From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 21 Sep 2019 10:18:54 +0000 (+0200)
Subject: Make ssh allow tag specific to the target (archvsync role in this case)
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=1243bf252a0fc453755439a860e90a6d0fd30f48;p=mirror%2Fdsa-puppet.git

Make ssh allow tag specific to the target (archvsync role in this case)
---

diff --git a/modules/roles/manifests/archvsync_base.pp b/modules/roles/manifests/archvsync_base.pp
index c61d3fbbb..d51f26030 100644
--- a/modules/roles/manifests/archvsync_base.pp
+++ b/modules/roles/manifests/archvsync_base.pp
@@ -19,5 +19,5 @@ class roles::archvsync_base {
     target => '/home/archvsync/.ssh/authorized_keys',
   }
 
-  Ferm::Rule::Simple <<| tag == 'ssh::server::allow' |>>
+  Ferm::Rule::Simple <<| tag == 'ssh::server::allow::archvsync' |>>
 }
diff --git a/modules/roles/manifests/mirrormaster.pp b/modules/roles/manifests/mirrormaster.pp
index 2d8d7d17c..510f63168 100644
--- a/modules/roles/manifests/mirrormaster.pp
+++ b/modules/roles/manifests/mirrormaster.pp
@@ -3,7 +3,7 @@
 class roles::mirrormaster(
 ) {
   @@ferm::rule::simple { "dsa-ssh-from-mirrormaster-${::fqdn}":
-    tag         => 'ssh::server::allow',
+    tag         => 'ssh::server::allow::archvsync',
     description => 'Allow ssh access from the mirrormaster',
     port        => '22',
     saddr       => $base::public_addresses,