X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fhistorical_mirror.pp;h=6fb428297a3a71e7a8e473f3b1b6b86117fdecbe;hb=4842561dfba794d10fa9294378fa0271a76ceb65;hp=3ba35393020f841c70d683c4a77e7839f7317314;hpb=33ef9d8cf9b3c33aa8b0abc678a2b94d4aaefb55;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/historical_mirror.pp b/modules/roles/manifests/historical_mirror.pp
index 3ba353930..6fb428297 100644
--- a/modules/roles/manifests/historical_mirror.pp
+++ b/modules/roles/manifests/historical_mirror.pp
@@ -1,53 +1,44 @@
-class roles::historical_mirror {
-	include roles::archvsync_base
-	include apache2::expires
-
-	$mirror_basedir_prefix = hiera('role_config__mirrors.mirror_basedir_prefix')
-	$archive_root = "${mirror_basedir_prefix}debian-archive"
-
-	$binds = $::hostname ? {
-		gretchaninov  => ['209.87.16.41'   , '[2607:f8f0:614:1::1274:41]'          ],
-		klecker       => ['130.89.148.13'  , '[2001:67c:2564:a119::148:13]'        ],
-		schmelzer     => ['217.196.149.234', '[2a02:16a8:dc41:100::234]'           ],
-		sibelius      => ['193.62.202.28'  , '[2001:630:206:4000:1a1a:0:c13e:ca1c]'],
-		default       => ['[::]'],
-	}
-
-	$onion_v4_addr = $::hostname ? {
-		default    => undef,
-	}
-
-	apache2::site { '010-archive.debian.org':
-		site   => 'archive.debian.org',
-		content => template('roles/apache-archive.debian.org.erb'),
-	}
-
-	if has_role('historical_master') {
-		$sslname = 'archive-master.debian.org'
-		ssl::service { $sslname:
-			key      => true,
-			tlsaport => [],
-		}
-	} else {
-		$sslname = undef
-	}
-
-	rsync::site { 'archive':
-		content     => template('roles/historical_mirror/rsyncd.conf.erb'),
-		max_clients => 100,
-		sslname     => $sslname,
-		binds       => $binds,
-	}
-
-	if has_role('historical_mirror_onion') {
-		if ! $onion_v4_addr {
-			fail("Do not have an onion_v4_addr set for $::hostname.")
-		}
-
-		onion::service { 'archive.debian.org':
-			port => 80,
-			target_port => 80,
-			target_address => $onion_v4_addr,
-		}
-	}
+# a mirror for archive.debian.org
+# @param sslname provide rsync via ssl as well
+# @param listen_addr IP addresses to have apache listen on
+class roles::historical_mirror(
+  Optional[String] $sslname = undef,
+  Array[Stdlib::IP::Address] $listen_addr = [],
+){
+  include roles::archvsync_base
+
+  include apache2
+  include apache2::expires
+
+  $enclosed_addresses_rsync = empty($listen_addr) ? {
+    true    => ['[::]'],
+    default => enclose_ipv6($listen_addr),
+  }
+  $_enclosed_addresses = empty($listen_addr) ? {
+    true    => ['*'],
+    default => enclose_ipv6($listen_addr),
+  }
+  $vhost_listen = $_enclosed_addresses.map |$a| { "${a}:80" } .join(' ')
+  $mirror_basedir_prefix = hiera('role_config__mirrors.mirror_basedir_prefix')
+  $archive_root = "${mirror_basedir_prefix}debian-archive"
+
+  apache2::site { '010-archive.debian.org':
+    site    => 'archive.debian.org',
+    content => template('roles/apache-archive.debian.org.erb'),
+  }
+
+  if $sslname {
+    ssl::service { $sslname:
+      key      => true,
+      tlsaport => [],
+    }
+  }
+  rsync::site { 'archive':
+    content     => template('roles/historical_mirror/rsyncd.conf.erb'),
+    max_clients => 100,
+    sslname     => $sslname,
+    binds       => $enclosed_addresses_rsync,
+  }
+
+  Ferm::Rule::Simple <<| tag == 'ssh::server::from::historical_master' |>>
 }