summaryrefslogtreecommitdiff
path: root/sitemodules/profiles/manifests/base.pp
diff options
context:
space:
mode:
Diffstat (limited to 'sitemodules/profiles/manifests/base.pp')
-rw-r--r--sitemodules/profiles/manifests/base.pp68
1 files changed, 55 insertions, 13 deletions
diff --git a/sitemodules/profiles/manifests/base.pp b/sitemodules/profiles/manifests/base.pp
index 719fe21..fd6f225 100644
--- a/sitemodules/profiles/manifests/base.pp
+++ b/sitemodules/profiles/manifests/base.pp
@@ -99,18 +99,37 @@ class profiles::base (
source => 'puppet:///modules/profiles/base/apt_periodic.conf',
}
- package { ['lsb-release', 'distro-info-data', 'sudo']:
+ package { ['lsb-release', 'distro-info-data']:
ensure => present,
}
+ class { 'sudo':
+ config_file_replace => false,
+ }
package { ['zsh', 'tmux', 'less', 'vim-nox']:
ensure => latest,
}
+ if $facts['virtual'] == 'lxc' {
+ file { '/etc/network/interfaces':
+ ensure => file,
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ content => "auto lo\niface lo inet loopback\n",
+ }
+ }
+
Package['zsh'] -> User <| |>
- package { ['aptitude', 'apticron']:
- ensure => purged,
+ if !$is_external {
+ package { ['aptitude', 'apticron', 'isc-dhcp-client']:
+ ensure => purged,
+ }
+ } else {
+ package { ['aptitude', 'apticron']:
+ ensure => purged,
+ }
}
file { '/etc/zsh/newuser.zshrc.recommended':
@@ -153,10 +172,18 @@ class profiles::base (
repos => 'main',
release => "${::lsbdistcodename}-updates",
}
- apt::source { "security.debian.org-${::lsbdistcodename}-security":
- location => 'http://security.debian.org/debian-security',
- repos => 'main',
- release => "${::lsbdistcodename}/updates",
+ if Integer($facts['os']['release']['major']) < 11 {
+ apt::source { "security.debian.org-${::lsbdistcodename}-security":
+ location => 'http://security.debian.org/debian-security',
+ repos => 'main',
+ release => "${::lsbdistcodename}/updates",
+ }
+ } else {
+ apt::source { "security.debian.org-${::lsbdistcodename}-security":
+ location => 'http://security.debian.org/',
+ repos => 'main',
+ release => "${::lsbdistcodename}-security",
+ }
}
apt::source { "ftp.nl.debian.org-${::lsbdistcodename}-backports":
location => 'http://ftp.nl.debian.org/debian',
@@ -197,20 +224,35 @@ class profiles::base (
recipient => $rootalias,
}
- package { ['ca-certificates', 'ca-cacert']:
+ package { 'ca-certificates':
ensure => installed,
}
- file { '/usr/local/share/ca-certificates/cacert_class3_2021.crt':
+ $cacert_class1_file = '/usr/local/share/ca-certificates/cacert_class1_X0F.crt'
+ $cacert_class3_file = '/usr/local/share/ca-certificates/cacert_class3_2021.crt'
+
+ file { $cacert_class1_file:
+ ensure => file,
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ source => 'puppet:///modules/profiles/base/cacert_class1_X0F.crt',
+ require => Package['ca-certificates'],
+ }
+
+ file { $cacert_class3_file:
ensure => file,
owner => 'root',
group => 'root',
mode => '0644',
source => 'puppet:///modules/profiles/base/cacert_class3_2021.crt',
require => Package['ca-certificates'],
- } ~>
+ }
+
exec { '/usr/sbin/update-ca-certificates':
- require => Package['ca-certificates'],
+ require => Package['ca-certificates'],
+ refreshonly => true,
+ subscribe => [File[$cacert_class1_file], File[$cacert_class3_file]],
}
if ($crl_job_enable) {
@@ -239,9 +281,9 @@ class profiles::base (
{ 'services' => $crl_job_services }),
require => [
Package['ca-certificates'],
- Package['ca-cacert'],
File['/var/local/ssl/crls'],
- File['/usr/local/share/ca-certificates/cacert_class3_2021.crt']
+ File[$cacert_class1_file],
+ File[$cacert_class3_file]
],
}
} else {