From d37aae2f20083c472de30925ff3e16a692408a11 Mon Sep 17 00:00:00 2001
From: Julien Cristau <jcristau@debian.org>
Date: Tue, 8 Oct 2019 16:14:14 +0200
Subject: [PATCH] Generate the apache ACL for draghi's "restricted" repo
 (RT#7962)

---
 modules/debian_org/manifests/apt_restricted.pp | 9 +++++++++
 modules/roles/manifests/dbmaster.pp            | 7 +++++++
 2 files changed, 16 insertions(+)

diff --git a/modules/debian_org/manifests/apt_restricted.pp b/modules/debian_org/manifests/apt_restricted.pp
index b76d5b094..ed5c0a0b6 100644
--- a/modules/debian_org/manifests/apt_restricted.pp
+++ b/modules/debian_org/manifests/apt_restricted.pp
@@ -4,4 +4,13 @@ class debian_org::apt_restricted {
 		suite      => "${::lsbdistcodename}-restricted",
 		components => 'non-free',
 	}
+
+	@@concat::fragment { "debian_org::apt_restricted::apache-acl::host::${name}":
+		tag        => 'debian_org::apt_restricted::apache-acl',
+		target     => '/etc/apache2/conf-available/puppet-restricted-acl.conf',
+		content    => @("EOF"),
+			# ${::fqdn}
+			Require ip ${::base::public_addresses}
+			| EOF
+	}
 }
diff --git a/modules/roles/manifests/dbmaster.pp b/modules/roles/manifests/dbmaster.pp
index e78167a75..f207b21ba 100644
--- a/modules/roles/manifests/dbmaster.pp
+++ b/modules/roles/manifests/dbmaster.pp
@@ -60,4 +60,11 @@ class roles::dbmaster {
   ferm::rule::simple { 'ldap':
     port => ['ldap', 'ldaps'],
   }
+
+  concat { '/etc/apache2/conf-available/puppet-restricted-acl.conf':
+    mode           => '0444',
+    ensure_newline => true,
+    warn           => '# This file is maintained with puppet',
+  }
+  Concat::Fragment <<| tag == 'debian_org::apt_restricted::apache-acl' |>>
 }
-- 
2.20.1