From 6f2b99d1b77cb7edefdeb8ed407139ef4c2bf447 Mon Sep 17 00:00:00 2001
From: Stephen Gran <steve@lobefin.net>
Date: Sun, 29 Apr 2012 09:16:02 +0100
Subject: [PATCH] add chopin as security-master

Signed-off-by: Stephen Gran <steve@lobefin.net>
---
 modules/debian-org/misc/local.yaml            |  2 ++
 modules/roles/manifests/init.pp               |  4 +++
 modules/roles/manifests/security_master.pp    | 26 +++++++++++++++++++
 .../templates/security_master/vsftpd.conf.erb | 24 +++++++++++++++++
 4 files changed, 56 insertions(+)
 create mode 100644 modules/roles/manifests/security_master.pp
 create mode 100644 modules/roles/templates/security_master/vsftpd.conf.erb

diff --git a/modules/debian-org/misc/local.yaml b/modules/debian-org/misc/local.yaml
index 368a2787..10aef917 100644
--- a/modules/debian-org/misc/local.yaml
+++ b/modules/debian-org/misc/local.yaml
@@ -167,6 +167,8 @@ services:
   puppetmaster: handel.debian.org
   rtmaster:
     - reger.debian.org
+  security_master:
+    - chopin.debian.org
 host_settings:
   heavy_exim:
     - bellini.debian.org
diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp
index 137cd75e..601e1440 100644
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -44,6 +44,10 @@ class roles {
 		include roles::backports_master
 	}
 
+	if getfromhash($site::nodeinfo, 'security_master') {
+		include roles::security_master
+	}
+
 	if getfromhash($site::nodeinfo, 'apache2_ftp-upcoming_mirror') {
 		include roles::ftp-upcoming_mirror
 	}
diff --git a/modules/roles/manifests/security_master.pp b/modules/roles/manifests/security_master.pp
new file mode 100644
index 00000000..6992537d
--- /dev/null
+++ b/modules/roles/manifests/security_master.pp
@@ -0,0 +1,26 @@
+class roles::security_master {
+
+	$bind = $::hostname ? {
+		default => '',
+	}
+
+	$bind6 = $::hostname ? {
+		default => '',
+	}
+
+	$logfile = '/var/log/ftp/vsftpd-security-master.debian.org.log'
+
+	vsftpd::site { 'security':
+		content => template('roles/security_master/vsftpd.conf.erb'),
+		logfile => $logfile,
+		bind    => $bind,
+	}
+
+	if $bind6 {
+		vsftpd::site { 'security-v6':
+			content => template('roles/security_master/vsftpd.conf.erb'),
+			logfile => $logfile,
+			bind    => $bind6,
+		}
+	}
+}
diff --git a/modules/roles/templates/security_master/vsftpd.conf.erb b/modules/roles/templates/security_master/vsftpd.conf.erb
new file mode 100644
index 00000000..7f382fa8
--- /dev/null
+++ b/modules/roles/templates/security_master/vsftpd.conf.erb
@@ -0,0 +1,24 @@
+max_clients=100
+
+# from default package config
+secure_chroot_dir=/var/run/vsftpd
+pam_service_name=vsftpd
+
+anonymous_enable=YES
+one_process_model=YES
+setproctitle_enable=YES
+dirmessage_enable=NO
+xferlog_enable=YES
+connect_from_port_20=NO
+xferlog_file=<%= scope.lookupvar('logfile') %>
+ls_recurse_enable=NO
+ftpd_banner=security-master.debian.org FTP server (vsftpd)
+
+#
+# Queue daemon needs anon uploads
+#
+write_enable=YES
+anon_umask=027
+anon_upload_enable=YES
+chown_uploads=YES
+chown_username=dak
-- 
2.39.2