X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fstatic_base.pp;h=8a92526601ed53cf2f6d0e791ba989e2aa443f28;hb=4939162b3524926ead9e4a832c314b78d379b770;hp=2de3b9b6e16b45cca35697e3c61a0d07050de846;hpb=d0023f476fba2facd946b996719ce3e97e03ba79;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/static_base.pp b/modules/roles/manifests/static_base.pp
index 2de3b9b6e..8a9252660 100644
--- a/modules/roles/manifests/static_base.pp
+++ b/modules/roles/manifests/static_base.pp
@@ -1,11 +1,35 @@
 class roles::static_base {
-    if ! $::staticsync_key {
-        exec { 'create-staticsync-key':
-            command => '/bin/su - staticsync -c \'mkdir -p -m 02700 .ssh && ssh-keygen -C "`whoami`@`hostname` (`date +%Y-%m-%d`)" -P "" -f .ssh/id_rsa -q\'',
-            onlyif  => '/usr/bin/getent passwd staticsync > /dev/null && ! [ -e /home/staticsync/.ssh/id_rsa ]'
-        }
-    }
+	if ! $::staticsync_key {
+		exec { 'create-staticsync-key':
+			command => '/bin/su - staticsync -c \'mkdir -p -m 02700 .ssh && ssh-keygen -C "`whoami`@`hostname` (`date +%Y-%m-%d`)" -P "" -f .ssh/id_rsa -q\'',
+			onlyif  => '/usr/bin/getent passwd staticsync > /dev/null && ! [ -e /home/staticsync/.ssh/id_rsa ]'
+		}
+	}
+
+	file { '/etc/static-components.conf':
+		content => template('roles/static-mirroring/static-components.conf.erb'),
+	}
+
+	file { '/etc/ssh/userkeys/staticsync':
+		content => template('roles/static-mirroring/staticsync-authorized_keys.erb'),
+	}
+
+	file { '/usr/local/bin/staticsync-ssh-wrap':
+		source => 'puppet:///modules/roles/static-mirroring/staticsync-ssh-wrap',
+		mode   => '0555',
+	}
+	file { '/usr/local/bin/static-mirror-ssh-wrap': ensure => absent; }
+	file { '/usr/local/bin/static-master-ssh-wrap': ensure => absent; }
+
+	@ferm::rule { 'dsa-static-bt-v4':
+		description => 'Allow bt between static hosts',
+		rule        => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881:6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V4) ACCEPT; }',
+		notarule    => true,
+	}
+	@ferm::rule { 'dsa-static-bt-v6':
+		description => 'Allow bt between static hosts',
+		domain      => 'ip6',
+		rule        => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881:6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V6) ACCEPT; }',
+		notarule    => true,
+	}
 }
-# vim:set et:
-# vim:set sts=4 ts=4:
-# vim:set shiftwidth=4: