X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fports_mirror.pp;h=7463c8572e32d1bfa17549b39e2f4fa94d58e9bd;hb=4842561dfba794d10fa9294378fa0271a76ceb65;hp=1f31af2f8931ceb26ff6ad9da6fde51810f0f2fc;hpb=a9abf4b71ec29ba7b5409a3f3f523ff9e80217c6;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/ports_mirror.pp b/modules/roles/manifests/ports_mirror.pp
index 1f31af2f8..7463c8572 100644
--- a/modules/roles/manifests/ports_mirror.pp
+++ b/modules/roles/manifests/ports_mirror.pp
@@ -7,15 +7,13 @@ class roles::ports_mirror(
   Boolean $onion_service = false,
 ) {
   include roles::archvsync_base
-
   include apache2
 
   $_enclosed_addresses = empty($listen_addr) ? {
     true    => ['*'],
     default => enclose_ipv6($listen_addr),
   }
-  $_addr_port_elements = $_enclosed_addresses.map |$a| { "${a}:80" }
-  $vhost_listen = join($_addr_port_elements, ' ')
+  $vhost_listen = $_enclosed_addresses.map |$a| { "${a}:80" } .join(' ')
 
   $mirror_basedir_prefix = hiera('role_config__mirrors.mirror_basedir_prefix')
   $archive_root = "${mirror_basedir_prefix}debian-ports"
@@ -26,7 +24,10 @@ class roles::ports_mirror(
   }
 
   if $onion_service {
-    $onion_addr = filter_ipv4($listen_addr)[0]
+    $onion_addr = empty($listen_addr) ? {
+      true    => $base::public_address,
+      default => filter_ipv4($listen_addr)[0]
+    }
     if ! $onion_addr {
       fail("Do not have a useable address for the onionservice on ${::hostname}.  Is \$listen_addr empty or does it not have an IPv4 address?.")
     }
@@ -37,4 +38,6 @@ class roles::ports_mirror(
       target_address => $onion_addr,
     }
   }
+
+  Ferm::Rule::Simple <<| tag == 'ssh::server::from::syncproxy' |>>
 }