From 706a3d41c060de8527a6070e831c4e6b66fff099 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 8 Sep 2019 01:08:23 +0200
Subject: [PATCH] export staticsync ssh keys, but do not yet collect

---
 modules/roles/manifests/static_base.pp   | 11 +++++++++++
 modules/roles/manifests/static_master.pp |  5 +++++
 modules/roles/manifests/static_mirror.pp |  3 +++
 modules/roles/manifests/static_source.pp |  3 +++
 modules/roles/manifests/static_srvdir.pp |  1 +
 5 files changed, 23 insertions(+)

diff --git a/modules/roles/manifests/static_base.pp b/modules/roles/manifests/static_base.pp
index 37f4f02f3..1c8e74dcd 100644
--- a/modules/roles/manifests/static_base.pp
+++ b/modules/roles/manifests/static_base.pp
@@ -1,5 +1,16 @@
+# the base class defining tings common for all three static classes (master, mirror, source)
 class roles::static_base {
   ssh::keygen {'staticsync': }
+  ssh::authorized_key_add { 'staticsync':
+    target_user => 'staticsync',
+    command     => "/usr/local/bin/staticsync-ssh-wrap ${::fqdn}",
+    key         => $facts['staticsync_key'],
+    collect_tag => 'staticsync',
+  }
+#  ssh::authorized_key_collect { 'staticsync':
+#    target_user => 'staticsync',
+#    collect_tag => 'staticsync',
+#  }
 
   file { '/etc/static-components.conf':
     content => template('roles/static-mirroring/static-components.conf.erb'),
diff --git a/modules/roles/manifests/static_master.pp b/modules/roles/manifests/static_master.pp
index e66dc3f6e..bb4875774 100644
--- a/modules/roles/manifests/static_master.pp
+++ b/modules/roles/manifests/static_master.pp
@@ -1,3 +1,8 @@
+# static master
+#
+# each component defines exactly one static master.  Content is copied from the source host
+# to the master, and from there to all the mirrors.
+#
 class roles::static_master {
   include roles::static_base
   include roles::static_srvdir
diff --git a/modules/roles/manifests/static_mirror.pp b/modules/roles/manifests/static_mirror.pp
index 834ad2436..4b4c4085f 100644
--- a/modules/roles/manifests/static_mirror.pp
+++ b/modules/roles/manifests/static_mirror.pp
@@ -1,3 +1,6 @@
+# a static mirror
+#
+# this receives pushes from the master and then usually serves the content to the public
 class roles::static_mirror {
   include roles::static_base
   include roles::static_srvdir
diff --git a/modules/roles/manifests/static_source.pp b/modules/roles/manifests/static_source.pp
index 25c99a98f..b34db3f3d 100644
--- a/modules/roles/manifests/static_source.pp
+++ b/modules/roles/manifests/static_source.pp
@@ -1,3 +1,6 @@
+# a static source
+#
+# origin of static content.  From here it goes to the static master before that one pushes it to the mirrors
 class roles::static_source {
   include roles::static_base
 }
diff --git a/modules/roles/manifests/static_srvdir.pp b/modules/roles/manifests/static_srvdir.pp
index 067b361d6..5a87bd31a 100644
--- a/modules/roles/manifests/static_srvdir.pp
+++ b/modules/roles/manifests/static_srvdir.pp
@@ -1,3 +1,4 @@
+# create the directory on static hosts and disable backups
 class roles::static_srvdir {
   file { '/srv/static.debian.org':
     ensure => directory,
-- 
2.20.1