projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
include signing from the ftp_master role
[mirror/dsa-puppet.git] / modules / roles / manifests / ftp_master.pp
diff --git a/modules/roles/manifests/ftp_master.pp b/modules/roles/manifests/ftp_master.pp
index 7767589..1b68123 100644 (file)
--- a/modules/roles/manifests/ftp_master.pp
+++ b/modules/roles/manifests/ftp_master.pp
@@ -1,4 +1,7 @@
 class roles::ftp_master {
+  include roles::dakmaster
+  include roles::signing
+
   rsync::site { 'dakmaster':
     source      => 'puppet:///modules/roles/dakmaster/rsyncd.conf',
     # Needs to be at least number of direct mirrors plus some spare
@@ -11,4 +14,12 @@ class roles::ftp_master {
     key      => true,
     tlsaport => [443, 1873],
   }
+
+  # export ssh allow rules for hosts that we should be able to access
+  @@ferm::rule::simple { "dsa-ssh-from-ftp_master-${::fqdn}":
+    tag         => 'ssh::server::from::ftp_master',
+    description => 'Allow ssh access from ftp_master',
+    port        => '22',
+    saddr       => $base::public_addresses,
+  }
 }
Unnamed repository; edit this file 'description' to name the repository.