Commit ccc37457 authored by taggart's avatar taggart
Browse files

remove temporary riseup file

parent 5cc7069c
# -*- mode: puppet; sh-basic-offset: 3; indent-tabs-mode: nil; -*
class list_server {
include postfix::listserver
$apache2_ssl = enabled
include site-apache::no_default_site
package {
[ libterm-progressbar-perl, libmime-encwords-perl, subversion, php5-cli, gettext, libarchive-zip-perl,
libcgi-fast-perl, libfcgi-perl, libcgi-pm-perl, libnet-daemon-perl, libplrpc-perl,
libfile-copy-recursive-perl, libintl-perl, mhonarc, libnet-netmask-perl, libregexp-common-perl,
libtemplate-perl, libsoap-lite-perl, libapache2-mod-fcgid, libapache2-mod-removeip,
libapache2-mod-fastcgi, git-core, libemail-valid-perl, libdbi-perl, libdbd-mysql-perl,
libmime-charset-perl, spamass-milter, libhtml-stripscripts-perl, libhtml-stripscripts-parser-perl,
libmime-lite-html-perl ]:
ensure => installed;
}
apache2::module {
"removeip": ensure => present, require_package => "libapache2-mod-removeip";
"fastcgi": ensure => absent;
# NOTE: we need a way to set things in fcgid.conf, but the apache2 module
# we're currently (Aug 2011) using doesn't support that, so we deliver
# it as a file below
"fcgid": ensure => present, require_package => "libapache2-mod-fastcgi";
"headers": ensure => present;
}
apache2::site {
"lists.riseup.net":
ensure => present,
content => template("riseupsites/lists/lists.riseup.net");
}
apache2::envvars {
"fastcgi_user":
content => "export APACHE_PID_FILE=/var/run/apache2.pid\nexport APACHE_RUN_USER=sympa\nexport APACHE_RUN_GROUP=sympa\nexport APACHE_RUN_DIR=/var/run/apache2$SUFFIX\nexport APACHE_LOCK_DIR=/var/lock/apache2$SUFFIX\nexport APACHE_LOG_DIR=/var/log/apache2$SUFFIX\n\nexport LANG=C\nexport LANG\n"
}
# do locale generation
group { sympa:
name => sympa,
gid => 1000,
ensure => present,
allowdupe => false
}
user {
"sympa":
uid => 1000,
gid => 1000,
comment => 'Sympa user',
home => '/home/sympa',
shell => '/bin/bash',
groups => nestd,
ensure => present,
password => '!',
allowdupe => false,
require => Group["sympa"];
}
service {
"cron":
name => cron,
pattern => '/usr/sbin/cron',
enable => true,
ensure => running,
hasrestart => true;
"spamass-milter":
name => spamass-milter,
pattern => '/usr/sbin/spamass-milter',
enable => true,
ensure => running,
hasrestart => true,
subscribe => File["/etc/default/spamass-milter"],
require => File["/etc/default/spamass-milter"];
}
nagios::service {
"archived.pl":
check_command => "nagios-stat-proc!/usr/bin/perl /home/sympa/bin/archived.pl!1!1!proc";
"wwsympa.fcgi":
check_command => "nagios-stat-proc!/usr/bin/perl -U /home/sympa/bin/wwsympa.fcgi!1!1!proc";
"bounced.pl":
check_command => "nagios-stat-proc!/usr/bin/perl /home/sympa/bin/bounced.pl!1!1!proc";
"task_manager.pl":
check_command => "nagios-stat-proc!/usr/bin/perl /home/sympa/bin/task_manager.pl!1!1!proc";
"sympa.pl":
check_command => "nagios-stat-proc!/usr/bin/perl /home/sympa/bin/sympa.pl!2!2!proc";
"bulk.pl":
check_command => "nagios-stat-proc!/usr/bin/perl /home/sympa/bin/bulk.pl!10!1!proc";
"apache":
check_command => "nagios-stat-proc!/usr/sbin/apache!2!1!proc";
}
locales {
"$fqdn": type => "lists";
}
# these are used actually, each class of machines has accounts defined for it right now
users { ["micah", "elijah", "pietro", "taggart", "kclair", "nestd"]: }
file {
# this is setup so the nestd cronjob can push the exported mail
# users to the export user which is where the list called
# 'mailusers' will pick up the file to include the addresses as
# subscribers. the 'newsletter' list will then pick up those
# addresses
"/home/nestd/.ssh":
ensure => directory,
owner => nestd, group => nestd, mode => 0700;
"/home/nestd/.ssh/id_rsa":
source => "$fileserver/keys/nestd_id_rsa",
owner => nestd, group => nestd, mode => 0600,
require => File["/home/nestd/.ssh"];
# This is needed because otherwise the daily updatedb indexes every vserver
# this chews a lot of resources
"/etc/updatedb.conf":
source => "$fileserver/$lsbdistcodename/updatedb.conf",
owner => root, group => root;
# the following two are needed for the milter
"/var/run/sendmail":
ensure => directory,
mode => 0777, owner => postfix, group => postfix;
"/var/run/spamass/spamass.sock":
ensure => present,
mode => 0755, owner => postfix, group => postfix;
"/etc/default/spamass-milter":
source => "$fileserver/spamassassin/spamass-milter_default",
require => Package["spamass-milter"],
mode => 0644, owner => root, group => root;
"/usr/local/share/munin-plugins/sympa_queue":
source => "$fileserver/munin/sympa_queue",
mode => 0755, owner => root, group => root;
"/usr/local/share/munin-plugins/sympa_stats":
source => "$fileserver/munin/sympa_stats",
mode => 0755, owner => root, group => root;
"/usr/local/share/munin-plugins/sympa_subscribers":
source => "$fileserver/munin/sympa_subscribers",
mode => 0755, owner => root, group => root;
"/usr/local/share/munin-plugins/sympa_lists":
source => "$fileserver/munin/sympa_lists",
mode => 0755, owner => root, group => root;
"/usr/local/share/munin-plugins/sympa_users":
source => "$fileserver/munin/sympa_users",
mode => 0755, owner => root, group => root;
"/etc/sympa":
ensure => directory,
owner => sympa, group => sympa, mode => 0755;
"/etc/sympa/sympa.conf":
source => "$fileserver/sympa/sympa.conf",
owner => sympa, group => sympa, mode => 0640,
require => File["/etc/sympa"];
"/etc/sympa/wwsympa.conf":
source => "$fileserver/sympa/wwsympa.conf",
owner => sympa, group => sympa, mode => 0640,
require => File["/etc/sympa"];
"/home/sympa/docroot/cssx/riseup.css":
source => "$fileserver/sympa/riseup.css",
owner => sympa, group => sympa, mode => 0644;
"/home/sympa/docroot/cssx/fullPage.css":
source => "$fileserver/sympa/fullPage.css",
owner => sympa, group => sympa, mode => 0644;
"/home/sympa/docroot/cssx/print-preview.css":
source => "$fileserver/sympa/print-preview.css",
owner => sympa, group => sympa, mode => 0644;
"/home/sympa/docroot/cssx/print.css":
source => "$fileserver/sympa/print.css",
owner => sympa, group => sympa, mode => 0644;
"/home/sympa/docroot/cssx/style.css":
source => "$fileserver/sympa/style.css",
owner => sympa, group => sympa, mode => 0644;
# symlink img -> icons -- we used to use img, but shouldn't be
# anymore, this is a transition symlink
"/home/sympa/docroot/img":
ensure => "/home/sympa/docroot/icons";
"/home/sympa/docroot/favicon.ico":
source => "$fileserver/riseup/favicon.ico",
owner => sympa, group => sympa, mode => 0644;
"/home/sympa/docroot/icons/favicon_sympa.png":
source => "$fileserver/riseup/favicon.png",
owner => sympa, group => sympa, mode => 0644;
"/var/lib/apache2/fastcgi":
ensure => present,
owner => root, group => sympa, mode => 0775,
require => Package["libapache2-mod-fastcgi"];
"/var/lib/apache2/fastcgi/dynamic":
ensure => present,
owner => root, group => sympa, mode => 0770,
require => File["/var/lib/apache2/fastcgi"];
"/home/sympa/cron":
ensure => directory,
owner => sympa, group => sympa, mode => 0755;
"/home/sympa/cron/sympa-bad-domains":
source => "$fileserver/sympa/cron/sympa-bad-domains",
owner => root, group => sympa, mode => 0750,
require => File["/home/sympa/cron"];
# currently sympa-bad-domains needs a newer version of Parallel::ForkManager
# than is in Debian, so we deliver a copy. Once it's in debian we can add
# it to the package list instead and depend on that.
"/home/sympa/cron/Parallel":
ensure => directory,
owner => sympa, group => sympa, mode => 0755,
require => File["/home/sympa/cron"];
"/home/sympa/cron/Parallel/ForkManager.pm":
source => "$fileserver/sympa/cron/Parallel/ForkManager.pm",
owner => root, group => sympa, mode => 0755,
require => File["/home/sympa/cron/Parallel"];
"/var/log/sympa/bad-domains":
ensure => directory,
owner => sympa, group => sympa, mode => 0750;
"/var/log/sympa/biglists":
ensure => directory,
owner => sympa, group => sympa, mode => 0750;
# NOTE: as mentioned above it would be better if the apache2 module
# could handle setting things in the module conf files for us, but for
# now we just deliver the file
"/etc/apache2/mods-available/fcgid.conf":
source => "$fileserver/apache2/fcgid.conf",
owner => root, group => root, mode => 0644;
# resources for the banned user checker
"/home/sympa/etc/banned":
ensure => directory,
source => "$fileserver/sympa/banned",
recurse => true,
owner => sympa, group => sympa, mode => 0755;
}
augeas {
"logrotate_sympa":
context => "/files/etc/logrotate.d/sympa/rule",
changes => [ "set file /var/log/sympa/*.log", "set rotate 3", "set schedule weekly",
"set compress compress", "set missingok missingok", "set ifempty notifempty",
"set copytruncate copytruncate" ]
}
cron {
"updatestats":
command => '/home/sympa/tools/updatestats',
user => sympa,
environment => 'MAILTO=listmaster',
minute => 0,
hour => 2;
"updatedirectory":
command => '/home/sympa/tools/updatedirectory.rb',
user => sympa,
minute => 0,
hour => 3;
"counts":
command => '/home/sympa/tools.new/stats/counts -h>/home/sympa/etc/web_tt2/counts.tt2',
user => sympa,
minute => 0,
hour => 4;
"toplists":
command => '/home/sympa/tools.new/stats/toplists -h>/home/sympa/etc/web_tt2/toplists.tt2',
user => sympa,
minute => 5,
hour => 4;
"topdomains":
command => '/home/sympa/tools.new/stats/topdomains -h>/home/sympa/etc/web_tt2/topdomains.tt2',
user => sympa,
minute => 10,
hour => 4;
"sympa-bad-domains":
command => '/home/sympa/cron/sympa-bad-domains',
user => sympa,
minute => 0,
hour => 4,
monthday => 3;
"sympa-persistent-bad-domains":
command => '/home/sympa/tools.new/bad-domains/sympa-persistent-bad-domains',
user => sympa,
minute => 0,
hour => 4,
monthday => 5;
"biglists":
command => '/home/sympa/tools.new/biglists',
user => sympa,
minute => 0,
hour => 5,
weekday => 0;
}
if defined(Class['monit']) {
monit::check::process { "wwsympa.fcgi":
pidfile => "/var/run/apache2.pid",
start => "/etc/init.d/apache2 start",
stop => "/etc/init.d/apache2 stop",
customlines => ["if totalmem > 5000 MB for 3 cycles then restart"];
}
monit::check::process {"task_manager.pl":
pidfile => "/home/sympa/task_manager.pid",
start => "/etc/init.d/sympa start",
stop => "/etc/init.d/sympa stop",
customlines => ["if totalmem > 5000 MB for 3 cycles then restart"],
ensure => absent;
}
}
munin::plugin {
"sympaps":
ensure => "multips",
config => "user root\nenv.names wwsympa sympa archived task_manager bounced bulk\nenv.regex_sympa ^[0-9]* /usr/bin/perl /home/sympa/bin/sympa.pl\nenv.regex_archived ^[0-9]* /usr/bin/perl /home/sympa/bin/archived.pl\nenv.regex_task_manager ^[0-9]* /usr/bin/perl /home/sympa/bin/task_manager.pl\nenv.regex_bounced ^[0-9]* /usr/bin/perl /home/sympa/bin/bounced.pl\nenv.regex_bulk ^[0-9]* /usr/bin/perl /home/sympa/bin/bulk.pl\n";
}
munin::plugin {
"sympa_queue":
ensure => "sympa_queue",
config => "user root\nenv.spooldir /home/sympa/spool\n",
script_path_in => "/usr/local/share/munin-plugins";
}
munin::plugin {
"sympa_stats":
ensure => "sympa_stats",
config => "user root\nenv.logfile /var/log/sympa/sympa.log\n",
script_path_in => "/usr/local/share/munin-plugins";
}
munin::plugin {
"sympa_subscribers":
ensure => "sympa_subscribers",
config => "user root\n",
script_path_in => "/usr/local/share/munin-plugins";
}
munin::plugin {
"sympa_lists":
ensure => "sympa_lists",
config => "user root\n",
script_path_in => "/usr/local/share/munin-plugins";
}
munin::plugin {
"sympa_users":
ensure => "sympa_users",
config => "user root\n",
script_path_in => "/usr/local/share/munin-plugins";
}
}
class sympabannedcheck {
file {
"/etc/nagios/nrpe.d/sympa_banned.cfg":
source => "$fileserver/nagios/nrpe_sympa_banned.cfg",
owner => root, group => staff, mode => 0600,
require => Package["nagios-nrpe-server"], notify => Service["nagios-nrpe-server"];
"/usr/local/lib/nagios/plugins/check_sympa_banned":
source => "$fileserver/nagios/check_sympa_banned",
owner => root, group => nagios, mode => 0750,
require => [ Package["libnagios-plugin-perl"], File["/usr/local/lib/nagios/plugins" ] ];
# allow nagios read access to the sympa db for the above check
"/var/lib/nagios/.my.cnf":
source => "$fileserver/lists/my.cnf",
owner => root, group => nagios, mode => 0640,
require => Package["nagios-nrpe-server"];
}
nagios::service {
"check_sympa_banned":
check_command => 'check_nrpe_timeout_1arg!check_sympa_banned!60';
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment