diff --git a/data/hostname/pergamon.softwareheritage.org.yaml b/data/hostname/pergamon.softwareheritage.org.yaml index 4109f441..7bc5467c 100644 --- a/data/hostname/pergamon.softwareheritage.org.yaml +++ b/data/hostname/pergamon.softwareheritage.org.yaml @@ -1,82 +1,74 @@ dns::local_cache: false # Overrides for primary bind server bind::zones::type: master dns::forwarders: [] smtp::relay_destinations: - destination: "%{hiera('phabricator::vhost::name')}" route: smtp:[tate.internal.softwareheritage.org] smtp::mynetworks: - 127.0.0.0/8 - "[::ffff:127.0.0.0]/104" - "[::1]/128" - 192.168.100.0/23 - 192.168.200.0/21 networks: eth0: address: 128.93.166.14 netmask: 26 gateway: 128.93.166.62 eth1: type: private address: 192.168.100.29 netmask: 255.255.255.0 gateway: 192.168.100.1 networks::private_routes: staging: enabled: true admin: enabled: true # Set apache MPM to prefork apache::mpm_module: prefork backups::exclude: - srv/softwareheritage/annex/annexroot - srv/softwareheritage/bitbucket-archive - var/lib/prometheus icinga2::role: master icinga2::features: - checker - mainlog - notification - statusdata - compatlog - command systemd_journal::role: collector users: jenkins-push-docs: uid: 3000 full_name: Jenkins Documentation Push user shell: /bin/bash authorized_keys: jenkins-push-docs@thyssen: type: ssh-rsa key: AAAAB3NzaC1yc2EAAAADAQABAAACAQDWk4WLCNPdSthCdYSDGP7UEIzrBigy2q74ux6OjxSd7SxUKObbsVJeV1MLxIrK3DALQEGZuNUn8hPH6NnyuRBoY+5b7KJ1uV4UAZc4CctxLrrq81cS4x71wU6bzNlZH8DFZa5s0WFnskzg1X5KvyNDj/EdJ8a1TbL/wtj8dPw9odcCw82uqT9Dookvn+yAJ6Lld4MJYy03TfQGCufq2aRRbe/wwNTgL01g3FOuOpaXgmNGGyPpUae290M3+2/slqnHmTDTabnAwDFGfgdX3EIZ2janNJN1j9/5sqDmRQt/cpc5GXfZkpuEIm6+PBj2EWPpHuOUOCAJOQ8u/x2m+v1JJ7qtEmp4sKGqRddUROsWJD73z6XA/p3Xd+nfSrxgnFpW/38upttkqh1OVZshv0+8RijK9Ve5NTU2tIQXmFyYniHUJ8CYpDJug/0pOWNy8Jasqk8jt2Qm5mwR4q9v47PR413KAv+mr/VrhECJKbfoExf3djNYekXtYwD/L45dKg2ogFiZOHgzJSqtoUlIy6RY6ylo1/u3PZY+g3HpcDUYCjNigO8Wwc4ACYIS+DvPRYm0/6+rGl/GoHcgWV4sFKXZCkcGPikL/ECIB6i5AFBKArEYtijN86lhw+dKDEEjQHrURqGMkX2v2TQ37KRSVDY7YoC7Bn+aKWKPGvlR0l9nuw== boatbucket: uid: 1002 full_name: Bitbucket Life Raft shell: /bin/bash groups: jenkins-push-docs: gid: 3000 boatbucket: gid: 1024 - -# Temporarily for the duration of the riverside migration to the admin vlan (to remove -# once the migration is effective and the ttl considered expired). -apache::rewrite_domains: - # Must have matching certificates in letsencrypt::certificates - sentry.softwareheritage.org: - rewrites: - - "^.*$ http://riverside.internal.admin.swh.network:9000" diff --git a/site-modules/role/manifests/swh_sysadmin.pp b/site-modules/role/manifests/swh_sysadmin.pp index b21087f7..3ff362de 100644 --- a/site-modules/role/manifests/swh_sysadmin.pp +++ b/site-modules/role/manifests/swh_sysadmin.pp @@ -1,35 +1,32 @@ class role::swh_sysadmin inherits role::swh_server { include profile::prometheus::server include profile::prometheus::sql include profile::puppet::master if $::subnet == 'vagrant' { notice("Vagrant environment detected, deactivate let's encrypt and bind_server") } else { include profile::letsencrypt include profile::bind_server::primary } include profile::icinga2::icingaweb2 include profile::apache::simple_server include ::apache::mod::rewrite include profile::annex_web include profile::docs_web include profile::debian_repository include profile::bitbucket_archive_web - # redirect sentry.s.o -> riverside.i.a.s.n (temporary during vlan migration) - include profile::apache::rewrite_domains - include profile::weekly_report_bot include profile::weekly_planning_bot include profile::monthly_report_bot include profile::opnsense::monitoring include profile::status_io_metrics }