X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=modules%2Fbacula%2Fmanifests%2Fdirector.pp;h=55133e6ec7ac8950c53e7fa198fe6f4e9f0264e6;hb=21689b3c102fc2ff843e7e1483e062e715a0548a;hp=e4ec300a46da060d7fdbcf7169558569393b29a8;hpb=24209e7e6b108808f537cd218fc95ac6a1bfdb47;p=dsa-puppet.git

diff --git a/modules/bacula/manifests/director.pp b/modules/bacula/manifests/director.pp
index e4ec300a..55133e6e 100644
--- a/modules/bacula/manifests/director.pp
+++ b/modules/bacula/manifests/director.pp
@@ -18,6 +18,7 @@ class bacula::director inherits bacula {
       ensure  => directory,
       mode => 755,
       group => bacula,
+      purge => true,
       notify  => Exec["bacula-director restart"]
       ;
     "/etc/bacula/bacula-dir.conf":
@@ -39,6 +40,7 @@ class bacula::director inherits bacula {
     # These must be kept in sync with the settings in bacula.pp
     $bacula_client_name       = "${name}-fd"
     $bacula_client_secret     = hmac("/etc/puppet/secret", "bacula-fd-${name}")
+    $client = $name
 
     file {
       "/etc/bacula/conf.d/${name}.conf":
@@ -49,7 +51,14 @@ class bacula::director inherits bacula {
       ;
     }
   }
-  $allhosts = keys($site::allnodeinfo)
-
+#  $allhosts = keys($site::allnodeinfo)
+  $allhosts = [ "berlioz.debian.org", "biber.debian.org" ]
   bacula_client { $allhosts: }
+
+  @ferm::rule { 'dsa-bacula-dir':
+    domain      => '(ip ip6)',
+    description => 'Allow bacula access from localhost',
+    rule        => "proto tcp mod state state (NEW) dport (bacula-dir) saddr ($bacula_director_address localhost) ACCEPT",
+  }
+
 }