diff options
author | Jan Dittberner <jandd@cacert.org> | 2019-08-02 08:37:48 +0200 |
---|---|---|
committer | Jan Dittberner <jandd@cacert.org> | 2019-08-02 08:39:20 +0200 |
commit | 34be9cadc400ca0649bad8ec59dfdc4fa9be1f31 (patch) | |
tree | 38cc280cf4a759904fef16e7f08699fd120b3125 /sitemodules | |
parent | 3dd78ee5e1a69be63d9c1f5eb831a8ce8dc12779 (diff) | |
download | cacert-puppet-34be9cadc400ca0649bad8ec59dfdc4fa9be1f31.tar.gz cacert-puppet-34be9cadc400ca0649bad8ec59dfdc4fa9be1f31.tar.xz cacert-puppet-34be9cadc400ca0649bad8ec59dfdc4fa9be1f31.zip |
Use variables for paths, install reprepro
Diffstat (limited to 'sitemodules')
-rw-r--r-- | sitemodules/profiles/manifests/debarchive.pp | 47 |
1 files changed, 28 insertions, 19 deletions
diff --git a/sitemodules/profiles/manifests/debarchive.pp b/sitemodules/profiles/manifests/debarchive.pp index 0a8e59e..855f9a2 100644 --- a/sitemodules/profiles/manifests/debarchive.pp +++ b/sitemodules/profiles/manifests/debarchive.pp @@ -60,6 +60,12 @@ class profiles::debarchive ( mode => '4755', } + $debarchive_home = '/srv/debarchive' + $gpg_home = "${debarchive_home}/.gnupg" + $package_dir = "${debarchive_home}/packages" + $upload_chroot = '/srv/upload' + $incoming_dir = "${upload_chroot}/incoming" + # setup user, groups and directories group { 'debarchive': ensure => absent, @@ -69,34 +75,34 @@ class profiles::debarchive ( comment => 'CAcert debian archive user', system => true, gid => 'nogroup', - home => '/srv/debarchive', + home => $debarchive_home, shell => '/usr/bin/rssh', purge_ssh_keys => true, require => Package['rssh'], } - file { '/srv/debarchive': + file { $debarchive_home: ensure => directory, owner => 'debarchive', group => 'nogroup', mode => '0711', } - file { '/srv/upload': + file { $upload_chroot: ensure => directory, owner => 'root', group => 'root', mode => '0755', } - file { '/srv/upload/incoming': + file { $incoming_dir: ensure => directory, owner => 'debarchive', group => 'nogroup', mode => '0700', } - exec { '/bin/bash /usr/share/doc/rssh/examples/mkchroot.sh /srv/upload': - creates => '/srv/upload/usr/bin/rssh', - require => [Package['rssh'], File['/srv/upload']], + exec { "/bin/bash /usr/share/doc/rssh/examples/mkchroot.sh ${upload_chroot}": + creates => "${upload_chroot}/usr/bin/rssh", + require => [Package['rssh'], File[$upload_chroot]], } ~> - exec { '/bin/sed -n -i \'/^root:/p; /^debarchive:/p\' /srv/upload/etc/passwd': + exec { "/bin/sed -n -i '/^root:/p; /^debarchive:/p' ${upload_chroot}/etc/passwd": refreshonly => true, } @@ -118,7 +124,7 @@ class profiles::debarchive ( concat::fragment { 'rssh-debarchive': target => $rssh_conf, order => '10', - content => "user = \"debarchive:022:000110:/srv/upload\"\n", + content => "user = \"debarchive:022:000110:${upload_chroot}\"\n", } # setup ssh keys @@ -137,54 +143,57 @@ class profiles::debarchive ( } # setup GPG home for signing - $gpghome = '/srv/debarchive/.gnupg' - - file { [$gpghome, "${gpghome}/private-keys-v1.d", '/srv/debarchive/log', '/srv/debarchive/scripts']: + file { [$gpg_home, "${gpg_home}/private-keys-v1.d", "${debarchive_home}/log", '${debarchive_home}/scripts']: ensure => directory, owner => 'debarchive', group => 'nogroup', mode => '0700', } - file { "${gpghome}/private-keys-v1.d/${release_signing_keygrip}.key": + file { "${gpg_home}/private-keys-v1.d/${release_signing_keygrip}.key": ensure => file, owner => 'debarchive', group => 'nogroup', mode => '0600', content => $release_signing_private_key, } - file { "${gpghome}/passphrase": + file { "${gpg_home}/passphrase": ensure => file, owner => 'debarchive', group => 'nogroup', mode => '0600', content => $release_signing_passphrase, } - file { "${gpghome}/gpg-agent.conf": + file { "${gpg_home}/gpg-agent.conf": ensure => file, owner => 'debarchive', group => 'nogroup', mode => '0600', - content => 'log-file /srv/debarchive/log/gpg-agent.log', + content => "log-file ${debarchive_home}/log/gpg-agent.log", } - file { "${gpghome}/pubring.kbx": + file { "${gpg_home}/pubring.kbx": ensure => file, owner => 'debarchive', group => 'nogroup', mode => '0600', source => 'puppet:///modules/profiles/debarchive/gpg_pubring.kbx', } - file { "${gpghome}/trustdb.gpg": + file { "${gpg_home}/trustdb.gpg": ensure => file, owner => 'debarchive', group => 'nogroup', mode => '0600', source => 'puppet:///modules/profiles/debarchive/gpg_trustdb.gpg', } - file { '/srv/debarchive/cacert-keyring.gpg': + file { "${debarchive_home}/cacert-keyring.gpg": ensure => file, owner => 'debarchive', group => 'nogroup', mode => '0600', source => 'puppet:///modules/profiles/debarchive/cacert-keyring.gpg', } + + # setup reprepro + package { 'reprepro': + ensure => latest, + } } |