Merge branch 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet

[mirror/dsa-puppet.git] / manifests / site.pp

diff --git a/manifests/site.pp b/manifests/site.pp
index 0165241..d119402 100644 (file)
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -91,7 +91,7 @@ node default {
     }
 
     case $hostname {
-        logtest01,geo1,geo2,geo3,bartok,senfl,beethoven,piatti,saens,villa,lobos,raff,gluck,schein,wieck,steffani,ball: { include ferm }
+        logtest01,geo1,geo2,geo3,bartok,senfl,beethoven,piatti,saens,villa,lobos,raff,gluck,schein,wieck,steffani,ball,handel,tchaikovsky: { include ferm }
     }
     case $hostname {
         piatti: {
@@ -119,10 +119,21 @@ node default {
                    rule            => "&SERVICE(tcp, 873)"
           }
         }
-        ancina,zelenka {
+        ancina,zelenka: {
           @ferm::rule { "dsa-time":
                    description     => "Allow time access",
-                   rule            => "&SERVICE(udp, time, $HOST_NAGIOS_V4)"
+                   rule            => "&SERVICE_RANGE(tcp, time, \$HOST_NAGIOS_V4)"
+          }
+        }
+        handel: {
+          @ferm::rule { "dsa-puppet":
+                   description     => "Allow puppet access",
+                   rule            => "&SERVICE_RANGE(tcp, 8140, \$HOST_DEBIAN_V4)"
+          }
+          @ferm::rule { "dsa-puppet-v6":
+                   domain          => 'ip6',
+                   description     => "Allow puppet access",
+                   rule            => "&SERVICE_RANGE(tcp, 8140, \$HOST_DEBIAN_V6)"
           }
         }