summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sitemodules/profiles/manifests/debarchive.pp47
1 files changed, 28 insertions, 19 deletions
diff --git a/sitemodules/profiles/manifests/debarchive.pp b/sitemodules/profiles/manifests/debarchive.pp
index 0a8e59e..855f9a2 100644
--- a/sitemodules/profiles/manifests/debarchive.pp
+++ b/sitemodules/profiles/manifests/debarchive.pp
@@ -60,6 +60,12 @@ class profiles::debarchive (
mode => '4755',
}
+ $debarchive_home = '/srv/debarchive'
+ $gpg_home = "${debarchive_home}/.gnupg"
+ $package_dir = "${debarchive_home}/packages"
+ $upload_chroot = '/srv/upload'
+ $incoming_dir = "${upload_chroot}/incoming"
+
# setup user, groups and directories
group { 'debarchive':
ensure => absent,
@@ -69,34 +75,34 @@ class profiles::debarchive (
comment => 'CAcert debian archive user',
system => true,
gid => 'nogroup',
- home => '/srv/debarchive',
+ home => $debarchive_home,
shell => '/usr/bin/rssh',
purge_ssh_keys => true,
require => Package['rssh'],
}
- file { '/srv/debarchive':
+ file { $debarchive_home:
ensure => directory,
owner => 'debarchive',
group => 'nogroup',
mode => '0711',
}
- file { '/srv/upload':
+ file { $upload_chroot:
ensure => directory,
owner => 'root',
group => 'root',
mode => '0755',
}
- file { '/srv/upload/incoming':
+ file { $incoming_dir:
ensure => directory,
owner => 'debarchive',
group => 'nogroup',
mode => '0700',
}
- exec { '/bin/bash /usr/share/doc/rssh/examples/mkchroot.sh /srv/upload':
- creates => '/srv/upload/usr/bin/rssh',
- require => [Package['rssh'], File['/srv/upload']],
+ exec { "/bin/bash /usr/share/doc/rssh/examples/mkchroot.sh ${upload_chroot}":
+ creates => "${upload_chroot}/usr/bin/rssh",
+ require => [Package['rssh'], File[$upload_chroot]],
} ~>
- exec { '/bin/sed -n -i \'/^root:/p; /^debarchive:/p\' /srv/upload/etc/passwd':
+ exec { "/bin/sed -n -i '/^root:/p; /^debarchive:/p' ${upload_chroot}/etc/passwd":
refreshonly => true,
}
@@ -118,7 +124,7 @@ class profiles::debarchive (
concat::fragment { 'rssh-debarchive':
target => $rssh_conf,
order => '10',
- content => "user = \"debarchive:022:000110:/srv/upload\"\n",
+ content => "user = \"debarchive:022:000110:${upload_chroot}\"\n",
}
# setup ssh keys
@@ -137,54 +143,57 @@ class profiles::debarchive (
}
# setup GPG home for signing
- $gpghome = '/srv/debarchive/.gnupg'
-
- file { [$gpghome, "${gpghome}/private-keys-v1.d", '/srv/debarchive/log', '/srv/debarchive/scripts']:
+ file { [$gpg_home, "${gpg_home}/private-keys-v1.d", "${debarchive_home}/log", '${debarchive_home}/scripts']:
ensure => directory,
owner => 'debarchive',
group => 'nogroup',
mode => '0700',
}
- file { "${gpghome}/private-keys-v1.d/${release_signing_keygrip}.key":
+ file { "${gpg_home}/private-keys-v1.d/${release_signing_keygrip}.key":
ensure => file,
owner => 'debarchive',
group => 'nogroup',
mode => '0600',
content => $release_signing_private_key,
}
- file { "${gpghome}/passphrase":
+ file { "${gpg_home}/passphrase":
ensure => file,
owner => 'debarchive',
group => 'nogroup',
mode => '0600',
content => $release_signing_passphrase,
}
- file { "${gpghome}/gpg-agent.conf":
+ file { "${gpg_home}/gpg-agent.conf":
ensure => file,
owner => 'debarchive',
group => 'nogroup',
mode => '0600',
- content => 'log-file /srv/debarchive/log/gpg-agent.log',
+ content => "log-file ${debarchive_home}/log/gpg-agent.log",
}
- file { "${gpghome}/pubring.kbx":
+ file { "${gpg_home}/pubring.kbx":
ensure => file,
owner => 'debarchive',
group => 'nogroup',
mode => '0600',
source => 'puppet:///modules/profiles/debarchive/gpg_pubring.kbx',
}
- file { "${gpghome}/trustdb.gpg":
+ file { "${gpg_home}/trustdb.gpg":
ensure => file,
owner => 'debarchive',
group => 'nogroup',
mode => '0600',
source => 'puppet:///modules/profiles/debarchive/gpg_trustdb.gpg',
}
- file { '/srv/debarchive/cacert-keyring.gpg':
+ file { "${debarchive_home}/cacert-keyring.gpg":
ensure => file,
owner => 'debarchive',
group => 'nogroup',
mode => '0600',
source => 'puppet:///modules/profiles/debarchive/cacert-keyring.gpg',
}
+
+ # setup reprepro
+ package { 'reprepro':
+ ensure => latest,
+ }
}