class roles::ports_master {
- rsync::site_systemd { 'ports-master':
- source => 'puppet:///modules/roles/ports_master/rsyncd.conf',
- max_clients => 100,
- sslname => 'ports-master.debian.org',
- }
+ rsync::site { 'ports-master':
+ source => 'puppet:///modules/roles/ports_master/rsyncd.conf',
+ # Needs to be at least number of direct mirrors plus some spare
+ max_clients => 50,
+ sslname => 'ports-master.debian.org',
+ }
- ssl::service { 'ports-master.debian.org':
- key => true,
- }
+ ssl::service { 'ports-master.debian.org':
+ key => true,
+ }
- include ferm::ftp_conntrack
+ vsftpd::site { 'ports-master':
+ banner => 'ports-master.debian.org FTP server',
+ logfile => '/var/log/ftp/vsftpd-ports-master.debian.org.log',
+ writable => true,
+ writable_other => true,
+ chown_user => mini-dak-unpriv,
+ root => '/srv/ports-master.debian.org/ftp.upload',
+ }
- vsftpd::site_systemd { 'ports-master':
- banner => 'ports-master.debian.org FTP server',
- logfile => '/var/log/ftp/vsftpd-ports-master.debian.org.log',
- writable => true,
- writable_other => true,
- chown_user => mini-dak-unpriv,
- root => '/srv/ports-master.debian.org/ftp.upload',
- }
+ # export ssh allow rules for hosts that we should be able to access
+ @@ferm::rule::simple { "dsa-ssh-from-ports_master-${::fqdn}":
+ tag => 'ssh::server::from::ports_master',
+ description => 'Allow ssh access from ports-master',
+ chain => 'ssh',
+ saddr => $base::public_addresses,
+ }
}
projects / mirror / dsa-puppet.git / blobdiff