From 843603a55c2c23ca533da697e1fc1e53ecd76f84 Mon Sep 17 00:00:00 2001
From: Stephen Gran <steve@lobefin.net>
Date: Sun, 16 Jun 2013 11:15:59 +0100
Subject: [PATCH] add cache headers to security

Signed-off-by: Stephen Gran <steve@lobefin.net>
---
 modules/apache2/manifests/cache.pp                     |  4 ++++
 .../roles/files/security_mirror/security.debian.org    | 10 ++++++++++
 modules/roles/manifests/security_mirror.pp             |  1 +
 modules/roles/manifests/static_mirror.pp               |  6 +++---
 4 files changed, 18 insertions(+), 3 deletions(-)
 create mode 100644 modules/apache2/manifests/cache.pp

diff --git a/modules/apache2/manifests/cache.pp b/modules/apache2/manifests/cache.pp
new file mode 100644
index 00000000..5a0df057
--- /dev/null
+++ b/modules/apache2/manifests/cache.pp
@@ -0,0 +1,4 @@
+class apache2::cache {
+	apache2::module { 'expires': }
+	apache2::module { 'headers': }
+}
diff --git a/modules/roles/files/security_mirror/security.debian.org b/modules/roles/files/security_mirror/security.debian.org
index d3d3f14f..70cc44f2 100644
--- a/modules/roles/files/security_mirror/security.debian.org
+++ b/modules/roles/files/security_mirror/security.debian.org
@@ -23,8 +23,18 @@
    ServerAlias security-nagios.debian.org
    ServerAlias security-fastly.debian.org
 
+   ExpiresActive On
+   ExpiresDefault "access plus 2 minutes"
+
    Alias /debian-security /org/security.debian.org/ftp
 
+   <Directory /org/security.debian.org/ftp/pool>
+       <FilesMatch "\.(bz2|gz|deb|dsc|xz)$">
+           ExpiresDefault "access plus 1 month"
+           Header append Cache-Control "public"
+       </FilesMatch>
+   </Directory>
+
    RewriteEngine on
    RewriteRule ^/$      http://www.debian.org/security/
 
diff --git a/modules/roles/manifests/security_mirror.pp b/modules/roles/manifests/security_mirror.pp
index 9b85cb5f..0bad766f 100644
--- a/modules/roles/manifests/security_mirror.pp
+++ b/modules/roles/manifests/security_mirror.pp
@@ -1,5 +1,6 @@
 class roles::security_mirror {
 
+	include apache2::cache
 	apache2::site { '010-security.debian.org':
 		site   => 'security.debian.org',
 		source => 'puppet:///modules/roles/security_mirror/security.debian.org'
diff --git a/modules/roles/manifests/static_mirror.pp b/modules/roles/manifests/static_mirror.pp
index 240a6bf0..7d0cfb32 100644
--- a/modules/roles/manifests/static_mirror.pp
+++ b/modules/roles/manifests/static_mirror.pp
@@ -1,6 +1,7 @@
 class roles::static_mirror {
 
 	include roles::static_source
+	include apache2::cache
 
 	package { 'libapache2-mod-macro': ensure => installed, }
 	package { 'libapache2-mod-geoip': ensure => installed, }
@@ -8,7 +9,6 @@ class roles::static_mirror {
 
 	apache2::module { 'macro': require => Package['libapache2-mod-macro']; }
 	apache2::module { 'rewrite': }
-	apache2::module { 'expires': }
 	apache2::module { 'geoip': require => [Package['libapache2-mod-geoip'], Package['geoip-database']]; }
 
 	file { '/usr/local/bin/static-mirror-run':
@@ -32,7 +32,7 @@ class roles::static_mirror {
 		default => '*:80',
 	}
 
-	apache2::config { "local-static-vhost.conf":
+	apache2::config { 'local-static-vhost.conf':
 		content => template('roles/static-mirroring/static-vhost.conf.erb'),
 	}
 
@@ -42,7 +42,7 @@ class roles::static_mirror {
 	}
 
 	apache2::site { '010-static-vhosts-simple':
-		site => "static-vhosts-simple",
+		site => 'static-vhosts-simple',
 		content => template('roles/static-mirroring/vhost/static-vhosts-simple.erb'),
 	}
 
-- 
2.39.2