X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fsyncproxy.pp;h=146fcda8ba0e14734346719d5b74691409fd95eb;hb=3b8f6afb92c2ca70911fe3dc67c9a23001ff99de;hp=5bf3427799a548c7cceb5a0c89f4e05b2d5b2aa8;hpb=da5fb9c9661295cc411b5838ee89698317409c61;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/syncproxy.pp b/modules/roles/manifests/syncproxy.pp
index 5bf342779..146fcda8b 100644
--- a/modules/roles/manifests/syncproxy.pp
+++ b/modules/roles/manifests/syncproxy.pp
@@ -1,35 +1,30 @@
 class roles::syncproxy {
-	$bind = $::hostname ? {
-		'milanollo' => '5.153.231.9',
-		'mirror-anu' => '150.203.164.60',
-		'mirror-isc' => '149.20.20.21',
-		'mirror-umn' => '128.101.240.216',
-		'klecker' => '130.89.148.10',
-		default => ''
-	}
-	$bind6 = $::hostname ? {
-		'milanollo' => '2001:41c8:1000:21::21:9',
-		'mirror-anu' => '2001:388:1034:2900::3c',
-		'mirror-isc' => '2001:4f8:8:36::1deb:21',
-		'mirror-umn' => '2607:ea00:101:3c0b::1deb:216',
-		'klecker' => '2001:610:1908:b000::148:10',
-		default => ''
+	include roles::archvsync_base
+
+	$mirror_basedir_prefix = hiera('role_config__syncproxy.mirror_basedir_prefix')
+
+	$binds = $::hostname ? {
+		'milanollo'    => [ '5.153.231.9', '[2001:41c8:1000:21::21:9]' ],
+		'mirror-anu'   => [ '150.203.164.60', '[2001:388:1034:2900::3c]' ],
+		'mirror-conova' => [ '217.196.149.237', '[2a02:16a8:dc41:100::237]' ],
+		'mirror-isc'   => [ '149.20.4.16', '[2001:4f8:1:c::16]' ],
+		'mirror-umn'   => [ '128.101.240.216', '[2607:ea00:101:3c0b::1deb:216]' ],
+		'klecker'      => [ '130.89.148.10', '[2001:610:1908:b000::148:10]',
+		                    '[2001:67c:2564:a119::148:10]' ],
+		'gretchaninov' => [ '209.87.16.40', '[2607:f8f0:614:1::1274:40]' ],
+		default        => [ '[::]' ],
 	}
 	$syncproxy_name = $::hostname ? {
 		'milanollo' => 'syncproxy3.eu.debian.org',
 		'mirror-anu' => 'syncproxy.au.debian.org',
+		'mirror-conova' => 'syncproxy4.eu.debian.org',
 		'mirror-isc' => 'syncproxy2.wna.debian.org',
 		'mirror-umn' => 'syncproxy.cna.debian.org',
 		'klecker' => 'syncproxy2.eu.debian.org',
+		'gretchaninov' => 'syncproxy3.wna.debian.org',
 		default => 'unknown'
 	}
 
-	rsync::site { 'syncproxy':
-		content => template('roles/syncproxy/rsyncd.conf.erb'),
-		bind    => $bind,
-		bind6   => $bind6,
-	}
-
 	file { '/etc/rsyncd':
 		ensure => 'directory'
 	}
@@ -37,12 +32,15 @@ class roles::syncproxy {
 	file { '/etc/rsyncd/debian.secrets':
 		owner => 'root',
 		group => 'mirroradm',
-		mode => 0660,
+		mode => '0660',
 	}
 
 	if $::apache2 and $syncproxy_name != 'unknown' {
 		include apache2::ssl
-		ssl::service { "$syncproxy_name": notify => Service['apache2'], key => true, }
+		ssl::service { "$syncproxy_name":
+			notify  => Exec['service apache2 reload'],
+			key => true,
+		}
 		apache2::site { '010-syncproxy.debian.org':
 			site   => 'syncproxy.debian.org',
 			content => template('roles/syncproxy/syncproxy.debian.org-apache.erb')
@@ -56,40 +54,15 @@ class roles::syncproxy {
 			content => template('roles/syncproxy/syncproxy.debian.org-index.html.erb')
 		}
 
-		file { '/etc/rsyncd-syncproxy-stunnel.conf':
-			content => template('roles/syncproxy/rsyncd-syncproxy-stunnel.conf.erb')
-		}
-		xinetd::service { "rsync-syncproxy-ssl":
-			bind        => $bind,
-			id          => "syncproxy-rsync-ssl",
-			server      => '/usr/bin/stunnel4',
-			service     => 'rsync-ssl',
-			type        => 'UNLISTED',
-			port        => '1873',
-			server_args => "/etc/rsyncd-syncproxy-stunnel.conf",
-			ferm        => false,
-			instances   => 50,
-			require     => File["/etc/rsyncd-syncproxy-stunnel.conf"],
+		rsync::site { 'syncproxy':
+			content => template('roles/syncproxy/rsyncd.conf.erb'),
+			binds   => $binds,
+			sslname => "$syncproxy_name",
 		}
-
-		if $bind6 != '' {
-			xinetd::service { "rsync-syncproxy-ssl6":
-				bind        => $bind6,
-				id          => "syncproxy-rsync-ssl",
-				server      => '/usr/bin/stunnel4',
-				service     => 'rsync-ssl',
-				type        => 'UNLISTED',
-				port        => '1873',
-				server_args => "/etc/rsyncd-syncproxy-stunnel.conf",
-				ferm        => false,
-				instances   => 50,
-				require     => File["/etc/rsyncd-syncproxy-stunnel.conf"],
-			}
-		}
-
-		@ferm::rule { "dsa-rsync-ssl":
-			description => "Allow traffic to rsync ssl",
-			rule        => "&SERVICE(${protocol}, 1873)"
+	} else {
+		rsync::site { 'syncproxy':
+			content => template('roles/syncproxy/rsyncd.conf.erb'),
+			binds   => $binds,
 		}
 	}
 }