ftp-master as historical_master (part of RT#7644)

[mirror/dsa-puppet.git] / modules / roles / manifests / archvsync_base.pp

diff --git a/modules/roles/manifests/archvsync_base.pp b/modules/roles/manifests/archvsync_base.pp
index ac8b8e9..2620f4d 100644 (file)
--- a/modules/roles/manifests/archvsync_base.pp
+++ b/modules/roles/manifests/archvsync_base.pp
@@ -1,19 +1,23 @@
+# this is pulled in by *-mirror or syncproxy roles
+# in ensures the archvsync user has a home, and
+# that mirrormaster can ssh to it
 class roles::archvsync_base {
-       file { '/srv/mirrors':
-               ensure => directory,
-               owner  => root,
-               group  => 1176, # archvsync
-               mode   => '0775',
-               # links  => follow,
-       }
+  file { '/srv/mirrors':
+    ensure => directory,
+    owner  => root,
+    group  => 'archvsync',
+    mode   => '0775',
+  }
 
-       file { '/srv/mirrors/.nobackup':
-               ensure  => present,
-               content => '',
-       }
+  file { '/srv/mirrors/.nobackup':
+    ensure  => present,
+    content => '',
+  }
 
-       file { '/etc/ssh/userkeys/archvsync':
-               ensure => 'link',
-               target => '/home/archvsync/.ssh/authorized_keys',
-       }
+  file { '/etc/ssh/userkeys/archvsync':
+    ensure => 'link',
+    target => '/home/archvsync/.ssh/authorized_keys',
+  }
+
+  Ferm::Rule::Simple <<| tag == 'ssh::server::to::archvsync' |>>
 }