historical_master -> hiera role

[mirror/dsa-puppet.git] / modules / roles / manifests / historical_mirror.pp

diff --git a/modules/roles/manifests/historical_mirror.pp b/modules/roles/manifests/historical_mirror.pp
index e970ce7..101ecae 100644 (file)
--- a/modules/roles/manifests/historical_mirror.pp
+++ b/modules/roles/manifests/historical_mirror.pp
@@ -1,4 +1,8 @@
-class roles::historical_mirror {
+# a mirror for archive.debian.org
+# @param sslname provide rsync via ssl as well
+class roles::historical_mirror(
+  Optional[String] $sslname = undef,
+){
   include roles::archvsync_base
   include apache2::expires
 
@@ -22,14 +26,11 @@ class roles::historical_mirror {
     content => template('roles/apache-archive.debian.org.erb'),
   }
 
-  if has_role('historical_master') {
-    $sslname = 'archive-master.debian.org'
+  if $sslname {
     ssl::service { $sslname:
       key      => true,
       tlsaport => [],
     }
-  } else {
-    $sslname = undef
   }
 
   rsync::site { 'archive':
@@ -50,4 +51,6 @@ class roles::historical_mirror {
       target_address => $onion_v4_addr,
     }
   }
+
+  Ferm::Rule::Simple <<| tag == 'ssh::server::from::historical_master' |>>
 }