Fix the design of our Puppet codebase & document design guidelines

GanttStart: 2022-06-01

Originally created by @intrigeri on #16958 (Redmine)

References:

• https://puppet.com/docs/pe/2018.1/the_roles_and_profiles_method.html
• https://puppet.com/docs/pe/latest/roles_and_profiles_example.html
• https://puppet.com/docs/pe/2016.4/r_n_p_full_example.html
• https://medium.com/@sebolabs/puppet-roles-profiles-opinion-essay-2d081d9e62bf

Subtasks

• Cleanup monitoring in puppet-tails (#16934 - closed)
• Upgrade to Hiera 5 (#16927 - closed)
• Update Puppet modules: 2022 edition (#16953 - closed)
• Update Puppet modules: 2023 edition (#17942 - closed)
• cleanup user access (#17931 - closed)
• Refactor apt-cacher-ng into its own Puppet module (#18014 - closed)
• Refactor OpenPGP into its own Puppet module (#18015 - closed)
• Move Weblate to a separate module -- Use the new puppet-weblate module (puppet-tails!112 - merged)
• Consider refactoring VPN/Tinc to a separate submodule + See if we can upstream our VPN bits to immerda'... (#11253 - closed)
• Document design guidelines
• Update the Puppet config of Stone, the masterle... (#17975 - closed)
• Clean up tails::base (#17848 - closed)
• [ ] Refactor Puppet bits for the nightly builds NFS (#9616 - closed)
• Switch to the voxpupuli/nginx module (#17938 - closed)
• Consider getting rid of puppet-vim (#17941 - closed)
• Include more profiles in the base profile (puppet-tails!121 - closed)
• Review sysadmin repos (#18028 - closed)

Need refactoring

Assuming we want everything to either be a profile or factored out to its own Puppet module, the following still need to be worked on:

• git_annex
  • used by gitolite
• gitolite
  • installs hooks for jenkins-jobs
  • uses git-annex
• jenkins
• letsencrypt
• limesurvey
• mail
• meeting
• mirror.pp
  • We don't use and only provide as an example. Consider removing?
• pythonlib.pp
  • Should probably be moved to the Jenkins namespace
• redmine
  • Archive and Redirector, used in our webserver.
• reprepro
• tester
  • Should probably be moved to the Jenkins namespace
• 😕 vpn
• 😕 website
• Check items in the tails::profile namespace that are too big and should be factored out to a separate module.

Items marked with 😕 are "hybrid": part was moved to the tails::profile namespace, and part is still in the manifests root of the tails module.