian.org.NA
+ postcommand sudo /etc/init.d/bind9 reload
file etc/bind/geodns/db.www.debian.org.AN
perms 0644
user geodnssync
group geodnssync
precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.AS
postcommand sudo /etc/init.d/bind9 reload
+file etc/bind/geodns/db.www.debian.org.undef
+ perms 0644
+ user geodnssync
+ group geodnssync
+ precommand /usr/sbin/named-checkzone -q -k fail -n fail -S fail -i full -m fail -M fail www.debian.org etc/bind/geodns/db.www.debian.org.undef
+ postcommand sudo /etc/init.d/bind9 reload
file etc/bind/geodns/db.www.debian.org.AF
perms 0644
user geodnssync
mode => 444,
;
- "/usr/share/GeoIP/GeoIPv6.dat":
- source => [ "puppet:///named/per-host/$fqdn/GeoIPv6.dat",
- "puppet:///named/common/GeoIPv6.dat" ],
- owner => root,
- group => root,
- mode => 444,
- ;
-
"/etc/ssh/userkeys/geodnssync":
source => [ "puppet:///named/per-host/$fqdn/authorized_keys",
"puppet:///named/common/authorized_keys" ],
class named::secondary inherits named {
-# file { "/etc/bind/named.conf.debian-zones":
-# source => [ "puppet:///named/per-host/$fqdn/named.conf.debian-zones",
-# "puppet:///named/common/named.conf.debian-zones" ],
-# notify => Exec["bind9 reload"],
-# }
+ file { "/etc/bind/named.conf.debian-zones":
+ source => [ "puppet:///named/per-host/$fqdn/named.conf.debian-zones",
+ "puppet:///named/common/named.conf.debian-zones" ],
+ notify => Exec["bind9 reload"],
+ }
+ file { "/etc/bind/named.conf.shared-keys":
+ mode => 640,
+ owner => root,
+ group => bind,
+ }
}
end
nameservers += ["82.195.75.81", "82.195.66.249", "217.198.242.225"]
searchpaths << "debprivate-darmstadt.debian.org"
+ when "ftcollins" then
+ case hostname
+ when "spohr", "samosa" then
+ nameservers << "127.0.0.1"
+ end
+ nameservers += ["192.25.206.33", "192.25.206.57"]
+ searchpaths << "debprivate-ftcollins.debian.org"
end
searchpaths << "debian.org"
file=/etc/mtab
file=/etc/ssh_random_seed
file=/etc/asound.conf
+<% case hoster when "ubcece", "darmstadt", "ftcollins" then ""
+else -%>
file=/etc/resolv.conf
+<% end -%>
file=/etc/localtime
file=/etc/ioctl.save
file=/etc/passwd.backup
##
## This file might be created or removed by the system sometimes.
##
+<% case hoster when "ubcece", "darmstadt", "ftcollins" then "" -%>
+file=/etc/resolv.conf
+<% else
+end -%>
file=/etc/resolv.conf.pcmcia.save
file=/etc/nologin
file=/etc/postfix/debian.db
file=/etc/exim4/localusers
file=/etc/exim4/manualroute
file=/etc/exim4/rbllist
-file=/etc/exim4/rcpthosts
file=/etc/exim4/rhsbllist
file=/etc/exim4/virtualdomains
file=/etc/exim4/whitelist
-file=/etc/exim4/local-auto.conf
file=/etc/exim4/local-settings.conf
file=/etc/exim4/ssl/ca.crt
file=/etc/exim4/ssl/ca.crl
when "handel.debian.org": extrafiles="dir=8/etc/puppet"
when "dijkstra.debian.org": extrafiles="dir=4/etc/dsa-kvm"
when /geo[123].debian.org/: extrafiles="dir=1/etc/bind/geodns"
+when /(senfl|ravel|rietz|klecker).debian.org/: extrafiles="dir=1/etc/bind
+file=/etc/bind/named.conf.debian-zones"
end
extrafiles
%>
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAwbRijHuvIC6cZUZwUfqLT5t/4GRvqiBBmYXkRRhwMajTOBeaR6vRx9mZ+UdTAUKno8LuMNvFoovvwXBqqwH7yMa/SHgpA0wXl+bcYUbtoRbOVQEXwX/70Yoo0HLMGwoeuddjUICYZQomLYYLlkrWt1in9g4AGzqtmyCcDrxaneGYOvwJIm4sBhhJfns3j8AK7wIAaOA5fU9azR6JofX8g7QhqVrTlww0yOTlHsqheGUnLVzqPTzcJTPLDWKs9DOZT8a+IOc1R5TS2k07IFZk4TjCodW+iLCKHdudqpS8MKOY9EtfDaANl7JeCNa0NUZRVeXX9H4jtPIJ5/naa6m1XQ== Florian.Lohoff(flo,mW-N,RSA,2048)"
when "sperger.debian.org" then "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAuXKdZTW+Ju0p+4pBXPFSEF9lyav7x5yR0P0Gk6NijfWIbx6DQKbCccR0PobDL+To1dtCP9JbOr3zZjV0VaRpMqlfjH1DR/SkI7orcomwh0fFYzygx2OZ9HJCYv2UERRsKEt3GJr2yFEaNSLg25tIOpvwsHSIQHt8hg5h6sdyzgCrEvwfCImncdyp1WssqFp70TXyRWnSSzq8cMH1zE8B9uoPATTVjcFB6E8+HuY5KSd8Thg2jQ+2pFLj8D0VNMj9nCVRlDOhunkfMzS7rx3eBl3oqxgIL8SWfB7aZKdEb77RXemUBvNDghWTaQxgXlOQP4v/cVrg03TNlcM5kbZqIeBidfzF5C1lcZOuAMlZYSq+bpdBC9j+dT2Lr/blNatN7LKLYVaQ+W7a6zAvmfubr+vjhO+JUY8XT9wmFlY+o1wYaup455LA3pmKhBPGpcNtaZ7FEotGNYTXjpTbpzMp6vvOXf3n325GWS9so9e6PTbuvdJdRO5Et69kV5dqP4XwUT3d3SQs5W16Rj6QF0Aod2QFEaIpZu52fkyt4dAn0WCRnDR2PB9n99CDZ4f4mKg66u6oNT3RUcMtK1lHyhxlFdjG7qJ2EwnqLbTpvWq8qD5zzc/uJwy9eK5RqQhXMtIP+2FN7o2cfw2n8tUx4LIeCMZ8pcVHgY17M2v/oBLn+IU= bzed@think"
when "tartini.debian.org" then "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAmXjNW2OoDl7mwAyzHHNMMfuGGor6Vgr2LiKdlVmRCk6EeqrYrRY4ZYsJ2c0nBNzvzgxLO/deau/LBYdpNIO5341GvSWWIA+2khXY+Fzb35UGt4J5eZWOLYsJmplM3xm9lde404WOgqqu0ywsXJMxYmQtqzUjI/tFA5zyE2baPpMjnYyfmxPPOXdv7L6uK5qaWGZFBp8iVJxYwvUTADstAz077kiBpaZoEG1jr8kEzwd2so9cNDGq4wmjF2xv3M2i/rmSLgoLGeI6GtgTL3BU39CXFXa9y5sMRf4opxSzV2JwGtXbhmtqkHZAXufMndRmEy9IyOkFsJvUJoUe0n+Hhwo/JGiXC2vBGA0ueeMXtUgjYs11cprd6rVI8+WZMND9YOdwS71aWXiX5zN36F3JdaND4yblLpATprHp6/npYCSI5IC/42m4AbWu6aj85SC9Bnegb+FkLCUIcXQ/STPr9ptaaRCNBucbSAovJ84k6Ny2qwUfSYT3zWkL6hl5JnIv9y4HbfFHAD2e4dCXidb8H3/X8H/giwPvtOLwiHf8r+Kxya6JuYzo/ZoGhQhP2MnfyxapoqG+kixU0pPaPN39trraTOzZNXIPOxyyuGhu77x4oh4uNBqnpr2aR1xi+/qvSK0f/BO0AyHLRZXtTbn9Bjr588Vb/Cx9t0aKGJCSPoE= jeroen@eee.wolffelaar.nl 2008-05-14"
- when "zelenka.debian.org" then "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA185aKAQqnSecI0peA4YhzfOjmN5fM6DJ5JJzxnLfNRdXBwtEOI8z+BFdHqQHDBQp3jq4V45ZaCyg/Qi8WTjDoPG/UyHx1FWAfC37pLlQQJ3Vq7X4BDrCvRwBNj+rI9tiUi+PXW6m2MaihblSmcNQGdmO7nHgxKsEXNLIEKfRtYBveTiolNACXxO//kDBwGFgvnAKiv5jtD6xcrA5d2DpvUX07zWhRsNbilba8JyqN+sOEbKtKa/7uCY9TD3Z1/aSFAw3I9K1S+DDdZZ7hK09BLwpcXRG6zAVqYzZ4rZ/S2zP+dXPy5L13ORNAGdv8d9Krw8iYjuJ6YfOqFAQIrH+EQ== waldi@debian.org"
end
localkeys
%>
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAwe0KhG7S6agOekJ5U2DB/Ze2B5u9/PKo2ha765ZkYOScRWdRWUSOYwBOrrfrQUf1gCicdcsG9lLnbTeFeH4i9UJ8XUf4uhS4rK0RurKf5MN8xlqETU88q7fMTQj5LXkkJXrs8aMCxKmMhGlh62CUbANCY7i6hzXIo7KU1MIdT/E= lucaf@bofh
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1zy2/qSBpYaOKYVEnDI+KEiQlPiKsTv96zJeNdu7xLY1bwd3n0ORyTGO4Hp06PBlfek0f7/xClUHb7xgroTWAebhOes880evhGmYemQyYew+a2nBXyuiEFT8QS+Iw601zFRgy/+0nZvCAkr5Xn+mHtnhQKu5GzWsYVl3uxMo7CEiCOVpupz7FjALAoMgY25JYtFAuK0hwzAO/r9Ja89jmgdAlWJn1uAziwUVBmM6bR6AhhvI+9WR6XDzElz5pVT740kbA6ri+Jv2in9Gp7eIfgdXnaXJvxuqMk0zPB6Y7MZ0UmlvpU4A1h83SAYf6XyOHgWyn+fYhF41OR958ShLIQ== lucaf@portabofh
# zobel
-ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvA82iZhdqMbUYXGv9DSMNRmFuXpemOQyAZCd6YkI1XtFEGMN3hlA1XrXRep0FwChCOOs+I/W/vyBdChRKzqxDE1HmTORhCxHNOwWBg1XaRLyeGFo5MEhNzGG0GQBx2+bwVkGLwPTWPQ+A1eV+mm52CpqjeRpeiu4ums6zJ7/oZRwpvZcGoHCu3KxCHtzUwyoufv7BpbwZLk0WyRg70gJ2mwJpVNPFktVSlykdbUmuQ0y76/XIOoCcFD1W44WLu8WWBOWbyPM+gE7pb1Z711MM3k949AJgDqyHYMxTD1d3b2aeoX9zW0zGFrbZVDCrDOkUNlH2b4er/Lm1xXhYQAuSQ== zobel@lunar
-ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA79oE1QcaEmY/RPA8pJWaY1t9GZ0icXK0dEPpqMwyWeZM3k9Avfx6M/ROGVnDOe+BZ86tZzom1yqOhUdpmSG2akNWfwQXkKrkDEGYfYVLKANaXpgwEJMNrmQGZa9jZtQfcR4ogz6Codk5meegSareWhhIw+oNdaH2KVCwxOYQv8xb1BGIOdOze0LdGiOzXRegtVnquiL3xs1EAiH4RiFbOXwFDnGq3szj54xzO08LrMUqt+xFBNpa6yBeK7VQWpwQU7sml2K1OJ2yux5O9ISmld0/He+OI+Ocse1Fk9UapiWF4RqT4OawpYRJoeS6sSDu2pzsSnMSdvvHwn4VuD0khQ== Martin Zobel-Helas - debian key (2008-08-26)
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuWUv0xRqmnrYX/7b80HIAY9s80Qp4QRFH3DXEkuyDeprJC+GdJs2S/fwhWI9eZDF8NN03SLoOg9q7lXoy2Ts6tda8zfqIf/IBnvcqbsoCtbmrOTvwHj5fVFh0fw72KSc8b+Bccs+1aLXUqP2eSKXB9jpR+apUd7DQ0i6si2/fwrQvqXZ71NeRkcSXIuED9PCA2298DKob1tCAXP1XSIswxxgHdGZgVHYhNt33XSM7zksTbMjr7NBZkJOcgk3dLOVz2RSo38+Curv8nPVoD4uIsE551GXnNTPZiMosvDY3Cy3gTwBhpXFxtkRDr0jMQpYj+ahQ3F+MFJr+0S89QeHfQ== Martin Zobel-Helas - debian adm key (2010-01-04)
# weasel
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAqtZYwCwuLP2KZOfqdRyKbexfhcfEiwY7en7aYmY7eUxa396Nzhxv1KOl2xpatD40/TPHtU+GUMxa0PLM7Tn5j2HxZ5S/bjp2l881EWJlYUzZjL95e/PBhPM2r6/VvLTHI7dFI+2s2/LDIuRn3dKsIxFncRzZRjPrpks14wpII4UpVTwQSrBMwkweq0anUiUtw/y7s33fSQJKYu7gXkmkm7mtuF8PJnvI6j482pu34GxWGjjSs9f7ZAm2+mXviVedAsrN3E4MgK14Z6+lOIxfgWmZ2gz33u2nbJ5TCTGJYyxbkaYXXLKo8JW2GtcCZchmhw4kUzo0rfRIXI80e4FEeh3Tj2X0518xp7m/SvKa2nE/dcye2a77ruJZJ0tzHqUmXZSMT5ZdOqgIxeqLGksNFK1mPUbMsfkxbCANVLp17CIeqUtiMYfOjzCuKc3GdYe8Mp47dQx824hnfEldJw9dWH8d+ELO64UsQnEIleQt+d2ASdFK0Vc2SmG7gxcFa2OU9V8TAWx/HKhBhW5KkMKUagATYLgbqzMRfgqslJFDJxB8fQ++Xlodq20MTt2TM9L89ilKyzmG/tNawR71l8+U/sxJS6/sVVXCzHLlMEyVnYRZMBeNwiW2ZBjM+mTv300vUS7+iNUOaZasPOMJqV3d4ImgRUMcOmExMDAnHCRGS10= Peter Palfrader - debian adm key (2008-05-11)
# sgran
# nagios
nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/dsa-check-dabackup ""
# with smartarray controllers
+nagios ALL=(ALL) NOPASSWD: /sbin/hpasmcli ""
nagios ALL=(ALL) NOPASSWD: /usr/bin/arrayprobe ""
nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller all show
nagios ALL=(ALL) NOPASSWD: /usr/sbin/hpacucli controller slot=[02] pd all show
%popcon ALL=(popcon) ALL
%secretary ALL=(secretary) ALL
%sectracker ALL=(sectracker) ALL
+%security SECHOSTS=(mail_security) ALL
%snapshot ALL=(snapshot) ALL
%uddadm ALL=(udd) ALL
%volatile ALL=(volatile) ALL
# remote power to babylon5 in the same rack:
joerg unger=(ALL) /usr/bin/sispmctl -t 1, /usr/bin/sispmctl -g 1
# wbadm can update all buildd* users' keys on buildd.d.o
-%wbadm raff=(root) /usr/local/bin/update-buildd-sshkeys
%wbadm cimarosa=(root) /usr/local/bin/update-buildd-sshkeys
+wbadm cimarosa=(postgres) NOPASSWD: /usr/bin/pg_dumpall --cluster 8.4/wanna-build
# mirror push
dak ries=(archvsync) NOPASSWD:/home/archvsync/runmirrors
planet senfl=(archvsync) NOPASSWD: /home/archvsync/bin/runplanet ""
+++ /dev/null
-##
-## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
-## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
-##
-
-# Various bits of software
-<% if has_variable?("clamd") && clamd == "true" -%>
-CLAMAV = clamd:/var/run/clamav/clamd.ctl
-<% else -%>
-# CLAMAV is undefined
-<% end -%>
-<% if has_variable?("postgrey") && postgrey == "true" -%>
-USE_GREYLISTING = 1
-# HAVE_GREYLIST is undefined
-HAVE_POSTGREY = 1
-<% elsif has_variable?("greylistd") && greylistd == "true" -%>
-USE_GREYLISTING = 1
-HAVE_GREYLIST = 1
-# HAVE_POSTGREY is undefined
-<% else -%>
-# HAVE_POSTGREY is undefined
-# HAVE_GREYLIST is undefined
-# USE_GREYLISTING is undefined
-<% end -%>
-<% if has_variable?("policydweight") && policydweight == "true" -%>
-HAVE_POLICYD = 1
-<% else -%>
-# HAVE_POLICYD is undefined
-<% end -%>
-
-# user settings (controls some mail routing)
-<% if has_variable?("bugs_host") && bugs_host == "true" -%>
-HAVE_USER_DEBBUGS = 1
-<% else -%>
-# HAVE_USER_DEBBUGS is undefined
-<% end -%>
-<% if has_variable?("qa_host") && qa_host == "true" -%>
-HAVE_USER_QA = 1
-<% else -%>
-# HAVE_USER_QA is undefined
-<% end -%>
-
-# SSL stuff for mail relays
-<% if has_variable?("exim_ssl_certs") && exim_ssl_certs == "true" -%>
-USE_TLS = 1
-<% else -%>
-# USE_TLS is undefined
-<% end -%>
-