So now we have ssh::server::from and ssh::server::to, hopefully making it more clear

[mirror/dsa-puppet.git] / modules / roles / manifests / syncproxy.pp

diff --git a/modules/roles/manifests/syncproxy.pp b/modules/roles/manifests/syncproxy.pp
index 623393f..e81bf8e 100644 (file)
--- a/modules/roles/manifests/syncproxy.pp
+++ b/modules/roles/manifests/syncproxy.pp
@@ -69,7 +69,7 @@ class roles::syncproxy {
   }
 
   @@ferm::rule::simple { "dsa-ssh-from-syncproxy-${::fqdn}":
-    tag         => 'ssh::server::allow::syncproxy',
+    tag         => 'ssh::server::from::syncproxy',
     description => 'Allow ssh access from a syncproxy',
     port        => '22',
     saddr       => $base::public_addresses,
@@ -77,9 +77,9 @@ class roles::syncproxy {
 
   # syncproxies should be accessible from various role hosts
   Ferm::Rule::Simple <<|
-    tag == 'ssh::server::allow::archvsync' or
-    tag == 'ssh::server::allow::ftp_master' or
-    tag == 'ssh::server::allow::ports_master' or
-    tag == 'ssh::server::allow::security_master'
+    tag == 'ssh::server::from::syncproxy' or
+    tag == 'ssh::server::from::ftp_master' or
+    tag == 'ssh::server::from::ports_master' or
+    tag == 'ssh::server::from::security_master'
     |>>
 }