class roles::bugs_mirror {
- rsync::site { 'bugs_mirror':
+ rsync::site_systemd { 'bugs_mirror':
source => 'puppet:///modules/roles/bugs_mirror/rsyncd.conf',
max_clients => 100,
}
class roles::ftp {
# this is the FTP part of the roles::debian_mirror class
- include ferm::ftp_conntrack
-
- $bind = $::hostname ? {
- klecker => '::ffff:130.89.148.12',
- default => '',
- }
-
- $bind6 = $::hostname ? {
- klecker => '2001:610:1908:b000::148:12',
- default => '',
+ $binds = $::hostname ? {
+ klecker => [ '130.89.148.12', '[2001:610:1908:b000::148:12]' ],
+ default => [ '[::]' ],
}
- vsftpd::site { 'ftp':
+ vsftpd::site_systemd { 'ftp':
banner => 'ftp.debian.org FTP server',
logfile => '/var/log/ftp/vsftpd-ftp.debian.org.log',
- bind => $bind,
+ binds => $binds,
max_clients => 200,
root => '/srv/ftp.debian.org/ftp.root',
}
-
- if $bind6 != '' {
- vsftpd::site { 'ftp-v6':
- banner => 'ftp.debian.org FTP server',
- logfile => '/var/log/ftp/vsftpd-ftp.debian.org.log',
- bind => $bind6,
- max_clients => 200,
- root => '/srv/ftp.debian.org/ftp.root',
- }
- }
}
class roles::ftp_upload {
-
- include ferm::ftp_conntrack
-
vsftpd::site_systemd { 'ftp-upload':
banner => 'ftp.upload.debian.org FTP server',
logfile => '/var/log/ftp/vsftpd-ftp.upload.debian.org.log',
key => true,
}
- include ferm::ftp_conntrack
-
vsftpd::site_systemd { 'ports-master':
banner => 'ports-master.debian.org FTP server',
logfile => '/var/log/ftp/vsftpd-ports-master.debian.org.log',
class roles::security_mirror {
include roles::archvsync_base
- $rsync_bind = $::hostname ? {
- mirror-anu => '150.203.164.61',
- mirror-bytemark => '5.153.231.46',
- mirror-conova => '217.196.149.233',
- mirror-isc => '149.20.4.14',
- mirror-umn => '128.101.240.215',
- default => '',
+ $binds = $::hostname ? {
+ mirror-anu => [ '150.203.164.61', '[2001:388:1034:2900::3d]' ],
+ mirror-bytemark => [ '5.153.231.46', '[2001:41c8:1000:21::21:46]' ],
+ mirror-conova => [ '217.196.149.233', '[2a02:16a8:dc41:100::233]' ],
+ mirror-isc => [ '149.20.4.14', '[2001:4f8:1:c::14]' ],
+ mirror-umn => [ '128.101.240.215', '[2607:ea00:101:3c0b::1deb:215]' ],
+ default => [ '[::]' ],
}
- $rsync_bind6 = $::hostname ? {
- mirror-anu => '2001:388:1034:2900::3d',
- mirror-bytemark => '2001:41c8:1000:21::21:46',
- mirror-conova => '2a02:16a8:dc41:100::233',
- mirror-isc => '2001:4f8:1:c::14',
- mirror-umn => '2607:ea00:101:3c0b::1deb:215',
- default => '',
- }
- $ftp_bind = $rsync_bind
- $ftp_bind6 = $rsync_bind6
file { '/srv/mirrors/debian-security':
ensure => link,
}
if has_role('security_mirror_no_ftp') {
- vsftpd::site { [ 'security', 'security6' ]:
+ vsftpd::site_systemd { 'security':
ensure => absent,
root => '/nonexistent',
}
} else {
- include ferm::ftp_conntrack
- vsftpd::site { 'security':
+ vsftpd::site_systemd { 'security':
banner => 'security.debian.org FTP server (vsftpd)',
logfile => '/var/log/ftp/vsftpd-security.debian.org.log',
max_clients => 200,
root => '/srv/ftp.root/',
- bind => $ftp_bind,
- }
- if ($ftp_bind6 != '') {
- vsftpd::site { 'security6':
- banner => 'security.debian.org FTP server (vsftpd)',
- logfile => '/var/log/ftp/vsftpd-security6.debian.org.log',
- max_clients => 200,
- root => '/srv/ftp.root/',
- bind => $ftp_bind6,
- }
+ binds => $binds,
}
}
- rsync::site { 'security':
+ rsync::site_systemd { 'security':
source => 'puppet:///modules/roles/security_mirror/rsyncd.conf',
max_clients => 100,
- bind => $rsync_bind,
- bind6 => $rsync_bind6,
+ binds => $binds,
}
$onion_v4_addr = $::hostname ? {
class roles::snapshot {
- rsync::site { 'snapshot-farm':
+ rsync::site_systemd { 'snapshot-farm':
content => template('roles/snapshot/rsyncd.conf.erb'),
}
}
class roles::syncproxy {
include roles::archvsync_base
- $bind = $::hostname ? {
- 'milanollo' => '5.153.231.9',
- 'mirror-anu' => '150.203.164.60',
- 'mirror-isc' => '149.20.4.16',
- 'mirror-umn' => '128.101.240.216',
- 'klecker' => '130.89.148.10',
- 'gretchaninov' => '209.87.16.40',
- default => ''
- }
- $bind6 = $::hostname ? {
- 'milanollo' => '2001:41c8:1000:21::21:9',
- 'mirror-anu' => '2001:388:1034:2900::3c',
- 'mirror-isc' => '2001:4f8:1:c::16',
- 'mirror-umn' => '2607:ea00:101:3c0b::1deb:216',
- 'klecker' => '2001:610:1908:b000::148:10',
- 'gretchaninov' => '2607:f8f0:614:1::1274:40',
- default => ''
+ $binds = $::hostname ? {
+ 'milanollo' => [ '5.153.231.9', '[2001:41c8:1000:21::21:9]' ],
+ 'mirror-anu' => [ '150.203.164.60', '[2001:388:1034:2900::3c]' ],
+ 'mirror-isc' => [ '149.20.4.16', '[2001:4f8:1:c::16]' ],
+ 'mirror-umn' => [ '128.101.240.216', '[2607:ea00:101:3c0b::1deb:216]' ],
+ 'klecker' => [ '130.89.148.10', '[2001:610:1908:b000::148:10]' ],
+ 'gretchaninov' => [ '209.87.16.40', '[2607:f8f0:614:1::1274:40]' ],
+ default => [ '[::]' ],
}
$syncproxy_name = $::hostname ? {
'milanollo' => 'syncproxy3.eu.debian.org',
content => template('roles/syncproxy/syncproxy.debian.org-index.html.erb')
}
- rsync::site { 'syncproxy':
+ rsync::site_systemd { 'syncproxy':
content => template('roles/syncproxy/rsyncd.conf.erb'),
- bind => $bind,
- bind6 => $bind6,
+ binds => $binds,
sslname => "$syncproxy_name",
}
} else {
- rsync::site { 'syncproxy':
+ rsync::site_systemd { 'syncproxy':
content => template('roles/syncproxy/rsyncd.conf.erb'),
- bind => $bind,
- bind6 => $bind6,
+ binds => $binds,
}
}
}
notify => Exec['service apache2 reload'],
key => true,
}
- rsync::site { 'wiki':
+ rsync::site_systemd { 'wiki':
source => 'puppet:///modules/roles/wiki/rsyncd.conf',
}
}
Exec['systemctl daemon-reload'],
File["/etc/systemd/system/rsyncd-${name}@.service"],
File["/etc/systemd/system/rsyncd-${name}.socket"],
+ Service['xinetd'],
],
provider => systemd,
}
File["/etc/systemd/system/rsyncd-${name}-stunnel@.service"],
File["/etc/systemd/system/rsyncd-${name}-stunnel.socket"],
Service["rsyncd-${name}.socket"],
+ Service['xinetd'],
],
provider => systemd,
}
server => 'unused',
service => 'unused',
ferm => false,
+ before => Service["rsyncd-${name}.socket"],
}
}
$ensure=present,
) {
include vsftpd
+ include ferm::ftp_conntrack
case $ensure {
present,absent: {}
Exec['systemctl daemon-reload'],
File["/etc/systemd/system/vsftpd-${name}@.service"],
File["/etc/systemd/system/vsftpd-${name}.socket"],
+ Service['xinetd'],
],
provider => systemd,
}