http rate limiting for dynamic hosts also on v6

[mirror/dsa-puppet.git] / modules / apache2 / manifests / init.pp

diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp
index 8aacde9..14c2ff7 100644 (file)
--- a/modules/apache2/manifests/init.pp
+++ b/modules/apache2/manifests/init.pp
@@ -154,7 +154,7 @@ class apache2 {
        }
 
        if (! has_role('apache_not_public')) {
-               if $::hostname in [beach,buxtehude,picconi,pkgmirror-csail] {
+               if has_role('apache_ratelimited') {
                        include apache2::dynamic
                } else {
                        @ferm::rule { 'dsa-http':
@@ -162,13 +162,13 @@ class apache2 {
                                description => 'Allow web access',
                                rule        => '&SERVICE(tcp, (http https))'
                        }
-               }
 
-               @ferm::rule { 'dsa-http-v6':
-                       domain          => '(ip6)',
-                       prio            => '23',
-                       description     => 'Allow web access',
-                       rule            => '&SERVICE(tcp, (http https))'
+                       @ferm::rule { 'dsa-http-v6':
+                               domain          => '(ip6)',
+                               prio            => '23',
+                               description     => 'Allow web access',
+                               rule            => '&SERVICE(tcp, (http https))'
+                       }
                }
        }