Install userdir-ldap
[mirror/dsa-puppet.git] / modules / roles / manifests / syncproxy.pp
1 class roles::syncproxy {
2         include roles::archvsync_base
3
4         $mirror_basedir_prefix = hiera('role_config__syncproxy.mirror_basedir_prefix')
5
6         $binds = $::hostname ? {
7                 'milanollo'    => [ '5.153.231.9', '[2001:41c8:1000:21::21:9]' ],
8                 'mirror-anu'   => [ '150.203.164.60', '[2001:388:1034:2900::3c]' ],
9                 'mirror-conova' => [ '217.196.149.237', '[2a02:16a8:dc41:100::237]' ],
10                 'mirror-isc'   => [ '149.20.4.16', '[2001:4f8:1:c::16]' ],
11                 'mirror-umn'   => [ '128.101.240.216', '[2607:ea00:101:3c0b::1deb:216]' ],
12                 'klecker'      => [ '130.89.148.10', '[2001:610:1908:b000::148:10]',
13                                     '[2001:67c:2564:a119::148:10]' ],
14                 'gretchaninov' => [ '209.87.16.40', '[2607:f8f0:614:1::1274:40]' ],
15                 default        => [ '[::]' ],
16         }
17         $syncproxy_name = $::hostname ? {
18                 'milanollo' => 'syncproxy3.eu.debian.org',
19                 'mirror-anu' => 'syncproxy.au.debian.org',
20                 'mirror-conova' => 'syncproxy4.eu.debian.org',
21                 'mirror-isc' => 'syncproxy2.wna.debian.org',
22                 'mirror-umn' => 'syncproxy.cna.debian.org',
23                 'klecker' => 'syncproxy2.eu.debian.org',
24                 'gretchaninov' => 'syncproxy3.wna.debian.org',
25                 default => 'unknown'
26         }
27
28         file { '/etc/rsyncd':
29                 ensure => 'directory'
30         }
31
32         file { '/etc/rsyncd/debian.secrets':
33                 owner => 'root',
34                 group => 'mirroradm',
35                 mode => '0660',
36         }
37
38         if $::apache2 and $syncproxy_name != 'unknown' {
39                 include apache2::ssl
40                 ssl::service { "$syncproxy_name":
41                         notify  => Exec['service apache2 reload'],
42                         key => true,
43                 }
44                 apache2::site { '010-syncproxy.debian.org':
45                         site   => 'syncproxy.debian.org',
46                         content => template('roles/syncproxy/syncproxy.debian.org-apache.erb')
47                 }
48
49                 file { [ '/srv/www/syncproxy.debian.org', '/srv/www/syncproxy.debian.org/htdocs' ]:
50                         ensure  => directory,
51                         mode    => '0755',
52                 }
53                 file { '/srv/www/syncproxy.debian.org/htdocs/index.html':
54                         content => template('roles/syncproxy/syncproxy.debian.org-index.html.erb')
55                 }
56
57                 rsync::site { 'syncproxy':
58                         content => template('roles/syncproxy/rsyncd.conf.erb'),
59                         binds   => $binds,
60                         sslname => "$syncproxy_name",
61                 }
62         } else {
63                 rsync::site { 'syncproxy':
64                         content => template('roles/syncproxy/rsyncd.conf.erb'),
65                         binds   => $binds,
66                 }
67         }
68 }