Verified Commit febfc563 authored by Giancarlo Razzolini's avatar Giancarlo Razzolini
Browse files

roles/dbscripts: Template rsyncd.conf.proto to allow apollo to kitchesink....

roles/dbscripts: Template rsyncd.conf.proto to allow apollo to kitchesink. Also change gen_rsyncd.conf.pl to use ssl only when enabled.
parent 6cdb0616
......@@ -172,10 +172,11 @@
file: path=/etc/rsyncd-conf-genscripts state=directory owner=root group=root mode=0700
- name: install rsync.conf.proto
copy: src=rsyncd.conf.proto dest=/etc/rsyncd-conf-genscripts/rsyncd.conf.proto owner=root group=root mode=0644
template: src=rsyncd.conf.proto.j2 dest=/etc/rsyncd-conf-genscripts/rsyncd.conf.proto owner=root group=root mode=0644
- name: install rsyncd.secrets
copy: src=rsyncd.secrets dest=/etc/rsyncd.secrets owner=root group=root mode=0600
no_log: true
- name: configure gen_rsyncd.conf.pl
template: src=gen_rsyncd.conf.pl dest=/etc/rsyncd-conf-genscripts/gen_rsyncd.conf.pl owner=root group=root mode=0700
......
......@@ -8,7 +8,7 @@ use Data::Dumper;
# TODO put these into credentials.ini and use Config::Simple to read it
my $user = '{{ archweb_db_dbscripts_user }}';
my $pass = '{{ archweb_db_dbscripts_password }}';
my $db = 'DBI:Pg:dbname={{ archweb_db }};host={{ archweb_db_host }};sslmode=require';
my $db = 'DBI:Pg:dbname={{ archweb_db }};host={{ archweb_db_host }}{% if postgres_ssl == 'on' %};sslmode=require{% endif %}';
my $scriptdir="/etc/rsyncd-conf-genscripts";
my $infile="$scriptdir/rsyncd.conf.proto";
......
# DO NOT CHANGE rsync.conf, CHANGE rsync.conf.proto INSTEAD!
# Hosts are managed by archweb, talk to someone that has permission to
# play with mirrors to get new IP addresses added.
use chroot = no
max connections = 12
lock file = /var/run/rsyncd/main.lock
syslog facility = local5
pid file = /var/run/rsyncd.pid
#transfer logging = yes
transfer logging = no
motd file = /etc/rsyncd.motd
timeout = 600
# ALLOW ONLY TIERED MIRRORS
# This effectively disables all sections but abs, *_tier1 and *_auth
# We keep the configuration around in case we need to revert again
hosts allow = 127.0.0.1
# DENY THE REST
hosts deny = *
# ABS
[abs]
path = /srv/abs/rsync
comment = ABS rsync
list = false
exclude = CVS .svn .~tmp~
hosts allow = *
read only = true
refuse options = c compress
dont compress = *
max connections = 50
transfer logging = no
lock file = /var/run/rsyncd/abs.lock
# Just the release/stable iso/packages (for most mirrors)
[ftp]
path = /srv/ftp
comment = ftp area (most mirrors should use this)
exclude = /archive/ /other/ /sources/
[ftp_tier1]
path = /srv/ftp
comment = ftp area (most mirrors should use this)
exclude = /archive/ /other/ /sources/
hosts allow = @@ALLOWHOSTS_TIER1@@
max connections = 0
[ftp_auth]
path = /srv/ftp
comment = ftp area, passworded (same as 'ftp')
exclude = /archive/ /other/ /sources/
hosts allow = *
auth users = *
secrets file = /etc/rsyncd.secrets
max connections = 0
# The whole she-bang, except /sources
[ftpfull]
path = /srv/ftp
comment = ftp area (everything, including very old versions, except sources)
exclude = /sources/
[ftpfull_tier1]
path = /srv/ftp
comment = ftp area (everything, including very old versions, except sources)
exclude = /sources/
hosts allow = @@ALLOWHOSTS_TIER1@@
max connections = 0
[ftpfull_auth]
path = /srv/ftp
comment = ftp area (everything, including very old versions, except sources)
exclude = /sources/
hosts allow = *
auth users = *
secrets file = /etc/rsyncd.secrets
max connections = 0
# The whole she-bang
[kitchensink]
path = /srv/ftp
comment = ftp area (everything, including very old versions)
hosts allow = {{ hostvars['apollo.archlinux.org']['ipv4_address'] }} {{ hostvars['apollo.archlinux.org']['ipv6_address'] }}
[kitchensink_tier1]
path = /srv/ftp
comment = ftp area (everything, including very old versions)
hosts allow = @@ALLOWHOSTS_TIER1@@
max connections = 0
[kitchensink_auth]
path = /srv/ftp
comment = ftp area (everything, including very old versions)
hosts allow = *
auth users = *
secrets file = /etc/rsyncd.secrets
max connections = 0
# Special module for ftp.archlinux.org only, allows it to always get through
[ftp-archlinux]
hosts allow = 209.85.41.143 209.85.41.144 209.85.41.145
max connections = 4
lock file = /var/run/rsyncd/archftp.lock
path = /srv/ftp
list = false
comment = ftp (priority) for ftp.archlinux.org
exclude = /archive/
# Individual repositories
[core]
path = /srv/ftp/core
comment = core repository
[extra]
path = /srv/ftp/extra
comment = extra repository
[community]
path = /srv/ftp/community
comment = community repository
[testing]
path = /srv/ftp/testing
comment = testing repository
[community-testing]
path = /srv/ftp/community-testing
comment = community-testing repository
[communitysvn]
path = /srv/repos/svn-community/svn/
comment = community svn rep
hosts allow = 66.211.214.132
[packagessvn]
path = /srv/repos/svn-packages/svn/
comment = community svn rep
hosts allow = 66.211.214.132
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment