X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fsyncproxy.pp;h=efc71c1dd67807687ba2f3552b75f98e0c286cae;hb=acd1de8f69a30e3a07fcb5dad44f980dd8bd89a3;hp=080196f8d5f4e4e96fba97319b75d633d0400085;hpb=9183664fc9f40ea1e192c9751cbaa839d34c39fb;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/syncproxy.pp b/modules/roles/manifests/syncproxy.pp
index 080196f8d..efc71c1dd 100644
--- a/modules/roles/manifests/syncproxy.pp
+++ b/modules/roles/manifests/syncproxy.pp
@@ -1,6 +1,27 @@
 class roles::syncproxy {
-	rsync::site { 'syncproxy':
-		source => 'puppet:///modules/roles/syncproxy/rsyncd.conf',
+	include roles::archvsync_base
+
+	$mirror_basedir_prefix = hiera('role_config__syncproxy.mirror_basedir_prefix')
+
+	$binds = $::hostname ? {
+		'milanollo'    => [ '5.153.231.9', '[2001:41c8:1000:21::21:9]' ],
+		'mirror-anu'   => [ '150.203.164.60', '[2001:388:1034:2900::3c]' ],
+		'mirror-isc'   => [ '149.20.4.16', '[2001:4f8:1:c::16]' ],
+		'mirror-umn'   => [ '128.101.240.216', '[2607:ea00:101:3c0b::1deb:216]' ],
+		'klecker'      => [ '130.89.148.10', '[2001:67c:2564:a119::148:10]' ],
+		'gretchaninov' => [ '209.87.16.40', '[2607:f8f0:614:1::1274:40]' ],
+		'schmelzer'    => [ '217.196.149.237', '[2a02:16a8:dc41:100::237]' ],
+		default        => [ '[::]' ],
+	}
+	$syncproxy_name = $::hostname ? {
+		'milanollo' => 'syncproxy3.eu.debian.org',
+		'mirror-anu' => 'syncproxy.au.debian.org',
+		'schmelzer' => 'syncproxy4.eu.debian.org',
+		'mirror-isc' => 'syncproxy2.wna.debian.org',
+		'mirror-umn' => 'syncproxy.cna.debian.org',
+		'klecker' => 'syncproxy2.eu.debian.org',
+		'gretchaninov' => 'syncproxy3.wna.debian.org',
+		default => 'unknown'
 	}
 
 	file { '/etc/rsyncd':
@@ -10,6 +31,37 @@ class roles::syncproxy {
 	file { '/etc/rsyncd/debian.secrets':
 		owner => 'root',
 		group => 'mirroradm',
-		mode => 0664,
+		mode => '0660',
+	}
+
+	if $::apache2 and $syncproxy_name != 'unknown' {
+		include apache2::ssl
+		ssl::service { "$syncproxy_name":
+			notify  => Exec['service apache2 reload'],
+			key => true,
+		}
+		apache2::site { '010-syncproxy.debian.org':
+			site   => 'syncproxy.debian.org',
+			content => template('roles/syncproxy/syncproxy.debian.org-apache.erb')
+		}
+
+		file { [ '/srv/www/syncproxy.debian.org', '/srv/www/syncproxy.debian.org/htdocs' ]:
+			ensure  => directory,
+			mode    => '0755',
+		}
+		file { '/srv/www/syncproxy.debian.org/htdocs/index.html':
+			content => template('roles/syncproxy/syncproxy.debian.org-index.html.erb')
+		}
+
+		rsync::site { 'syncproxy':
+			content => template('roles/syncproxy/rsyncd.conf.erb'),
+			binds   => $binds,
+			sslname => "$syncproxy_name",
+		}
+	} else {
+		rsync::site { 'syncproxy':
+			content => template('roles/syncproxy/rsyncd.conf.erb'),
+			binds   => $binds,
+		}
 	}
 }