1 class roles::security_master {
2 include roles::dakmaster
4 ssl::service { 'security-master.debian.org':
5 notify => Exec['service apache2 reload'],
7 tlsaport => [443, 1873],
10 rsync::site { 'security_master':
11 source => 'puppet:///modules/roles/security_master/rsyncd.conf',
12 # Needs to be at least twice the number of direct mirrors (currently 15) plus some spare
14 sslname => 'security-master.debian.org',
17 # export ssh allow rules for hosts that we should be able to access
18 @@ferm::rule::simple { "dsa-ssh-from-security_master-${::fqdn}":
19 tag => 'ssh::server::from::security_master',
20 description => 'Allow ssh access from security_master',
22 saddr => $base::public_addresses,