---
classes:
- roles::people
+
+roles::people::listen_addr: ['209.87.16.67', '2607:f8f0:614:1::1274:67']
-class roles::people {
+# @param listen_addr IP addresses to have apache listen on port 443
+class roles::people (
+ Array[Stdlib::IP::Address] $listen_addr = [],
+) {
include apache2
+ apache2::module { 'userdir': }
ssl::service { 'people.debian.org': notify => Exec['service apache2 reload'], key => true, }
onion::service { 'people.debian.org': port => 80, target_address => 'people.debian.org', target_port => 80, direct => true }
+
+ $ports = empty($listen_addr) ? {
+ true => ['443'],
+ default => enclose_ipv6($listen_addr).map |$a| { "${a}:443" },
+ }
+ file { '/etc/apache2/ports.conf':
+ content => template('roles/apache-people-ports.conf.erb'),
+ }
+
+ $_enclosed_addresses = empty($listen_addr) ? {
+ true => ['*'],
+ default => enclose_ipv6($listen_addr),
+ }
+ $vhost_listen = $_enclosed_addresses.map |$a| { "${a}:443" } . join(' ')
+ $onion_hn = onion_tor_service_hostname('people.debian.org')
+ apache2::site { 'people.debian.org':
+ site => 'people.debian.org.conf',
+ content => template('roles/apache-people.debian.org.conf.erb'),
+ }
}
--- /dev/null
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://git@ubergit.debian.org/dsa/dsa-puppet.git
+##
+
+Listen 80
+<% @ports.each do |port| -%>
+Listen <%= port %>
+<% end -%>
--- /dev/null
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://git@ubergit.debian.org/dsa/dsa-puppet.git
+##
+
+Use common-debian-service-https-redirect * people.debian.org
+
+<Macro vhost-inner-people.debian.org>
+ ServerAdmin debian-admin@debian.org
+ DocumentRoot /srv/people.debian.org/htdocs
+
+ ErrorLog /var/log/apache2/people.debian.org-error.log
+ CustomLog /var/log/apache2/people.debian.org-access.log privacy
+
+ HostnameLookups Off
+ UseCanonicalName Off
+ ServerSignature On
+
+ UserDir public_html
+
+ IndexOptions FancyIndexing NameWidth=*
+ ReadmeName README.txt
+
+ RedirectMatch ^/$ https://db.debian.org/
+</Macro>
+
+<VirtualHost <%= @vhost_listen %> >
+ ServerName people.debian.org
+
+ Use common-debian-service-ssl people.debian.org
+ Use common-ssl-HSTS
+ Use http-pkp-people.debian.org
+ Use vhost-inner-people.debian.org
+</VirtualHost>
+
+<VirtualHost *:80>
+ ServerName nossl.people.debian.org
+ Use vhost-inner-people.debian.org
+</VirtualHost>
+
+<VirtualHost *:80>
+ ServerName <%= @onion_hn %>
+ Use vhost-inner-people.debian.org
+</VirtualHost>
+
projects / mirror / dsa-puppet.git / commitdiff