Make ssh allow tag specific to the target (archvsync role in this case)

author Peter Palfrader <peter@palfrader.org>

Sat, 21 Sep 2019 10:18:54 +0000 (12:18 +0200)

committer Peter Palfrader <peter@palfrader.org>

Sat, 21 Sep 2019 10:18:54 +0000 (12:18 +0200)
author Peter Palfrader <peter@palfrader.org>
Sat, 21 Sep 2019 10:18:54 +0000 (12:18 +0200)
committer Peter Palfrader <peter@palfrader.org>
Sat, 21 Sep 2019 10:18:54 +0000 (12:18 +0200)
diff --git a/modules/roles/manifests/archvsync_base.pp b/modules/roles/manifests/archvsync_base.pp

index c61d3fb..d51f260 100644 (file)
--- a/modules/roles/manifests/archvsync_base.pp
+++ b/modules/roles/manifests/archvsync_base.pp
@@ -19,5 +19,5 @@ class roles::archvsync_base {
      target => '/home/archvsync/.ssh/authorized_keys',
    }
  
-  Ferm::Rule::Simple <<| tag == 'ssh::server::allow' |>>
+  Ferm::Rule::Simple <<| tag == 'ssh::server::allow::archvsync' |>>
  }
diff --git a/modules/roles/manifests/mirrormaster.pp b/modules/roles/manifests/mirrormaster.pp

index 2d8d7d1..510f631 100644 (file)
--- a/modules/roles/manifests/mirrormaster.pp
+++ b/modules/roles/manifests/mirrormaster.pp
@@ -3,7 +3,7 @@
  class roles::mirrormaster(
  ) {
    @@ferm::rule::simple { "dsa-ssh-from-mirrormaster-${::fqdn}":
-    tag         => 'ssh::server::allow',
+    tag         => 'ssh::server::allow::archvsync',
      description => 'Allow ssh access from the mirrormaster',
      port        => '22',
      saddr       => $base::public_addresses,
author	Peter Palfrader <peter@palfrader.org>
	Sat, 21 Sep 2019 10:18:54 +0000 (12:18 +0200)
committer	Peter Palfrader <peter@palfrader.org>
	Sat, 21 Sep 2019 10:18:54 +0000 (12:18 +0200)
modules/roles/manifests/archvsync_base.pp		patch \| blob \| history
modules/roles/manifests/mirrormaster.pp		patch \| blob \| history