From: Julien Cristau <jcristau@debian.org>
Date: Wed, 27 Sep 2017 09:48:13 +0000 (+0200)
Subject: Restrict ssh to anycast and static mirrors
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=162626172d5eaaa017e69ee990842c89272fc60e;p=mirror%2Fdsa-puppet.git

Restrict ssh to anycast and static mirrors
---

diff --git a/modules/ferm/templates/me.conf.erb b/modules/ferm/templates/me.conf.erb
index 7ebd7e2c0..63268d6ca 100644
--- a/modules/ferm/templates/me.conf.erb
+++ b/modules/ferm/templates/me.conf.erb
@@ -7,7 +7,7 @@
 nodeinfo = scope.lookupvar('site::nodeinfo')
 out = []
 
-restricted_purposes = ['kvm host', 'central syslog server', 'puppet master', 'jumphost', 'buildd']
+restricted_purposes = ['kvm host', 'central syslog server', 'puppet master', 'jumphost', 'buildd', 'anycast mirror', 'static-mirror']
 restrict_ssh = %w{tchaikovsky draghi adayevskaya}
 
 if (nodeinfo['ldap'].has_key?('purpose')) then