summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--hieradata/nodes/webstatic.yaml120
-rw-r--r--sitemodules/profiles/manifests/debarchive.pp33
2 files changed, 63 insertions, 90 deletions
diff --git a/hieradata/nodes/webstatic.yaml b/hieradata/nodes/webstatic.yaml
index 76dec24..7dd2459 100644
--- a/hieradata/nodes/webstatic.yaml
+++ b/hieradata/nodes/webstatic.yaml
@@ -6,74 +6,58 @@ profiles::base::admins:
- law
profiles::debarchive::notification_email_address: jandd@cacert.org
profiles::debarchive::release_signing_keyid: "CAcert Debian Archive Signing Key 2019"
-profiles::debarchive::release_signing_keygrip: 223894064EE26851A245DE9208C5C0ABF772F7A7
-profiles::debarchive::release_signing_passphrase: >
- ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEw
- DQYJKoZIhvcNAQEBBQAEggEAOo5m999kQDHcWwrDXAn37SUyzvQZ3xq6mlMa
- sJ8RTlgbMe6e22GyaYfD78agnS/M0xgdbtv5YF6lykn9ACi0US7Tr6tS+D/3
- AxcdLFC1qUAE7HJdq5QBYXU/Ahd1Ot0DXHMnUvX8wSUY1aWIvJpZXnuWZrp+
- 792E5SxNAmi6T12AxlQbJC9M4mHpRzj65ORAG3heDO/kwL8v4T2acDs7i0g4
- Q2kszyoG3zKVIP0/k/eCOWZynS2D4H8aSYhU7MDU9lGUlIpd2NyizXYypb9n
- yWUALiSLCAIy61R9/c/PEAfZtLX9mJTTGqg3LEubULQSktjRlCIVxhL8foiB
- 1bCYcTBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBFres4FSCj+KEUb9gU
- cfM+gDAvP/N8eQsOcQoZxqZTFl270FiaPZtgcF5Zb/yuLPFvFcU4SdseDjbe
- e6g7/Uc6du4=]
-profiles::debarchive::release_signing_private_key: >
- ENC[PKCS7,MIIJfQYJKoZIhvcNAQcDoIIJbjCCCWoCAQAxggEhMIIBHQIBADAFMAACAQEw
- DQYJKoZIhvcNAQEBBQAEggEAYfzMeAdn+nl+k0NB82RjNbSW68Ci4xIKBuRV
- 7pxDkYDNGp4UUB/SmDiPYO2BbMEJHQMPa+jQDtC81UfwZ9n7f/XINq6ph27c
- yAWlfw0RgFEk68Qk3EKxCXANCrNf2HiOR6CabWFllzWoOFrZOMdTpZmB0CBy
- NGnkkkwUfyanwPlycjIbrvP/r072jdA/JuCpa533TH6zw9uwwwTxv5q5deLq
- mkvXlM8VZsziLaH+bAeopRL8uENqyt83YyaxNMk8zHyz6L1RpP8vVLr8sg3n
- eYbdVoqch+KM4L3Hi8X/AuG/BEeGihgvEdbqmVzJYHmJh7tBXaADite+H+hr
- golbtjCCCD4GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEIYfkjacKpZlGCwA
- HbCvYM6AgggQc6wQ9rphDQBo8ybKYIU+QTNPbqFMgk6FR6Mxx/4DugSO7p6f
- 5aMSGUetOD00fKJb1PlWTuqmnALCwbQu3w018dk9uuFDwiz+lAQHb9p6CLgG
- kZLnUOQCfnLPFxihePUYeLQFIRqjYsOSvDudzj4dI/70IiDaP51EYznB7wVE
- vJEVS/np6hm6z+WKnfSibonZTiU/mh8jdHiJVDxAAE1o0ehodREp5Kwwpsjw
- 8mHreRWrFJRIFrW4h4bTJfzLOEz+LYkBG7WJLtK+VtpU/xiWe1ApT6dXiVS8
- dISbPJPASzCnIsTzTw8PQ+aOiagAS8oeeA242dnCLHTu1wApKj8DZF5OXlrr
- A8hE0n1IW4yon2ZsP5acf80r2TwvREfrAfCBKsD5+gfQqcjt4vJFXy3CRwMw
- zo2/DrOgeHJziZXKkZl8/m4E5Xxw/knX6sJh/qSymotGYKY+VnaDzfff36bk
- 56Jy1KO8K2k7CnlpartBzQnA3qTEQxRXpj5eAU4iNZMTfk3ZSQe+l6Ws7gqb
- AEIEF40x5QdsgMJLc2OVjacTtNkHvXDAvaQJ2nd+M0uYFHLWNVI3gQQ0DKH0
- HaG3lNZfQ+D1Ev16031FjqhGP7lgCx/XQ/ck81k4QiGrTJu30eQV+gl3wxl5
- TjihVNXcJ3TqoagzHT2JwbfnDTskb29xLTJ1eFRWouJzRVEW51tThMXa9kDV
- rCE+/jcHGMYwyPn8DlLLLEI1M0Wh06LySEaaDb0ASBIjbHrK88gWHmM8oW9v
- +oKmfO5VMeGaB+V8Rwqjy+T7C1aB4iSmqu3w9RDonkLNZ5fgny3pVZi2UgSR
- uEcgGx8Qflg8waDQ8mc23AEsIdzNREvBTfi3IRNf9dquGqnamZYqvOnuMmg1
- MoC0euxrhLsRvYdOF6kzHfm82NzyHx6ekOhHEONa9HPW4sqVWTBRiewojGfe
- ZtOHMj2DckZY0J4fmK4CGuz3Y6G25+8P1LCKzkO6jjTHIj1l32tX7BRCdKpH
- 7M+rsZxEnqz1kMp6xx5JC4vsRv7U3azZ1vmLuJlL1w9eY99WV71v+XCFwuPt
- FdkmFxvG+c8JWjEEtrH5ObbzqGoOw5LBAhr2cvbDbUbyYIZ4OBeo4yb8nTPG
- vSEIJkFu7OquG9NWFYAHKc8Vly/B2lJDZPY3HRYcybxwiwPtbUV2vUnC+u21
- DwJFqQH616edvONhYJAASOfBzrdE5vzgDaJl01K8EnS7bgJQP01J0Elx9jBO
- bY8hBI9c1KYBA2NjIbigrpFeRXs0555rTzNhOWJzlfKMMZTcOPYIhr1tziem
- TX8aCxHUcc/8cl0K+mtDTTjbAeHUXrZ0cfUgIexjaehKMiwNkNYAMqkDkEZK
- oMceeRvRW5daVdqsqYVh0eHlZ9G7n4SNxcffI3XQvm36ZyHUOQ7dBbclVK7u
- dJKQKwEXKgfDQGbL6Ko4OTgZKgjgwiyKpK4LTii4QR/FU44thBDFFoWjyn//
- GgDIALXIayiRuDiNZKDJv6Du5vaZzntoKU4tWTzJwOVK34vaj+2U6Yx7Ezkj
- Cr4duDeXdePuGsqAkcgUGUHuzwjzyMIon33FnlrmfpdqLRJLvY/PEiEWcxil
- oNbmzmGSpN2ldHOIp/VJ+GvF7sb7WqjyMa489sK4kOaVetWm2hqnTtFTE3Nj
- D4Do2Sf4MlGBDOr0ZYb3FvKeo93fD7zHh9TnvIg4DzB6HpyrSZ5FQbNj17fV
- i9bu1DRdhhBlRUYk1BaDTV+jXY0RDnFTo5DR0wkLnT2Re9pF8nDZVlKSJc2O
- 7zUznCSkSdCrB40f8ARDY5uHPMez5xEraBfqk0aUUKahwzJSXSdPJ0lq/qn9
- x7E2bLhpvughwqaNeonqngZ2u+tvRAt2Qsa3hzt5fh7LA5+iP+NXXb/QFmVn
- izlMFPVaF97IOuycZxCpZ0/obWLav9SnQPsbmnHEci7YdNjhueRcTlQryhO+
- VTmcSKcMcRWuzeu485+hexYXvyf7UxIvvdetB9q7gCGpyeEF4UFvNp222kCg
- Loy6/UdfF/mukAH+vZ0PjC2FdQLF4NlxjoMbTwvrUaotB7w+Ht+e7OqkUUFB
- 5tHtI9M3xC6Tfxt5iehwUGUIdy5ybYE8qSuV5YnDRA3vPvVLnjDC9cfZLvJh
- 3J01qq3H7xWpYXTyAwLqtGkalifzG0gYvZUDBeqCLAgX/Vg5zQ68W6SNQOoM
- NH4xMJbunhkEkbyPuPheJRP3s8NpDKRguAxGHET2Xm88cprGg60p5rP1CyE0
- h3uYHRJArbOVEeLB4FmS6t73gnuvadSOcR0CF9Xmj1bAXQTbFr1TCtt/B5eA
- o+4votCrbFy61qQLXA9rUjMaK4Z2YUWt3gyJgEOKEYFUzYnHZVsWw5NRFQzZ
- sB7q1KGNSCt/NSgaIVHPWMTzwpTrn+PzE3nRc6DgxzFmHive6fhvK441elBg
- Lr1rB7siBM+NCRGB/WGOAMJtNE34odq2oDSOI4ImG+l8dciDrp+5yZJ930SQ
- SnFKunJQ4VHNpec4j5UGGgjZAJzC6mshe5CGM1RHxC+i9mZWXcnEB1wkEL0m
- BYRXfjHF1w7/cIi4bvQiS4fhHU/brpkNODFDZgGggxuQrYOKLkbbr7gEfGD/
- s4+hT+NvjWfe+uuCjMCKNe23dhvcWMVqYHuEMAF6XKuXqPRDsDTo0M+neT1V
- KNYnkHBqPiU2Fgbf+j2BqmoAXsP1RWFhatqoX/rNTqPteHzTYdU/mdYUdkzR
- w/Ux]
+profiles::debarchive::release_signing_key: >
+ ENC[PKCS7,MIIIzQYJKoZIhvcNAQcDoIIIvjCCCLoCAQAxggEhMIIBHQIBADAFMAACAQEw
+ DQYJKoZIhvcNAQEBBQAEggEAtJiS4GluyFbbkmxFKmH+2CWZRD1wotHn8HAc
+ 7wXckaUSIaUvHY9aor6lxFgjD8vnE5ROmiBTtCsJ0Rmx0oJMO7XDTTKfauwZ
+ sTNIi/xPq4YX3fGAKZQ0HpDZQRsgFuh+6acW3B59KAWZlcJCQqnSO/OUdCNz
+ yHSdFF1hMM7fTHYfMXkvp91oOkxkSHhAtiC2AbB82AaSikt7rNv/03rL6Hv7
+ 8vzfjo14m0UGMGGo5Yn8N38Yn24WQTJOGhgBeUm1GpLylaqUDNWN8kRVWrqF
+ 0/O+FTjtGQjeQVkR73u2Iy9n+cvX3blYZKl1ItRRWgFjf/pP6uV4P7d8IrSG
+ 1myvMzCCB44GCSqGSIb3DQEHATAdBglghkgBZQMEASoEEJeo9l7ZAFDCx2IS
+ K4F1IoqAggdgIZWj1bAB165e6eZ0MDx60xsurDWPOFqMlVNmVhrM7O5+n/pB
+ IGBJ+ylUsi97gaWrIAAyzYqnfbqN8pjwNA55gqw6jx2H8AsRuMUDU76JBUtu
+ WvxiMgYOmf4V0tt6i5uLxDIEzkfIf4Mh4sSVoZW/wR2A0n5L4YcbJTHRW9D0
+ idNVfV2hKFxqX9QpbwoJk4IlW68hidk9mpKKO81bA6rO+IF0OoYg1vTBu26M
+ ZdFChv9Ypm10jR2vqhbbb15btOyi5pa/wcis8GYBEvANnQgUfGS//YHK9ttd
+ 1x3JQ6YL87Ye5iXUzOoohHIZ+QHalfyMHPotOy8fsnQyxZd3pkA6utLMItr6
+ 3ehPtsT71a17nC30TJFKgopGigccvk24K5kZozZdG2qyy7yycn1JHp53TirK
+ kdLDfAbwPnhV2+gUycz+51eGvBE3ZdafV+20Wx6hUd6S+F3zef/aeD9D7u9c
+ soIDj1Lun7f7CBE0qgbvlg0vUHFlpGvtTFK2eoJVAid3odefj9x06yoi23RU
+ Y8MddhqxvZGtZituqPvfpDqOY3cTu4WJc/VznKcEkOlWU4R4gqw6NWrt1J6l
+ 1/PqJCqLlvkebbd9R8jZGuy6PgKCsg4oDRjcKpsxbydO9NJwMgUd6UQI4HeZ
+ vbcpbBOwGcXizE+myTjUbS3UbtZAMGWiBPDa+pkNSet4R8MdkcFnaS0vwa8N
+ Uot7eqpDUpKvgeJz/Vk0WhUfPkyiaT3idy1i0GDFZD9eV9v3tpyp9xBQMK42
+ VZEep2p0mXopUk61xY9tpuZQvw53//Bqq3YXfZghhXlgdeLIcxpp7af5lBAU
+ iavhoMs5fZwEsSxfkUXVT4w7A4b02X9FeDdQ1TY3orI1yTLKzmx/FgozztTy
+ CYh1/o6K9r1Mo1INWpngy/kLCaZtySppzTzaDBIoCbDWJjWE5FzMlslaBVqk
+ PjTemUHuyXsWoRFnik0JW4AMuRYqcsf8KsrI/lDiGgNDR9BxNRrmHplclhvA
+ 8zAccSQLH53NKh4ma5WPVmbl++6gB6OSeHlwttQDaNBuujoMADF8MWiJNXjj
+ qfqpKHxlEQEqG/CrTJoWJ+EROl5daH6+TVXTXGzUSIsqOir91Jo4Sd4fJYsh
+ CpjHy+jyQZiXuYWWOWXV7suBw399Twozm4sKBcefumXMkgiJnSnibGtSV7ia
+ Ob84hEoQH+Hg/md6rJYefIZYyCOi8IyEV8n4mUr4/DOD0s+BmPxPOgYCDhc8
+ o8IyiUajFCR64gVWou8xnR4OG0ged+1zaU75pq04U5kPARg/WfFWHYWo9Ljq
+ v81+VsWSPEb3ILsX3ZCLT/axkSE3VYEAOaRoT1mE8cc4ENjVRzd50y4I2V4A
+ rALARll+gSSdE/cXqFI4DrkwkobCATYlYNpvBACASkpQVzJontdmJ5sIjEPE
+ LVbAhOHIL4mNNI24zLABOzwS6RGi0sJjfZIjnc7qsb5cxU2PtwkLleHbbcgM
+ tVcmX3EFg+rMg9wGYLT+l4K91pjWmBRN8lssEYNoOcrPu5gvvQDBpWHc3Y+b
+ Oa5x5bT1IjSKgkCWpducMq3u6zvHQnlS5hDgPTfCZPYmQdM5FVCOcJ0TYoZ8
+ +taq1nV2vsX25dtUzxkUcYkRlnXOZx80j53tkJwqFPr2GrN+6I9brL3KYIwp
+ itRzGROLovhX6tSsawPI0bLwAG/5c2OoPPbs6jSP0K+JSTxmalLw4TDUKAl+
+ QfZNzMEH98lw6HGq7aG9njtggw6G4odBrY1ud0KN7/GlF2kjAUyJVJEMiIfj
+ 0Lq968XdYiNDOwpre8mn5xqJCtt0sZjy9zWZ9xoyUYDoIeAOCrdS9VgaOilP
+ IG9w/uszbRBWXxiSU76oTgKHAJMFZttWAkBHX5NEcCGksKUbS1Frh76/Kj2G
+ kSL6tDJRsAqEPibtrKCWU9DNGNjwOndlLZveSqNWTK4yWVrLozff0qdV+ZBn
+ VvKW280MpQNFMwhnuxj+WA9tcwg4ajUWFP/8WhpQMc+5aDuvQSTvWUo5YXgk
+ I/5Gcb7Y05CodZ1eJEtyh8r+Z01LmBW1l6a15PeUIBPLs1xg6mqdSenFnB/D
+ q2UnFnd/aoeh49VLpEWRhdK9Yl3Jyz+0tHNDnD0uQ/Zlox49KYx3YQv4gpMq
+ CcC1tw9Lfcc/UY23yhG3MJ5dRJIeP+FWBTfqeN+lq+dnu7ua/4CKVzjiaeU4
+ ygAo2m4Myono4lSpN4VgyUfGzrMpOXOyOa40mgBBgrxDNmAgyIk2obU7h26U
+ ZcZKSgk/W97dSORGPYQcLNZBiRCV+hHV3I8IGdGcz+MZugluNH28znhpUnp0
+ aTkO/6mPnojAA/5ERXrdBEyTuOR662BfVMAkIVCfVPe5W6P34popQQwNRRjL
+ 7qKVOpRKA15H3QDHEsh/SOc59L9tvzCa637rBGJMBfvf8QyrUwOVnVebgFSm
+ r9bg7DReCgweHUukIbHzVPy3UE/lyqnAZWeIPJ4+jmTqrATq/EOs9iQQetyR
+ VP8xiy7PwA==]
profiles::debarchive::uploaders:
- jandd
profiles::icinga2_agent::pki_ticket: >
diff --git a/sitemodules/profiles/manifests/debarchive.pp b/sitemodules/profiles/manifests/debarchive.pp
index 01a9170..eb89f3e 100644
--- a/sitemodules/profiles/manifests/debarchive.pp
+++ b/sitemodules/profiles/manifests/debarchive.pp
@@ -6,20 +6,16 @@
# Parameters
# ----------
#
-# @param notification_email_address email address that will receive reports
-# from mini-dinstall
+# @param notification_email_address email address that will receive reports
+# from mini-dinstall
#
-# @param release_signing_keygrip GPG keygrip of the release signing key
+# @param release_signing_keyid GPG key id of the release signing key
#
-# @param release_signing_keyid GPG key id of the release signing key
+# @param release_signing_key data of a GPG key that is used for
+# release file signing
#
-# @param release_signing_passphrase passphrase for the release signing key
-#
-# @param release_signing_private_key data of a GPG key that is used for
-# release file signing
-#
-# @param uploaders a list of users that are allowed to dput
-# files to the Debian archive
+# @param uploaders a list of users that are allowed to dput
+# files to the Debian archive
#
# Examples
# --------
@@ -41,10 +37,8 @@
#
class profiles::debarchive (
String $notification_email_address,
- String $release_signing_keygrip,
String $release_signing_keyid,
- String $release_signing_passphrase,
- String $release_signing_private_key,
+ String $release_signing_key,
Array[String] $uploaders = [],
) {
include profiles::base
@@ -154,14 +148,7 @@ class profiles::debarchive (
owner => 'debarchive',
group => 'nogroup',
mode => '0600',
- content => $release_signing_private_key,
- }
- file { "${gpg_home}/passphrase":
- ensure => file,
- owner => 'debarchive',
- group => 'nogroup',
- mode => '0600',
- content => $release_signing_passphrase,
+ content => $release_signing_key,
}
file { "${gpg_home}/gpg-agent.conf":
ensure => file,
@@ -220,6 +207,7 @@ class profiles::debarchive (
'Codename: stretch/cacert',
'Architectures: amd64 source',
'Components: main',
+ 'SignWith: yes',
'',
''], "\n"),
}
@@ -231,6 +219,7 @@ class profiles::debarchive (
'Codename: buster/cacert',
'Architectures: amd64 source',
'Components: main',
+ 'SignWith: yes',
'',
''], "\n"),
}