From a2af87cead2d5689350bd1c0c0ed0abec3add59b Mon Sep 17 00:00:00 2001
From: Julien Cristau <jcristau@debian.org>
Date: Fri, 8 Nov 2019 10:41:03 +0100
Subject: [PATCH] Import db.d.o apache vhost into puppet

---
 .../files/dbmaster/apache-db.debian.org.conf  | 87 +++++++++++++++++++
 modules/roles/manifests/dbmaster.pp           |  5 ++
 2 files changed, 92 insertions(+)
 create mode 100644 modules/roles/files/dbmaster/apache-db.debian.org.conf

diff --git a/modules/roles/files/dbmaster/apache-db.debian.org.conf b/modules/roles/files/dbmaster/apache-db.debian.org.conf
new file mode 100644
index 000000000..70fc50843
--- /dev/null
+++ b/modules/roles/files/dbmaster/apache-db.debian.org.conf
@@ -0,0 +1,87 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+##
+
+<Macro db.d.o-common>
+  ServerAdmin debian-admin@lists.debian.org
+  ServerName db.debian.org
+
+  Alias /debian-admin/ /srv/db.debian.org/ftp-archive/archive/
+
+  <Directory /srv/db.debian.org/ftp-archive/archive>
+    DirectoryIndex index.html
+    Require all granted
+    Options +Indexes
+  </Directory>
+  <DirectoryMatch /srv/db.debian.org/ftp-archive/archive/pool/.*-restricted>
+    Require all denied
+    Use dsa-apt-restricted-acl
+    Options +Indexes
+  </DirectoryMatch>
+
+  Header always set Content-Security-Policy: "default-src 'self'; img-src 'self' data:"
+</Macro>
+
+
+<VirtualHost *:80>
+  Use db.d.o-common
+
+  RewriteEngine On
+  RewriteCond %{REQUEST_FILENAME} !/debian-admin/
+  RewriteRule /(.*) https://db.debian.org/$1 [L,R=302]
+</VirtualHost>
+
+
+
+<VirtualHost *:443>
+  Use db.d.o-common
+
+  DocumentRoot /var/www/userdir-ldap
+
+  CustomLog /var/log/apache2/access.log combined
+  ErrorLog /var/log/apache2/error.log
+  LogLevel warn
+
+  Use common-debian-service-ssl db.debian.org
+  Use common-ssl-HSTS
+  Use http-pkp-db.debian.org
+
+  DirectoryIndex index.html search.cgi
+
+  <Directory /var/www/userdir-ldap>
+    Options +ExecCGI
+    AllowOverride All
+    AddHandler cgi-script .cgi
+  </Directory>
+
+  # git stuff
+  #################
+  <Directory /srv/db.debian.org/git>
+    DirectoryIndex index.html
+    Require all granted
+  </Directory>
+
+  Alias /git-classic/ /srv/db.debian.org/git/
+
+  SetEnv GIT_PROJECT_ROOT /srv/db.debian.org/git
+  AliasMatch ^/git/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$          /srv/db.debian.org/git/$1
+  AliasMatch ^/git/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /srv/db.debian.org/git/$1
+  ScriptAlias /git/ /usr/lib/git-core/git-http-backend/
+  <Directory /usr/lib/git-core>
+    Require all granted
+  </Directory>
+
+
+  # The rewrite is just there so we get a directory index.
+  RewriteEngine on
+  RewriteRule ^/git$ /git/ [R]
+  RewriteRule ^/git/$ /git-classic/ [PT]
+
+  #################
+  Alias /bzr /srv/db.debian.org/bzr/
+  <Directory /srv/db.debian.org/bzr>
+    DirectoryIndex index.html
+  </Directory>
+</VirtualHost>
+
+# vim:ft=apache:
diff --git a/modules/roles/manifests/dbmaster.pp b/modules/roles/manifests/dbmaster.pp
index 2b9bf7f19..3e8d32140 100644
--- a/modules/roles/manifests/dbmaster.pp
+++ b/modules/roles/manifests/dbmaster.pp
@@ -61,6 +61,11 @@ class roles::dbmaster {
     port => ['ldap', 'ldaps'],
   }
 
+  apache2::site { 'db.debian.org':
+    site   => 'db.debian.org.conf',
+    source => 'puppet:///modules/roles/dbmaster/apache-db.debian.org.conf',
+  }
+
   concat { '/etc/apache2/conf-available/puppet-restricted-acl.conf':
     mode           => '0444',
     ensure_newline => true,
-- 
2.20.1