summaryrefslogtreecommitdiffstats
path: root/manifests/reprepro/snapshots/tagged.pp
blob: 239ff383cd3629af3efb5ccc3845e503a572c008 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# Manage tagged snapshots of the set of APT repositories Tails needs,
# in a reprepro setup.
class tails::reprepro::snapshots::tagged (
  Enum['present', 'absent'] $ensure = 'present',
  Stdlib::Absolutepath $homedir     = '/srv/apt-snapshots/tagged',
  String $email_recipient           = 'root',
  String $user                      = 'reprepro-tagged-snapshots',
  Stdlib::Fqdn $web_hostname        = 'tagged.snapshots.deb.tails.boum.org',
  Stdlib::Port $web_port            = 80,
) {

  $repositories_dir = "${homedir}/repositories"

  $package_ensure = $ensure ? {
    absent  => absent,
    default => present,
  }

  tails::reprepro::snapshots::base {'tagged':
    ensure           => $ensure,
    homedir          => $homedir,
    repositories_dir => $repositories_dir,
    user             => $user,
  }

  $prepare_tagged_snapshot_import_pkg_deps = [
    libfile-slurp-perl,
    libyaml-libyaml-perl,
    liblist-compare-perl,
    liblist-moreutils-perl,
    libdpkg-perl,
  ]
  ensure_packages(
    $prepare_tagged_snapshot_import_pkg_deps,
    {'ensure' => $package_ensure}
  )

  file { '/usr/local/bin/tails-prepare-tagged-apt-snapshot-import':
    ensure  => $ensure,
    owner   => root,
    group   => root,
    mode    => '0755',
    source  => 'puppet:///modules/tails/reprepro/snapshots/tagged/tails-prepare-tagged-apt-snapshot-import',
    require => Package[$prepare_tagged_snapshot_import_pkg_deps],
  }

  ensure_packages(['libnginx-mod-http-fancyindex'])

  nginx::vhostsd { $web_hostname:
    ensure  => $ensure,
    content => template('tails/reprepro/snapshots/tagged/nginx_site.erb'),
    require => Package[nginx, 'libnginx-mod-http-fancyindex'],
  }

  postfix::mailalias { $user:
    recipient => $email_recipient,
  }

  # De-duplicate with hardlinks
  ensure_packages(hardlink, {'ensure' => $package_ensure})
  cron { 'deduplicate-tagged-apt-snapshots':
    ensure  => $ensure,
    command => "output=\$(hardlink --keep-oldest --ignore-time '${repositories_dir}'); ret=\$?; [ \$ret = 0 ] || printf \"\\%s\" \"\$output\"; exit \$ret", # lint:ignore:140chars -- command
    hour    => 12,
    minute  => 17,
    user    => $user,
    require => Package[hardlink],
  }
}