- rsync::site { 'syncproxy':
- content => template('roles/syncproxy/rsyncd.conf.erb'),
- bind => $bind,
- bind6 => $bind6,
- sslname => "$syncproxy_name",
- }
- } else {
- rsync::site { 'syncproxy':
- content => template('roles/syncproxy/rsyncd.conf.erb'),
- bind => $bind,
- bind6 => $bind6,
- }
- }
+ include apache2
+ include apache2::ssl
+ ssl::service { $syncproxy_name:
+ notify => Exec['service apache2 reload'],
+ key => true,
+ }
+ apache2::site { '010-syncproxy.debian.org':
+ site => 'syncproxy.debian.org',
+ content => template('roles/syncproxy/syncproxy.debian.org-apache.erb')
+ }
+
+ file { [ '/srv/www/syncproxy.debian.org', '/srv/www/syncproxy.debian.org/htdocs' ]:
+ ensure => directory,
+ mode => '0755',
+ }
+ file { '/srv/www/syncproxy.debian.org/htdocs/index.html':
+ content => template('roles/syncproxy/syncproxy.debian.org-index.html.erb')
+ }
+
+ rsync::site { 'syncproxy':
+ content => template('roles/syncproxy/rsyncd.conf.erb'),
+ binds => $enclosed_addresses_rsync,
+ sslname => $syncproxy_name,
+ }
+
+
+ # ssh firewalling setup
+ ###
+ @@ferm::rule::simple { "dsa-ssh-from-syncproxy-${::fqdn}":
+ tag => 'ssh::server::from::syncproxy',
+ description => 'Allow ssh access from a syncproxy',
+ chain => 'ssh',
+ saddr => $ssh_source_addresses,
+ }
+ # syncproxies should be accessible from various role hosts
+ Ferm::Rule::Simple <<|
+ tag == 'ssh::server::from::syncproxy' or
+ tag == 'ssh::server::from::ftp_master' or
+ tag == 'ssh::server::from::ports_master' or
+ tag == 'ssh::server::from::security_master'
+ |>>