X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fbacula%2Ftemplates%2Fbacula-fd.conf.erb;h=d80b6b3a5863850ea49559b47524f3f2ece8bcd7;hb=8b7cffb39cc903e90f6e45c049e1b94d5afb7565;hp=b222569e2bf1f223ba92ad69530fc0ff1384755d;hpb=fbda07eb15845bda281002fe76352ba46e6c5dda;p=mirror%2Fdsa-puppet.git

diff --git a/modules/bacula/templates/bacula-fd.conf.erb b/modules/bacula/templates/bacula-fd.conf.erb
index b222569e2..d80b6b3a5 100644
--- a/modules/bacula/templates/bacula-fd.conf.erb
+++ b/modules/bacula/templates/bacula-fd.conf.erb
@@ -8,6 +8,15 @@
 Director {
   Name = <%= bacula_director_name %>
   Password = "<%= bacula_client_secret %>"
+
+  TLS Enable = yes
+  TLS Require = yes
+  TLS Verify Peer = yes
+  TLS Allowed CN = "clientcerts/<%= bacula_director_address %>"
+  TLS CA Certificate File = "<%= bacula_ca_path %>"
+  # This is a server certificate, used for incoming director connections.
+  TLS Certificate = "<%= bacula_ssl_server_cert %>"
+  TLS Key = "<%= bacula_ssl_server_key %>"
 }
 
 # "Global" File daemon configuration specifications
@@ -18,7 +27,14 @@ FileDaemon {
   Pid Directory = /var/run/bacula
   Maximum Concurrent Jobs = 20
   FDAddress = <%= fqdn %>
-  Maximum Network Buffer Size =	65536
+  #Maximum Network Buffer Size = 524288
+
+  TLS Enable = yes
+  TLS Require = yes
+  TLS CA Certificate File = "<%= bacula_ca_path %>"
+  # This is a client certificate, used by the client to connect to the storage daemon
+  TLS Certificate = "<%= bacula_ssl_client_cert %>"
+  TLS Key = "<%= bacula_ssl_client_key %>"
 }
 
 # Send all messages except skipped files back to Director