X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fsecurity_master.pp;h=c627ac0f732bd040a17a144a9ebad70100e856df;hb=06b84d9806c855df88bead1c7ea648301351847e;hp=83685a8847b4fe28832b208fa31a9059fa30aa03;hpb=f2c9b24185c3817ff41d22ec006e125e6871a9a2;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/security_master.pp b/modules/roles/manifests/security_master.pp
index 83685a884..c627ac0f7 100644
--- a/modules/roles/manifests/security_master.pp
+++ b/modules/roles/manifests/security_master.pp
@@ -1,4 +1,6 @@
 class roles::security_master {
+  include roles::dakmaster
+
   ssl::service { 'security-master.debian.org':
     notify   => Exec['service apache2 reload'],
     key      => true,
@@ -11,4 +13,12 @@ class roles::security_master {
     max_clients => 50,
     sslname     => 'security-master.debian.org',
   }
+
+  # export ssh allow rules for hosts that we should be able to access
+  @@ferm::rule::simple { "dsa-ssh-from-security_master-${::fqdn}":
+    tag         => 'ssh::server::from::security_master',
+    description => 'Allow ssh access from security_master',
+    port        => '22',
+    saddr       => $base::public_addresses,
+  }
 }