}
if $::apache2 and $syncproxy_name != 'unknown' {
+ include apache2::ssl
ssl::service { "$syncproxy_name": notify => Service['apache2'], key => true, }
apache2::site { '010-syncproxy.debian.org':
site => 'syncproxy.debian.org',
file { '/srv/www/syncproxy.debian.org/htdocs/index.html':
content => template('roles/syncproxy/syncproxy.debian.org-index.html.erb')
}
+
+ file { '/etc/rsyncd-syncproxy-stunnel.conf':
+ content => template('roles/syncproxy/rsyncd-syncproxy-stunnel.conf.erb')
+ }
+ xinetd::service { "rsync-syncproxy-ssl":
+ bind => $bind,
+ id => "syncproxy-rsync-ssl",
+ server => '/usr/bin/stunnel4',
+ service => 'rsync-ssl',
+ type => 'UNLISTED',
+ port => '1873',
+ server_args => "/etc/rsyncd-syncproxy-stunnel.conf",
+ ferm => false,
+ instances => 50,
+ require => File[/etc/rsyncd-syncproxy-stunnel.conf],
+ }
+
+ if $bind6 != '' {
+ xinetd::service { "rsync-syncproxy-ssl6":
+ bind => $bind6,
+ id => "syncproxy-rsync-ssl",
+ server => '/usr/bin/stunnel4',
+ service => 'rsync-ssl',
+ type => 'UNLISTED',
+ port => '1873',
+ server_args => "/etc/rsyncd-syncproxy-stunnel.conf",
+ ferm => false,
+ instances => 50,
+ require => File[/etc/rsyncd-syncproxy-stunnel.conf],
+ }
+ }
+
+ @ferm::rule { "dsa-rsync-ssl":
+ description => "Allow traffic to rsync ssl",
+ rule => "&SERVICE(${protocol}, 1873)"
+ }
}
}
projects / mirror / dsa-puppet.git / blobdiff