Aptly server with mirror definitions
diff --git a/aptly/server/single.yml b/aptly/server/single.yml
new file mode 100644
index 0000000..f004402
--- /dev/null
+++ b/aptly/server/single.yml
@@ -0,0 +1,79 @@
+classes:
+- service.aptly.server.single
+- system.nginx.server.single
+- service.iptables.server
+parameters:
+ _param:
+ aptly_gpg_passphrase:
+ nginx_aptly_server_host: ${linux:network:fqdn}
+ iptables:
+ service:
+ enabled: true
+ chain:
+ INPUT:
+ rules:
+ # Only local network can access WebDav and aptly API
+ - destination_port: 8088
+ protocol: tcp
+ source_network: 10.0.107.0/24
+ jump: ACCEPT
+ - destination_port: 8088
+ protocol: tcp
+ source_network: 185.22.96.0/22
+ jump: ACCEPT
+ - destination_port: 8088
+ protocol: tcp
+ source_network: 10.0.174.0/23
+ jump: ACCEPT
+ - destination_port: 8088
+ protocol: tcp
+ source_network: 10.0.175.0/23
+ jump: ACCEPT
+ - destination_port: 8088
+ protocol: tcp
+ jump: DROP
+ - destination_port: 8081
+ protocol: tcp
+ source_network: 10.0.107.0/24
+ jump: ACCEPT
+ - destination_port: 8081
+ protocol: tcp
+ source_network: 10.0.174.0/23
+ jump: ACCEPT
+ - destination_port: 8081
+ protocol: tcp
+ source_network: 10.0.175.0/23
+ jump: ACCEPT
+ - destination_port: 8081
+ protocol: tcp
+ jump: DROP
+ nginx:
+ server:
+ site:
+ aptly_server:
+ enabled: true
+ type: aptly
+ name: server
+ host:
+ name: ${_param:nginx_aptly_server_host}
+ aptly_api:
+ enabled: true
+ check: false
+ type: nginx_proxy
+ name: aptly_api
+ proxy:
+ host: 127.0.0.1
+ port: 8080
+ protocol: http
+ size: 1G
+ host:
+ name: ${_param:nginx_aptly_server_host}
+ port: 8081
+ aptly:
+ server:
+ enabled: true
+ secure: true
+ gpg_keypair_id: ${_param:aptly_gpg_keypair_id}
+ gpg_passphrase: ${_param:gpg_passphrase}
+ gpg_public_key: ${_param:aptly_gpg_public_key}
+ gpg_private_key: ${_param:aptly_gpg_private_key}