2 class roles::syncproxy {
3 include roles::archvsync_base
5 $mirror_basedir_prefix = hiera('role_config__syncproxy.mirror_basedir_prefix')
7 $binds = $::hostname ? {
8 'milanollo' => [ '5.153.231.9', '[2001:41c8:1000:21::21:9]' ],
9 'mirror-anu' => [ '150.203.164.60', '[2001:388:1034:2900::3c]' ],
10 'mirror-isc' => [ '149.20.4.16', '[2001:4f8:1:c::16]' ],
11 'mirror-umn' => [ '128.101.240.216', '[2607:ea00:101:3c0b::1deb:216]' ],
12 'klecker' => [ '130.89.148.10', '[2001:67c:2564:a119::148:10]' ],
13 'gretchaninov' => [ '209.87.16.40', '[2607:f8f0:614:1::1274:40]' ],
14 'schmelzer' => [ '217.196.149.237', '[2a02:16a8:dc41:100::237]' ],
15 'smit' => [ '130.89.148.78', '[2001:67c:2564:a119::78]' ],
16 default => [ '[::]' ],
18 $syncproxy_name = $::hostname ? {
19 'milanollo' => 'syncproxy3.eu.debian.org',
20 'mirror-anu' => 'syncproxy.au.debian.org',
21 'schmelzer' => 'syncproxy4.eu.debian.org',
22 'mirror-isc' => 'syncproxy2.wna.debian.org',
23 'mirror-umn' => 'syncproxy.cna.debian.org',
24 'klecker' => 'syncproxy2.eu.debian.org',
25 'smit' => 'syncproxy2.eu.debian.org',
26 'gretchaninov' => 'syncproxy3.wna.debian.org',
34 file { '/etc/rsyncd/debian.secrets':
40 if $::apache2 and $syncproxy_name != 'unknown' {
42 ssl::service { $syncproxy_name:
43 notify => Exec['service apache2 reload'],
46 apache2::site { '010-syncproxy.debian.org':
47 site => 'syncproxy.debian.org',
48 content => template('roles/syncproxy/syncproxy.debian.org-apache.erb')
51 file { [ '/srv/www/syncproxy.debian.org', '/srv/www/syncproxy.debian.org/htdocs' ]:
55 file { '/srv/www/syncproxy.debian.org/htdocs/index.html':
56 content => template('roles/syncproxy/syncproxy.debian.org-index.html.erb')
59 rsync::site { 'syncproxy':
60 content => template('roles/syncproxy/rsyncd.conf.erb'),
62 sslname => $syncproxy_name,
65 rsync::site { 'syncproxy':
66 content => template('roles/syncproxy/rsyncd.conf.erb'),
71 @@ferm::rule::simple { "dsa-ssh-from-syncproxy-${::fqdn}":
72 tag => 'ssh::server::allow::syncproxy',
73 description => 'Allow ssh access from a syncproxy',
75 saddr => $base::public_addresses,
78 # syncproxies should be accessible from various role hosts
79 Ferm::Rule::Simple <<|
80 tag == 'ssh::server::allow::archvsync' or
81 tag == 'ssh::server::allow::ftp_master' or
82 tag == 'ssh::server::allow::ports_master' or
83 tag == 'ssh::server::allow::security_master'