From 47ef30bef77893865ca0d1a852d5a79b02d78eee Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 31 Jan 2016 18:13:39 +0100
Subject: [PATCH] Add debtags role

---
 hieradata/common.yaml                         |  2 +
 .../roles/files/debtags/debtags.debian.org    | 41 +++++++++++++++++++
 modules/roles/manifests/debtags.pp            | 13 ++++++
 modules/roles/manifests/init.pp               |  4 ++
 4 files changed, 60 insertions(+)
 create mode 100644 modules/roles/files/debtags/debtags.debian.org
 create mode 100644 modules/roles/manifests/debtags.pp

diff --git a/hieradata/common.yaml b/hieradata/common.yaml
index 7621a3cc0..fb417f689 100644
--- a/hieradata/common.yaml
+++ b/hieradata/common.yaml
@@ -21,6 +21,8 @@ roles:
     - nono.debian.org
   dbmaster:
     - draghi.debian.org
+  debtags:
+    - tate.debian.org
   dns_primary:
     - denis.debian.org
   dns_geo:
diff --git a/modules/roles/files/debtags/debtags.debian.org b/modules/roles/files/debtags/debtags.debian.org
new file mode 100644
index 000000000..aba7496c3
--- /dev/null
+++ b/modules/roles/files/debtags/debtags.debian.org
@@ -0,0 +1,41 @@
+Use common-debian-service-https-redirect * debtags.debian.org
+
+WSGIDaemonProcess debtags.debian.org user=nobody group=debtags home=/ processes=2 threads=5 maximum-requests=5000 inactivity-timeout=1800 umask=0077 display-name=wsgi-debtags.debian.org
+
+<VirtualHost *:443>
+	ServerName debtags.debian.org
+	ServerAdmin debian-admin@lists.debian.org
+
+	Use common-debian-service-ssl debtags.debian.org
+	Use common-ssl-HSTS
+
+	SSLCACertificateFile /var/lib/dsa/sso/ca.crt
+	SSLCARevocationCheck chain
+	SSLCARevocationFile /var/lib/dsa/sso/ca.crl
+	SSLVerifyClient optional
+
+	SSLOptions +StdEnvVars
+
+	<IfModule mod_userdir.c>
+		UserDir disabled
+	</IfModule>
+	ErrorLog /var/log/apache2/debtags.debian.org-error.log
+	CustomLog /var/log/apache2/debtags.debian.org-access.log privacy
+	ServerSignature On
+
+
+	<Directory /srv/debtags.debian.net/htdocs>
+		Require all granted
+	</Directory>
+
+	<Directory /srv/debtags.debian.net/bin>
+		<Files debtags.wsgi>
+			Require all granted
+		</Files>
+	</Directory>
+
+	WSGIScriptAlias / /srv/debtags.debian.net/bin/debtags.wsgi
+	WSGIProcessGroup debtags.debian.net
+	WSGIPassAuthorization On
+</VirtualHost>
+
diff --git a/modules/roles/manifests/debtags.pp b/modules/roles/manifests/debtags.pp
new file mode 100644
index 000000000..945ed2a84
--- /dev/null
+++ b/modules/roles/manifests/debtags.pp
@@ -0,0 +1,13 @@
+class roles::debtags {
+	apache2::module { 'ssl': }
+	package { 'libapache2-mod-wsgi': ensure => installed, }
+
+	ssl::service { 'debtags.debian.org':
+		notify => Service['apache2'],
+	}
+
+	apache2::site { '010-debtags.debian.org':
+		site    => 'debtags.debian.org',
+		source => 'puppet:///modules/roles/debtags/debtags.debian.org',
+	}
+}
diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp
index 9bdb11d3c..487430a0d 100644
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -284,4 +284,8 @@ class roles {
 	if has_role('httpredir') {
 		include roles::httpredir
 	}
+
+	if has_role('debtags') {
+		include roles::debtags
+	}
 }
-- 
2.20.1