Add a minimal historical_master (archive.debian.org-master) role.

The master does not have any special rsync config that is not also
preesnt on the mirrors (and currently the historical master also is a
historical mirror).

diff --git a/hieradata/nodes/sibelius.debian.org.yaml b/hieradata/nodes/sibelius.debian.org.yaml
new file mode 100644 (file)
index 0000000..0142973
--- /dev/null
+++ b/hieradata/nodes/sibelius.debian.org.yaml
@@ -0,0 +1,3 @@
+---
+classes:
+  - roles::historical_master

diff --git a/modules/roles/manifests/historical_master.pp b/modules/roles/manifests/historical_master.pp
new file mode 100644 (file)
index 0000000..248c832
--- /dev/null
+++ b/modules/roles/manifests/historical_master.pp
@@ -0,0 +1,9 @@
+class roles::historical_master {
+  # export ssh allow rules for hosts that we should be able to access
+  @@ferm::rule::simple { "dsa-ssh-from-historical_master-${::fqdn}":
+    tag         => 'ssh::server::from::historical_master',
+    description => 'Allow ssh access from historical-master',
+    port        => '22',
+    saddr       => $base::public_addresses,
+  }
+}