- sor.debian.org
debconf_wafer:
- debussy.debian.org
- apache_not_public:
- # Hosts that run apache but where it should not be open to the internet by
- # default
- - casulana.debian.org
apache_ratelimited:
- beach.debian.org
- buxtehude.debian.org
- picconi.debian.org
- pkgmirror-csail.debian.org
- sallinen.debian.org
- cdbuilder_local_mirror:
- - casulana.debian.org
snapshot_web:
- lw07.debian.org
- sallinen.debian.org
classes:
- roles::static_source
+ - roles::cdbuilder_local_mirror
+
+roles::cdbuilder_local_mirror::listen_address: 172.29.103.1
# script heavy (say the bug tracking system), set this
# to reduce the number of worker threads.
# @param rlimitnproc A resource limit for number of processes. The default is usually fine.
+# @param public Whether this host's apache should be accessible from the public internet.
+# Sets appropriate firewall rules and optionally rate limits.
class apache2(
Boolean $smaller_number_of_threads = false,
Integer $rlimitnproc = 256,
+ Boolean $public = true,
) {
include webserver
ensure => installed,
}
- if (! has_role('apache_not_public')) {
+ if $public {
if has_role('apache_ratelimited') {
include apache2::dynamic
} else {
-class roles::cdbuilder_local_mirror {
+class roles::cdbuilder_local_mirror (
+ Stdlib::IP::Address $listen_address
+) {
include apache2
- $apache_addr = '172.29.103.1'
- $vhost_listen = "${apache_addr}:80"
+ $vhost_listen = "${listen_address}:80"
apache2::site { '010-local-mirror.cdbuilder.debian.org':
site => 'local-mirror.cdbuilder.debian.org',
if has_role('debconf_wafer') {
include roles::debconf_wafer
}
-
- if has_role('cdbuilder_local_mirror') {
- include roles::cdbuilder_local_mirror
- }
}
projects / mirror / dsa-puppet.git / commitdiff