X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fhistorical_mirror.pp;h=6fb428297a3a71e7a8e473f3b1b6b86117fdecbe;hb=3796622f7a39dee1120b7d11500d303451e6ff6a;hp=4ef3af0dad666fac872fc74a2375c928ea9c2fed;hpb=726b3c330d1da3e999b1c2669ab46bef4f1f8731;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/historical_mirror.pp b/modules/roles/manifests/historical_mirror.pp
index 4ef3af0da..6fb428297 100644
--- a/modules/roles/manifests/historical_mirror.pp
+++ b/modules/roles/manifests/historical_mirror.pp
@@ -1,54 +1,43 @@
-class roles::historical_mirror {
+# a mirror for archive.debian.org
+# @param sslname provide rsync via ssl as well
+# @param listen_addr IP addresses to have apache listen on
+class roles::historical_mirror(
+  Optional[String] $sslname = undef,
+  Array[Stdlib::IP::Address] $listen_addr = [],
+){
   include roles::archvsync_base
-  include apache2::expires
 
-  $mirror_basedir_prefix = hiera('role_config__mirrors.mirror_basedir_prefix')
-  $archive_root = "${mirror_basedir_prefix}debian-archive"
+  include apache2
+  include apache2::expires
 
-  $binds = $::hostname ? {
-    gretchaninov => ['209.87.16.41'   , '[2607:f8f0:614:1::1274:41]'          ],
-    klecker      => ['130.89.148.13'  , '[2001:67c:2564:a119::148:13]'        ],
-    schmelzer    => ['217.196.149.234', '[2a02:16a8:dc41:100::234]'           ],
-    sibelius     => ['193.62.202.28'  , '[2001:630:206:4000:1a1a:0:c13e:ca1c]'],
-    default      => ['[::]'],
+  $enclosed_addresses_rsync = empty($listen_addr) ? {
+    true    => ['[::]'],
+    default => enclose_ipv6($listen_addr),
   }
-
-  $onion_v4_addr = $::hostname ? {
-    default => undef,
+  $_enclosed_addresses = empty($listen_addr) ? {
+    true    => ['*'],
+    default => enclose_ipv6($listen_addr),
   }
+  $vhost_listen = $_enclosed_addresses.map |$a| { "${a}:80" } .join(' ')
+  $mirror_basedir_prefix = hiera('role_config__mirrors.mirror_basedir_prefix')
+  $archive_root = "${mirror_basedir_prefix}debian-archive"
 
   apache2::site { '010-archive.debian.org':
     site    => 'archive.debian.org',
     content => template('roles/apache-archive.debian.org.erb'),
   }
 
-  if has_role('historical_master') {
-    $sslname = 'archive-master.debian.org'
+  if $sslname {
     ssl::service { $sslname:
       key      => true,
       tlsaport => [],
     }
-  } else {
-    $sslname = undef
   }
-
   rsync::site { 'archive':
     content     => template('roles/historical_mirror/rsyncd.conf.erb'),
     max_clients => 100,
     sslname     => $sslname,
-    binds       => $binds,
-  }
-
-  if has_role('historical_mirror_onion') {
-    if ! $onion_v4_addr {
-      fail("Do not have an onion_v4_addr set for ${::hostname}.")
-    }
-
-    onion::service { 'archive.debian.org':
-      port           => 80,
-      target_port    => 80,
-      target_address => $onion_v4_addr,
-    }
+    binds       => $enclosed_addresses_rsync,
   }
 
   Ferm::Rule::Simple <<| tag == 'ssh::server::from::historical_master' |>>