X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fsecurity_mirror.pp;h=20de547859efbcfc0016d343174a2997b3b0b524;hb=acd1de8f69a30e3a07fcb5dad44f980dd8bd89a3;hp=0bad766f5c08ac85fbdc5a947396df8864a89342;hpb=843603a55c2c23ca533da697e1fc1e53ecd76f84;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/security_mirror.pp b/modules/roles/manifests/security_mirror.pp
index 0bad766f5..20de54785 100644
--- a/modules/roles/manifests/security_mirror.pp
+++ b/modules/roles/manifests/security_mirror.pp
@@ -1,20 +1,46 @@
 class roles::security_mirror {
+	include roles::archvsync_base
+
+	$binds = $::hostname ? {
+		mirror-anu      => [ '150.203.164.61', '[2001:388:1034:2900::3d]' ],
+		mirror-isc      => [ '149.20.4.14', '[2001:4f8:1:c::14]' ],
+		mirror-umn      => [ '128.101.240.215', '[2607:ea00:101:3c0b::1deb:215]' ],
+		schmelzer       => [ '217.196.149.233', '[2a02:16a8:dc41:100::233]' ],
+		default         => [ '[::]' ],
+	}
+
+	include apache2::expires
+	include apache2::rewrite
 
-	include apache2::cache
 	apache2::site { '010-security.debian.org':
 		site   => 'security.debian.org',
-		source => 'puppet:///modules/roles/security_mirror/security.debian.org'
+		content => template('roles/security_mirror/security.debian.org.erb')
 	}
 
-	vsftpd::site { 'security':
-		banner       => 'security.debian.org FTP server (vsftpd)',
-		logfile      => '/var/log/ftp/vsftpd-security.debian.org.log',
-		max_clients  => 200,
-		root         => '/srv/ftp.root/',
-	}
+	$mirrors = hiera('roles.security_mirror', {})
+	$fastly_mirrors = $mirrors.filter |$h| { $h[1]['fastly-backend'] }
+	$hosts_to_check = $fastly_mirrors.map |$h| { $h[1]['service-hostname'] }
+
+	roles::mirror_health { 'security':
+		check_hosts   => $hosts_to_check,
+		check_service => 'security',
+		url           => 'http://security.backend.mirrors.debian.org/debian-security/dists/stable/updates/Release',
+		health_url    => 'http://security.backend.mirrors.debian.org/_health',
+        }
 
 	rsync::site { 'security':
 		source      => 'puppet:///modules/roles/security_mirror/rsyncd.conf',
 		max_clients => 100,
+		binds       => $binds,
+	}
+
+	$onion_v4_addr = hiera("roles.security_mirror", {})
+		.dig($::fqdn, 'onion_v4_address')
+	if $onion_v4_addr {
+		onion::service { 'security.debian.org':
+			port => 80,
+			target_port => 80,
+			target_address => $onion_v4_addr,
+		}
 	}
 }