Typo

[dsa-puppet.git] / modules / bacula / manifests / director.pp

diff --git a/modules/bacula/manifests/director.pp b/modules/bacula/manifests/director.pp
index 513d0968669cd58af5c1c1b829e02968003a39cd..aea69d36fed3f9c5f3fa316747a4fa85451bac89 100644 (file)
--- a/modules/bacula/manifests/director.pp
+++ b/modules/bacula/manifests/director.pp
@@ -35,13 +35,14 @@ class bacula::director inherits bacula {
       refreshonly => true;
   }
 
-  define bacula_client($client) {
+  define bacula_client() {
     # These must be kept in sync with the settings in bacula.pp
-    $bacula_client_name       = "$client-fd"
-    $bacula_client_secret     = hmac("/etc/puppet/secret", "bacula-fd-$client")
+    $bacula_client_name       = "${name}-fd"
+    $bacula_client_secret     = hmac("/etc/puppet/secret", "bacula-fd-${name}")
+    $client = $name
 
     file {
-      "/etc/bacula/conf.d/$client.conf":
+      "/etc/bacula/conf.d/${name}.conf":
       content => template("bacula/per-client.conf.erb"),
       mode => 440,
       group => bacula,
@@ -49,6 +50,14 @@ class bacula::director inherits bacula {
       ;
     }
   }
+  $allhosts = keys($site::allnodeinfo)
+
+  bacula_client { $allhosts: }
+
+  @ferm::rule { 'dsa-bacula-dir':
+    domain      => '(ip ip6)',
+    description => 'Allow bacula access from localhost',
+    rule        => "proto tcp mod state state (NEW) dport (bacula-dir) saddr ($bacula_director_address localhost) ACCEPT",
+  }
 
-  bacula_client { allnodeinfo('hostname', '') }
 }