X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fsecurity_tracker.pp;fp=modules%2Froles%2Fmanifests%2Fsecurity_tracker.pp;h=0e94dd87eeea347da548b1a48febea40310db5e9;hb=76ca91bce24ecbcbcc4e62a37aa06fd0fb9f96c7;hp=4c7ee44e70c672f95759370c907f16eab929d7f2;hpb=46cee04ab06b23ab6e9e4baba655cf470d10cfc4;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/security_tracker.pp b/modules/roles/manifests/security_tracker.pp
index 4c7ee44e7..0e94dd87e 100644
--- a/modules/roles/manifests/security_tracker.pp
+++ b/modules/roles/manifests/security_tracker.pp
@@ -1,6 +1,44 @@
 class roles::security_tracker {
+	include apache2::ssl
+	include apache2::proxy_http
+	include apache2::expires
+
+	apache2::module { 'cache_disk':
+		ensure => present,
+	}
+
+	# security-tracker abusers
+	#  66.170.99.1  20180706 excessive number of requests
+	#  66.170.99.2  20180706 excessive number of requests
+	@ferm::rule { 'dsa-sectracker-abusers':
+		prio  => "000",
+		rule  => "saddr (66.170.99.1 66.170.99.2) DROP",
+	}
+
+
 	ssl::service { 'security-tracker.debian.org':
 		notify  => Exec['service apache2 reload'],
 		key => true,
 	}
+
+	apache2::site { 'security-tracker.debian.org':
+		site   => 'security-tracker.debian.org',
+		content => template('roles/apache-security-tracker.debian.org.conf.erb')
+	}
+
+	# traffic shaping http traffic
+	#@ferm::rule { 'dsa-security-tracker-shape':
+	#	table => 'mangle',
+	#	chain => 'OUTPUT',
+	#	rule  => "proto tcp sport 443 MARK set-mark 20",
+	#}
+
+	file { '/usr/local/sbin/traffic-shape':
+		mode   => '0755',
+		content => template('roles/security-tracker/traffic-shape'),
+		notify => Exec['/usr/local/sbin/traffic-shape'],
+	}
+	exec { '/usr/local/sbin/traffic-shape':
+		refreshonly => true
+	}
 }