From b018cf71e4e6f0203b1a5048f75c7c01926f3199 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 21 Sep 2019 12:35:09 +0200
Subject: [PATCH] So now we have ssh::server::from and ssh::server::to,
 hopefully making it more clear

---
 modules/roles/manifests/ftp_master.pp      |  2 +-
 modules/roles/manifests/ports_master.pp    |  2 +-
 modules/roles/manifests/security_master.pp |  2 +-
 modules/roles/manifests/syncproxy.pp       | 10 +++++-----
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/modules/roles/manifests/ftp_master.pp b/modules/roles/manifests/ftp_master.pp
index 10b5bb6f1..c73347932 100644
--- a/modules/roles/manifests/ftp_master.pp
+++ b/modules/roles/manifests/ftp_master.pp
@@ -14,7 +14,7 @@ class roles::ftp_master {
 
   # export ssh allow rules for hosts that we should be able to access
   @@ferm::rule::simple { "dsa-ssh-from-ftp_master-${::fqdn}":
-    tag         => 'ssh::server::allow::ftp_master',
+    tag         => 'ssh::server::from::ftp_master',
     description => 'Allow ssh access from ftp_master',
     port        => '22',
     saddr       => $base::public_addresses,
diff --git a/modules/roles/manifests/ports_master.pp b/modules/roles/manifests/ports_master.pp
index 5dc609d04..ffc24c37c 100644
--- a/modules/roles/manifests/ports_master.pp
+++ b/modules/roles/manifests/ports_master.pp
@@ -21,7 +21,7 @@ class roles::ports_master {
 
   # export ssh allow rules for hosts that we should be able to access
   @@ferm::rule::simple { "dsa-ssh-from-ports_master-${::fqdn}":
-    tag         => 'ssh::server::allow::ports_master',
+    tag         => 'ssh::server::from::ports_master',
     description => 'Allow ssh access from ports-master',
     port        => '22',
     saddr       => $base::public_addresses,
diff --git a/modules/roles/manifests/security_master.pp b/modules/roles/manifests/security_master.pp
index 702e2e2ae..6dd5fce67 100644
--- a/modules/roles/manifests/security_master.pp
+++ b/modules/roles/manifests/security_master.pp
@@ -14,7 +14,7 @@ class roles::security_master {
 
   # export ssh allow rules for hosts that we should be able to access
   @@ferm::rule::simple { "dsa-ssh-from-security_master-${::fqdn}":
-    tag         => 'ssh::server::allow::security_master',
+    tag         => 'ssh::server::from::security_master',
     description => 'Allow ssh access from security_master',
     port        => '22',
     saddr       => $base::public_addresses,
diff --git a/modules/roles/manifests/syncproxy.pp b/modules/roles/manifests/syncproxy.pp
index 623393ffc..e81bf8eda 100644
--- a/modules/roles/manifests/syncproxy.pp
+++ b/modules/roles/manifests/syncproxy.pp
@@ -69,7 +69,7 @@ class roles::syncproxy {
   }
 
   @@ferm::rule::simple { "dsa-ssh-from-syncproxy-${::fqdn}":
-    tag         => 'ssh::server::allow::syncproxy',
+    tag         => 'ssh::server::from::syncproxy',
     description => 'Allow ssh access from a syncproxy',
     port        => '22',
     saddr       => $base::public_addresses,
@@ -77,9 +77,9 @@ class roles::syncproxy {
 
   # syncproxies should be accessible from various role hosts
   Ferm::Rule::Simple <<|
-    tag == 'ssh::server::allow::archvsync' or
-    tag == 'ssh::server::allow::ftp_master' or
-    tag == 'ssh::server::allow::ports_master' or
-    tag == 'ssh::server::allow::security_master'
+    tag == 'ssh::server::from::syncproxy' or
+    tag == 'ssh::server::from::ftp_master' or
+    tag == 'ssh::server::from::ports_master' or
+    tag == 'ssh::server::from::security_master'
     |>>
 }
-- 
2.20.1