puppetmaster: handel.debian.org
rtmaster:
- reger.debian.org
+ security_master:
+ - chopin.debian.org
host_settings:
heavy_exim:
- bellini.debian.org
include roles::backports_master
}
+ if getfromhash($site::nodeinfo, 'security_master') {
+ include roles::security_master
+ }
+
if getfromhash($site::nodeinfo, 'apache2_ftp-upcoming_mirror') {
include roles::ftp-upcoming_mirror
}
--- /dev/null
+class roles::security_master {
+
+ $bind = $::hostname ? {
+ default => '',
+ }
+
+ $bind6 = $::hostname ? {
+ default => '',
+ }
+
+ $logfile = '/var/log/ftp/vsftpd-security-master.debian.org.log'
+
+ vsftpd::site { 'security':
+ content => template('roles/security_master/vsftpd.conf.erb'),
+ logfile => $logfile,
+ bind => $bind,
+ }
+
+ if $bind6 {
+ vsftpd::site { 'security-v6':
+ content => template('roles/security_master/vsftpd.conf.erb'),
+ logfile => $logfile,
+ bind => $bind6,
+ }
+ }
+}
--- /dev/null
+max_clients=100
+
+# from default package config
+secure_chroot_dir=/var/run/vsftpd
+pam_service_name=vsftpd
+
+anonymous_enable=YES
+one_process_model=YES
+setproctitle_enable=YES
+dirmessage_enable=NO
+xferlog_enable=YES
+connect_from_port_20=NO
+xferlog_file=<%= scope.lookupvar('logfile') %>
+ls_recurse_enable=NO
+ftpd_banner=security-master.debian.org FTP server (vsftpd)
+
+#
+# Queue daemon needs anon uploads
+#
+write_enable=YES
+anon_umask=027
+anon_upload_enable=YES
+chown_uploads=YES
+chown_username=dak
projects / dsa-puppet.git / commitdiff