X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Farchvsync_base.pp;h=2620f4d3430c7f7aebb7757197214e8ddc98fa84;hb=a2afb600d7d2187b16da01c98a50f00f06aea6a6;hp=adb8d6a5dca2882afd9c576e52a677f05932a122;hpb=4e57b6737ed3306111eef4da1a3a050f2c1ed676;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/archvsync_base.pp b/modules/roles/manifests/archvsync_base.pp
index adb8d6a5d..2620f4d34 100644
--- a/modules/roles/manifests/archvsync_base.pp
+++ b/modules/roles/manifests/archvsync_base.pp
@@ -1,11 +1,12 @@
-# this is usually pulled in by *-mirror or syncproxy roles
+# this is pulled in by *-mirror or syncproxy roles
+# in ensures the archvsync user has a home, and
+# that mirrormaster can ssh to it
 class roles::archvsync_base {
   file { '/srv/mirrors':
     ensure => directory,
     owner  => root,
-    group  => 1176, # archvsync
+    group  => 'archvsync',
     mode   => '0775',
-    # links  => follow,
   }
 
   file { '/srv/mirrors/.nobackup':
@@ -17,4 +18,6 @@ class roles::archvsync_base {
     ensure => 'link',
     target => '/home/archvsync/.ssh/authorized_keys',
   }
+
+  Ferm::Rule::Simple <<| tag == 'ssh::server::to::archvsync' |>>
 }