projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Restart slapd on TLS cert renew
[mirror/dsa-puppet.git] / modules / roles / manifests / security_master.pp
diff --git a/modules/roles/manifests/security_master.pp b/modules/roles/manifests/security_master.pp
index 6c511b3..6b463a5 100644 (file)
--- a/modules/roles/manifests/security_master.pp
+++ b/modules/roles/manifests/security_master.pp
@@ -1,4 +1,9 @@
 class roles::security_master {
+       ssl::service { 'security-master.debian.org':
+               notify   => Exec['service apache2 reload'],
+               key      => true,
+               tlsaport => [443, 1873],
+       }
 
        vsftpd::site { 'security':
                banner     => 'security-master.debian.org FTP server (vsftpd)',
@@ -9,7 +14,9 @@ class roles::security_master {
        }
 
        rsync::site { 'security_master':
-               source        => 'puppet:///modules/roles/security_master/rsyncd.conf',
-               max_clients => 100,
+               source      => 'puppet:///modules/roles/security_master/rsyncd.conf',
+               # Needs to be at least twice the number of direct mirrors (currently 15) plus some spare
+               max_clients => 50,
+               sslname     => 'security-master.debian.org',
        }
 }
Unnamed repository; edit this file 'description' to name the repository.