Restrict vsftpd to the security.d.o IPs on mirror-anu

diff --git a/modules/roles/manifests/security_mirror.pp b/modules/roles/manifests/security_mirror.pp
index 986b5ae..0482362 100644 (file)
--- a/modules/roles/manifests/security_mirror.pp
+++ b/modules/roles/manifests/security_mirror.pp
@@ -11,6 +11,14 @@ class roles::security_mirror {
                mirror-umn => '2607:ea00:101:3c0b::1deb:215',
                default    => '',
        }
+       $ftp_bind = $::hostname ? {
+               mirror-anu => '150.203.164.61',
+               default => '',
+       }
+       $ftp_bind6 = $::hostname ? {
+               mirror-anu => '2001:388:1034:2900::3d',
+               default => undef,
+       }
 
        include apache2::cache
        apache2::site { '010-security.debian.org':
@@ -24,6 +32,16 @@ class roles::security_mirror {
                logfile      => '/var/log/ftp/vsftpd-security.debian.org.log',
                max_clients  => 200,
                root         => '/srv/ftp.root/',
+               bind         => $ftp_bind,
+       }
+       if ($ftp_bind6) {
+               vsftpd::site { 'security6':
+                       banner       => 'security.debian.org FTP server (vsftpd)',
+                       logfile      => '/var/log/ftp/vsftpd-security6.debian.org.log',
+                       max_clients  => 200,
+                       root         => '/srv/ftp.root/',
+                       bind         => $ftp_bind6,
+               }
        }
 
        rsync::site { 'security':

diff --git a/modules/xinetd/templates/service.erb b/modules/xinetd/templates/service.erb
index 981f5a2..c969b33 100644 (file)
--- a/modules/xinetd/templates/service.erb
+++ b/modules/xinetd/templates/service.erb
@@ -1,3 +1,8 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
 service <%= scope.lookupvar('service') %>
 {
 <%- if scope.lookupvar('bind') != '' -%>