From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 15 Sep 2019 14:46:25 +0000 (+0200)
Subject: gobby -> hiera role; explicitly include apache2
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=3e28e1521e3e2350b79ff5341859d253d3b76cd4;p=mirror%2Fdsa-puppet.git

gobby -> hiera role; explicitly include apache2
---

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index 350d66ea4..8882e8cf1 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -160,8 +160,6 @@ roles:
     - storace.debian.org
   dabackup_client:
     - lw03.debian.org
-  gobby_debian_org:
-    - gombert.debian.org
   debian_mirror:
     klecker.debian.org:
       listen-addresses:
diff --git a/hieradata/nodes/gombert.debian.org.yaml b/hieradata/nodes/gombert.debian.org.yaml
new file mode 100644
index 000000000..44e75f5f8
--- /dev/null
+++ b/hieradata/nodes/gombert.debian.org.yaml
@@ -0,0 +1,3 @@
+---
+classes:
+  - roles::gobby
diff --git a/modules/roles/manifests/gobby.pp b/modules/roles/manifests/gobby.pp
new file mode 100644
index 000000000..807db0e6b
--- /dev/null
+++ b/modules/roles/manifests/gobby.pp
@@ -0,0 +1,20 @@
+class roles::gobby {
+  include apache2
+  ssl::service { 'gobby.debian.org':
+    notify   => [ Exec['service apache2 reload'], Exec['reload gobby'] ],
+    key      => true,
+    tlsaport => [443, 6523],
+  }
+  file { '/etc/ssl/debian-local/other-keys/gobby.debian.org.key':
+    ensure  => present,
+    mode    => '0440',
+    group   => 'gobby',
+    content => inline_template('<%= File.read(scope().call_function("hiera", ["paths.letsencrypt_dir"]) + "/gobby.debian.org.key") %>'),
+    links   => follow,
+    notify  => Exec['reload gobby'],
+  }
+  exec { 'reload gobby':
+    command     => 'pkill -u gobby -HUP -x infinoted',
+    refreshonly => true,
+  }
+}
diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp
index 8f1e391a5..dfe57f0ff 100644
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -122,26 +122,6 @@ class roles {
 		ssl::service { 'packages.qa.debian.org': notify  => Exec['service apache2 reload'], key => true, }
 	}
 
-	if has_role('gobby_debian_org') {
-		ssl::service { 'gobby.debian.org':
-			notify  => [ Exec['service apache2 reload'], Exec['reload gobby'] ],
-			key => true,
-			tlsaport => [443, 6523],
-		}
-		file { '/etc/ssl/debian-local/other-keys/gobby.debian.org.key':
-			ensure => present,
-			mode => '0440',
-			group => 'gobby',
-			content => inline_template('<%= File.read(scope().call_function("hiera", ["paths.letsencrypt_dir"]) + "/gobby.debian.org.key") %>'),
-			links => follow,
-			notify => Exec['reload gobby'],
-		}
-		exec { 'reload gobby':
-			command => 'pkill -u gobby -HUP -x infinoted',
-			refreshonly => true,
-		}
-	}
-
 	if $::hostname in [lw01, lw02, lw03, lw04, lw09, lw10] {
 		include roles::snapshot
 	}