X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;ds=sidebyside;f=modules%2Froles%2Fmanifests%2Fports_master.pp;h=ffc24c37ccea54efac4012c63efc036e338f9e2a;hb=3324b4ae702172197fe7ad725a36f052f1e67c71;hp=d714d7cb9e7db7d1d281d9eaaf4b4543577fa2f7;hpb=9c6dc45af0df40ff4b1637fee9add35bb2599504;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/ports_master.pp b/modules/roles/manifests/ports_master.pp
index d714d7cb9..ffc24c37c 100644
--- a/modules/roles/manifests/ports_master.pp
+++ b/modules/roles/manifests/ports_master.pp
@@ -1,33 +1,29 @@
 class roles::ports_master {
-	rsync::site_systemd { 'ports-master':
-		source      => 'puppet:///modules/roles/ports_master/rsyncd.conf',
-		max_clients => 100,
-		sslname     => 'ports-master.debian.org',
-	}
+  rsync::site { 'ports-master':
+    source      => 'puppet:///modules/roles/ports_master/rsyncd.conf',
+    # Needs to be at least number of direct mirrors plus some spare
+    max_clients => 50,
+    sslname     => 'ports-master.debian.org',
+  }
 
-	ssl::service { 'ports-master.debian.org':
-		key => true,
-	}
+  ssl::service { 'ports-master.debian.org':
+    key => true,
+  }
 
-	include ferm::ftp_conntrack
+  vsftpd::site { 'ports-master':
+    banner         => 'ports-master.debian.org FTP server',
+    logfile        => '/var/log/ftp/vsftpd-ports-master.debian.org.log',
+    writable       => true,
+    writable_other => true,
+    chown_user     => mini-dak-unpriv,
+    root           => '/srv/ports-master.debian.org/ftp.upload',
+  }
 
-	vsftpd::site { 'ports-master':
-		banner         => 'ports-master.debian.org FTP server',
-		logfile        => '/var/log/ftp/vsftpd-ports-master.debian.org.log',
-		writable       => true,
-		writable_other => true,
-		chown_user     => mini-dak-unpriv,
-		root           => '/srv/ports-master.debian.org/ftp.upload',
-	}
-
-	if $bind6 {
-		vsftpd::site { 'ports-master-v6':
-			banner         => 'ports-master.debian.org FTP server',
-			logfile        => '/var/log/ftp/vsftpd-ports-master.debian.org.log',
-			writable       => true,
-			writable_other => true,
-			chown_user     => mini-dak-unpriv,
-			root           => '/srv/ports-master.debian.org/ftp.upload',
-		}
-	}
+  # export ssh allow rules for hosts that we should be able to access
+  @@ferm::rule::simple { "dsa-ssh-from-ports_master-${::fqdn}":
+    tag         => 'ssh::server::from::ports_master',
+    description => 'Allow ssh access from ports-master',
+    port        => '22',
+    saddr       => $base::public_addresses,
+  }
 }