From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 21 Sep 2019 10:39:32 +0000 (+0200)
Subject: Add a minimal historical_master (archive.debian.org-master) role.
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=95d4676629882d9881f75d1b6d45b79db57559a8;p=mirror%2Fdsa-puppet.git

Add a minimal historical_master (archive.debian.org-master) role.

The master does not have any special rsync config that is not also
preesnt on the mirrors (and currently the historical master also is a
historical mirror).
---

diff --git a/hieradata/nodes/sibelius.debian.org.yaml b/hieradata/nodes/sibelius.debian.org.yaml
new file mode 100644
index 000000000..014297365
--- /dev/null
+++ b/hieradata/nodes/sibelius.debian.org.yaml
@@ -0,0 +1,3 @@
+---
+classes:
+  - roles::historical_master
diff --git a/modules/roles/manifests/historical_master.pp b/modules/roles/manifests/historical_master.pp
new file mode 100644
index 000000000..248c832cb
--- /dev/null
+++ b/modules/roles/manifests/historical_master.pp
@@ -0,0 +1,9 @@
+class roles::historical_master {
+  # export ssh allow rules for hosts that we should be able to access
+  @@ferm::rule::simple { "dsa-ssh-from-historical_master-${::fqdn}":
+    tag         => 'ssh::server::from::historical_master',
+    description => 'Allow ssh access from historical-master',
+    port        => '22',
+    saddr       => $base::public_addresses,
+  }
+}