X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fports_master.pp;h=2faf0e02773a725d5f5cfd3be16748124d6d6cff;hb=e36aaa15b6e11c42c1f2fd23c28acbaae55a0355;hp=5fb48ba32d182a5e2e4fb96b35fda9f67b69f66f;hpb=e7dac4b17ae79a68a12b584693873b8668e3dabe;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/ports_master.pp b/modules/roles/manifests/ports_master.pp
index 5fb48ba32..2faf0e027 100644
--- a/modules/roles/manifests/ports_master.pp
+++ b/modules/roles/manifests/ports_master.pp
@@ -18,4 +18,12 @@ class roles::ports_master {
     chown_user     => mini-dak-unpriv,
     root           => '/srv/ports-master.debian.org/ftp.upload',
   }
+
+  # export ssh allow rules for hosts that we should be able to access
+  @@ferm::rule::simple { "dsa-ssh-from-ports_master-${::fqdn}":
+    tag         => 'ssh::server::from::ports_master',
+    description => 'Allow ssh access from ports-master',
+    chain       => 'ssh',
+    saddr       => $base::public_addresses,
+  }
 }