lotti for president^Wloghost

Signed-off-by: Martin Zobel-Helas <zobel@debian.org>

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 379161fa1cc7056ce2730d5bf8d51bf7977e5d83..f00dc4f3378401206478c6f6cdad388f1f4a590c 100644 (file)
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -60,7 +60,7 @@ class ferm::per-host {
                 rule            => "&SERVICE_RANGE(tcp, rsync, ( 195.20.242.90 192.25.206.33 82.195.75.106 206.12.19.118 ))"
             }
         }
-        heininen: {
+        heininen,lotti: {
             @ferm::rule { "dsa-syslog":
                 description     => "Allow syslog access",
                 rule            => "&SERVICE_RANGE(tcp, 5140, \$HOST_DEBIAN_V4)"

diff --git a/modules/ferm/templates/me.conf.erb b/modules/ferm/templates/me.conf.erb
index f1f9ad15e782de578000e793663dc4c3df3388ee..a817428fdcffb325e023a5659fc8814fa7bb69f2 100644 (file)
--- a/modules/ferm/templates/me.conf.erb
+++ b/modules/ferm/templates/me.conf.erb
@@ -6,7 +6,7 @@
 <%=
 out = []
 
-restrict_ssh = %w{lebrun logtest01 geo1 geo2 geo3 bartok beethoven tchaikovsky schroeder heininen handel}
+restrict_ssh = %w{lebrun logtest01 geo1 geo2 geo3 bartok beethoven tchaikovsky schroeder heininen handel lotti}
 
 ssh4allowed = []
 ssh6allowed = []

diff --git a/templates/syslog-ng.conf.erb b/templates/syslog-ng.conf.erb
index f60820d03758666d7e30540b1a8365a592e3eba3..f8b1b3cb400d08ca08c08cd8d67a2008c33f1829 100644 (file)
--- a/templates/syslog-ng.conf.erb
+++ b/templates/syslog-ng.conf.erb
@@ -82,7 +82,7 @@ options {
        # is not a real hostname.
        bad_hostname("^gconfd$");
 
-<%- if hostname == "heininen" -%>
+<%- if (hostname == "heininen") || (hostname == "lotti") -%>
        # we trust our mutual authenticated syslog clients
        keep_hostname(yes);
 <%- end -%>
@@ -125,7 +125,7 @@ source s_local {
 <%- end -%>
 };
 
-<%-  if hostname == "heininen" -%>
+<%- if (hostname == "heininen") || (hostname == "lotti") -%>
 source s_network {
        tcp6(port(5140) max-connections(200)
                tls( key_file("/etc/exim4/ssl/thishost.key")
@@ -403,7 +403,7 @@ log {
 <%- end -%>
 
 
-<%- if hostname != "heininen" -%>
+<%- if (hostname != "heininen") || (hostname != "lotti") -%>
  <%- if has_variable?("syslogversion") and syslogversion.to_s == "3" -%>
 destination loghost-heininen {
        tcp("heininen.debian.org" port (5140)
@@ -413,18 +413,27 @@ destination loghost-heininen {
                )
        );
 };
+destination loghost-lotti {
+       tcp("lotti.debian.org" port (5140)
+               tls( key_file("/etc/ssl/debian/keys/thishost.key")
+                    cert_file("/etc/ssl/debian/certs/thishost.crt")
+                    ca_dir("/etc/ssl/debian/certs/")
+               )
+       );
+};
 
 
 log {
        source(s_local);
        destination(loghost-heininen);
+       destination(loghost-lotti);
 };
  <%- end -%>
 <%- end -%>
 
 
 
-<%- if hostname == "heininen" -%>
+<%- if (hostname == "heininen") || (hostname == "lotti") -%>
 ###############################################################################
 ########## ON LOG HOST ########################################################
 ###############################################################################