projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Generate the apache ACL for draghi's "restricted" repo (RT#7962)
[mirror/dsa-puppet.git] / modules / roles / manifests / security_tracker.pp
diff --git a/modules/roles/manifests/security_tracker.pp b/modules/roles/manifests/security_tracker.pp
index c3a8c74..a5ea890 100644 (file)
--- a/modules/roles/manifests/security_tracker.pp
+++ b/modules/roles/manifests/security_tracker.pp
@@ -1,40 +1,45 @@
 class roles::security_tracker {
-       include apache2::ssl
-       include apache2::proxy_http
-       include apache2::expires
+  include apache2
+  include apache2::ssl
+  include apache2::proxy_http
+  include apache2::expires
 
-       # security-tracker abusers
-       #  66.170.99.1  20189796 excessive number of requests
-       #  66.170.99.2  20189796 excessive number of requests
-       @ferm::rule { 'dsa-sectracker-abusers':
-               prio  => "000",
-               rule  => "saddr (66.170.99.1 66.170.99.2) DROP",
-       }
+  apache2::module { 'cache_disk':
+    ensure => absent,
+  }
 
+  # security-tracker abusers
+  #  66.170.99.1  20180706 excessive number of requests
+  #  66.170.99.2  20180706 excessive number of requests
+  ferm::rule { 'dsa-sectracker-abusers':
+    prio => '005',
+    rule => 'saddr (66.170.99.1 66.170.99.2) DROP',
+  }
 
-       ssl::service { 'security-tracker.debian.org':
-               notify  => Exec['service apache2 reload'],
-               key => true,
-       }
 
-       apache2::site { 'security-tracker.debian.org':
-               site   => 'security-tracker.debian.org',
-               content => template('roles/apache-security-tracker.debian.org.conf.erb')
-       }
+  ssl::service { 'security-tracker.debian.org':
+    notify => Exec['service apache2 reload'],
+    key    => true,
+  }
 
-       # traffic shaping http traffic
-       @ferm::rule { 'dsa-security-tracker-shape':
-               table => 'mangle',
-               chain => 'OUTPUT',
-               rule  => "proto tcp sport 443 MARK set-mark 20",
-       }
+  apache2::site { 'security-tracker.debian.org':
+    site    => 'security-tracker.debian.org',
+    content => template('roles/apache-security-tracker.debian.org.conf.erb')
+  }
 
-       file { '/usr/local/sbin/traffic-shape':
-               mode   => '0755',
-               content => template('roles/security-tracker/traffic-shape'),
-               notify => Exec['/usr/local/sbin/traffic-shape'],
-       }
-       exec { '/usr/local/sbin/traffic-shape':
-               refreshonly => true
-       }
+  # traffic shaping http traffic
+  #ferm::rule { 'dsa-security-tracker-shape':
+  #  table => 'mangle',
+  #  chain => 'OUTPUT',
+  #  rule  => 'proto tcp sport 443 MARK set-mark 20',
+  #}
+
+  file { '/usr/local/sbin/traffic-shape':
+    mode    => '0755',
+    content => template('roles/security-tracker/traffic-shape'),
+    notify  => Exec['/usr/local/sbin/traffic-shape'],
+  }
+  exec { '/usr/local/sbin/traffic-shape':
+    refreshonly => true
+  }
 }
Unnamed repository; edit this file 'description' to name the repository.