From 95d4676629882d9881f75d1b6d45b79db57559a8 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 21 Sep 2019 12:39:32 +0200
Subject: [PATCH] Add a minimal historical_master (archive.debian.org-master)
 role.

The master does not have any special rsync config that is not also
preesnt on the mirrors (and currently the historical master also is a
historical mirror).
---
 hieradata/nodes/sibelius.debian.org.yaml     | 3 +++
 modules/roles/manifests/historical_master.pp | 9 +++++++++
 2 files changed, 12 insertions(+)
 create mode 100644 hieradata/nodes/sibelius.debian.org.yaml
 create mode 100644 modules/roles/manifests/historical_master.pp

diff --git a/hieradata/nodes/sibelius.debian.org.yaml b/hieradata/nodes/sibelius.debian.org.yaml
new file mode 100644
index 000000000..014297365
--- /dev/null
+++ b/hieradata/nodes/sibelius.debian.org.yaml
@@ -0,0 +1,3 @@
+---
+classes:
+  - roles::historical_master
diff --git a/modules/roles/manifests/historical_master.pp b/modules/roles/manifests/historical_master.pp
new file mode 100644
index 000000000..248c832cb
--- /dev/null
+++ b/modules/roles/manifests/historical_master.pp
@@ -0,0 +1,9 @@
+class roles::historical_master {
+  # export ssh allow rules for hosts that we should be able to access
+  @@ferm::rule::simple { "dsa-ssh-from-historical_master-${::fqdn}":
+    tag         => 'ssh::server::from::historical_master',
+    description => 'Allow ssh access from historical-master',
+    port        => '22',
+    saddr       => $base::public_addresses,
+  }
+}
-- 
2.20.1