Generate the apache ACL for draghi's "restricted" repo (RT#7962)
authorJulien Cristau <jcristau@debian.org>
Tue, 8 Oct 2019 14:14:14 +0000 (16:14 +0200)
committerJulien Cristau <jcristau@debian.org>
Tue, 8 Oct 2019 14:31:05 +0000 (16:31 +0200)
modules/debian_org/manifests/apt_restricted.pp
modules/roles/manifests/dbmaster.pp

index b76d5b0..ed5c0a0 100644 (file)
@@ -4,4 +4,13 @@ class debian_org::apt_restricted {
                suite      => "${::lsbdistcodename}-restricted",
                components => 'non-free',
        }
+
+       @@concat::fragment { "debian_org::apt_restricted::apache-acl::host::${name}":
+               tag        => 'debian_org::apt_restricted::apache-acl',
+               target     => '/etc/apache2/conf-available/puppet-restricted-acl.conf',
+               content    => @("EOF"),
+                       # ${::fqdn}
+                       Require ip ${::base::public_addresses}
+                       | EOF
+       }
 }
index e78167a..f207b21 100644 (file)
@@ -60,4 +60,11 @@ class roles::dbmaster {
   ferm::rule::simple { 'ldap':
     port => ['ldap', 'ldaps'],
   }
+
+  concat { '/etc/apache2/conf-available/puppet-restricted-acl.conf':
+    mode           => '0444',
+    ensure_newline => true,
+    warn           => '# This file is maintained with puppet',
+  }
+  Concat::Fragment <<| tag == 'debian_org::apt_restricted::apache-acl' |>>
 }