security_tracker -> hiera role; explicitly include apache2

author Peter Palfrader <peter@palfrader.org>

Sun, 15 Sep 2019 17:02:19 +0000 (19:02 +0200)

committer Peter Palfrader <peter@palfrader.org>

Sun, 15 Sep 2019 17:02:19 +0000 (19:02 +0200)
author Peter Palfrader <peter@palfrader.org>
Sun, 15 Sep 2019 17:02:19 +0000 (19:02 +0200)
committer Peter Palfrader <peter@palfrader.org>
Sun, 15 Sep 2019 17:02:19 +0000 (19:02 +0200)
diff --git a/hieradata/common.yaml b/hieradata/common.yaml

index ca24dd6..15ff253 100644 (file)
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -99,8 +99,6 @@ roles:
      wieck.debian.org:
        service-hostname: wieck.security.backend.mirrors.debian.org
        fastly-backend: true
-  security_tracker:
-    - soriano.debian.org
    static_mirror_onion:
      - klecker.debian.org
      - mirror-isc.debian.org
diff --git a/hieradata/nodes/soriano.debian.org.yaml b/hieradata/nodes/soriano.debian.org.yaml

new file mode 100644 (file)

index 0000000..c348659
--- /dev/null
+++ b/hieradata/nodes/soriano.debian.org.yaml
@@ -0,0 +1,3 @@
+---
+classes:
+  - roles::security_tracker
diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp

index f5e3254..01065f0 100644 (file)
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -61,10 +61,6 @@ class roles {
                 include roles::dns_geodns
         }
  
-       if has_role('security_tracker') {
-               include roles::security_tracker
-       }
-
         if has_role('rtmaster') {
                 include roles::rtmaster
         }
diff --git a/modules/roles/manifests/security_tracker.pp b/modules/roles/manifests/security_tracker.pp

index 4aa4219..a5ea890 100644 (file)
--- a/modules/roles/manifests/security_tracker.pp
+++ b/modules/roles/manifests/security_tracker.pp
@@ -1,44 +1,45 @@
  class roles::security_tracker {
-       include apache2::ssl
-       include apache2::proxy_http
-       include apache2::expires
+  include apache2
+  include apache2::ssl
+  include apache2::proxy_http
+  include apache2::expires
  
-       apache2::module { 'cache_disk':
-               ensure => absent,
-       }
+  apache2::module { 'cache_disk':
+    ensure => absent,
+  }
  
-       # security-tracker abusers
-       #  66.170.99.1  20180706 excessive number of requests
-       #  66.170.99.2  20180706 excessive number of requests
-       ferm::rule { 'dsa-sectracker-abusers':
-               prio  => "005",
-               rule  => "saddr (66.170.99.1 66.170.99.2) DROP",
-       }
+  # security-tracker abusers
+  #  66.170.99.1  20180706 excessive number of requests
+  #  66.170.99.2  20180706 excessive number of requests
+  ferm::rule { 'dsa-sectracker-abusers':
+    prio => '005',
+    rule => 'saddr (66.170.99.1 66.170.99.2) DROP',
+  }
  
  
-       ssl::service { 'security-tracker.debian.org':
-               notify  => Exec['service apache2 reload'],
-               key => true,
-       }
+  ssl::service { 'security-tracker.debian.org':
+    notify => Exec['service apache2 reload'],
+    key    => true,
+  }
  
-       apache2::site { 'security-tracker.debian.org':
-               site   => 'security-tracker.debian.org',
-               content => template('roles/apache-security-tracker.debian.org.conf.erb')
-       }
+  apache2::site { 'security-tracker.debian.org':
+    site    => 'security-tracker.debian.org',
+    content => template('roles/apache-security-tracker.debian.org.conf.erb')
+  }
  
-       # traffic shaping http traffic
-       #ferm::rule { 'dsa-security-tracker-shape':
-       #       table => 'mangle',
-       #       chain => 'OUTPUT',
-       #       rule  => "proto tcp sport 443 MARK set-mark 20",
-       #}
+  # traffic shaping http traffic
+  #ferm::rule { 'dsa-security-tracker-shape':
+  #  table => 'mangle',
+  #  chain => 'OUTPUT',
+  #  rule  => 'proto tcp sport 443 MARK set-mark 20',
+  #}
  
-       file { '/usr/local/sbin/traffic-shape':
-               mode   => '0755',
-               content => template('roles/security-tracker/traffic-shape'),
-               notify => Exec['/usr/local/sbin/traffic-shape'],
-       }
-       exec { '/usr/local/sbin/traffic-shape':
-               refreshonly => true
-       }
+  file { '/usr/local/sbin/traffic-shape':
+    mode    => '0755',
+    content => template('roles/security-tracker/traffic-shape'),
+    notify  => Exec['/usr/local/sbin/traffic-shape'],
+  }
+  exec { '/usr/local/sbin/traffic-shape':
+    refreshonly => true
+  }
  }
author	Peter Palfrader <peter@palfrader.org>
	Sun, 15 Sep 2019 17:02:19 +0000 (19:02 +0200)
committer	Peter Palfrader <peter@palfrader.org>
	Sun, 15 Sep 2019 17:02:19 +0000 (19:02 +0200)
hieradata/common.yaml		patch \| blob \| history
hieradata/nodes/soriano.debian.org.yaml	[new file with mode: 0644]	patch \| blob
modules/roles/manifests/init.pp		patch \| blob \| history
modules/roles/manifests/security_tracker.pp		patch \| blob \| history