summaryrefslogtreecommitdiff
path: root/code/environments/production/manifests/site.pp
diff options
context:
space:
mode:
Diffstat (limited to 'code/environments/production/manifests/site.pp')
-rw-r--r--code/environments/production/manifests/site.pp182
1 files changed, 170 insertions, 12 deletions
diff --git a/code/environments/production/manifests/site.pp b/code/environments/production/manifests/site.pp
index 5d9b369..f3fbdce 100644
--- a/code/environments/production/manifests/site.pp
+++ b/code/environments/production/manifests/site.pp
@@ -1,3 +1,12 @@
+include apt
+
+$apt_origins = [
+ 'origin=Debian,n=${distro_codename}',
+ 'origin=Debian,n=${distro_codename}-updates',
+ 'origin=Debian,n=${distro_codename},l=Debian-Security',
+ 'origin=IT-Zukunft Schule,n=${distro_codename},l=IT-Zukunft Schule',
+]
+
class ssh_pubkeys_admins {
# Mike Gabriel, IT-Zukunft Schule
ssh_authorized_key { 'mike@minobo':
@@ -169,6 +178,18 @@ node "disklserver.intern" {
key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDiLGbx/U9slB9db8PAy8FTRo7/avVvLJUOZzkoBxZa5Edeo+74ezoU2Kv1OxcRJRnSGBe41XDcpLxDS04JMA5xBddUfdq5c+Y1A2SYChUPK1fkrGoKfmGC60dFmEqAQZ33dJhN9rxzQvuvxlmexX8x2TYJC8/jATa+6QuO4chHAFvGo9RLs8hzet5y06fammJDkf0yD6R32GT7q4XMNXilKQ564D1yBJygE6vZx/W3V3l8/QMr6m1lYTTk+W+29IkoxvQBZ6YXKFdnuTVkSYyanafjZwznTFSuBtBZKcgLXFFmyplcB4QlZGvdrrsEJazwwj+pnJeGx0HwV8ePbKxN',
user => 'root',
}
+ class { 'unattended_upgrades':
+ enable => 1,
+ origins => $apt_origins,
+ auto => {
+ 'clean' => 7,
+ 'reboot' => true,
+ },
+ upgradeable_packages => {
+ download_only => 1,
+ debdelta => 1,
+ },
+ },
}
node "tjener.intern" {
@@ -177,6 +198,19 @@ node "tjener.intern" {
class { 'ssh_pubkeys_backupserver': }
class { 'itzks_systems_mainserver': }
class { 'itzks_systems_common': }
+ class { 'unattended_upgrades':
+ enable => 1,
+ origins => $apt_origins,
+ age => { 'max' => 10 },
+ auto => {
+ 'clean' => 7,
+ ### WE DON'T REBOOT TJENER
+ },
+ upgradeable_packages => {
+ download_only => 1,
+ debdelta => 1,
+ },
+ }
}
node "filter.intern" {
class { 'ssh_pubkeys_admins': }
@@ -184,6 +218,18 @@ node "filter.intern" {
class { 'ssh_pubkeys_backupserver': }
class { 'itzks_systems_filter': }
class { 'itzks_systems_common': }
+ class { 'unattended_upgrades':
+ enable => 1,
+ origins => $apt_origins,
+ auto => {
+ 'clean' => 7,
+ 'reboot' => true,
+ },
+ upgradeable_packages => {
+ download_only => 1,
+ debdelta => 1,
+ },
+ }
}
# NOT PRESENT node "opsiserver.intern" inherits "all_servers" {}
# NOT PRESENT node "displayserver.intern" inherits "all_servers" {}
@@ -192,24 +238,54 @@ node "contentserver.intern" {
class { 'ssh_pubkeys_firedadmins': }
class { 'ssh_pubkeys_backupserver': }
class { 'itzks_systems_common': }
+ class { 'unattended_upgrades':
+ enable => 1,
+ origins => $apt_origins,
+ auto => {
+ 'clean' => 7,
+ 'reboot' => true,
+ },
+ upgradeable_packages => {
+ download_only => 1,
+ debdelta => 1,
+ },
+ }
}
node "devserver.intern" {
class { 'ssh_pubkeys_admins': }
class { 'ssh_pubkeys_firedadmins': }
class { 'ssh_pubkeys_backupserver': }
class { 'itzks_systems_common': }
-}
-node "info.intern" {
- class { 'ssh_pubkeys_admins': }
- class { 'ssh_pubkeys_firedadmins': }
- class { 'ssh_pubkeys_backupserver': }
- class { 'itzks_systems_common': }
+ class { 'unattended_upgrades':
+ enable => 1,
+ origins => $apt_origins,
+ auto => {
+ 'clean' => 7,
+ 'reboot' => true,
+ },
+ upgradeable_packages => {
+ download_only => 1,
+ debdelta => 1,
+ },
+ }
}
node "bibserv.intern" {
class { 'ssh_pubkeys_admins': }
class { 'ssh_pubkeys_firedadmins': }
class { 'ssh_pubkeys_backupserver': }
class { 'itzks_systems_common': }
+ class { 'unattended_upgrades':
+ enable => 1,
+ origins => $apt_origins,
+ auto => {
+ 'clean' => 7,
+ 'reboot' => true,
+ },
+ upgradeable_packages => {
+ download_only => 1,
+ debdelta => 1,
+ },
+ }
}
# Notebooks in den Medienwagen
@@ -222,6 +298,17 @@ node /^mw.*\.intern$/ {
class { 'itzks_systems_workstation': }
class { 'itzks_systems_common': }
+ class { 'unattended_upgrades':
+ enable => 1,
+ origins => $apt_origins,
+ auto => {
+ 'clean' => 7,
+ },
+ upgradeable_packages => {
+ download_only => 1,
+ debdelta => 1,
+ },
+ }
}
node /^nbw.*\.intern$/ {
@@ -229,9 +316,19 @@ node /^nbw.*\.intern$/ {
class { 'ssh_pubkeys_admins': }
class { 'ssh_pubkeys_firedadmins': }
class { 'login_manager': }
-
class { 'itzks_systems_workstation': }
class { 'itzks_systems_common': }
+ class { 'unattended_upgrades':
+ enable => 1,
+ origins => $apt_origins,
+ auto => {
+ 'clean' => 7,
+ },
+ upgradeable_packages => {
+ download_only => 1,
+ debdelta => 1,
+ },
+ }
}
node /^net.*\.intern$/ {
@@ -239,9 +336,19 @@ node /^net.*\.intern$/ {
class { 'ssh_pubkeys_admins': }
class { 'ssh_pubkeys_firedadmins': }
class { 'login_manager': }
-
class { 'itzks_systems_workstation': }
class { 'itzks_systems_common': }
+ class { 'unattended_upgrades':
+ enable => 1,
+ origins => $apt_origins,
+ auto => {
+ 'clean' => 7,
+ },
+ upgradeable_packages => {
+ download_only => 1,
+ debdelta => 1,
+ },
+ }
}
node /^snb.*\.intern$/ {
@@ -249,9 +356,19 @@ node /^snb.*\.intern$/ {
class { 'ssh_pubkeys_admins': }
class { 'ssh_pubkeys_firedadmins': }
class { 'login_manager': }
-
class { 'itzks_systems_workstation': }
class { 'itzks_systems_common': }
+ class { 'unattended_upgrades':
+ enable => 1,
+ origins => $apt_origins,
+ auto => {
+ 'clean' => 7,
+ },
+ upgradeable_packages => {
+ download_only => 1,
+ debdelta => 1,
+ },
+ }
}
node /^t410.*\.intern$/ {
@@ -259,9 +376,19 @@ node /^t410.*\.intern$/ {
class { 'ssh_pubkeys_admins': }
class { 'ssh_pubkeys_firedadmins': }
class { 'login_manager': }
-
class { 'itzks_systems_workstation': }
class { 'itzks_systems_common': }
+ class { 'unattended_upgrades':
+ enable => 1,
+ origins => $apt_origins,
+ auto => {
+ 'clean' => 7,
+ },
+ upgradeable_packages => {
+ download_only => 1,
+ debdelta => 1,
+ },
+ }
}
node /^t61.*\.intern$/ {
@@ -269,9 +396,19 @@ node /^t61.*\.intern$/ {
class { 'ssh_pubkeys_admins': }
class { 'ssh_pubkeys_firedadmins': }
class { 'login_manager': }
-
class { 'itzks_systems_workstation': }
class { 'itzks_systems_common': }
+ class { 'unattended_upgrades':
+ enable => 1,
+ origins => $apt_origins,
+ auto => {
+ 'clean' => 7,
+ },
+ upgradeable_packages => {
+ download_only => 1,
+ debdelta => 1,
+ },
+ }
}
node /^tp.*\.intern$/ {
@@ -279,9 +416,19 @@ node /^tp.*\.intern$/ {
class { 'ssh_pubkeys_admins': }
class { 'ssh_pubkeys_firedadmins': }
class { 'login_manager': }
-
class { 'itzks_systems_workstation': }
class { 'itzks_systems_common': }
+ class { 'unattended_upgrades':
+ enable => 1,
+ origins => $apt_origins,
+ auto => {
+ 'clean' => 7,
+ },
+ upgradeable_packages => {
+ download_only => 1,
+ debdelta => 1,
+ },
+ }
}
@@ -289,4 +436,15 @@ node /^tp.*\.intern$/ {
node "default" {
class { 'ssh_pubkeys_admins': }
class { 'ssh_pubkeys_firedadmins': }
+ class { 'unattended_upgrades':
+ enable => 1,
+ origins => $apt_origins,
+ auto => {
+ 'clean' => 7,
+ },
+ upgradeable_packages => {
+ download_only => 1,
+ debdelta => 1,
+ },
+ }
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-11 11:46:17 +0000