From 53787787136a5e947615d5445ad6015074fc2576 Mon Sep 17 00:00:00 2001
From: Paul Wise <pabs@debian.org>
Date: Sat, 10 Jun 2017 11:30:57 +0800
Subject: [PATCH] Update the setup for archive.debian.net

Factor out the config into an apache2 macro.

Make the 503 error message more generic so it can be used anywhere.
---
 modules/apache2/files/disabled-service         | 18 ++++++++++++++++++
 modules/apache2/manifests/init.pp              |  4 ++++
 .../503.html                                   |  4 ++--
 modules/roles/manifests/static_mirror.pp       | 13 ++++++++++---
 .../vhost/static-vhosts-simple.erb             | 18 +-----------------
 5 files changed, 35 insertions(+), 22 deletions(-)
 create mode 100644 modules/apache2/files/disabled-service
 rename modules/roles/files/static-htdocs/{archive.debian.net => disabled-service}/503.html (88%)

diff --git a/modules/apache2/files/disabled-service b/modules/apache2/files/disabled-service
new file mode 100644
index 000000000..74fabe8a8
--- /dev/null
+++ b/modules/apache2/files/disabled-service
@@ -0,0 +1,18 @@
+<IfModule mod_macro.c>
+  <Macro common-disabled-service>
+    <IfModule mod_userdir.c>
+      UserDir disabled
+    </IfModule>
+    DocumentRoot /srv/static.debian.org/puppet/disabled-service
+    <Directory /srv/static.debian.org/puppet/disabled-service>
+      AllowOverride FileInfo Indexes Options=Multiviews
+      Options Indexes SymLinksIfOwnerMatch
+      Require all granted
+    </Directory>
+    RedirectMatch 503 ^/(?!503\.html)
+    ErrorDocument 503 /503.html
+    <IfModule mod_headers.c>
+      Header always set Retry-After "18000"
+    </IfModule>
+  </Macro>
+</IfModule>
diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp
index f279cde4c..129c9d584 100644
--- a/modules/apache2/manifests/init.pp
+++ b/modules/apache2/manifests/init.pp
@@ -97,6 +97,10 @@ class apache2 {
 		source => 'puppet:///modules/apache2/headers',
 	}
 
+	apache2::config { 'disabled-service':
+		source => 'puppet:///modules/apache2/disabled-service',
+	}
+
 	apache2::module { 'mpm_event': ensure => absent }
 	if has_role('apache_prefork') {
 		apache2::module { 'mpm_worker': ensure => absent }
diff --git a/modules/roles/files/static-htdocs/archive.debian.net/503.html b/modules/roles/files/static-htdocs/disabled-service/503.html
similarity index 88%
rename from modules/roles/files/static-htdocs/archive.debian.net/503.html
rename to modules/roles/files/static-htdocs/disabled-service/503.html
index 6cb5cda6b..ee0754d82 100644
--- a/modules/roles/files/static-htdocs/archive.debian.net/503.html
+++ b/modules/roles/files/static-htdocs/disabled-service/503.html
@@ -1,11 +1,11 @@
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
 <HTML>
 <HEAD>
-   <TITLE>Welcome to archive.debian.net!</TITLE>
+   <TITLE>Service disabled!</TITLE>
 </HEAD>
 <BODY>
 
-<H1>Welcome to archive.debian.net!</H1>
+<H1>Service disabled!</H1>
 
 Unfortunately, this service is not available at this time.  It is not
 known when its maintainer will be able to provide it again.
diff --git a/modules/roles/manifests/static_mirror.pp b/modules/roles/manifests/static_mirror.pp
index 77a01ee07..53fdf8334 100644
--- a/modules/roles/manifests/static_mirror.pp
+++ b/modules/roles/manifests/static_mirror.pp
@@ -193,17 +193,24 @@ class roles::static_mirror {
 		onion::service { 'planet.debian.org'             : ensure => "ifstatic", port => 80, target_port => 80, target_address => $onion_v4_addr }
 	}
 
-	ssl::service { 'archive.debian.net': ensure => present, notify  => Exec['service apache2 reload'], key => true, }
 	file { '/srv/static.debian.org/puppet':
 		ensure => directory,
 		mode   => '02755'
 	}
-	file { '/srv/static.debian.org/puppet/archive.debian.net':
+	file { '/srv/static.debian.org/puppet/disabled-service':
 		ensure => directory,
 		mode   => '02755'
 	}
+	file { '/srv/static.debian.org/puppet/disabled-service/503.html':
+		source => 'puppet:///modules/roles/static-htdocs/disabled-service/503.html',
+	}
+
+	ssl::service { 'archive.debian.net': ensure => present, notify  => Exec['service apache2 reload'], key => true, }
+	file { '/srv/static.debian.org/puppet/archive.debian.net':
+		ensure => absent,
+	}
 	file { '/srv/static.debian.org/puppet/archive.debian.net/503.html':
-		source => 'puppet:///modules/roles/static-htdocs/archive.debian.net/503.html',
+		ensure => absent,
 	}
 
 }
diff --git a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
index 4c33fe192..506f95a7a 100644
--- a/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
+++ b/modules/roles/templates/static-mirroring/vhost/static-vhosts-simple.erb
@@ -337,25 +337,9 @@ Use common-dsa-vhost-https-redirect archive.debian.net
 	ServerAdmin debian-admin@debian.org
 	ErrorLog /var/log/apache2/archive.debian.net-error.log
 	CustomLog /var/log/apache2/archive.debian.net-access.log privacyssl
-
 	Use common-debian-service-ssl archive.debian.net
 	Use common-ssl-HSTS
-
-	<IfModule mod_userdir.c>
-		UserDir disabled
-	</IfModule>
-	ServerSignature On
-
-	DocumentRoot /srv/static.debian.org/puppet/archive.debian.net
-	<Directory /srv/static.debian.org/puppet/archive.debian.net>
-		AllowOverride FileInfo Indexes Options=Multiviews
-		Options Indexes SymLinksIfOwnerMatch
-		Require all granted
-	</Directory>
-
-	RedirectMatch 503 ^/(?!503\.html)
-	ErrorDocument 503 /503.html
-	Header always set Retry-After "18000"
+	Use common-disabled-service
 </VirtualHost>
 
 
-- 
2.20.1