Give arrays another try

[dsa-puppet.git] / modules / roles / manifests / static_base.pp

diff --git a/modules/roles/manifests/static_base.pp b/modules/roles/manifests/static_base.pp
index e062a9e5191425891bc86ef57dda1c0ad139d07a..216c9bf9b57bc40fdb07b10294b15e5b1ef28756 100644 (file)
--- a/modules/roles/manifests/static_base.pp
+++ b/modules/roles/manifests/static_base.pp
@@ -9,4 +9,27 @@ class roles::static_base {
        file { '/etc/static-components.conf':
                source => 'puppet:///modules/roles/static-mirroring/static-components.conf',
        }
+
+       file { '/etc/ssh/userkeys/staticsync':
+               content => template('roles/static-mirroring/staticsync-authorized_keys.erb'),
+       }
+
+       file { '/usr/local/bin/staticsync-ssh-wrap':
+               source => 'puppet:///modules/roles/static-mirroring/staticsync-ssh-wrap',
+               mode   => '0555',
+       }
+       file { '/usr/local/bin/static-mirror-ssh-wrap': ensure => absent; }
+       file { '/usr/local/bin/static-master-ssh-wrap': ensure => absent; }
+
+       @ferm::rule { 'dsa-static-bt-v4':
+               description => 'Allow bt between static hosts',
+               rule        => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881:6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V4) ACCEPT; }',
+               notarule    => true,
+       }
+       @ferm::rule { 'dsa-static-bt-v6':
+               description => 'Allow bt between static hosts',
+               domain      => 'ip6',
+               rule        => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881:6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V6) ACCEPT; }',
+               notarule    => true,
+       }
 }