From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 7 Sep 2019 15:57:36 +0000 (+0200)
Subject: gitolite pushes puppetmaster
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=bcfae1987dab61d5489ae4b47db88baec5f2c7dc;p=mirror%2Fdsa-puppet.git

gitolite pushes puppetmaster
---

diff --git a/modules/ferm/templates/me.conf.erb b/modules/ferm/templates/me.conf.erb
index f9ca22f9d..779a8b513 100644
--- a/modules/ferm/templates/me.conf.erb
+++ b/modules/ferm/templates/me.conf.erb
@@ -44,10 +44,6 @@ if restrict_ssh.include?(@hostname) then
 		ssh4allowed << %w{$HOST_DEBIAN_V4}
 		ssh6allowed << %w{$HOST_DEBIAN_V6}
 	end
-	if classes.include?('roles::puppetmaster') then
-		ssh4allowed << "82.195.75.75" # adayevskaya
-		ssh6allowed << "2001:41b8:202:deb:1b1b::75" # adayevskaya
-	end
 	if scope.function_has_role(['dns_primary']) then
 		ssh4allowed << "82.195.75.75" # adayevskaya
 		ssh6allowed << "2001:41b8:202:deb:1b1b::75" # adayevskaya
diff --git a/modules/roles/manifests/dsa_gitolite.pp b/modules/roles/manifests/dsa_gitolite.pp
index 32c5d1563..3151718cc 100644
--- a/modules/roles/manifests/dsa_gitolite.pp
+++ b/modules/roles/manifests/dsa_gitolite.pp
@@ -1,7 +1,6 @@
 # dsa's gitolite host
 class roles::dsa_gitolite {
-  # we push the dsa-wiki build host
-  #
+  # we push various things
   $key = $facts['git_key']
 
   if ($key) {
@@ -11,5 +10,12 @@ class roles::dsa_gitolite {
       key         => $facts['git_key'],
       collect_tag => 'dsa_wiki_buildhost',
     }
+
+    ssh::authorized_key_add { 'dsa_gitolite::puppetmaster':
+      target_user => 'dsa',
+      command     => '/srv/puppet.debian.org/bin/update-git',
+      key         => $facts['git_key'],
+      collect_tag => 'puppetmaster',
+    }
   }
 }