projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
move coccia to ubc
[mirror/dsa-puppet.git] / modules / roles / manifests / security_master.pp
diff --git a/modules/roles/manifests/security_master.pp b/modules/roles/manifests/security_master.pp
index 83685a8..9470a06 100644 (file)
--- a/modules/roles/manifests/security_master.pp
+++ b/modules/roles/manifests/security_master.pp
@@ -1,4 +1,7 @@
 class roles::security_master {
+  include roles::dakmaster
+  include apache2
+
   ssl::service { 'security-master.debian.org':
     notify   => Exec['service apache2 reload'],
     key      => true,
@@ -11,4 +14,12 @@ class roles::security_master {
     max_clients => 50,
     sslname     => 'security-master.debian.org',
   }
+
+  # export ssh allow rules for hosts that we should be able to access
+  @@ferm::rule::simple { "dsa-ssh-from-security_master-${::fqdn}":
+    tag         => 'ssh::server::from::security_master',
+    description => 'Allow ssh access from security_master',
+    chain       => 'ssh',
+    saddr       => $base::public_addresses,
+  }
 }
Unnamed repository; edit this file 'description' to name the repository.