X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fsyncproxy.pp;h=10430c1b2ea70fe55d55f49e462850bfdaf0dbcd;hb=34476d6987dfc64f068e734a8444c688f98e7eda;hp=eefb8dc56a474d2d078652937aaeeb3ef50b49cf;hpb=08a5df3e8e1957dbc22e97f80e13861b4865aacd;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/syncproxy.pp b/modules/roles/manifests/syncproxy.pp
index eefb8dc56..10430c1b2 100644
--- a/modules/roles/manifests/syncproxy.pp
+++ b/modules/roles/manifests/syncproxy.pp
@@ -55,5 +55,42 @@ class roles::syncproxy {
 		file { '/srv/www/syncproxy.debian.org/htdocs/index.html':
 			content => template('roles/syncproxy/syncproxy.debian.org-index.html.erb')
 		}
+
+		file { '/etc/rsyncd-syncproxy-stunnel.conf':
+			content => template('roles/syncproxy/rsyncd-syncproxy-stunnel.conf.erb')
+		}
+		xinetd::service { "rsync-syncproxy-ssl":
+			bind        => $bind,
+			id          => "syncproxy-rsync-ssl",
+			server      => '/usr/bin/stunnel4',
+			service     => 'rsync-ssl',
+			type        => 'UNLISTED',
+			port        => '1873',
+			server_args => "/etc/rsyncd-syncproxy-stunnel.conf",
+			ferm        => false,
+			instances   => 50,
+			require     => File["/etc/rsyncd-syncproxy-stunnel.conf"],
+		}
+
+		if $bind6 != '' {
+			xinetd::service { "rsync-syncproxy-ssl6":
+				bind        => $bind6,
+				id          => "syncproxy-rsync-ssl",
+				server      => '/usr/bin/stunnel4',
+				service     => 'rsync-ssl',
+				type        => 'UNLISTED',
+				port        => '1873',
+				server_args => "/etc/rsyncd-syncproxy-stunnel.conf",
+				ferm        => false,
+				instances   => 50,
+				require     => File["/etc/rsyncd-syncproxy-stunnel.conf"],
+			}
+		}
+
+		@ferm::rule { "dsa-rsync-ssl":
+			domain      => '(ip ip6)',
+			description => "Allow traffic to rsync ssl",
+			rule        => "&SERVICE(tcp, 1873)"
+		}
 	}
 }