archvsync_base: use group name rather than gid number

[mirror/dsa-puppet.git] / modules / roles / manifests / archvsync_base.pp

diff --git a/modules/roles/manifests/archvsync_base.pp b/modules/roles/manifests/archvsync_base.pp
index 513c8fc..d84c21b 100644 (file)
--- a/modules/roles/manifests/archvsync_base.pp
+++ b/modules/roles/manifests/archvsync_base.pp
@@ -1,15 +1,21 @@
+# this is pulled in by *-mirror or syncproxy roles
+# in ensures the archvsync user has a home, and
+# that mirrormaster can ssh to it
 class roles::archvsync_base {
-       file { '/srv/mirrors':
-               ensure => directory,
-               owner  => 1176,
-               group  => 1176,
-               mode   => '0755',
-               links  => follow,
-       }
+  file { '/srv/mirrors':
+    ensure => directory,
+    owner  => root,
+    group  => 'archvsync',
+    mode   => '0775',
+  }
 
-       file { '/srv/mirrors/.nobackup':
-               ensure  => present,
-               content => '',
-               mode    => '0444',
-       }
+  file { '/srv/mirrors/.nobackup':
+    ensure  => present,
+    content => '',
+  }
+
+  file { '/etc/ssh/userkeys/archvsync':
+    ensure => 'link',
+    target => '/home/archvsync/.ssh/authorized_keys',
+  }
 }