stop using virtual resources for ferm::rule

[mirror/dsa-puppet.git] / modules / bacula / manifests / client.pp

diff --git a/modules/bacula/manifests/client.pp b/modules/bacula/manifests/client.pp
index f8f83f2..3027930 100644 (file)
--- a/modules/bacula/manifests/client.pp
+++ b/modules/bacula/manifests/client.pp
@@ -5,6 +5,14 @@ class bacula::client inherits bacula {
                @@bacula::node { $::fqdn:
                        bacula_client_port => $bacula::bacula_client_port,
                }
+
+               @@concat::fragment { "bacula-dsa-client-list::$fqdn":
+                       target => $bacula::bacula_dsa_client_list ,
+                       content  => @("EOF"),
+                                       ${fqdn}
+                                       | EOF
+                       tag     => $bacula::tag_bacula_dsa_client_list,
+               }
        }
 
        package { ['bacula-fd']:
@@ -55,7 +63,7 @@ class bacula::client inherits bacula {
                file { '/etc/systemd/system/bacula-fd.service.d/user.conf':
                        ensure  => absent,
                }
-               systemd::override { 'bacula-fd':
+               dsa_systemd::override { 'bacula-fd':
                        content => @(EOT)
                                [Service]
                                ExecStart=
@@ -66,28 +74,14 @@ class bacula::client inherits bacula {
                file { '/etc/systemd/system/bacula-fd.service.d/user.conf':
                        ensure  => absent,
                }
-               systemd::override { 'bacula-fd':
+               dsa_systemd::override { 'bacula-fd':
                        ensure  => absent,
                }
        }
 
-       @ferm::rule { 'dsa-bacula-fd-v4':
-               domain      => '(ip)',
+       ferm::rule { 'dsa-bacula-fd':
+               domain      => '(ip ip6)',
                description => 'Allow bacula access from storage and director',
-               rule        => "proto tcp mod state state (NEW) dport (${bacula_client_port}) saddr (${bacula_director_ip}) ACCEPT",
-       }
-
-       #@ferm::rule { 'dsa-bacula-fd-v6':
-       #       domain      => '(ip6)',
-       #       description => 'Allow bacula access from storage and director',
-       #       rule        => "proto tcp mod state state (NEW) dport (bacula-fd) saddr (${bacula_director_ip6}) ACCEPT",
-       #}
-
-       @@concat::fragment { "bacula-dsa-client-list::$fqdn":
-               target => $bacula::bacula_dsa_client_list ,
-               content  => @("EOF"),
-                               ${fqdn}
-                               | EOF
-               tag     => $bacula::tag_bacula_dsa_client_list,
+               rule        => "proto tcp mod state state (NEW) dport (${bacula_client_port}) saddr (${bacula_director_ip_addrs}) ACCEPT",
        }
 }