Index: modules/filtermaster/manifests/init.pp |
=================================================================== |
new file mode 100755 |
--- /dev/null |
+++ b/modules/filtermaster/manifests/init.pp |
@@ -0,0 +1,112 @@ |
+class filtermaster { |
+ Cron { |
+ environment => ['MAILTO=ROOT', 'PYTHONPATH=/opt/sitescripts'], |
Wladimir Palant
2013/11/08 15:32:06
Add a TODO comment so that you don't forget to cha
christian
2013/11/08 16:25:01
Done.
|
+ } |
+ |
+ class {'ssh': |
+ custom_configuration => 'Match User rsync |
+ AllowTcpForwarding no |
+ X11Forwarding no |
+ AllowAgentForwarding no |
+ GatewayPorts no |
+ ForceCommand rsync --server --sender -vltprz --delete-excluded --exclude CVS . /home/rsync/subscriptions/' |
Wladimir Palant
2013/11/08 15:32:06
/home/rsync/subscriptions isn't what you want to s
christian
2013/11/08 16:25:01
Done.
|
+ } |
+ |
+ user {'rsync': |
+ ensure => present, |
+ comment => 'Filter list mirror user', |
+ home => '/home/rsync', |
+ managehome => true |
+ } |
+ |
+ file {'/home/rsync/.ssh': |
+ ensure => directory, |
+ require => User['rsync'], |
+ owner => rsync, |
+ mode => 0600 |
+ } |
+ |
+ file {'/home/rsync/.ssh/authorized_keys': |
+ ensure => file, |
+ require => [ |
+ File['/home/rsync/.ssh'], |
+ User['rsync'] |
+ ], |
+ owner => rsync, |
+ mode => 0600, |
+ source => 'puppet:///modules/filtermaster/authorized_keys' |
+ } |
+ |
+ file {'/etc/sitescripts': |
+ ensure => file, |
+ owner => root, |
+ mode => 0644, |
+ source => 'puppet:///modules/filtermaster/sitescripts' |
+ } |
+ |
+#donwload the repos |
Wladimir Palant
2013/11/08 15:32:06
Typo: donwload => download
Felix Dahlke
2013/11/08 15:49:39
I'd actually remove this, "repo_download" pretty m
christian
2013/11/08 16:25:01
Done.
|
+ |
+ define repo_download( $name ) { |
+ exec { "fetch_${title}": |
+ command => "hg clone https://hg.adblockplus.org/${name} /home/rsync/subscription/${name}", |
+ path => ["/usr/bin/", "/bin/"], |
+ require => Package['mercurial'], |
+ user => rsync, |
+ timeout => 0, |
+ onlyif => "test ! -d /home/rsync/subscription/${name}" |
+ } |
Wladimir Palant
2013/11/08 15:32:06
What about a cron job to update these repositories
christian
2013/11/08 16:25:01
Don't "updateSubscriptionDownloads" update all rep
|
+ } |
+ |
+ repo_download {'easylist': |
+ name => "easylist" |
+ } |
+ |
+ repo_download {'easylist_germany': |
+ name => "easylistgermany" |
Wladimir Palant
2013/11/08 15:32:06
This looks redundant, why not drop the $name param
Felix Dahlke
2013/11/08 15:49:39
Yes, then you could actually do this:
repo_downlo
|
+ } |
+ |
+ repo_download {'easylist_italy': |
+ name => "easylistitaly" |
+ } |
+ |
+ repo_download {'easylist_combinations': |
+ name => "easylistcombinations" |
+ } |
+ |
+ repo_download {'malwaredomains': |
+ name => "malwaredomains" |
+ } |
+ |
+ repo_download {'ruadlist': |
+ name => "ruadlist" |
+ } |
+ |
+ repo_download {'listefr': |
+ name => "listefr" |
+ } |
+ |
+ repo_download {'exceptionrules': |
+ name => "exceptionrules" |
+ } |
+ |
+ cron {update_subscription: |
Felix Dahlke
2013/11/08 15:49:39
Still needs to go in '' for consistency, same belo
|
+ ensure => present, |
+ command => "python -m sitescripts.subscriptions.bin.updateSubscriptionDownloads 3>&1 1>/dev/null 2>&3 | perl -pe 's/^/\"[\" . scalar localtime() . \"] \"/e' >> /tmp/subscription_errors && chmod 666 /tmp/subscription_errors 2>/dev/null", |
+ user => rsync, |
+ require => [ |
+ User['rsync'] |
+ ], |
+ minute => '*/10' |
+ } |
+ |
+ cron {update_malware: |
+ ensure => present, |
+ command => "python -m sitescripts.subscriptions.bin.updateMalwareDomainsList", |
+ user => rsync, |
+ require => [ |
+ User['rsync'] |
+ ], |
+ hour => '*/6', |
+ minute => 15 |
+ } |
+} |