Re-arrange the authz configuration.

[invirt/packages/xvm-prodconfig.git] / master.yaml

diff --git a/master.yaml b/master.yaml
index f8f0023..ddf4cd4 100644 (file)
--- a/master.yaml
+++ b/master.yaml
@@ -1,12 +1,16 @@
+contact: &contact xvm@mit.edu
+adminacl: &adminacl system:xvm-root
+priv_contact: &priv_contact xvm-root@mit.edu
+
 apt:
  keyid: 35AE3C4F
 
 authz:
- - type: afs
-   cell: athena.mit.edu
+ mech: invirt.authz.locker
+ cells:
+ - cell: athena.mit.edu
    auth: yes
- - type: afs
-   cell: sipb.mit.edu
+ - cell: sipb.mit.edu
    auth: yes
 
 console:
@@ -31,15 +35,29 @@ dhcp:
  search_domain: mit.edu
 
 dns:
- contact: xvm@mit.edu
+ contact: *contact
  domains: # first one is advertised
   - xvm.mit.edu
+  - 2.181.18.in-addr.arpa
  nameservers:
   - hostname: xvm.mit.edu
     ip: 18.181.0.62
  zone_files:
   - /etc/invirt/zone
 
+git:
+ pockets:
+  prod:
+   acl: *adminacl
+   apt: stable
+  dev:
+   acl: system:xvm-dev
+   apt: unstable
+   allow_backtracking: yes
+ tagger:
+  name: Invirt Build Server
+  email: invirt@mit.edu
+
 hosts: # hosts on which VMs run
  - hostname: citadel-station.mit.edu
    ip: 18.181.0.221
@@ -53,6 +71,9 @@ hosts: # hosts on which VMs run
 kerberos:
  realm: ATHENA.MIT.EDU
 
+mail:
+ forward: *priv_contact
+
 monitoring:
  - hostname: syn.mit.edu
    ip: 18.181.0.65
@@ -75,8 +96,7 @@ vnc:
 web:
  baseuri: https://xvm.mit.edu/
  hostname: xvm.mit.edu
- errormail: xvm@mit.edu
- adminacl: system:xvm-root
+ errormail: *contact
  errormail_exclude:
   - broder
   - price