diff options
Diffstat (limited to 'code/environments')
| -rw-r--r-- | code/environments/production/manifests/site.pp | 182 |
1 files changed, 170 insertions, 12 deletions
diff --git a/code/environments/production/manifests/site.pp b/code/environments/production/manifests/site.pp index 5d9b369..f3fbdce 100644 --- a/code/environments/production/manifests/site.pp +++ b/code/environments/production/manifests/site.pp @@ -1,3 +1,12 @@ +include apt + +$apt_origins = [ + 'origin=Debian,n=${distro_codename}', + 'origin=Debian,n=${distro_codename}-updates', + 'origin=Debian,n=${distro_codename},l=Debian-Security', + 'origin=IT-Zukunft Schule,n=${distro_codename},l=IT-Zukunft Schule', +] + class ssh_pubkeys_admins { # Mike Gabriel, IT-Zukunft Schule ssh_authorized_key { 'mike@minobo': @@ -169,6 +178,18 @@ node "disklserver.intern" { key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDiLGbx/U9slB9db8PAy8FTRo7/avVvLJUOZzkoBxZa5Edeo+74ezoU2Kv1OxcRJRnSGBe41XDcpLxDS04JMA5xBddUfdq5c+Y1A2SYChUPK1fkrGoKfmGC60dFmEqAQZ33dJhN9rxzQvuvxlmexX8x2TYJC8/jATa+6QuO4chHAFvGo9RLs8hzet5y06fammJDkf0yD6R32GT7q4XMNXilKQ564D1yBJygE6vZx/W3V3l8/QMr6m1lYTTk+W+29IkoxvQBZ6YXKFdnuTVkSYyanafjZwznTFSuBtBZKcgLXFFmyplcB4QlZGvdrrsEJazwwj+pnJeGx0HwV8ePbKxN', user => 'root', } + class { 'unattended_upgrades': + enable => 1, + origins => $apt_origins, + auto => { + 'clean' => 7, + 'reboot' => true, + }, + upgradeable_packages => { + download_only => 1, + debdelta => 1, + }, + }, } node "tjener.intern" { @@ -177,6 +198,19 @@ node "tjener.intern" { class { 'ssh_pubkeys_backupserver': } class { 'itzks_systems_mainserver': } class { 'itzks_systems_common': } + class { 'unattended_upgrades': + enable => 1, + origins => $apt_origins, + age => { 'max' => 10 }, + auto => { + 'clean' => 7, + ### WE DON'T REBOOT TJENER + }, + upgradeable_packages => { + download_only => 1, + debdelta => 1, + }, + } } node "filter.intern" { class { 'ssh_pubkeys_admins': } @@ -184,6 +218,18 @@ node "filter.intern" { class { 'ssh_pubkeys_backupserver': } class { 'itzks_systems_filter': } class { 'itzks_systems_common': } + class { 'unattended_upgrades': + enable => 1, + origins => $apt_origins, + auto => { + 'clean' => 7, + 'reboot' => true, + }, + upgradeable_packages => { + download_only => 1, + debdelta => 1, + }, + } } # NOT PRESENT node "opsiserver.intern" inherits "all_servers" {} # NOT PRESENT node "displayserver.intern" inherits "all_servers" {} @@ -192,24 +238,54 @@ node "contentserver.intern" { class { 'ssh_pubkeys_firedadmins': } class { 'ssh_pubkeys_backupserver': } class { 'itzks_systems_common': } + class { 'unattended_upgrades': + enable => 1, + origins => $apt_origins, + auto => { + 'clean' => 7, + 'reboot' => true, + }, + upgradeable_packages => { + download_only => 1, + debdelta => 1, + }, + } } node "devserver.intern" { class { 'ssh_pubkeys_admins': } class { 'ssh_pubkeys_firedadmins': } class { 'ssh_pubkeys_backupserver': } class { 'itzks_systems_common': } -} -node "info.intern" { - class { 'ssh_pubkeys_admins': } - class { 'ssh_pubkeys_firedadmins': } - class { 'ssh_pubkeys_backupserver': } - class { 'itzks_systems_common': } + class { 'unattended_upgrades': + enable => 1, + origins => $apt_origins, + auto => { + 'clean' => 7, + 'reboot' => true, + }, + upgradeable_packages => { + download_only => 1, + debdelta => 1, + }, + } } node "bibserv.intern" { class { 'ssh_pubkeys_admins': } class { 'ssh_pubkeys_firedadmins': } class { 'ssh_pubkeys_backupserver': } class { 'itzks_systems_common': } + class { 'unattended_upgrades': + enable => 1, + origins => $apt_origins, + auto => { + 'clean' => 7, + 'reboot' => true, + }, + upgradeable_packages => { + download_only => 1, + debdelta => 1, + }, + } } # Notebooks in den Medienwagen @@ -222,6 +298,17 @@ node /^mw.*\.intern$/ { class { 'itzks_systems_workstation': } class { 'itzks_systems_common': } + class { 'unattended_upgrades': + enable => 1, + origins => $apt_origins, + auto => { + 'clean' => 7, + }, + upgradeable_packages => { + download_only => 1, + debdelta => 1, + }, + } } node /^nbw.*\.intern$/ { @@ -229,9 +316,19 @@ node /^nbw.*\.intern$/ { class { 'ssh_pubkeys_admins': } class { 'ssh_pubkeys_firedadmins': } class { 'login_manager': } - class { 'itzks_systems_workstation': } class { 'itzks_systems_common': } + class { 'unattended_upgrades': + enable => 1, + origins => $apt_origins, + auto => { + 'clean' => 7, + }, + upgradeable_packages => { + download_only => 1, + debdelta => 1, + }, + } } node /^net.*\.intern$/ { @@ -239,9 +336,19 @@ node /^net.*\.intern$/ { class { 'ssh_pubkeys_admins': } class { 'ssh_pubkeys_firedadmins': } class { 'login_manager': } - class { 'itzks_systems_workstation': } class { 'itzks_systems_common': } + class { 'unattended_upgrades': + enable => 1, + origins => $apt_origins, + auto => { + 'clean' => 7, + }, + upgradeable_packages => { + download_only => 1, + debdelta => 1, + }, + } } node /^snb.*\.intern$/ { @@ -249,9 +356,19 @@ node /^snb.*\.intern$/ { class { 'ssh_pubkeys_admins': } class { 'ssh_pubkeys_firedadmins': } class { 'login_manager': } - class { 'itzks_systems_workstation': } class { 'itzks_systems_common': } + class { 'unattended_upgrades': + enable => 1, + origins => $apt_origins, + auto => { + 'clean' => 7, + }, + upgradeable_packages => { + download_only => 1, + debdelta => 1, + }, + } } node /^t410.*\.intern$/ { @@ -259,9 +376,19 @@ node /^t410.*\.intern$/ { class { 'ssh_pubkeys_admins': } class { 'ssh_pubkeys_firedadmins': } class { 'login_manager': } - class { 'itzks_systems_workstation': } class { 'itzks_systems_common': } + class { 'unattended_upgrades': + enable => 1, + origins => $apt_origins, + auto => { + 'clean' => 7, + }, + upgradeable_packages => { + download_only => 1, + debdelta => 1, + }, + } } node /^t61.*\.intern$/ { @@ -269,9 +396,19 @@ node /^t61.*\.intern$/ { class { 'ssh_pubkeys_admins': } class { 'ssh_pubkeys_firedadmins': } class { 'login_manager': } - class { 'itzks_systems_workstation': } class { 'itzks_systems_common': } + class { 'unattended_upgrades': + enable => 1, + origins => $apt_origins, + auto => { + 'clean' => 7, + }, + upgradeable_packages => { + download_only => 1, + debdelta => 1, + }, + } } node /^tp.*\.intern$/ { @@ -279,9 +416,19 @@ node /^tp.*\.intern$/ { class { 'ssh_pubkeys_admins': } class { 'ssh_pubkeys_firedadmins': } class { 'login_manager': } - class { 'itzks_systems_workstation': } class { 'itzks_systems_common': } + class { 'unattended_upgrades': + enable => 1, + origins => $apt_origins, + auto => { + 'clean' => 7, + }, + upgradeable_packages => { + download_only => 1, + debdelta => 1, + }, + } } @@ -289,4 +436,15 @@ node /^tp.*\.intern$/ { node "default" { class { 'ssh_pubkeys_admins': } class { 'ssh_pubkeys_firedadmins': } + class { 'unattended_upgrades': + enable => 1, + origins => $apt_origins, + auto => { + 'clean' => 7, + }, + upgradeable_packages => { + download_only => 1, + debdelta => 1, + }, + } } |