more amazon networks to blacklist
[mirror/dsa-puppet.git] / modules / roles / manifests / debian_mirror.pp
1 class roles::debian_mirror {
2         include roles::archvsync_base
3
4         $mirror_basedir_prefix = hiera('role_config__mirrors.mirror_basedir_prefix')
5         $archive_root = "${mirror_basedir_prefix}debian"
6         $listen_addresses = hiera('roles.debian_mirror')
7                 .dig($::fqdn, 'listen-addresses')
8                 .then |$a| { $a + [ '127.0.0.1:80', '[::1]:80' ] }
9                 .lest || { ['*:80'] }
10
11         $vhost_listen = join([
12                 *$listen_addresses,
13                 has_role('bgp') ? {
14                         true => '193.31.7.2:80 [2a02:158:ffff:deb::2]:80',
15                         default => '',
16                 }], ' ')
17
18         apache2::site { '010-ftp.debian.org':
19                 site   => 'ftp.debian.org',
20                 content => template('roles/apache-ftp.debian.org.erb'),
21         }
22
23         $onion_v4_addr = hiera("roles.debian_mirror", {})
24                 .dig($::fqdn, 'onion_v4_address')
25         if $onion_v4_addr {
26                 onion::service { 'ftp.debian.org':
27                         port => 80,
28                         target_port => 80,
29                         target_address => $onion_v4_addr,
30                 }
31         }
32
33         $hosts_to_check = hiera('roles.debian_mirror', {})
34                 .filter |$h| { $h[1]['fastly-backend'] }
35                 .map |$h| { $h[1]['service-hostname'] }
36
37         roles::mirror_health { 'ftp':
38                 check_hosts   => $hosts_to_check,
39                 check_service => 'ftp',
40                 url           => 'http://debian.backend.mirrors.debian.org/debian/dists/sid/Release',
41                 health_url    => 'http://debian.backend.mirrors.debian.org/_health',
42         }
43 }