P:puppet::server: Sync the private Puppet repository too

supertassu · supertassu · commit 45375f9d815f · 2024-06-09T12:39:50.000+03:00
It might be interesting to convert this to a git hook at some point to
make the sync real-time, but for now we're not going to be regularly
running multiple Puppet servers at once this is fine and much less
complicated.
diff --git a/modules/profile/manifests/puppet/server.pp b/modules/profile/manifests/puppet/server.pp
@@ -275,12 +275,20 @@
   systemd::timer { 'pull-puppet-ca':
     ensure      => $is_primary.bool2str('absent', 'present'),
     user        => 'root',
-    description => 'rsync puppet CA files from the primary server',
+    description => 'rsync Puppet CA files from the primary server',
     # TODO: stop hardcoding path once fully on Debian 12
     command     => "/usr/bin/rsync -avp --delete --chown puppet:puppet -e \"/usr/bin/ssh -i /etc/ssh/local_keys.d/puppet-sync\" ${primary_host}:/etc/puppetlabs/puppetserver/ca/ ${server_config_path}/ca/",
     interval    => ['OnCalendar=*-*-* *:4/5:00'],
   }
 
+  systemd::timer { 'pull-puppet-private':
+    ensure      => $is_primary.bool2str('absent', 'present'),
+    user        => 'root',
+    description => 'rsync Puppet private repository from the primary server',
+    command     => "/usr/bin/rsync -avp --delete --chown gitpuppet:gitpuppet -e \"/usr/bin/ssh -i /etc/ssh/local_keys.d/puppet-sync\" ${primary_host}:${private_repo_dir}/ ${private_repo_dir}/",
+    interval    => ['OnCalendar=*-*-* *:2/5:00'],
+  }
+
   # Expose SSH keys so users can verify them
   file { '/srv/www':
     ensure => directory,
