summaryrefslogtreecommitdiff
path: root/sitemodules/profiles/manifests/debarchive.pp
diff options
context:
space:
mode:
Diffstat (limited to 'sitemodules/profiles/manifests/debarchive.pp')
-rw-r--r--sitemodules/profiles/manifests/debarchive.pp102
1 files changed, 34 insertions, 68 deletions
diff --git a/sitemodules/profiles/manifests/debarchive.pp b/sitemodules/profiles/manifests/debarchive.pp
index e075137..67cb157 100644
--- a/sitemodules/profiles/manifests/debarchive.pp
+++ b/sitemodules/profiles/manifests/debarchive.pp
@@ -1,7 +1,7 @@
# Class: profiles::debarchive
# ===========================
#
-# This class defines a mini-dinstall based Debian package archive setup.
+# This class defines a Debian package archive setup.
#
# Parameters
# ----------
@@ -49,9 +49,11 @@ class profiles::debarchive (
) {
include profiles::base
- package { 'mini-dinstall':
+ package{ ['rssh', 'reprepro']:
ensure => latest,
}
+
+ # setup user, groups and directories
group { 'debarchive':
ensure => absent,
}
@@ -61,8 +63,9 @@ class profiles::debarchive (
system => true,
gid => 'nogroup',
home => '/srv/debarchive',
- shell => '/bin/false',
+ shell => '/usr/bin/rssh',
purge_ssh_keys => true,
+ require => Package['rssh'],
}
file { '/srv/debarchive':
ensure => directory,
@@ -70,25 +73,41 @@ class profiles::debarchive (
group => 'nogroup',
mode => '0711',
}
- file { '/srv/debarchive/archive':
+ file { '/srv/upload':
ensure => directory,
- owner => 'debarchive',
- group => 'nogroup',
- mode => '0711',
- }
- file { '/srv/debarchive/archive/mini-dinstall':
- ensure => directory,
- owner => 'debarchive',
- group => 'nogroup',
- mode => '0711',
+ owner => 'root',
+ group => 'root',
+ mode => '0755',
}
- file { '/srv/debarchive/archive/mini-dinstall/incoming':
+ file { '/srv/upload/incoming':
ensure => directory,
owner => 'debarchive',
group => 'nogroup',
mode => '0700',
}
+ $rssh_conf = '/etc/rssh.conf'
+
+ concat { $rssh_conf:
+ ensure => present,
+ owner => 'root',
+ group => 'root',
+ mode => '0644',
+ }
+
+ concat::fragment { 'rssh-global':
+ target => $rssh_conf,
+ order => '01',
+ source => 'puppet:///modules/profiles/debarchive/rssh.global.conf',
+ }
+
+ concat::fragment { 'rssh-debarchive':
+ target => $rssh_conf,
+ order => '10',
+ content => 'user=debarchive:022:0001100:/srv/upload',
+ }
+
+ # setup ssh keys
$uploaders.each |String $username| {
$ssh_keys = $::profiles::base::users[$username]['ssh_keys']
$ssh_keys.each |Hash[String, Data] $keydata| {
@@ -98,22 +117,12 @@ class profiles::debarchive (
user => 'debarchive',
type => $keydata['type'],
key => $keydata['key'],
- options => 'command="internal-sftp"',
require => User['debarchive'],
}
}
}
- file { '/srv/debarchive/.mini-dinstall.conf':
- ensure => file,
- owner => 'debarchive',
- group => 'nogroup',
- mode => '0600',
- content => epp('profiles/debarchive/mini-dinstall.conf.epp',
- { mail_to => $notification_email_address, }
- ),
- }
-
+ # setup GPG home for signing
$gpghome = '/srv/debarchive/.gnupg'
file { [$gpghome, "${gpghome}/private-keys-v1.d", '/srv/debarchive/log', '/srv/debarchive/scripts']:
@@ -164,47 +173,4 @@ class profiles::debarchive (
mode => '0600',
source => 'puppet:///modules/profiles/debarchive/cacert-keyring.gpg',
}
- file { '/srv/debarchive/scripts/sign_release':
- ensure => file,
- owner => 'debarchive',
- group => 'nogroup',
- mode => '0700',
- content => epp('profiles/debarchive/sign_release.epp',
- {
- key_id => $release_signing_keyid,
- }
- ),
- require => [
- File["${gpghome}/gpg-agent.conf"],
- File["${gpghome}/passphrase"],
- File["${gpghome}/private-keys-v1.d/${release_signing_keygrip}.key"],
- File["${gpghome}/pubring.kbx"],
- File["${gpghome}/trustdb.gpg"],
- ],
- }
- file { '/etc/systemd/system/debarchive.service':
- ensure => file,
- owner => 'root',
- group => 'root',
- mode => '0644',
- source => 'puppet:///modules/profiles/debarchive/debarchive.service',
- }
- exec { 'reload systemd when debarchive.service unit changes':
- command => '/bin/sytemctl daemon-reload',
- refreshonly => true,
- subscribe => File['/etc/systemd/system/debarchive.service'],
- notify => Service['debarchive'],
- }
- service { 'debarchive':
- ensure => running,
- enable => true,
- require => [
- File['/srv/debarchive/.mini-dinstall.conf'],
- File['/srv/debarchive/archive/mini-dinstall/incoming'],
- File['/srv/debarchive/cacert-keyring.gpg'],
- File['/srv/debarchive/scripts/sign_release'],
- Package['mini-dinstall'],
- User['debarchive'],
- ],
- }
}