1 class roles::syncproxy {
2 $bind = $::hostname ? {
3 'milanollo' => '5.153.231.9',
4 'mirror-anu' => '150.203.164.60',
5 'mirror-isc' => '149.20.20.21',
6 'mirror-umn' => '128.101.240.216',
7 'klecker' => '130.89.148.10',
10 $bind6 = $::hostname ? {
11 'milanollo' => '2001:41c8:1000:21::21:9',
12 'mirror-anu' => '2001:388:1034:2900::3c',
13 'mirror-isc' => '2001:4f8:8:36::1deb:21',
14 'mirror-umn' => '2607:ea00:101:3c0b::1deb:216',
15 'klecker' => '2001:610:1908:b000::148:10',
18 $syncproxy_name = $::hostname ? {
19 'milanollo' => 'syncproxy3.eu.debian.org',
20 'mirror-anu' => 'syncproxy.au.debian.org',
21 'mirror-isc' => 'syncproxy2.wna.debian.org',
22 'mirror-umn' => 'syncproxy.cna.debian.org',
23 'klecker' => 'syncproxy2.eu.debian.org',
27 rsync::site { 'syncproxy':
28 content => template('roles/syncproxy/rsyncd.conf.erb'),
37 file { '/etc/rsyncd/debian.secrets':
43 if $::apache2 and $syncproxy_name != 'unknown' {
45 ssl::service { "$syncproxy_name": notify => Service['apache2'], key => true, }
46 apache2::site { '010-syncproxy.debian.org':
47 site => 'syncproxy.debian.org',
48 content => template('roles/syncproxy/syncproxy.debian.org-apache.erb')
51 file { [ '/srv/www/syncproxy.debian.org', '/srv/www/syncproxy.debian.org/htdocs' ]:
55 file { '/srv/www/syncproxy.debian.org/htdocs/index.html':
56 content => template('roles/syncproxy/syncproxy.debian.org-index.html.erb')
59 file { '/etc/rsyncd-syncproxy-stunnel.conf':
60 content => template('roles/syncproxy/rsyncd-syncproxy-stunnel.conf.erb')
62 xinetd::service { "rsync-syncproxy-ssl":
64 id => "syncproxy-rsync-ssl",
65 server => '/usr/bin/stunnel4',
66 service => 'rsync-ssl',
69 server_args => "/etc/rsyncd-syncproxy-stunnel.conf",
72 require => File["/etc/rsyncd-syncproxy-stunnel.conf"],
76 xinetd::service { "rsync-syncproxy-ssl6":
78 id => "syncproxy-rsync-ssl",
79 server => '/usr/bin/stunnel4',
80 service => 'rsync-ssl',
83 server_args => "/etc/rsyncd-syncproxy-stunnel.conf",
86 require => File["/etc/rsyncd-syncproxy-stunnel.conf"],
90 @ferm::rule { "dsa-rsync-ssl":
92 description => "Allow traffic to rsync ssl",
93 rule => "&SERVICE(tcp, 1873)"