X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fpeople.pp;h=0ab496987801bdf654a21f4768613e41604b8241;hb=c79637cd42547cd212a0e033485dc8af2d05bd38;hp=713f1a1700771eb8d53365b88baab04d394c0fd8;hpb=fc79f92600028a6dea9d8dc67c78247a0cd2d62f;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/people.pp b/modules/roles/manifests/people.pp
index 713f1a170..0ab496987 100644
--- a/modules/roles/manifests/people.pp
+++ b/modules/roles/manifests/people.pp
@@ -1,5 +1,28 @@
-class roles::people {
+# @param listen_addr IP addresses to have apache listen on port 443
+class roles::people (
+  Array[Stdlib::IP::Address] $listen_addr = [],
+) {
   include apache2
+  apache2::module { 'userdir': }
   ssl::service { 'people.debian.org': notify  => Exec['service apache2 reload'], key => true, }
   onion::service { 'people.debian.org': port => 80, target_address => 'people.debian.org', target_port => 80, direct => true }
+
+  $ports = empty($listen_addr) ? {
+    true => ['443'],
+    default => enclose_ipv6($listen_addr).map |$a| { "${a}:443" },
+  }
+  file { '/etc/apache2/ports.conf':
+    content => template('roles/apache-people-ports.conf.erb'),
+  }
+
+  $_enclosed_addresses = empty($listen_addr) ? {
+    true => ['*'],
+    default => enclose_ipv6($listen_addr),
+  }
+  $vhost_listen = $_enclosed_addresses.map |$a| { "${a}:443" } . join(' ')
+  $onion_hn = onion_tor_service_hostname('people.debian.org')
+  apache2::site { 'people.debian.org':
+    site => 'people.debian.org.conf',
+    content => template('roles/apache-people.debian.org.conf.erb'),
+  }
 }