Pull in people.d.o apache config

[mirror/dsa-puppet.git] / modules / roles / manifests / people.pp

diff --git a/modules/roles/manifests/people.pp b/modules/roles/manifests/people.pp
index 713f1a1..0ab4969 100644 (file)
--- a/modules/roles/manifests/people.pp
+++ b/modules/roles/manifests/people.pp
@@ -1,5 +1,28 @@
-class roles::people {
+# @param listen_addr IP addresses to have apache listen on port 443
+class roles::people (
+  Array[Stdlib::IP::Address] $listen_addr = [],
+) {
   include apache2
+  apache2::module { 'userdir': }
   ssl::service { 'people.debian.org': notify  => Exec['service apache2 reload'], key => true, }
   onion::service { 'people.debian.org': port => 80, target_address => 'people.debian.org', target_port => 80, direct => true }
+
+  $ports = empty($listen_addr) ? {
+    true => ['443'],
+    default => enclose_ipv6($listen_addr).map |$a| { "${a}:443" },
+  }
+  file { '/etc/apache2/ports.conf':
+    content => template('roles/apache-people-ports.conf.erb'),
+  }
+
+  $_enclosed_addresses = empty($listen_addr) ? {
+    true => ['*'],
+    default => enclose_ipv6($listen_addr),
+  }
+  $vhost_listen = $_enclosed_addresses.map |$a| { "${a}:443" } . join(' ')
+  $onion_hn = onion_tor_service_hostname('people.debian.org')
+  apache2::site { 'people.debian.org':
+    site => 'people.debian.org.conf',
+    content => template('roles/apache-people.debian.org.conf.erb'),
+  }
 }