X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fsecurity_master.pp;h=9470a066f5d1d0f0f043434e559163a624322780;hb=c8178a26d055a8bd41d12036d3378f9833a99aa8;hp=6992537d773e62116a7874e3f6fdb778e3515c09;hpb=6f2b99d1b77cb7edefdeb8ed407139ef4c2bf447;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/security_master.pp b/modules/roles/manifests/security_master.pp
index 6992537d7..9470a066f 100644
--- a/modules/roles/manifests/security_master.pp
+++ b/modules/roles/manifests/security_master.pp
@@ -1,26 +1,25 @@
 class roles::security_master {
+  include roles::dakmaster
+  include apache2
 
-	$bind = $::hostname ? {
-		default => '',
-	}
+  ssl::service { 'security-master.debian.org':
+    notify   => Exec['service apache2 reload'],
+    key      => true,
+    tlsaport => [443, 1873],
+  }
 
-	$bind6 = $::hostname ? {
-		default => '',
-	}
+  rsync::site { 'security_master':
+    source      => 'puppet:///modules/roles/security_master/rsyncd.conf',
+    # Needs to be at least twice the number of direct mirrors (currently 15) plus some spare
+    max_clients => 50,
+    sslname     => 'security-master.debian.org',
+  }
 
-	$logfile = '/var/log/ftp/vsftpd-security-master.debian.org.log'
-
-	vsftpd::site { 'security':
-		content => template('roles/security_master/vsftpd.conf.erb'),
-		logfile => $logfile,
-		bind    => $bind,
-	}
-
-	if $bind6 {
-		vsftpd::site { 'security-v6':
-			content => template('roles/security_master/vsftpd.conf.erb'),
-			logfile => $logfile,
-			bind    => $bind6,
-		}
-	}
+  # export ssh allow rules for hosts that we should be able to access
+  @@ferm::rule::simple { "dsa-ssh-from-security_master-${::fqdn}":
+    tag         => 'ssh::server::from::security_master',
+    description => 'Allow ssh access from security_master',
+    chain       => 'ssh',
+    saddr       => $base::public_addresses,
+  }
 }