X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fports_master.pp;h=2faf0e02773a725d5f5cfd3be16748124d6d6cff;hb=b3766327be68cc9aad0da7aa0c7bf42668f23590;hp=c0f71e686f0b0ed45213bed19eff70990eaafb41;hpb=d0f5d088b88902979760c97ab31fd8cba677296b;p=mirror%2Fdsa-puppet.git diff --git a/modules/roles/manifests/ports_master.pp b/modules/roles/manifests/ports_master.pp index c0f71e686..2faf0e027 100644 --- a/modules/roles/manifests/ports_master.pp +++ b/modules/roles/manifests/ports_master.pp @@ -1,20 +1,29 @@ class roles::ports_master { - rsync::site { 'ports-master': - source => 'puppet:///modules/roles/ports_master/rsyncd.conf', - max_clients => 100, - sslname => 'ports-master.debian.org', - } + rsync::site { 'ports-master': + source => 'puppet:///modules/roles/ports_master/rsyncd.conf', + # Needs to be at least number of direct mirrors plus some spare + max_clients => 50, + sslname => 'ports-master.debian.org', + } - ssl::service { 'ports-master.debian.org': - key => true, - } + ssl::service { 'ports-master.debian.org': + key => true, + } - vsftpd::site { 'ports-master': - banner => 'ports-master.debian.org FTP server', - logfile => '/var/log/ftp/vsftpd-ports-master.debian.org.log', - writable => true, - writable_other => true, - chown_user => mini-dak-unpriv, - root => '/srv/ports-master.debian.org/ftp.upload', - } + vsftpd::site { 'ports-master': + banner => 'ports-master.debian.org FTP server', + logfile => '/var/log/ftp/vsftpd-ports-master.debian.org.log', + writable => true, + writable_other => true, + chown_user => mini-dak-unpriv, + root => '/srv/ports-master.debian.org/ftp.upload', + } + + # export ssh allow rules for hosts that we should be able to access + @@ferm::rule::simple { "dsa-ssh-from-ports_master-${::fqdn}": + tag => 'ssh::server::from::ports_master', + description => 'Allow ssh access from ports-master', + chain => 'ssh', + saddr => $base::public_addresses, + } }