X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fbacula%2Ftemplates%2Fbacula-fd.conf.erb;h=116d3c585d20353008739c85e994e54182778b8c;hb=41eb08e7f1e2ed730846745f51c1e53a4797f613;hp=25ffade0b2fdd2bb2f2939227ec58b6d4ba1db90;hpb=1842c3466ee92bb4f17654fda73f182f8b2fe12a;p=mirror%2Fdsa-puppet.git

diff --git a/modules/bacula/templates/bacula-fd.conf.erb b/modules/bacula/templates/bacula-fd.conf.erb
index 25ffade0b..116d3c585 100644
--- a/modules/bacula/templates/bacula-fd.conf.erb
+++ b/modules/bacula/templates/bacula-fd.conf.erb
@@ -6,23 +6,44 @@
 
 # List Directors who are permitted to contact this File daemon
 Director {
-  Name = <%= bacula_director_name %>
-  Password = "<%= bacula_client_secret %>"
+  Name = <%= @bacula_director_name %>
+  Password = "<%= @bacula_client_secret %>"
+
+  TLS Enable = yes
+  TLS Require = yes
+  TLS Verify Peer = yes
+  TLS Allowed CN = "clientcerts/<%= @bacula_director_address %>"
+  TLS CA Certificate File = "<%= @bacula_ca_path %>"
+  # This is a server certificate, used for incoming director connections.
+  TLS Certificate = "<%= @bacula_ssl_server_cert %>"
+  TLS Key = "<%= @bacula_ssl_server_key %>"
 }
 
 # "Global" File daemon configuration specifications
 FileDaemon {
-  Name = <%= bacula_client_name %>
-  FDport = <%= bacula_client_port %>
+  Name = <%= @bacula_client_name %>
+  FDport = <%= @bacula_client_port %>
   WorkingDirectory = /var/lib/bacula
   Pid Directory = /var/run/bacula
   Maximum Concurrent Jobs = 20
-  FDAddress = <%= fqdn %>
-  Maximum Network Buffer Size = 4194304
+  FDAddress = <%= @fqdn %>
+  #Maximum Network Buffer Size = 524288
+
+  TLS Enable = yes
+  TLS Require = yes
+  TLS CA Certificate File = "<%= @bacula_ca_path %>"
+  # This is a client certificate, used by the client to connect to the storage daemon
+  TLS Certificate = "<%= @bacula_ssl_client_cert %>"
+  TLS Key = "<%= @bacula_ssl_client_key %>"
+
+<%- if scope.lookupvar('site::nodeinfo')['hoster']['name'] == "brown" -%>
+  # broken firewall
+  Heartbeat Interval = 300
+<%- end -%>
 }
 
 # Send all messages except skipped files back to Director
 Messages {
   Name = Standard
-  director = <%=bacula_director_name%> = all, !skipped, !restored
+  director = <%= @bacula_director_name %> = all, !skipped, !restored
 }