X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fsyncproxy.pp;h=3bdadcd3bffa86775c2a85305ee319f1917b9b2a;hb=7bfdedf3e3de81310dcbd7d50c3f9b290b105279;hp=b01232b39c9df0ad866739bfaebb86ae7c34a439;hpb=16b81b98fef3338c96fa656a095b564a6542cb52;p=mirror%2Fdsa-puppet.git diff --git a/modules/roles/manifests/syncproxy.pp b/modules/roles/manifests/syncproxy.pp index b01232b39..3bdadcd3b 100644 --- a/modules/roles/manifests/syncproxy.pp +++ b/modules/roles/manifests/syncproxy.pp @@ -41,6 +41,7 @@ class roles::syncproxy { } if $::apache2 and $syncproxy_name != 'unknown' { + include apache2::ssl ssl::service { "$syncproxy_name": notify => Service['apache2'], key => true, } apache2::site { '010-syncproxy.debian.org': site => 'syncproxy.debian.org', @@ -54,5 +55,41 @@ class roles::syncproxy { file { '/srv/www/syncproxy.debian.org/htdocs/index.html': content => template('roles/syncproxy/syncproxy.debian.org-index.html.erb') } + + file { '/etc/rsyncd-syncproxy-stunnel.conf': + content => template('roles/syncproxy/rsyncd-syncproxy-stunnel.conf.erb') + } + xinetd::service { "rsync-syncproxy-ssl": + bind => $bind, + id => "syncproxy-rsync-ssl", + server => '/usr/bin/stunnel4', + service => 'rsync-ssl', + type => 'UNLISTED', + port => '1873', + server_args => "/etc/rsyncd-syncproxy-stunnel.conf", + ferm => false, + instances => 50, + require => File[/etc/rsyncd-syncproxy-stunnel.conf], + } + + if $bind6 != '' { + xinetd::service { "rsync-syncproxy-ssl6": + bind => $bind6, + id => "syncproxy-rsync-ssl", + server => '/usr/bin/stunnel4', + service => 'rsync-ssl', + type => 'UNLISTED', + port => '1873', + server_args => "/etc/rsyncd-syncproxy-stunnel.conf", + ferm => false, + instances => 50, + require => File[/etc/rsyncd-syncproxy-stunnel.conf], + } + } + + @ferm::rule { "dsa-rsync-ssl": + description => "Allow traffic to rsync ssl", + rule => "&SERVICE(${protocol}, 1873)" + } } }