Also temporarily remove TLSA records for *.dgit and appstream

[mirror/dsa-puppet.git] / modules / roles / manifests / static_mirror.pp

diff --git a/modules/roles/manifests/static_mirror.pp b/modules/roles/manifests/static_mirror.pp
index 5a2f8dc..55c091c 100644 (file)
--- a/modules/roles/manifests/static_mirror.pp
+++ b/modules/roles/manifests/static_mirror.pp
@@ -77,22 +77,31 @@ class roles::static_mirror {
        ssl::service { 'bits.debian.org'     : ensure => "ifstatic", notify => Service['apache2'], }
        ssl::service { 'lintian.debian.org'  : ensure => "ifstatic", notify => Service['apache2'], }
        ssl::service { 'rtc.debian.org'      : ensure => "ifstatic", notify => Service['apache2'], }
-       ssl::service { 'appstream.debian.org': ensure => "ifstatic", notify => Service['apache2'], }
+       ssl::service { 'appstream.debian.org': ensure => "ifstatic", notify => Service['apache2'], tlsaport => [], }
        ssl::service { 'd-i.debian.org'      : ensure => "ifstatic", notify => Service['apache2'], }
 
-       ssl::service { 'news.debian.net'       : ensure => "ifstatic", notify => Service['apache2'], key => true, }
-       ssl::service { 'debaday.debian.net'    : ensure => "ifstatic", notify => Service['apache2'], key => true, }
-       ssl::service { 'timeline.debian.net'   : ensure => "ifstatic", notify => Service['apache2'], key => true, }
-       ssl::service { 'debconf0.debconf.org'  : ensure => "ifstatic", notify => Service['apache2'], key => true, }
-       ssl::service { 'debconf1.debconf.org'  : ensure => "ifstatic", notify => Service['apache2'], key => true, }
-       ssl::service { 'debconf2.debconf.org'  : ensure => "ifstatic", notify => Service['apache2'], key => true, }
-       ssl::service { 'debconf3.debconf.org'  : ensure => "ifstatic", notify => Service['apache2'], key => true, }
-       ssl::service { 'debconf4.debconf.org'  : ensure => "ifstatic", notify => Service['apache2'], key => true, }
-       ssl::service { 'debconf5.debconf.org'  : ensure => "ifstatic", notify => Service['apache2'], key => true, }
-       ssl::service { 'debconf6.debconf.org'  : ensure => "ifstatic", notify => Service['apache2'], key => true, }
-       ssl::service { 'debconf7.debconf.org'  : ensure => "ifstatic", notify => Service['apache2'], key => true, }
-       ssl::service { '10years.debconf.org'   : ensure => "ifstatic", notify => Service['apache2'], key => true, }
-       ssl::service { 'es.debconf.org'        : ensure => "ifstatic", notify => Service['apache2'], key => true, }
-       ssl::service { 'fr.debconf.org'        : ensure => "ifstatic", notify => Service['apache2'], key => true, }
-       ssl::service { 'miniconf10.debconf.org': ensure => "ifstatic", notify => Service['apache2'], key => true, }
+       # do
+       ssl::service { 'backports.debian.org'          : ensure => "ifstatic", notify => Service['apache2'], key => true, }
+       ssl::service { 'blends.debian.org'             : ensure => "ifstatic", notify => Service['apache2'], key => true, }
+       ssl::service { 'release.debian.org'            : ensure => "ifstatic", notify => Service['apache2'], key => true, }
+       ssl::service { 'security-team.debian.org'      : ensure => "ifstatic", notify => Service['apache2'], key => true, }
+       ssl::service { 'www.ports.debian.org'          : ensure => "ifstatic", notify => Service['apache2'], key => true, }
+       # dn
+       ssl::service { 'news.debian.net'               : ensure => "ifstatic", notify => Service['apache2'], key => true, }
+       ssl::service { 'debaday.debian.net'            : ensure => "ifstatic", notify => Service['apache2'], key => true, }
+       ssl::service { 'timeline.debian.net'           : ensure => "ifstatic", notify => Service['apache2'], key => true, }
+       ssl::service { 'wnpp-by-tags.debian.net'       : ensure => "ifstatic", notify => Service['apache2'], key => true, }
+       # dc
+       ssl::service { 'debconf0.debconf.org'          : ensure => "ifstatic", notify => Service['apache2'], key => true, }
+       ssl::service { 'debconf1.debconf.org'          : ensure => "ifstatic", notify => Service['apache2'], key => true, }
+       ssl::service { 'debconf2.debconf.org'          : ensure => "ifstatic", notify => Service['apache2'], key => true, }
+       ssl::service { 'debconf3.debconf.org'          : ensure => "ifstatic", notify => Service['apache2'], key => true, }
+       ssl::service { 'debconf4.debconf.org'          : ensure => "ifstatic", notify => Service['apache2'], key => true, }
+       ssl::service { 'debconf5.debconf.org'          : ensure => "ifstatic", notify => Service['apache2'], key => true, }
+       ssl::service { 'debconf6.debconf.org'          : ensure => "ifstatic", notify => Service['apache2'], key => true, }
+       ssl::service { 'debconf7.debconf.org'          : ensure => "ifstatic", notify => Service['apache2'], key => true, }
+       ssl::service { '10years.debconf.org'           : ensure => "ifstatic", notify => Service['apache2'], key => true, }
+       ssl::service { 'es.debconf.org'                : ensure => "ifstatic", notify => Service['apache2'], key => true, }
+       ssl::service { 'fr.debconf.org'                : ensure => "ifstatic", notify => Service['apache2'], key => true, }
+       ssl::service { 'miniconf10.debconf.org'        : ensure => "ifstatic", notify => Service['apache2'], key => true, }
 }