diff --git a/data/defaults.yaml b/data/defaults.yaml index f49ff7aa..764b6228 100644 --- a/data/defaults.yaml +++ b/data/defaults.yaml @@ -1,368 +1,368 @@ --- ntp::servers: - sesi-ntp1.inria.fr - sesi-ntp2.inria.fr smtp::relayhost: '[smtp.inria.fr]' smtp::mydestinations: - "%{::fqdn}" smtp::relay_destinations: {} smtp::virtual_aliases: {} smtp::mail_aliases: root: - olasd - zack zack: - zack@upsilon.cc ardumont: - antoine.romain.dumont@gmail.com olasd: - nicolas+swhinfra@dandrimont.eu swhworker: - zack - olasd - ardumont swhstorage: - root postgres: - root locales::default_locale: C.UTF-8 locales::installed_locales: - C.UTF-8 UTF-8 - en_US.UTF-8 UTF-8 - fr_FR.UTF-8 UTF-8 - it_IT.UTF-8 UTF-8 packages: - etckeeper - htop - molly-guard - moreutils - ncdu - vim - zsh users: root: uid: 0 full_name: shell: /bin/bash groups: [] authorized_keys: root@louvre: type: ssh-rsa key: AAAAB3NzaC1yc2EAAAADAQABAAABAQDMLEWHlUQldlvZs5rg0y42lRNAfOhD+6pmO8a73DzpJWHTqvAlfteLpU78IPjSacB4dO5ish1E/1RX/HC+Bt8p2v4RBqbCnVLx2w+Hx4ahWu6qbeTVmTz+U++1SQrHnL08fSlhT0OekCw0lRZM2sQq21FZi6+vul97Ecikag4Xaw6Qfumylu94pM3t05uzTUlKk1+6VMCjhT8dlSe8VS8OirVQpE/OqYtTMAWtQaMXGHPCsqDdYRAKzkJ8GjH7ydZmX5VCRyqS0RvPKAlcJfLCs5HBtv0u5rbeGtiHhuzhj/j3YgS/6NJOC2mUfcetcDOMPLnhkKpnF0vUAzTsJ7aR zack: uid: 1000 full_name: Stefano Zacchiroli shell: /usr/bin/zsh groups: - swhdev - swhstorage - swhdeploy - sudo authorized_keys: zack@aquarium: type: ssh-rsa key: AAAAB3NzaC1yc2EAAAABIwAAAgEAwHDrj8B6DeStBwz0sLeH+gbmnyqDqS2s+slGpkSdXaKMjQRS50YWU0oOSYkZcg1RoL7G85XE7t9JhHiumHC649k0lsdcS4h8nQBVsYKfpLkJy4bm0ru2mTkwrK4j165yZ3n5ygYPwi+IGfgYIz0bmN3LNrFM60H7VGYe7UouvFpvA+wIqURU7rX3K+ZNdWVkO4CAGoHs3mS/M88HfsADvS3jotRuoC43FTbcSaIw0/riaTyBTcy/N2Q7Muag6dGSwwuFRsp3uBX4jLre0+bf/jrqLWECY2KAlottfKePsOtQe8vy7Hj7xURwf8AJQ3lVTG1vPC4df8c7c09aTlyUH1sHN5gO7ZO3QU9wpQQFsp5jfoSSZzRGSw8HjsJaTKvl6Kte6VvtBKsUOTjxxuvfdRQXiPsmP+eLgtNDWnIo84mdhnlbeTOS85E5CfLHEh6dSbV2P1Gv/ZSFfkCGghmAbSQa01lRAXmFM+JHtEe+sUdbnZ2aQuM4OLuq8trXBs4lA8rvzxReot/zohFLX1Ys+dRKT2G64RzfYIOUaFGG2ZYSA5lT6jvSM2OGXpzlavJjz+Q9BydnCRVVRu2aCRWj0farOvJR4rRGdF7fj1XYJWNwoCzAaJAaiuC7Zl+zwbeZfDmImVR5/OZE0mfDPGcgiGdQiR7YvMYolytpXjtS0zc= olasd: uid: 1001 full_name: Nicolas Dandrimont shell: /bin/bash groups: - swhdev - swhstorage - swhdeploy - sudo authorized_keys: nicolasd@darboux: type: ssh-rsa key: AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ1TCpfzrvxLhEMhxjbxqPDCwY0nazIr1cyIbhGD2bUdAbZqVMdNtr7MeDnlLIKrIPJWuvltauvLNkYU0iLc1jMntdBCBM3hgXjmTyDtc8XvXseeBp5tDqccYNR/cnDUuweNcL5tfeu5kzaAg3DFi5Dsncs5hQK5KQ8CPKWcacPjEk4ir9gdFrtKG1rZmg/wi7YbfxrJYWzb171hdV13gSgyXdsG5UAFsNyxsKSztulcLKxvbmDgYbzytr38FK2udRk7WuqPbtEAW1zV4yrBXBSB/uw8EAMi+wwvLTwyUcEl4u0CTlhREljUx8LhYrsQUCrBcmoPAmlnLCD5Q9XrGH ardumont: uid: 1003 full_name: Antoine R. Dumont shell: /bin/bash groups: - swhdev - swhstorage - swhdeploy - sudo authorized_keys: eniotna.t@gmail.com: type: ssh-rsa key: AAAAB3NzaC1yc2EAAAADAQABAAABAQDZarzgHrzUYspvrgSI6fszrALo92BDys7QOkJgUfZa9t9m4g7dUANNtwBiqIbqijAQPmB1zKgG6QTZC5rJkRy6KqXCW/+Qeedw/FWIbuI7jOD5WxnglbEQgvPkkB8kf1xIF7icRfWcQmK2je/3sFd9yS4/+jftNMPPXkBCxYm74onMenyllA1akA8FLyujLu6MNA1D8iLLXvz6pBDTT4GZ5/bm3vSE6Go8Xbuyu4SCtYZSHaHC2lXZ6Hhi6dbli4d3OwkUWz+YhFGaEra5Fx45Iig4UCL6kXPkvL/oSc9KGerpT//Xj9qz1K7p/IrBS8+eA4X69bHYYV0UZKDADZSn ardumont@louvre: type: ssh-rsa key: AAAAB3NzaC1yc2EAAAADAQABAAABAQC0Xj8nwGWTb6VGFNIrlhVTLX6VFTlvpirjdgOTOz8riRxBTS9ra35g3cz8zfDl0iVyE455GXzxlm33w/uu3DX0jQOIzkcoEBRw+T33EK89lo6tCCd9xQrteWCTNR1ZBFloHSnYk2m7kw9kyrisziyAdULsCrXmMd3BH1oJyEpISA+sv/dtVpIOWdEQmkbLmdHl2uEdjBLjqb3BtAp2oJZMmppE5YjAx0Aa1+7uSnURf7NnwMx+0wTDMdfqn8z4wqI8eQny+B+bqLH9kY++52FfMVALuErGh5+75/vtd2xzRQamjKsBlTGjFFbMRagZiVNLDX2wtdudhNmnQDIKA+rH swhworker: uid: 1004 full_name: SWH Worker Acccount shell: /bin/bash groups: - swhdeploy swhstorage: uid: 1005 full_name: SWH Storage Account shell: /bin/bash groups: - swhdeploy - swhstorage swhwebapp: uid: 1006 full_name: SWH Web App Account shell: /bin/bash groups: [] swhbackup: uid: 1007 full_name: SWH Backup Account shell: /bin/bash groups: [] groups: swhdev: gid: 1002 swhstorage: gid: 1005 swhdeploy: gid: 1006 swhbackup: gid: 1007 sudo: gid: 27 # assigned from base-files munin::node::allow: - 192.168.100.29 munin::node::plugins::enable: - apt - postfix_mailvolume - postfix_mailqueue munin::node::plugins::disable: - apt_all - exim_mailstats - exim_mailqueue munin::master::hostname: munin.internal.softwareheritage.org munin::plugins::rabbitmq::messages_warn: 18000000 munin::plugins::rabbitmq::messages_crit: 20000000 munin::plugins::rabbitmq::queue_memory_warn: 1073741824 # 1GB munin::plugins::rabbitmq::queue_memory_crit: 2147483648 # 2GB puppet::master::hostname: pergamon.internal.softwareheritage.org strict_transport_security::max_age: 15768000 # Those variables get picked up by 'include ::apache' apache::server_tokens: 'Prod' apache::server_signature: 'Off' apache::trace_enable: 'Off' # Those variables need to be set manually in the SSL vhosts. apache::ssl_protocol: all -SSLv2 -SSLv3 apache::ssl_honorcipherorder: 'On' apache::ssl_cipher: EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA apache::hsts_header: "add Strict-Transport-Security \"max-age=%{hiera('strict_transport_security::max_age')}\"" bind::update_key: local-update bind::zones: internal.softwareheritage.org: domain: internal.softwareheritage.org 100.168.192.in-addr.arpa: domain: 100.168.192.in-addr.arpa 101.168.192.in-addr.arpa: domain: 101.168.192.in-addr.arpa bind::zones::default_data: zone_type: master dynamic: true masters: '' transfer_source: '' allow_updates: [] update_policies: '' allow_transfers: '' dnssec: false key_directory: '' ns_notify: true also_notify: '' allow_notify: '' forwarders: '' forward: '' source: '' bind::resource_records: internal/NS: type: NS record: internal.softwareheritage.org data: pergamon.internal.softwareheritage.org. 100/NS: type: NS record: 101.168.192.in-addr.arpa data: pergamon.internal.softwareheritage.org. 101/NS: type: NS record: 101.168.192.in-addr.arpa data: pergamon.internal.softwareheritage.org. db/CNAME: type: CNAME record: db.internal.softwareheritage.org data: prado.internal.softwareheritage.org. debian/CNAME: type: CNAME record: debian.internal.softwareheritage.org data: pergamon.internal.softwareheritage.org. # VPN hosts zack/A: record: zack.internal.softwareheritage.org data: 192.168.101.6 olasd/A: record: olasd.internal.softwareheritage.org data: 192.168.101.10 ardumont/A: record: ardumont.internal.softwareheritage.org data: 192.168.101.14 rdicosmo/A: record: rdicosmo.internal.softwareheritage.org data: 192.168.101.38 awork01/A: record: awork01.internal.softwareheritage.org data: 192.168.101.18 awork02/A: record: awork02.internal.softwareheritage.org data: 192.168.101.22 awork03/A: record: awork03.internal.softwareheritage.org data: 192.168.101.26 awork04/A: record: awork04.internal.softwareheritage.org data: 192.168.101.30 awork05/A: record: awork05.internal.softwareheritage.org data: 192.168.101.34 bind::resource_records::default_data: type: A bind::forwarders: - 193.51.196.130 - 193.51.196.131 bind::clients: - 192.168.100.0/24 - 192.168.101.0/24 - 127.0.0.0/8 - '::1/128' bind::autogenerate: '192.168.100.0/24': internal.softwareheritage.org dar::backup::storage: /srv/backups dar::backup::num_backups: 1 dar::backup::base: / dar::backup::select: [] # empty list = full backup dar::backup::exclude: - dev - proc - run - srv/backups - srv/remote-backups - srv/softwareheritage/objects - srv/softwareheritage/postgres - srv/storage - sys - tmp - var/cache - var/run - var/tmp dar::backup::options: - -zbzip2 dar::cron::hour: 0 dar::cron::minute: fqdn_rand dar::cron::month: '*' dar::cron::monthday: '*' dar::cron::weekday: '*' dar_server::backup::storage: /srv/remote-backups dar_server::cron::hour: '0-4' dar_server::cron::minute: '*/10' dar_server::cron::month: '*' dar_server::cron::monthday: '*' dar_server::cron::weekday: '*' phabricator::basepath: /srv/phabricator phabricator::user: phabricator phabricator::vcs_user: git phabricator::mysql::database_prefix: phabricator phabricator::mysql::username: phabricator phabricator::mysql::conf::max_allowed_packet: 33554432 phabricator::mysql::conf::sql_mode: STRICT_ALL_TABLES phabricator::mysql::conf::ft_stopword_file: "%{hiera('phabricator::basepath')}/phabricator/resources/sql/stopwords.txt" phabricator::mysql::conf::ft_min_word_len: 3 phabricator::mysql::conf::ft_boolean_syntax: "' |-><()~*:\"\"&^'" phabricator::mysql::conf::innodb_buffer_pool_size: 800M phabricator::php::fpm_listen: 127.0.0.1:9001 phabricator::php::max_file_size: 128M phabricator::php::opcache_validate_timestamps: 0 phabricator::vhost::name: forge.softwareheritage.org phabricator::vhost::docroot: "%{hiera('phabricator::basepath')}/phabricator/webroot" phabricator::vhost::ssl_protocol: "%{hiera('apache::ssl_protocol')}" phabricator::vhost::ssl_honorcipherorder: "%{hiera('apache::ssl_honorcipherorder')}" phabricator::vhost::ssl_cipher: "%{hiera('apache::ssl_cipher')}" phabricator::vhost::hsts_header: "%{hiera('apache::hsts_header')}" ssh::port: 22 swh::base_directory: /srv/softwareheritage swh::conf_directory: /etc/softwareheritage swh::log_directory: /var/log/softwareheritage swh::debian_mirror::hostname: debian.internal.softwareheritage.org swh::debian_mirror::basepath: "%{hiera('swh::base_directory')}/repository" swh::debian_mirror::location: "http://%{hiera('swh::debian_mirror::hostname')}/" swh::deploy::directory: "%{hiera('swh::conf_directory')}/deploy" swh::deploy::group: swhdeploy swh::deploy::public_key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWrJX/uUss/EYZaTp2EIsZgg3ZSH8JcNZV5gBdNZ7EHcQcqxYUCqmwv9Ss3xT8n9kIrH6iz/vquqf84XR+keoZK3bsp50tMOY8LJWpcl/JK2XD6ovoJrHPu+iAroLkE59RdTa1Vz+jF67Q2UuG9f0nKwL4rnkeWTyuK/zAbyHyYKFQntkkwMr5/YTU8sjl/4aNF/2Ww8hitdi2GORlCjav2bB0wyPBA2e8sMt8Hp9O4TIWg/RD6vPX+ZvuFaB/Lw/Hv21622QGTHoZiO92/8/W9/t24il6SU4z96ZGfXqdUZkpPYKBGwyIkZkS4dN6jb4CcRlyXTObphyu3dAlABRt swhworker@worker01' swh::deploy::storage::conf_directory: "%{hiera('swh::conf_directory')}/storage" swh::deploy::storage::conf_file: "%{hiera('swh::deploy::storage::conf_directory')}/storage.ini" swh::deploy::storage::user: swhstorage swh::deploy::storage::group: swhstorage swh::deploy::storage::db::host: db swh::deploy::storage::db::user: swhstorage swh::deploy::storage::db::dbname: softwareheritage swh::deploy::storage::directory: "%{hiera('swh::base_directory')}/objects" swh::deploy::storage::uwsgi::listen: 127.0.0.1:5002 swh::deploy::storage::uwsgi::protocol: http swh::deploy::storage::uwsgi::workers: 4 swh::deploy::storage::uwsgi::max_requests: 32 swh::deploy::storage::uwsgi::max_requests_delta: 4 swh::deploy::storage::uwsgi::reload_mercy: 3600 swh::deploy::webapp::conf_directory: "%{hiera('swh::conf_directory')}/webapp" swh::deploy::webapp::conf_file: "%{hiera('swh::deploy::webapp::conf_directory')}/webapp.ini" swh::deploy::webapp::user: swhwebapp swh::deploy::webapp::group: swhwebapp swh::deploy::webapp::conf::storage_class: remote_storage -swh::deploy::webapp::conf::storage_args: http://uffizi.internal.softwareheritage.org:5002/ +swh::deploy::webapp::conf::storage_args: http://127.0.0.1:5002/ swh::deploy::webapp::conf::log_dir: "%{hiera('swh::log_directory')}/webapp" swh::deploy::webapp::uwsgi::listen: 127.0.0.1:5003 swh::deploy::webapp::uwsgi::protocol: uwsgi swh::deploy::webapp::uwsgi::workers: 4 swh::deploy::webapp::uwsgi::max_requests: 32 swh::deploy::webapp::uwsgi::max_requests_delta: 4 swh::deploy::webapp::uwsgi::reload_mercy: 3600 swh::deploy::webapp::vhost::name: base.softwareheritage.org swh::deploy::webapp::vhost::docroot: "/var/www/%{hiera('swh::deploy::webapp::vhost::name')}" swh::deploy::webapp::vhost::ssl_protocol: "%{hiera('apache::ssl_protocol')}" swh::deploy::webapp::vhost::ssl_honorcipherorder: "%{hiera('apache::ssl_honorcipherorder')}" swh::deploy::webapp::vhost::ssl_cipher: "%{hiera('apache::ssl_cipher')}" swh::deploy::webapp::vhost::hsts_header: "%{hiera('apache::hsts_header')}"