From: Julien Cristau Date: Wed, 1 Nov 2017 12:49:00 +0000 (+0100) Subject: Add debsources role for sources.d.o X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=43027472aba9b781f311863d36fc8cbdcb882479;p=mirror%2Fdsa-puppet.git Add debsources role for sources.d.o --- diff --git a/hieradata/common.yaml b/hieradata/common.yaml index c0eff2840..f9cac901f 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -323,3 +323,5 @@ roles: - godard.debian.org insecure_ssl: - godard.debian.org + debsources: + - sor.debian.org diff --git a/modules/roles/files/debsources/sources.debian.org.conf b/modules/roles/files/debsources/sources.debian.org.conf new file mode 100644 index 000000000..974397970 --- /dev/null +++ b/modules/roles/files/debsources/sources.debian.org.conf @@ -0,0 +1,59 @@ +Use common-debian-service-https-redirect * sources.debian.org + +WSGIDaemonProcess sources.debian.org user=nobody group=debsources home=/ processes=2 threads=5 maximum-requests=5000 inactivity-timeout=1800 umask=0077 display-name=wsgi-debsources.debian.org + + + ServerName sources.debian.org + ServerAdmin debian-admin@lists.debian.org + + Use common-debian-service-ssl sources.debian.org + Use common-ssl-HSTS + Use http-pkp-sources.debian.org + + + UserDir disabled + + ErrorLog /var/log/apache2/sources.debian.org-error.log + CustomLog /var/log/apache2/sources.debian.org-access.log privacy + ServerSignature On + + + Options Indexes + AllowOverride None + DirectoryIndex disabled + IndexOptions +ShowForbidden -FancyIndexing -HTMLTable +SuppressHTMLPreamble +XHTML + # Note: mods-enabled/autoindex.conf has IndexIgnore set to + # ignore all hidden files by default. For +ShowForbidden to be + # practically useful, that entry should be commented out (or + # reset'd with IndexOptionsReset, but only starting from Apache + # 2.3). + + + # override default (Debian) setting in /etc/apache2/apache2.conf + # we want to list .htaccess and friends if they are part of packages. + Require all granted + + + SetHandler None + # ForceType text/plain + + + + Options FollowSymLinks + Require all granted + + + Alias /data/ /srv/sources.debian.org/sources/ + Alias /static/ /srv/sources.debian.org/static/ + + + + Require all granted + + + + WSGIScriptAlias / /srv/sources.debian.org/etc/debsources.wsgi + WSGIProcessGroup sources.debian.org + + +# vim: syntax=apache ts=4 sw=4 sts=4 sr et diff --git a/modules/roles/manifests/debsources.pp b/modules/roles/manifests/debsources.pp new file mode 100644 index 000000000..dd5237e5a --- /dev/null +++ b/modules/roles/manifests/debsources.pp @@ -0,0 +1,13 @@ +class roles::debsources { + ssl::service { 'sources.debian.org': + notify => Exec['service apache2 reload'], + key => true, + } + + include apache2::ssl + package { 'libapache2-mod-wsgi': ensure => installed, } + apache2::site { 'sources.debian.org': + site => 'sources.debian.org', + source => 'puppet:///modules/roles/debsources/sources.debian.org.conf', + } +} diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp index 6b447f9c5..5f843acfd 100644 --- a/modules/roles/manifests/init.pp +++ b/modules/roles/manifests/init.pp @@ -357,4 +357,8 @@ class roles { if has_role('popcon') { include roles::popcon } + + if has_role('debsources') { + include roles::debsources + } }