X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fstatic_base.pp;h=fa756d692abdd30d677e50b6bfbdd5f346b258b3;hb=6f7e7e5506551b4c9d06add3a5610119de7f2bce;hp=ed1f55f2520f1997153525e6a532ab5976d162d2;hpb=02468c9711c0cf6297d6057f9ba5ed78af11be83;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/static_base.pp b/modules/roles/manifests/static_base.pp
index ed1f55f25..fa756d692 100644
--- a/modules/roles/manifests/static_base.pp
+++ b/modules/roles/manifests/static_base.pp
@@ -7,7 +7,7 @@ class roles::static_base {
 	}
 
 	file { '/etc/static-components.conf':
-		source => 'puppet:///modules/roles/static-mirroring/static-components.conf',
+		content => template('roles/static-mirroring/static-components.conf.erb'),
 	}
 
 	file { '/etc/ssh/userkeys/staticsync':
@@ -18,18 +18,36 @@ class roles::static_base {
 		source => 'puppet:///modules/roles/static-mirroring/staticsync-ssh-wrap',
 		mode   => '0555',
 	}
+
+	file { '/usr/local/bin/static-update-component':
+		source => 'puppet:///modules/roles/static-mirroring/static-update-component',
+		mode    => '0555',
+	}
+
 	file { '/usr/local/bin/static-mirror-ssh-wrap': ensure => absent; }
 	file { '/usr/local/bin/static-master-ssh-wrap': ensure => absent; }
 
 	@ferm::rule { 'dsa-static-bt-v4':
 		description => 'Allow bt between static hosts',
-		rule        => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881-6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V4) ACCEPT; }',
+		rule        => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881:6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V4) ACCEPT; }',
 		notarule    => true,
 	}
 	@ferm::rule { 'dsa-static-bt-v6':
 		description => 'Allow bt between static hosts',
 		domain      => 'ip6',
-		rule        => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881-6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V6) ACCEPT; }',
+		rule        => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881:6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V6) ACCEPT; }',
 		notarule    => true,
 	}
+
+	file { "/etc/staticsync.conf":
+		content  => @("EOF"),
+				# This file is sourced by bash
+				# and parsed by python
+				#  - empty lines and lines starting with a # are ignored.
+				#  - other lines are key=value.  No extra spaces anywhere.  No quoting.
+				base=/srv/static.debian.org
+				masterbase=/home/staticsync/static-master/master
+				staticuser=staticsync
+				| EOF
+	}
 }