From: Peter Palfrader <peter@palfrader.org>
Date: Tue, 31 Jan 2017 20:43:44 +0000 (+0100)
Subject: let new cdimage-search do https and onion
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=e9830a97cadd030be3c0ed1e2d312b4ceaedcca9;p=mirror%2Fdsa-puppet.git

let new cdimage-search do https and onion
---

diff --git a/modules/roles/manifests/cdimage_search.pp b/modules/roles/manifests/cdimage_search.pp
index 162edcfe7..9c1859ceb 100644
--- a/modules/roles/manifests/cdimage_search.pp
+++ b/modules/roles/manifests/cdimage_search.pp
@@ -1,10 +1,14 @@
 class roles::cdimage_search {
 	include apache2::proxy_http
+	include apache2::ssl
 
 	package { 'debian.org-cdimage-search.debian.org': ensure => installed, }
 
+	ssl::service { 'cdimage-search.debian.org': notify  => Exec['service apache2 reload'], key => true, }
 	apache2::site { '010-cdimage-search.debian.org':
 		site   => 'cdimage-search.debian.org',
 		content => template('roles/apache-cdimage-search.debian.org.conf.erb')
 	}
+
+	onion::service { 'cdimage-search.debian.org': port => 80, target_address => 'cdimage-search.debian.org', target_port => 80, direct => true }
 }
diff --git a/modules/roles/templates/apache-cdimage-search.debian.org.conf.erb b/modules/roles/templates/apache-cdimage-search.debian.org.conf.erb
index f6ce99173..d41efba88 100644
--- a/modules/roles/templates/apache-cdimage-search.debian.org.conf.erb
+++ b/modules/roles/templates/apache-cdimage-search.debian.org.conf.erb
@@ -1,9 +1,14 @@
-<VirtualHost *:80>
+##
+### THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+### USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+###
+
+<Macro vhost-inner-cdimage-search.debian.org>
 	ServerAdmin debian-cd@lists.debian.org
 	DocumentRoot /srv/cdimage-search.debian.org/htdocs
-	ServerName cdimage-search.debian.org
+
 	ErrorLog /var/log/apache2/cdimage-search.debian.org-error.log
-	CustomLog /var/log/apache2/cdimage-search.debian.org-access.log combined
+	CustomLog /var/log/apache2/cdimage-search.debian.org-access.log privacy
 
 	ScriptAlias /cgi-bin/ /srv/cdimage-search.debian.org/cgi-bin/
 	<Directory "/srv/cdimage-search.debian.org/cgi-bin">
@@ -19,6 +24,25 @@
 
 	RewriteEngine On
 	RewriteRule ^/$ /cgi-bin/find_file.cgi [PT]
+</Macro>
+
+Use common-debian-service-https-redirect * cdimage-search.debian.org
+
+<VirtualHost *:443>
+	ServerName cdimage-search.debian.org
+	Use common-debian-service-ssl cdimage-search.debian.org
+	Use common-ssl-HSTS
+	Use http-pkp-cdimage-search.debian.org
+	Use vhost-inner-cdimage-search.debian.org
+</VirtualHost>
+
+<% if scope.function_onion_global_service_hostname(['cdimage-search.debian.org']) -%>
+<Virtualhost *:80>
+	ServerName <%= scope.function_onion_global_service_hostname(['cdimage-search.debian.org']) %>
+	Use vhost-inner-cdimage-search.debian.org
 </VirtualHost>
 
+<% end %>
+
+
 # vim:set syn=apache: