X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fsyncproxy.pp;h=3bdadcd3bffa86775c2a85305ee319f1917b9b2a;hb=7bfdedf3e3de81310dcbd7d50c3f9b290b105279;hp=7e21d5be68781ae7dacf9b7b8a7c33d83b1bd761;hpb=cc41d501a34a38003f7a6aa4c535cdc70361904a;p=mirror%2Fdsa-puppet.git diff --git a/modules/roles/manifests/syncproxy.pp b/modules/roles/manifests/syncproxy.pp index 7e21d5be6..3bdadcd3b 100644 --- a/modules/roles/manifests/syncproxy.pp +++ b/modules/roles/manifests/syncproxy.pp @@ -41,6 +41,8 @@ class roles::syncproxy { } if $::apache2 and $syncproxy_name != 'unknown' { + include apache2::ssl + ssl::service { "$syncproxy_name": notify => Service['apache2'], key => true, } apache2::site { '010-syncproxy.debian.org': site => 'syncproxy.debian.org', content => template('roles/syncproxy/syncproxy.debian.org-apache.erb') @@ -53,5 +55,41 @@ class roles::syncproxy { file { '/srv/www/syncproxy.debian.org/htdocs/index.html': content => template('roles/syncproxy/syncproxy.debian.org-index.html.erb') } + + file { '/etc/rsyncd-syncproxy-stunnel.conf': + content => template('roles/syncproxy/rsyncd-syncproxy-stunnel.conf.erb') + } + xinetd::service { "rsync-syncproxy-ssl": + bind => $bind, + id => "syncproxy-rsync-ssl", + server => '/usr/bin/stunnel4', + service => 'rsync-ssl', + type => 'UNLISTED', + port => '1873', + server_args => "/etc/rsyncd-syncproxy-stunnel.conf", + ferm => false, + instances => 50, + require => File[/etc/rsyncd-syncproxy-stunnel.conf], + } + + if $bind6 != '' { + xinetd::service { "rsync-syncproxy-ssl6": + bind => $bind6, + id => "syncproxy-rsync-ssl", + server => '/usr/bin/stunnel4', + service => 'rsync-ssl', + type => 'UNLISTED', + port => '1873', + server_args => "/etc/rsyncd-syncproxy-stunnel.conf", + ferm => false, + instances => 50, + require => File[/etc/rsyncd-syncproxy-stunnel.conf], + } + } + + @ferm::rule { "dsa-rsync-ssl": + description => "Allow traffic to rsync ssl", + rule => "&SERVICE(${protocol}, 1873)" + } } }