modules/roles/manifests/security_mirror.pp

   1 class roles::security_mirror {
   2         include roles::archvsync_base
   3
   4         $binds = $::hostname ? {
   5                 mirror-anu      => [ '150.203.164.61', '[2001:388:1034:2900::3d]' ],
   6                 mirror-bytemark => [ '5.153.231.46', '[2001:41c8:1000:21::21:46]' ],
   7                 mirror-conova   => [ '217.196.149.233', '[2a02:16a8:dc41:100::233]' ],
   8                 mirror-isc      => [ '149.20.4.14', '[2001:4f8:1:c::14]' ],
   9                 mirror-umn      => [ '128.101.240.215', '[2607:ea00:101:3c0b::1deb:215]' ],
  10                 default         => [ '[::]' ],
  11         }
  12
  13         file { '/srv/mirrors/debian-security':
  14                 ensure => link,
  15                 target => '../ftp.root/debian-security',
  16         }
  17         file { '/srv/ftp.root':
  18                 ensure  => directory,
  19         }
  20         file { '/srv/ftp.root/.nobackup':
  21                 ensure  => present,
  22                 content => '',
  23         }
  24         file { '/srv/ftp.root/debian-security':
  25                 ensure => directory,
  26                 owner  => 1176, # archvsync
  27                 group  => 1176, # archvsync
  28                 mode   => '0755',
  29         }
  30
  31         include apache2::expires
  32         include apache2::rewrite
  33
  34         apache2::site { '010-security.debian.org':
  35                 site   => 'security.debian.org',
  36                 content => template('roles/security_mirror/security.debian.org.erb')
  37         }
  38
  39         roles::mirror_health { 'security':
  40                 check_hosts   => hiera('roles::security_mirror'),
  41                 check_service => 'security',
  42                 url           => 'http://security.backend.mirrors.debian.org/debian/dists/sid/Release',
  43                 health_url    => 'http://security.backend.mirrors.debian.org/_health',
  44         }
  45
  46         vsftpd::site { 'security':
  47                 ensure => absent,
  48                 root   => '/nonexistent',
  49         }
  50
  51         rsync::site { 'security':
  52                 source      => 'puppet:///modules/roles/security_mirror/rsyncd.conf',
  53                 max_clients => 100,
  54                 binds       => $binds,
  55         }
  56
  57         $onion_v4_addr = $::hostname ? {
  58                 mirror-anu => '150.203.164.61',
  59                 mirror-isc => '149.20.4.14',
  60                 mirror-umn => '128.101.240.215',
  61                 villa      => '212.211.132.32',
  62                 lobos      => '212.211.132.250',
  63                 default   => undef,
  64         }
  65         if has_role('security_mirror_onion') {
  66                 if ! $onion_v4_addr {
  67                         fail("Do not have an onion_v4_addr set for $::hostname.")
  68                 }
  69
  70                 onion::service { 'security.debian.org':
  71                         port => 80,
  72                         target_port => 80,
  73                         target_address => $onion_v4_addr,
  74                 }
  75         }
  76 }