# include roles::dbmaster
#
class roles::dbmaster {
+ include apache2
include roles::pubsub::parameters
$rabbit_password = $roles::pubsub::parameters::rabbit_password
ssl::service { 'db.debian.org':
- notify => [ Exec['service apache2 reload'],
- Service['slapd'] ],
- key => true,
+ notify => [ Exec['service apache2 reload'],
+ Service['slapd'] ],
+ key => true,
tlsaport => [443, 389, 636],
}
- file { "/etc/ldap/db.debian.org.key":
- ensure => present,
- mode => '0440',
- group => 'openldap',
+ file { '/etc/ldap/db.debian.org.key':
+ ensure => present,
+ mode => '0440',
+ group => 'openldap',
content => inline_template('<%= File.read(scope().call_function("hiera", ["paths.letsencrypt_dir"]) + "/db.debian.org.key") %>'),
- links => follow,
+ links => follow,
}
roles::pubsub::config { 'generate':
key => $facts['dsa_key'],
collect_tag => 'puppetmaster',
}
+
+ exim::vdomain { 'db.debian.org':
+ mail_user => 'mail_db',
+ mail_group => 'nogroup',
+ }
+
+ ferm::rule::simple { 'finger':
+ port => 'finger',
+ }
+ ferm::rule::simple { 'ldap':
+ port => ['ldap', 'ldaps'],
+ }
+
+ concat { '/etc/apache2/conf-available/puppet-restricted-acl.conf':
+ mode => '0444',
+ ensure_newline => true,
+ warn => '# This file is maintained with puppet',
+ }
+ Concat::Fragment <<| tag == 'debian_org::apt_restricted::apache-acl' |>>
+ concat::fragment { 'debian_org::apt_restricted::apache-acl-head':
+ target => '/etc/apache2/conf-available/puppet-restricted-acl.conf',
+ order => '01',
+ content => @(EOF)
+ <Macro dsa-apt-restricted-acl>
+ | EOF
+ }
+ concat::fragment { 'debian_org::apt_restricted::apache-acl-tail':
+ target => '/etc/apache2/conf-available/puppet-restricted-acl.conf',
+ order => '99',
+ content => @(EOF)
+ </Macro>
+ | EOF
+ }
}