X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fhistorical_mirror.pp;h=6fb428297a3a71e7a8e473f3b1b6b86117fdecbe;hb=4842561dfba794d10fa9294378fa0271a76ceb65;hp=25edb230adb06f559ff00ab417415b01cf98ceed;hpb=159f9d320359cb17eb3e10006ab1ace4f4900df6;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/historical_mirror.pp b/modules/roles/manifests/historical_mirror.pp
index 25edb230a..6fb428297 100644
--- a/modules/roles/manifests/historical_mirror.pp
+++ b/modules/roles/manifests/historical_mirror.pp
@@ -1,28 +1,44 @@
-class roles::historical_mirror {
-	$vhost_listen = $::hostname ? {
-		default => '*:80',
-	}
-	$onion_v4_addr = $::hostname ? {
-		default    => undef,
-	}
-	$archive_root = $::hostname ? {
-		default    => '/srv/mirrors/debian-archive',
-	}
+# a mirror for archive.debian.org
+# @param sslname provide rsync via ssl as well
+# @param listen_addr IP addresses to have apache listen on
+class roles::historical_mirror(
+  Optional[String] $sslname = undef,
+  Array[Stdlib::IP::Address] $listen_addr = [],
+){
+  include roles::archvsync_base
 
-	apache2::site { '010-archive.debian.org':
-		site   => 'archive.debian.org',
-		content => template('roles/apache-archive.debian.org.erb'),
-	}
+  include apache2
+  include apache2::expires
 
-	if has_role('historical_mirror_onion') {
-		if ! $onion_v4_addr {
-			fail("Do not have an onion_v4_addr set for $::hostname.")
-		}
+  $enclosed_addresses_rsync = empty($listen_addr) ? {
+    true    => ['[::]'],
+    default => enclose_ipv6($listen_addr),
+  }
+  $_enclosed_addresses = empty($listen_addr) ? {
+    true    => ['*'],
+    default => enclose_ipv6($listen_addr),
+  }
+  $vhost_listen = $_enclosed_addresses.map |$a| { "${a}:80" } .join(' ')
+  $mirror_basedir_prefix = hiera('role_config__mirrors.mirror_basedir_prefix')
+  $archive_root = "${mirror_basedir_prefix}debian-archive"
 
-		onion::service { 'archive.debian.org':
-			port => 80,
-			target_port => 80,
-			target_address => $onion_v4_addr,
-		}
-	}
+  apache2::site { '010-archive.debian.org':
+    site    => 'archive.debian.org',
+    content => template('roles/apache-archive.debian.org.erb'),
+  }
+
+  if $sslname {
+    ssl::service { $sslname:
+      key      => true,
+      tlsaport => [],
+    }
+  }
+  rsync::site { 'archive':
+    content     => template('roles/historical_mirror/rsyncd.conf.erb'),
+    max_clients => 100,
+    sslname     => $sslname,
+    binds       => $enclosed_addresses_rsync,
+  }
+
+  Ferm::Rule::Simple <<| tag == 'ssh::server::from::historical_master' |>>
 }