move exim vs. postfix, heavy vs. not, into hiera

[mirror/dsa-puppet.git] / modules / roles / manifests / ports_master.pp

diff --git a/modules/roles/manifests/ports_master.pp b/modules/roles/manifests/ports_master.pp
index 5fb48ba..ffc24c3 100644 (file)
--- a/modules/roles/manifests/ports_master.pp
+++ b/modules/roles/manifests/ports_master.pp
@@ -18,4 +18,12 @@ class roles::ports_master {
     chown_user     => mini-dak-unpriv,
     root           => '/srv/ports-master.debian.org/ftp.upload',
   }
+
+  # export ssh allow rules for hosts that we should be able to access
+  @@ferm::rule::simple { "dsa-ssh-from-ports_master-${::fqdn}":
+    tag         => 'ssh::server::from::ports_master',
+    description => 'Allow ssh access from ports-master',
+    port        => '22',
+    saddr       => $base::public_addresses,
+  }
 }