Generate the apache ACL for draghi's "restricted" repo (RT#7962)

diff --git a/modules/debian_org/manifests/apt_restricted.pp b/modules/debian_org/manifests/apt_restricted.pp
index b76d5b0..ed5c0a0 100644 (file)
--- a/modules/debian_org/manifests/apt_restricted.pp
+++ b/modules/debian_org/manifests/apt_restricted.pp
@@ -4,4 +4,13 @@ class debian_org::apt_restricted {
                suite      => "${::lsbdistcodename}-restricted",
                components => 'non-free',
        }
                suite      => "${::lsbdistcodename}-restricted",
                components => 'non-free',
        }

+
+       @@concat::fragment { "debian_org::apt_restricted::apache-acl::host::${name}":
+               tag        => 'debian_org::apt_restricted::apache-acl',
+               target     => '/etc/apache2/conf-available/puppet-restricted-acl.conf',
+               content    => @("EOF"),
+                       # ${::fqdn}
+                       Require ip ${::base::public_addresses}
+                       | EOF
+       }

 }
 }

diff --git a/modules/roles/manifests/dbmaster.pp b/modules/roles/manifests/dbmaster.pp
index e78167a..f207b21 100644 (file)
--- a/modules/roles/manifests/dbmaster.pp
+++ b/modules/roles/manifests/dbmaster.pp
@@ -60,4 +60,11 @@ class roles::dbmaster {
   ferm::rule::simple { 'ldap':
     port => ['ldap', 'ldaps'],
   }
   ferm::rule::simple { 'ldap':
     port => ['ldap', 'ldaps'],
   }

+
+  concat { '/etc/apache2/conf-available/puppet-restricted-acl.conf':
+    mode           => '0444',
+    ensure_newline => true,
+    warn           => '# This file is maintained with puppet',
+  }
+  Concat::Fragment <<| tag == 'debian_org::apt_restricted::apache-acl' |>>

 }
 }