X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fbacula%2Ftemplates%2Fbacula-sd.conf.erb;h=c6d99732b992a3980351d8e37bc5e2f956b14ac8;hb=e96e72674696752c5a15e7618677b704919f4dc8;hp=0559ed68817d21d099680bd053984e642ced97df;hpb=c9dbb5ad7fcb9acefa4fb5ca887fd0082ccfc034;p=mirror%2Fdsa-puppet.git

diff --git a/modules/bacula/templates/bacula-sd.conf.erb b/modules/bacula/templates/bacula-sd.conf.erb
index 0559ed688..c6d99732b 100644
--- a/modules/bacula/templates/bacula-sd.conf.erb
+++ b/modules/bacula/templates/bacula-sd.conf.erb
@@ -12,6 +12,15 @@ Storage {
   Maximum Concurrent Jobs = 21
   SDAddress = <%= bacula_storage_address %>
   Heartbeat Interval = 180
+
+  TLS Enable = yes
+  TLS Require = yes
+  TLS Verify Peer = yes
+  # TLS Allowed CN = "clientcerts/<%= bacula_director_address %>"
+  TLS CA Certificate File = "<%= bacula_ca_path %>"
+  # This is a server certificate, used for incoming connections.
+  TLS Certificate = "<%= bacula_ssl_server_cert %>"
+  TLS Key = "<%= bacula_ssl_server_key %>"
 }
 
 # List Directors who are permitted to contact Storage daemon
@@ -19,6 +28,15 @@ Storage {
 Director {
   Name = <%= bacula_director_name %>
   Password = "<%= bacula_storage_secret %>"
+
+  TLS Enable = yes
+  TLS Require = yes
+  TLS Verify Peer = yes
+  TLS Allowed CN = "clientcerts/<%= bacula_director_address %>"
+  TLS CA Certificate File = "<%= bacula_ca_path %>"
+  # This is a server certificate, used for incoming director connections.
+  TLS Certificate = "<%= bacula_ssl_server_cert %>"
+  TLS Key = "<%= bacula_ssl_server_key %>"
 }
 
 
@@ -44,3 +62,4 @@ Messages {
   Name = Standard
   director = <%= bacula_director_name %> = all
 }
+@|"sh -c 'for f in /etc/bacula/storage-conf.d/*.conf ; do echo @${f} ; done'"