Use variables for paths, install reprepro

author: Jan Dittberner <jandd@cacert.org> 2019-08-02 08:37:48 +0200
committer: Jan Dittberner <jandd@cacert.org> 2019-08-02 08:39:20 +0200
commit: 34be9cadc400ca0649bad8ec59dfdc4fa9be1f31 (patch)
tree: 38cc280cf4a759904fef16e7f08699fd120b3125 /sitemodules
parent: 3dd78ee5e1a69be63d9c1f5eb831a8ce8dc12779 (diff)
download: cacert-puppet-34be9cadc400ca0649bad8ec59dfdc4fa9be1f31.tar.gz
cacert-puppet-34be9cadc400ca0649bad8ec59dfdc4fa9be1f31.tar.xz
cacert-puppet-34be9cadc400ca0649bad8ec59dfdc4fa9be1f31.zip
1 files changed, 28 insertions, 19 deletions
diff --git a/sitemodules/profiles/manifests/debarchive.pp b/sitemodules/profiles/manifests/debarchive.pp
index 0a8e59e..855f9a2 100644
--- a/sitemodules/profiles/manifests/debarchive.pp
+++ b/sitemodules/profiles/manifests/debarchive.pp
@@ -60,6 +60,12 @@ class profiles::debarchive (
     mode   => '4755',
   }
 
+  $debarchive_home = '/srv/debarchive'
+  $gpg_home = "${debarchive_home}/.gnupg"
+  $package_dir = "${debarchive_home}/packages"
+  $upload_chroot = '/srv/upload'
+  $incoming_dir = "${upload_chroot}/incoming"
+
   # setup user, groups and directories
   group { 'debarchive':
     ensure => absent,
@@ -69,34 +75,34 @@ class profiles::debarchive (
     comment        => 'CAcert debian archive user',
     system         => true,
     gid            => 'nogroup',
-    home           => '/srv/debarchive',
+    home           => $debarchive_home,
     shell          => '/usr/bin/rssh',
     purge_ssh_keys => true,
     require        => Package['rssh'],
   }
-  file { '/srv/debarchive':
+  file { $debarchive_home:
     ensure => directory,
     owner  => 'debarchive',
     group  => 'nogroup',
     mode   => '0711',
   }
-  file { '/srv/upload':
+  file { $upload_chroot:
     ensure => directory,
     owner  => 'root',
     group  => 'root',
     mode   => '0755',
   }
-  file { '/srv/upload/incoming':
+  file { $incoming_dir:
     ensure => directory,
     owner  => 'debarchive',
     group  => 'nogroup',
     mode   => '0700',
   }
-  exec { '/bin/bash /usr/share/doc/rssh/examples/mkchroot.sh /srv/upload':
-    creates => '/srv/upload/usr/bin/rssh',
-    require => [Package['rssh'], File['/srv/upload']],
+  exec { "/bin/bash /usr/share/doc/rssh/examples/mkchroot.sh ${upload_chroot}":
+    creates => "${upload_chroot}/usr/bin/rssh",
+    require => [Package['rssh'], File[$upload_chroot]],
   } ~>
-  exec { '/bin/sed -n -i \'/^root:/p; /^debarchive:/p\' /srv/upload/etc/passwd':
+  exec { "/bin/sed -n -i '/^root:/p; /^debarchive:/p' ${upload_chroot}/etc/passwd":
     refreshonly => true,
   }
 
@@ -118,7 +124,7 @@ class profiles::debarchive (
   concat::fragment { 'rssh-debarchive':
     target  => $rssh_conf,
     order   => '10',
-    content => "user = \"debarchive:022:000110:/srv/upload\"\n",
+    content => "user = \"debarchive:022:000110:${upload_chroot}\"\n",
   }
 
   # setup ssh keys
@@ -137,54 +143,57 @@ class profiles::debarchive (
   }
 
   # setup GPG home for signing
-  $gpghome = '/srv/debarchive/.gnupg'
-
-  file { [$gpghome, "${gpghome}/private-keys-v1.d", '/srv/debarchive/log', '/srv/debarchive/scripts']:
+  file { [$gpg_home, "${gpg_home}/private-keys-v1.d", "${debarchive_home}/log", '${debarchive_home}/scripts']:
     ensure => directory,
     owner  => 'debarchive',
     group  => 'nogroup',
     mode   => '0700',
   }
-  file { "${gpghome}/private-keys-v1.d/${release_signing_keygrip}.key":
+  file { "${gpg_home}/private-keys-v1.d/${release_signing_keygrip}.key":
     ensure  => file,
     owner   => 'debarchive',
     group   => 'nogroup',
     mode    => '0600',
     content => $release_signing_private_key,
   }
-  file { "${gpghome}/passphrase":
+  file { "${gpg_home}/passphrase":
     ensure  => file,
     owner   => 'debarchive',
     group   => 'nogroup',
     mode    => '0600',
     content => $release_signing_passphrase,
   }
-  file { "${gpghome}/gpg-agent.conf":
+  file { "${gpg_home}/gpg-agent.conf":
     ensure  => file,
     owner   => 'debarchive',
     group   => 'nogroup',
     mode    => '0600',
-    content => 'log-file /srv/debarchive/log/gpg-agent.log',
+    content => "log-file ${debarchive_home}/log/gpg-agent.log",
   }
-  file { "${gpghome}/pubring.kbx":
+  file { "${gpg_home}/pubring.kbx":
     ensure => file,
     owner  => 'debarchive',
     group  => 'nogroup',
     mode   => '0600',
     source => 'puppet:///modules/profiles/debarchive/gpg_pubring.kbx',
   }
-  file { "${gpghome}/trustdb.gpg":
+  file { "${gpg_home}/trustdb.gpg":
     ensure => file,
     owner  => 'debarchive',
     group  => 'nogroup',
     mode   => '0600',
     source => 'puppet:///modules/profiles/debarchive/gpg_trustdb.gpg',
   }
-  file { '/srv/debarchive/cacert-keyring.gpg':
+  file { "${debarchive_home}/cacert-keyring.gpg":
     ensure => file,
     owner  => 'debarchive',
     group  => 'nogroup',
     mode   => '0600',
     source => 'puppet:///modules/profiles/debarchive/cacert-keyring.gpg',
   }
+
+  # setup reprepro
+  package { 'reprepro':
+    ensure => latest,
+  }
 }
author	Jan Dittberner <jandd@cacert.org>	2019-08-02 08:37:48 +0200
committer	Jan Dittberner <jandd@cacert.org>	2019-08-02 08:39:20 +0200
commit	34be9cadc400ca0649bad8ec59dfdc4fa9be1f31 (patch)
tree	38cc280cf4a759904fef16e7f08699fd120b3125 /sitemodules
parent	3dd78ee5e1a69be63d9c1f5eb831a8ce8dc12779 (diff)
download	cacert-puppet-34be9cadc400ca0649bad8ec59dfdc4fa9be1f31.tar.gz cacert-puppet-34be9cadc400ca0649bad8ec59dfdc4fa9be1f31.tar.xz cacert-puppet-34be9cadc400ca0649bad8ec59dfdc4fa9be1f31.zip