Add debsources role for sources.d.o

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index c0eff28..f9cac90 100644 (file)
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -323,3 +323,5 @@ roles:
     - godard.debian.org
   insecure_ssl:
     - godard.debian.org
+  debsources:
+    - sor.debian.org

diff --git a/modules/roles/files/debsources/sources.debian.org.conf b/modules/roles/files/debsources/sources.debian.org.conf
new file mode 100644 (file)
index 0000000..9743979
--- /dev/null
+++ b/modules/roles/files/debsources/sources.debian.org.conf
@@ -0,0 +1,59 @@
+Use common-debian-service-https-redirect * sources.debian.org
+
+WSGIDaemonProcess sources.debian.org user=nobody group=debsources home=/ processes=2 threads=5 maximum-requests=5000 inactivity-timeout=1800 umask=0077 display-name=wsgi-debsources.debian.org
+
+<VirtualHost *:443>
+    ServerName sources.debian.org
+    ServerAdmin debian-admin@lists.debian.org
+
+    Use common-debian-service-ssl sources.debian.org
+    Use common-ssl-HSTS
+    Use http-pkp-sources.debian.org
+
+    <IfModule mod_userdir.c>
+        UserDir disabled
+    </IfModule>
+    ErrorLog /var/log/apache2/sources.debian.org-error.log
+    CustomLog /var/log/apache2/sources.debian.org-access.log privacy
+    ServerSignature On
+
+    <Directory /srv/sources.debian.org/sources>
+        Options Indexes
+        AllowOverride None
+        DirectoryIndex disabled
+        IndexOptions +ShowForbidden -FancyIndexing -HTMLTable +SuppressHTMLPreamble +XHTML
+        # Note: mods-enabled/autoindex.conf has IndexIgnore set to
+        # ignore all hidden files by default. For +ShowForbidden to be
+        # practically useful, that entry should be commented out (or
+        # reset'd with IndexOptionsReset, but only starting from Apache
+        # 2.3).
+
+        <Files ~ "^\.ht">
+            # override default (Debian) setting in /etc/apache2/apache2.conf
+            # we want to list .htaccess and friends if they are part of packages.
+            Require all granted
+        </Files>
+
+        SetHandler None
+        # ForceType text/plain
+    </Directory>
+
+    <Directory /srv/sources.debian.org/static>
+        Options FollowSymLinks
+        Require all granted
+    </Directory>
+
+    Alias /data/ /srv/sources.debian.org/sources/
+    Alias /static/ /srv/sources.debian.org/static/
+
+    <Directory /srv/sources.debian.org/etc>
+        <Files debsources.wsgi>
+            Require all granted
+        </Files>
+    </Directory>
+
+    WSGIScriptAlias / /srv/sources.debian.org/etc/debsources.wsgi
+    WSGIProcessGroup sources.debian.org
+</VirtualHost>
+
+# vim: syntax=apache ts=4 sw=4 sts=4 sr et

diff --git a/modules/roles/manifests/debsources.pp b/modules/roles/manifests/debsources.pp
new file mode 100644 (file)
index 0000000..dd5237e
--- /dev/null
+++ b/modules/roles/manifests/debsources.pp
@@ -0,0 +1,13 @@
+class roles::debsources {
+       ssl::service { 'sources.debian.org':
+               notify  => Exec['service apache2 reload'],
+               key => true,
+       }
+
+       include apache2::ssl
+       package { 'libapache2-mod-wsgi': ensure => installed, }
+       apache2::site { 'sources.debian.org':
+               site => 'sources.debian.org',
+               source => 'puppet:///modules/roles/debsources/sources.debian.org.conf',
+       }
+}

diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp
index 6b447f9..5f843ac 100644 (file)
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -357,4 +357,8 @@ class roles {
        if has_role('popcon') {
                include roles::popcon
        }
+
+       if has_role('debsources') {
+               include roles::debsources
+       }
 }