X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Farchvsync_base.pp;h=2620f4d3430c7f7aebb7757197214e8ddc98fa84;hb=a2afb600d7d2187b16da01c98a50f00f06aea6a6;hp=a92297b481973ffcd90a5c36fbf989b8587f57a3;hpb=992b52bab4325e38d1738e21652d052ae4cc90e5;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/archvsync_base.pp b/modules/roles/manifests/archvsync_base.pp
index a92297b48..2620f4d34 100644
--- a/modules/roles/manifests/archvsync_base.pp
+++ b/modules/roles/manifests/archvsync_base.pp
@@ -1,20 +1,23 @@
-# this is usually pulled in by *-mirror or syncproxy roles
+# this is pulled in by *-mirror or syncproxy roles
+# in ensures the archvsync user has a home, and
+# that mirrormaster can ssh to it
 class roles::archvsync_base {
-	file { '/srv/mirrors':
-		ensure => directory,
-		owner  => root,
-		group  => 1176, # archvsync
-		mode   => '0775',
-		# links  => follow,
-	}
+  file { '/srv/mirrors':
+    ensure => directory,
+    owner  => root,
+    group  => 'archvsync',
+    mode   => '0775',
+  }
 
-	file { '/srv/mirrors/.nobackup':
-		ensure  => present,
-		content => '',
-	}
+  file { '/srv/mirrors/.nobackup':
+    ensure  => present,
+    content => '',
+  }
 
-	file { '/etc/ssh/userkeys/archvsync':
-		ensure => 'link',
-		target => '/home/archvsync/.ssh/authorized_keys',
-	}
+  file { '/etc/ssh/userkeys/archvsync':
+    ensure => 'link',
+    target => '/home/archvsync/.ssh/authorized_keys',
+  }
+
+  Ferm::Rule::Simple <<| tag == 'ssh::server::to::archvsync' |>>
 }