more amazon networks to blacklist
[mirror/dsa-puppet.git] / modules / roles / manifests / historical_mirror.pp
1 class roles::historical_mirror {
2         include roles::archvsync_base
3         include apache2::expires
4
5         $mirror_basedir_prefix = hiera('role_config__mirrors.mirror_basedir_prefix')
6         $archive_root = "${mirror_basedir_prefix}debian-archive"
7
8         $binds = $::hostname ? {
9                 gretchaninov  => ['209.87.16.41'   , '[2607:f8f0:614:1::1274:41]'          ],
10                 klecker       => ['130.89.148.13'  , '[2001:67c:2564:a119::148:13]'        ],
11                 schmelzer     => ['217.196.149.234', '[2a02:16a8:dc41:100::234]'           ],
12                 sibelius      => ['193.62.202.28'  , '[2001:630:206:4000:1a1a:0:c13e:ca1c]'],
13                 default       => ['[::]'],
14         }
15
16         $onion_v4_addr = $::hostname ? {
17                 default    => undef,
18         }
19
20         apache2::site { '010-archive.debian.org':
21                 site   => 'archive.debian.org',
22                 content => template('roles/apache-archive.debian.org.erb'),
23         }
24
25         if has_role('historical_master') {
26                 $sslname = 'archive-master.debian.org'
27                 ssl::service { $sslname:
28                         key      => true,
29                         tlsaport => [],
30                 }
31         } else {
32                 $sslname = undef
33         }
34
35         rsync::site { 'archive':
36                 content     => template('roles/historical_mirror/rsyncd.conf.erb'),
37                 max_clients => 100,
38                 sslname     => $sslname,
39                 binds       => $binds,
40         }
41
42         if has_role('historical_mirror_onion') {
43                 if ! $onion_v4_addr {
44                         fail("Do not have an onion_v4_addr set for $::hostname.")
45                 }
46
47                 onion::service { 'archive.debian.org':
48                         port => 80,
49                         target_port => 80,
50                         target_address => $onion_v4_addr,
51                 }
52         }
53 }