modules/roles/manifests/security_tracker.pp

   1 class roles::security_tracker {
   2         include apache2::ssl
   3         include apache2::proxy_http
   4         include apache2::expires
   5
   6         ssl::service { 'security-tracker.debian.org':
   7                 notify  => Exec['service apache2 reload'],
   8                 key => true,
   9         }
  10
  11         apache2::site { 'security-tracker.debian.org':
  12                 site   => 'security-tracker.debian.org',
  13                 content => template('roles/apache-security-tracker.debian.org.conf.erb')
  14         }
  15
  16         # traffic shaping http traffic
  17         @ferm::rule { 'dsa-security-tracker-shape':
  18                 table => 'mangle',
  19                 chain => 'OUTPUT',
  20                 rule  => "proto tcp dport 443 MARK set-mark 20",
  21         }
  22
  23         file { '/usr/local/sbin/traffic-shape':
  24                 mode   => '0755',
  25                 content => template('roles/security-tracker/traffic-shape'),
  26                 notify => Exec['/usr/local/sbin/traffic-shape'],
  27         }
  28         exec { '/usr/local/sbin/traffic-shape':
  29                 refreshonly => true
  30         }
  31 }