From 0f706377a1cf1612fe2d89716ed9f8af3accbdc7 Mon Sep 17 00:00:00 2001
From: Tristan Helmich <tristan.helmich@mayflower.de>
Date: Mon, 27 Jan 2014 16:57:38 +0100
Subject: [PATCH 1/2] Move ipv6only=on option from template into puppet See
 jfryman#30

---
 manifests/resource/mailhost.pp       | 4 ++--
 manifests/resource/vhost.pp          | 4 ++--
 templates/mailhost/mailhost.erb      | 2 +-
 templates/mailhost/mailhost_ssl.erb  | 2 +-
 templates/vhost/vhost_header.erb     | 2 +-
 templates/vhost/vhost_ssl_header.erb | 2 +-
 6 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/manifests/resource/mailhost.pp b/manifests/resource/mailhost.pp
index c2af3df4f..eaeac0e87 100644
--- a/manifests/resource/mailhost.pp
+++ b/manifests/resource/mailhost.pp
@@ -49,7 +49,7 @@
   $ipv6_enable         = false,
   $ipv6_listen_ip      = '::',
   $ipv6_listen_port    = '80',
-  $ipv6_listen_options = 'default',
+  $ipv6_listen_options = 'default ipv6only=on',
   $ssl                 = false,
   $ssl_cert            = undef,
   $ssl_key             = undef,
@@ -64,7 +64,7 @@
     group => 'root',
     mode  => '0644',
   }
-  
+
   if !is_integer($listen_port) {
     fail('$listen_port must be an integer.')
   }
diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp
index aa0b55638..8e2531cb3 100644
--- a/manifests/resource/vhost.pp
+++ b/manifests/resource/vhost.pp
@@ -45,7 +45,7 @@
 #     for SSL Support. This is not generated by this module.
 #   [*ssl_dhparam*]         - This directive specifies a file containing
 #     Diffie-Hellman key agreement protocol cryptographic parameters, in PEM
-#     format, utilized for exchanging session keys between server and client. 
+#     format, utilized for exchanging session keys between server and client.
 #   [*ssl_key*]             - Pre-generated SSL Key file to reference for SSL
 #     Support. This is not generated by this module.
 #   [*ssl_port*]            - Default IP Port for NGINX to listen with this SSL
@@ -124,7 +124,7 @@
   $ipv6_enable            = false,
   $ipv6_listen_ip         = '::',
   $ipv6_listen_port       = '80',
-  $ipv6_listen_options    = 'default',
+  $ipv6_listen_options    = 'default ipv6only=on',
   $add_header             = undef,
   $ssl                    = false,
   $ssl_cert               = undef,
diff --git a/templates/mailhost/mailhost.erb b/templates/mailhost/mailhost.erb
index 6cd05e798..a6bab3f93 100644
--- a/templates/mailhost/mailhost.erb
+++ b/templates/mailhost/mailhost.erb
@@ -3,7 +3,7 @@ server {
   listen                <%= @listen_ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>;
   <% # check to see if ipv6 support exists in the kernel before applying %>
   <% if @ipv6_enable && (defined? @ipaddress6) %>
-  listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %> ipv6only=on;
+  listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
   <% end %>
   server_name           <%= @server_name.join(" ") %>;
   protocol              <%= @protocol %>;
diff --git a/templates/mailhost/mailhost_ssl.erb b/templates/mailhost/mailhost_ssl.erb
index 0fd53dff4..98d193f8f 100644
--- a/templates/mailhost/mailhost_ssl.erb
+++ b/templates/mailhost/mailhost_ssl.erb
@@ -3,7 +3,7 @@ server {
   listen       <%= @ssl_port %>;
   <% # check to see if ipv6 support exists in the kernel before applying %>
   <% if @ipv6_enable && (defined? @ipaddress6) %>
-  listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %> ipv6only=on;
+  listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
   <% end %>
   server_name           <%= @server_name.join(" ") %>;
   protocol              <%= @protocol %>;
diff --git a/templates/vhost/vhost_header.erb b/templates/vhost/vhost_header.erb
index 5973bf33d..ca74f65d5 100644
--- a/templates/vhost/vhost_header.erb
+++ b/templates/vhost/vhost_header.erb
@@ -2,7 +2,7 @@ server {
   listen                <%= @listen_ip %>:<%= @listen_port %><% if @listen_options %> <%= @listen_options %><% end %>;
 <% # check to see if ipv6 support exists in the kernel before applying %>
 <% if @ipv6_enable && (defined? @ipaddress6) %>
-  listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %> ipv6only=on;
+  listen [<%= @ipv6_listen_ip %>]:<%= @ipv6_listen_port %> <% if @ipv6_listen_options %><%= @ipv6_listen_options %><% end %>;
 <% end %>
   server_name           <%= @rewrite_www_to_non_www ? @name.gsub(/^www\./, '') : @server_name.join(" ") %>;
 <% if defined? @auth_basic -%>
diff --git a/templates/vhost/vhost_ssl_header.erb b/templates/vhost/vhost_ssl_header.erb
index 7e63f1981..20bd60c8a 100644
--- a/templates/vhost/vhost_ssl_header.erb
+++ b/templates/vhost/vhost_ssl_header.erb
@@ -1,7 +1,7 @@
 server {
   listen       <%= @listen_ip %>:<%= @ssl_port %> ssl<% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>;
   <% if @ipv6_enable && (defined? @ipaddress6) %>
-  listen [<%= @ipv6_listen_ip %>]:<%= @ssl_port %> ssl<% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %> ipv6only=on;
+  listen [<%= @ipv6_listen_ip %>]:<%= @ssl_port %> ssl<% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>;
   <% end %>
   server_name  <%= @rewrite_www_to_non_www ? @name.gsub(/^www\./, '') : @server_name.join(" ") %>;
 

From 1da8c6dde47b8ad3a4f0e79cab3cb065f3d213a4 Mon Sep 17 00:00:00 2001
From: Tristan Helmich <tristan.helmich@mayflower.de>
Date: Mon, 3 Feb 2014 13:11:47 +0100
Subject: [PATCH 2/2] Update tests accroding to changed templates

Specs no longer require `ipv6only=on` in listen option when using user
supplied value since it is no longer hardcoded in the template.
---
 spec/defines/resource_mailhost_spec.rb | 4 ++--
 spec/defines/resource_vhost_spec.rb    | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/spec/defines/resource_mailhost_spec.rb b/spec/defines/resource_mailhost_spec.rb
index 9f5de6f06..e59adfdab 100644
--- a/spec/defines/resource_mailhost_spec.rb
+++ b/spec/defines/resource_mailhost_spec.rb
@@ -85,7 +85,7 @@
           :title => 'should set the IPv6 listen options',
           :attr  => 'ipv6_listen_options',
           :value => 'spdy',
-          :match => '  listen [::]:80 spdy ipv6only=on;',
+          :match => '  listen [::]:80 spdy;',
         },
         {
           :title => 'should set servername(s)',
@@ -241,7 +241,7 @@
           :title => 'should set the IPv6 listen options',
           :attr  => 'ipv6_listen_options',
           :value => 'spdy',
-          :match => '  listen [::]:80 spdy ipv6only=on;',
+          :match => '  listen [::]:80 spdy;',
         },
         {
           :title => 'should set servername(s)',
diff --git a/spec/defines/resource_vhost_spec.rb b/spec/defines/resource_vhost_spec.rb
index 573953dc8..fe1d564c2 100644
--- a/spec/defines/resource_vhost_spec.rb
+++ b/spec/defines/resource_vhost_spec.rb
@@ -95,7 +95,7 @@
           :title => 'should set the IPv6 listen options',
           :attr  => 'ipv6_listen_options',
           :value => 'spdy',
-          :match => '  listen [::]:80 spdy ipv6only=on;',
+          :match => '  listen [::]:80 spdy;',
         },
         {
           :title => 'should set servername(s)',
@@ -321,7 +321,7 @@
           :title => 'should set the IPv6 listen options',
           :attr  => 'ipv6_listen_options',
           :value => 'spdy default',
-          :match => '  listen [::]:443 ssl spdy default ipv6only=on;',
+          :match => '  listen [::]:443 ssl spdy default;',
         },
         {
           :title => 'should set servername(s)',