Set vhost_listen variables required by apache-www.debian.org template
[mirror/dsa-puppet.git] / modules / roles / manifests / security_tracker.pp
1 class roles::security_tracker {
2         include apache2::ssl
3         include apache2::proxy_http
4         include apache2::expires
5
6         apache2::module { 'cache_disk':
7                 ensure => present,
8         }
9
10         # security-tracker abusers
11         #  66.170.99.1  20180706 excessive number of requests
12         #  66.170.99.2  20180706 excessive number of requests
13         @ferm::rule { 'dsa-sectracker-abusers':
14                 prio  => "000",
15                 rule  => "saddr (66.170.99.1 66.170.99.2) DROP",
16         }
17
18
19         ssl::service { 'security-tracker.debian.org':
20                 notify  => Exec['service apache2 reload'],
21                 key => true,
22         }
23
24         apache2::site { 'security-tracker.debian.org':
25                 site   => 'security-tracker.debian.org',
26                 content => template('roles/apache-security-tracker.debian.org.conf.erb')
27         }
28
29         # traffic shaping http traffic
30         #@ferm::rule { 'dsa-security-tracker-shape':
31         #       table => 'mangle',
32         #       chain => 'OUTPUT',
33         #       rule  => "proto tcp sport 443 MARK set-mark 20",
34         #}
35
36         file { '/usr/local/sbin/traffic-shape':
37                 mode   => '0755',
38                 content => template('roles/security-tracker/traffic-shape'),
39                 notify => Exec['/usr/local/sbin/traffic-shape'],
40         }
41         exec { '/usr/local/sbin/traffic-shape':
42                 refreshonly => true
43         }
44 }