-# this is usually pulled in by *-mirror or syncproxy roles
+# this is pulled in by *-mirror or syncproxy roles
+# in ensures the archvsync user has a home, and
+# that mirrormaster can ssh to it
class roles::archvsync_base {
file { '/srv/mirrors':
ensure => directory,
owner => root,
- group => 1176, # archvsync
+ group => 'archvsync',
mode => '0775',
- # links => follow,
}
file { '/srv/mirrors/.nobackup':
ensure => 'link',
target => '/home/archvsync/.ssh/authorized_keys',
}
+
+ Ferm::Rule::Simple <<| tag == 'ssh::server::to::archvsync' |>>
}