Puppet Class: aptrepo::common
- Defined in:
- modules/aptrepo/manifests/common.pp
Summary
Install and configure reprepro on a serverOverview
SPDX-License-Identifier: Apache-2.0
21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 |
# File 'modules/aptrepo/manifests/common.pp', line 21
class aptrepo::common (
Stdlib::Unixpath $homedir = '/var/lib/reprepro',
Stdlib::Unixpath $basedir = '/var/lib/reprepro',
String $user = 'reprepro',
String $group = 'reprepro',
Optional[String] $gpg_secring = undef,
Optional[String] $gpg_pubring = undef,
Optional[String] $gpg_user = undef,
Array[String] $authorized_keys = [],
) {
$packages = ['reprepro','dpkg-dev','dctrl-tools','gnupg','zip']
ensure_packages($packages)
# Basic reprepro configuration. By setting the PREPREPRO_BASE_DIR,
# we're making reprepro a little easier to use in the most common
# cases, by defaulting to the publically available repository.
file { "${homedir}/.bashrc":
ensure => file,
owner => $user,
group => $group,
}
file_line { 'reprepro_bashrc':
ensure => present,
path => "${homedir}/.bashrc",
line => "export REPREPRO_BASE_DIR=${basedir} # Managed by puppet",
}
# Configure GnuPG for package signing.
file { "${homedir}/.gnupg":
ensure => directory,
owner => $gpg_user,
group => $gpg_user,
mode => '0700',
}
if $gpg_secring != undef {
file { "${homedir}/.gnupg/secring.gpg":
ensure => file,
owner => $gpg_user,
group => $gpg_user,
mode => '0400',
content => secret($gpg_secring),
show_diff => false,
}
}
if $gpg_pubring != undef {
file { "${homedir}/.gnupg/pubring.gpg":
ensure => file,
owner => $gpg_user,
group => $gpg_user,
mode => '0400',
content => secret($gpg_pubring),
}
}
file { "${homedir}/.gnupg/reprepro-updates-keys.d":
ensure => directory,
owner => $gpg_user,
group => $gpg_user,
mode => '0550',
recurse => true,
purge => true,
source => 'puppet:///modules/aptrepo/updates-keys',
notify => Exec['reprepro-import-updates-keys'],
}
exec { 'reprepro-import-updates-keys':
refreshonly => true,
provider => 'shell',
command => "/usr/bin/gpg --import ${homedir}/.gnupg/reprepro-updates-keys.d/*.gpg",
}
# SSH upload script, currently only for public packages.
unless $authorized_keys.empty {
ssh::userkey { 'reprepro':
content => template('aptrepo/authorized_keys.erb'),
}
}
file { '/usr/local/bin/reprepro-ssh-upload':
ensure => file,
owner => 'root',
group => 'root',
mode => '0555',
source => 'puppet:///modules/aptrepo/reprepro-ssh-upload',
}
}
|