class roles::ports_master {
  rsync::site { 'ports-master':
    source      => 'puppet:///modules/roles/ports_master/rsyncd.conf',
    # Needs to be at least number of direct mirrors plus some spare
    max_clients => 50,
    sslname     => 'ports-master.debian.org',
  }

  ssl::service { 'ports-master.debian.org':
    key => true,
  }

  vsftpd::site { 'ports-master':
    banner         => 'ports-master.debian.org FTP server',
    logfile        => '/var/log/ftp/vsftpd-ports-master.debian.org.log',
    writable       => true,
    writable_other => true,
    chown_user     => mini-dak-unpriv,
    root           => '/srv/ports-master.debian.org/ftp.upload',
  }

  # export ssh allow rules for hosts that we should be able to access
  @@ferm::rule::simple { "dsa-ssh-from-ports_master-${::fqdn}":
    tag         => 'ssh::server::from::ports_master',
    description => 'Allow ssh access from ports-master',
    chain       => 'ssh',
    saddr       => $base::public_addresses,
  }
}