From 1243bf252a0fc453755439a860e90a6d0fd30f48 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 21 Sep 2019 12:18:54 +0200
Subject: [PATCH] Make ssh allow tag specific to the target (archvsync role in
 this case)

---
 modules/roles/manifests/archvsync_base.pp | 2 +-
 modules/roles/manifests/mirrormaster.pp   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/roles/manifests/archvsync_base.pp b/modules/roles/manifests/archvsync_base.pp
index c61d3fbbb..d51f26030 100644
--- a/modules/roles/manifests/archvsync_base.pp
+++ b/modules/roles/manifests/archvsync_base.pp
@@ -19,5 +19,5 @@ class roles::archvsync_base {
     target => '/home/archvsync/.ssh/authorized_keys',
   }
 
-  Ferm::Rule::Simple <<| tag == 'ssh::server::allow' |>>
+  Ferm::Rule::Simple <<| tag == 'ssh::server::allow::archvsync' |>>
 }
diff --git a/modules/roles/manifests/mirrormaster.pp b/modules/roles/manifests/mirrormaster.pp
index 2d8d7d17c..510f63168 100644
--- a/modules/roles/manifests/mirrormaster.pp
+++ b/modules/roles/manifests/mirrormaster.pp
@@ -3,7 +3,7 @@
 class roles::mirrormaster(
 ) {
   @@ferm::rule::simple { "dsa-ssh-from-mirrormaster-${::fqdn}":
-    tag         => 'ssh::server::allow',
+    tag         => 'ssh::server::allow::archvsync',
     description => 'Allow ssh access from the mirrormaster',
     port        => '22',
     saddr       => $base::public_addresses,
-- 
2.20.1