Generate the apache ACL for draghi's "restricted" repo (RT#7962)

[mirror/dsa-puppet.git] / modules / roles / manifests / dbmaster.pp

diff --git a/modules/roles/manifests/dbmaster.pp b/modules/roles/manifests/dbmaster.pp
index c948923..f207b21 100644 (file)
--- a/modules/roles/manifests/dbmaster.pp
+++ b/modules/roles/manifests/dbmaster.pp
@@ -48,4 +48,23 @@ class roles::dbmaster {
     key         => $facts['dsa_key'],
     collect_tag => 'puppetmaster',
   }
+
+  exim::vdomain { 'db.debian.org':
+    mail_user  => 'mail_db',
+    mail_group => 'nogroup',
+  }
+
+  ferm::rule::simple { 'finger':
+    port => 'finger',
+  }
+  ferm::rule::simple { 'ldap':
+    port => ['ldap', 'ldaps'],
+  }
+
+  concat { '/etc/apache2/conf-available/puppet-restricted-acl.conf':
+    mode           => '0444',
+    ensure_newline => true,
+    warn           => '# This file is maintained with puppet',
+  }
+  Concat::Fragment <<| tag == 'debian_org::apt_restricted::apache-acl' |>>
 }