X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fhistorical_mirror.pp;h=101ecaef6e8a869a71b386db3338d67c255126f6;hb=18f26a9ca182f25cbdfc4c1532e2d34898295e92;hp=853848198d7bc77351235dec99c6c1a112a45e2e;hpb=1ab297e177f78afa9ae4ff44ba3110fbec30beee;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/historical_mirror.pp b/modules/roles/manifests/historical_mirror.pp
index 853848198..101ecaef6 100644
--- a/modules/roles/manifests/historical_mirror.pp
+++ b/modules/roles/manifests/historical_mirror.pp
@@ -1,32 +1,56 @@
-class roles::historical_mirror {
-	include roles::archvsync_base
-	include apache2::expires
-
-	$vhost_listen = $::hostname ? {
-		klecker => '130.89.148.13:80 2001:610:1908:b000::148:13:80',
-		default => '*:80',
-	}
-	$onion_v4_addr = $::hostname ? {
-		default    => undef,
-	}
-	$archive_root = $::hostname ? {
-		default    => '/srv/mirrors/debian-archive',
-	}
-
-	apache2::site { '010-archive.debian.org':
-		site   => 'archive.debian.org',
-		content => template('roles/apache-archive.debian.org.erb'),
-	}
-
-	if has_role('historical_mirror_onion') {
-		if ! $onion_v4_addr {
-			fail("Do not have an onion_v4_addr set for $::hostname.")
-		}
-
-		onion::service { 'archive.debian.org':
-			port => 80,
-			target_port => 80,
-			target_address => $onion_v4_addr,
-		}
-	}
+# a mirror for archive.debian.org
+# @param sslname provide rsync via ssl as well
+class roles::historical_mirror(
+  Optional[String] $sslname = undef,
+){
+  include roles::archvsync_base
+  include apache2::expires
+
+  $mirror_basedir_prefix = hiera('role_config__mirrors.mirror_basedir_prefix')
+  $archive_root = "${mirror_basedir_prefix}debian-archive"
+
+  $binds = $::hostname ? {
+    gretchaninov => ['209.87.16.41'   , '[2607:f8f0:614:1::1274:41]'          ],
+    klecker      => ['130.89.148.13'  , '[2001:67c:2564:a119::148:13]'        ],
+    schmelzer    => ['217.196.149.234', '[2a02:16a8:dc41:100::234]'           ],
+    sibelius     => ['193.62.202.28'  , '[2001:630:206:4000:1a1a:0:c13e:ca1c]'],
+    default      => ['[::]'],
+  }
+
+  $onion_v4_addr = $::hostname ? {
+    default => undef,
+  }
+
+  apache2::site { '010-archive.debian.org':
+    site    => 'archive.debian.org',
+    content => template('roles/apache-archive.debian.org.erb'),
+  }
+
+  if $sslname {
+    ssl::service { $sslname:
+      key      => true,
+      tlsaport => [],
+    }
+  }
+
+  rsync::site { 'archive':
+    content     => template('roles/historical_mirror/rsyncd.conf.erb'),
+    max_clients => 100,
+    sslname     => $sslname,
+    binds       => $binds,
+  }
+
+  if has_role('historical_mirror_onion') {
+    if ! $onion_v4_addr {
+      fail("Do not have an onion_v4_addr set for ${::hostname}.")
+    }
+
+    onion::service { 'archive.debian.org':
+      port           => 80,
+      target_port    => 80,
+      target_address => $onion_v4_addr,
+    }
+  }
+
+  Ferm::Rule::Simple <<| tag == 'ssh::server::from::historical_master' |>>
 }