X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Farchvsync_base.pp;h=2620f4d3430c7f7aebb7757197214e8ddc98fa84;hb=860adcc65aa0cf65c9a98a1529a8af15e8ee45b7;hp=513c8fc0a2ac0e070ec75fdb673e2620f222bf81;hpb=0c233c7c9bb956a834516324dd4fff08b1770f16;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/archvsync_base.pp b/modules/roles/manifests/archvsync_base.pp
index 513c8fc0a..2620f4d34 100644
--- a/modules/roles/manifests/archvsync_base.pp
+++ b/modules/roles/manifests/archvsync_base.pp
@@ -1,15 +1,23 @@
+# this is pulled in by *-mirror or syncproxy roles
+# in ensures the archvsync user has a home, and
+# that mirrormaster can ssh to it
 class roles::archvsync_base {
-	file { '/srv/mirrors':
-		ensure => directory,
-		owner  => 1176,
-		group  => 1176,
-		mode   => '0755',
-		links  => follow,
-	}
+  file { '/srv/mirrors':
+    ensure => directory,
+    owner  => root,
+    group  => 'archvsync',
+    mode   => '0775',
+  }
 
-	file { '/srv/mirrors/.nobackup':
-		ensure  => present,
-		content => '',
-		mode    => '0444',
-	}
+  file { '/srv/mirrors/.nobackup':
+    ensure  => present,
+    content => '',
+  }
+
+  file { '/etc/ssh/userkeys/archvsync':
+    ensure => 'link',
+    target => '/home/archvsync/.ssh/authorized_keys',
+  }
+
+  Ferm::Rule::Simple <<| tag == 'ssh::server::to::archvsync' |>>
 }