Puppet Class: profile::mirrors::serve
- Defined in:
- modules/profile/manifests/mirrors/serve.pp
Overview
SPDX-License-Identifier: Apache-2.0
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
# File 'modules/profile/manifests/mirrors/serve.pp', line 2
class profile::mirrors::serve {
class { '::sslcert::dhparam': }
acme_chief::cert { 'mirrors':
puppet_svc => 'apache2',
}
ensure_packages('apache2')
class { '::httpd':
modules => ['ssl', 'macro', 'headers'],
}
profile::auto_restarts::service { 'apache2': }
httpd::site { 'mirrors':
content => epp(
'profile/mirrors/mirrors.wikimedia.org.conf.epp',
{ 'ssl_settings' => ssl_ciphersuite('apache', 'strong', true) },
),
}
file { '/srv/mirrors/index.html':
ensure => present,
owner => 'root',
group => 'root',
mode => '0444',
source => 'puppet:///modules/profile/mirrors/index.html',
}
class { 'rsync::server': }
profile::auto_restarts::service { 'rsync': }
firewall::service { 'mirrors_http':
proto => 'tcp',
port => [80,443],
}
firewall::service { 'mirrors_rsync':
proto => 'tcp',
port => 873,
}
prometheus::blackbox::check::http { 'mirrors.wikimedia.org':
team => 'infrastructure-foundations',
severity => 'critical',
path => '/',
ip_families => ['ip4','ip6'],
force_tls => true,
status_matches => [200],
body_regex_matches => ['Welcome to mirrors'],
}
}
|