X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Farchvsync_base.pp;h=d51f260309e4959c97593290c894708f0436b54f;hb=c65c8ae856902096b3b070b3b5e5e77bce9222d6;hp=9e9176a06ae1c594289be0f3699285ea85967325;hpb=352faf50b6166b87fc6e7e6e723d266f8ad6f5ab;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/archvsync_base.pp b/modules/roles/manifests/archvsync_base.pp
index 9e9176a06..d51f26030 100644
--- a/modules/roles/manifests/archvsync_base.pp
+++ b/modules/roles/manifests/archvsync_base.pp
@@ -1,14 +1,23 @@
+# this is pulled in by *-mirror or syncproxy roles
+# in ensures the archvsync user has a home, and
+# that mirrormaster can ssh to it
 class roles::archvsync_base {
-	file { '/srv/mirrors':
-		ensure => directory,
-		owner  => root,
-		group  => 1176, # archvsync
-		mode   => '0775',
-		# links  => follow,
-	}
+  file { '/srv/mirrors':
+    ensure => directory,
+    owner  => root,
+    group  => 'archvsync',
+    mode   => '0775',
+  }
 
-	file { '/srv/mirrors/.nobackup':
-		ensure  => present,
-		content => '',
-	}
+  file { '/srv/mirrors/.nobackup':
+    ensure  => present,
+    content => '',
+  }
+
+  file { '/etc/ssh/userkeys/archvsync':
+    ensure => 'link',
+    target => '/home/archvsync/.ssh/authorized_keys',
+  }
+
+  Ferm::Rule::Simple <<| tag == 'ssh::server::allow::archvsync' |>>
 }