+ $mirrors = hiera('roles.security_mirror', {})
+ $fastly_mirrors = $mirrors.filter |$h| { $h[1]['fastly-backend'] }
+ $hosts_to_check = $fastly_mirrors.map |$h| { $h[1]['service-hostname'] }
+
+ roles::mirror_health { 'security':
+ check_hosts => $hosts_to_check,
+ check_service => 'security',
+ url => 'http://security.backend.mirrors.debian.org/debian-security/dists/stable/updates/Release',
+ health_url => 'http://security.backend.mirrors.debian.org/_health',
+ }
+
+ rsync::site { 'security':
+ source => 'puppet:///modules/roles/security_mirror/rsyncd.conf',
+ max_clients => 100,
+ binds => $binds,
+ }
+
+ $onion_v4_addr = hiera("roles.security_mirror", {})
+ .dig($::fqdn, 'onion_v4_address')
+ if $onion_v4_addr {
+ onion::service { 'security.debian.org':
+ port => 80,
+ target_port => 80,
+ target_address => $onion_v4_addr,
+ }
+ }