class roles::snapshot_web {
	include apache2
	include apache2::rewrite
	include stretch::network_online

	ensure_packages ( [
		"libapache2-mod-wsgi",
		], {
		ensure => 'installed',
	})

	apache2::site { '020-snapshot.debian.org':
		site   => 'snapshot.debian.org',
		content => template('roles/snapshot/snapshot.debian.org.conf.erb')
	}

	case $::hostname {
		'sallinen': {
			$ipv4addr        = '193.62.202.27'
			$ipv6addr        = '2001:630:206:4000:1a1a:0:c13e:ca1b'
			$ipv6addr_apache = '2001:630:206:4000:1a1a:0:c13e:ca1a'
		}
		default: {
			fail ( "unknown host $::hostname for snapshot_web." )
		}
	}

	@ferm::rule { 'dsa-snapshot-varnish-v4':
		rule  => '&SERVICE(tcp, 6081)',
	}
	@ferm::rule { 'dsa-nat-snapshot-varnish-v4':
		table => 'nat',
		chain => 'PREROUTING',
		rule  => "proto tcp daddr ${ipv4addr} dport 80 REDIRECT to-ports 6081",
	}

	varnish::config { 'default':
		listen  => [
			':6081',
			"[$ipv6addr]:80"
			],
		backend => 'file,/var/lib/varnish/varnish_storage.bin,8G',
		content => template('roles/snapshot/snapshot.debian.org.vcl.erb'),
	}

	file { '/etc/apache2/ports.conf':
		content  => @("EOF"),
			Listen 0.0.0.0:80
			Listen [$ipv6addr_apache]:80
			| EOF
		require => Package['apache2'],
		notify  => Service['apache2'],
	}
}