Merge branch 'rsync-shuffle'

diff --combined modules/debian-org/misc/local.yaml
index ee6755f,02c0aed..f6df596
--- 1/modules/debian-org/misc/local.yaml
--- 2/modules/debian-org/misc/local.yaml
+++ b/modules/debian-org/misc/local.yaml
@@@ -35,12 -35,10 +35,12 @@@ nameinfo
    elgar.debian.org: Edward Elgar (1857 - 1934)
    englund.debian.org: Sven Einar Englund (June 17th, 1916 - June 27th, 1999)
    eysler.debian.org: Edmund Samuel Eysler (March 12th, 1874 - October 4th, 1949)
 +  falla.debian.org: Manuel de Falla y Matheu (November 23rd, 1876 - November 14th, 1946)
    fano.debian.org: Guido Alberto Fano (March 18th, 1875 - August 14th, 1961)
    fasch.debian.org: Johann Friedrich Fasch (1688 - 1758)
    field.debian.org: John Field (1782 - 1837)
    finzi.debian.org: Gerald Raphael Finzi (July 14th, 1901 - September 27th, 1956)
 +  fischer.debian.org: Johann Caspar Ferdinand Fischer (September 9th, 1656 - August 27th, 1746)
    franck.debian.org: Melchior Franck (1579 - June 1st, 1639)
    gabrielli.debian.org: Domenico Gabrielli (April 15th, 1651 - July 10th, 1690)
    glinka.debian.org: Mikhail Ivanovich Glinka (1804 - 1857)
@@@ -149,6 -147,8 +149,8 @@@ services
    bugsmaster:
    bugsmx:
      - busoni.debian.org
+   bugs_search:
+     - glinka.debian.org
    dbmaster:
      - draghi.debian.org
    ftp_master:
@@@ -175,6 -175,10 +177,10 @@@
      - reger.debian.org
    security_master:
      - chopin.debian.org
+   www_master:
+     - wolkenstein.debian.org
+   keyring:
+     - kaufmann.debian.org
  host_settings:
    heavy_exim:
      - bellini.debian.org

diff --combined modules/ferm/manifests/per-host.pp
index d6fbb0a,70e0e73..2756e59
--- 1/modules/ferm/manifests/per-host.pp
--- 2/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@@ -3,6 -3,14 +3,14 @@@ class ferm::per-host 
                include ferm::zivit
        }
  
+       if $::hostname in [klecker,merikanto,powell,ravel,rietz,senfl,sibelius,stabile] {
+               ferm::rule { 'dsa-rsync':
+                       domain      => '(ip ip6)',
+                       description => 'Allow rsync access',
+                       rule        => '&SERVICE(tcp, 873)'
+               }
+       }
+ 
        case $::hostname {
                piatti,samosa: {
                        @ferm::rule { 'dsa-udd-stunnel':
@@@ -172,9 -180,7 +180,9 @@@ REJECT reject-with icmp-admin-prohibite
                                chain           => 'FORWARD',
                                rule            => 'def $ADDRESS_FANO=206.12.19.110;
  def $ADDRESS_FINZI=206.12.19.111;
 -def $FREEBSD_HOSTS=($ADDRESS_FANO $ADDRESS_FINZI);
 +def $ADDRESS_FISCHER=206.12.19.112;
 +def $ADDRESS_FALLA=206.12.19.117;
 +def $FREEBSD_HOSTS=($ADDRESS_FANO $ADDRESS_FINZI $ADDRESS_FISCHER $ADDRESS_FALLA);
  
  policy ACCEPT;
  mod state state (ESTABLISHED RELATED) ACCEPT;
@@@ -182,7 -188,6 +190,7 @@@ interface br0 outerface br0 ACCEPT
  interface br1 outerface br1 ACCEPT;
  
  interface br2 outerface br0 jump from-kfreebsd;
 +interface br0 destination ($ADDRESS_FISCHER $ADDRESS_FALLA) proto tcp dport 22 ACCEPT;
  interface br0 destination ($FREEBSD_HOSTS) jump to-kfreebsd;
  ULOG ulog-prefix "REJECT FORWARD: ";
  REJECT reject-with icmp-admin-prohibited
@@@ -217,7 -222,4 +225,4 @@@
                default: {}
        }
  
-       if $::rsyncd {
-               include ferm::rsync
-       }
  }