From: Peter Palfrader <peter@palfrader.org>
Date: Fri, 23 Sep 2016 20:37:27 +0000 (+0000)
Subject: ship pin set for people.debian.org
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=171b3474d975c2faa3d48fa31654b8ab5981b4d4;p=mirror%2Fdsa-puppet.git

ship pin set for people.debian.org
---

diff --git a/modules/apache2/manifests/pin.pp b/modules/apache2/manifests/pin.pp
new file mode 100644
index 000000000..020f221d5
--- /dev/null
+++ b/modules/apache2/manifests/pin.pp
@@ -0,0 +1,8 @@
+define apache2::pin () {
+	$snippet = gen_hpkp_pin($name)
+
+	concat::fragment { "puppet-ssl-key-pins-header-${name}":
+		target => '/etc/apache2/conf-available/puppet-ssl-key-pins.conf',
+		content => $snippet,
+	}
+}
diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp
index 1d7282435..e7369d450 100644
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -91,6 +91,7 @@ class roles {
 	if has_role('people') {
 		ssl::service { 'people.debian.org': notify  => Exec['service apache2 reload'], key => true, }
 		onion::service { 'people.debian.org': port => 80, target_address => 'people.debian.org', target_port => 80, direct => true }
+		apache2::pin { 'people.debian.org': }
 	}
 
 	if has_role('security_master') {