restricted ssh access to geo machines as well

[mirror/dsa-puppet.git] / modules / ferm / templates / me.conf.erb

diff --git a/modules/ferm/templates/me.conf.erb b/modules/ferm/templates/me.conf.erb
index e69de29..2a4a1e3 100644 (file)
--- a/modules/ferm/templates/me.conf.erb
+++ b/modules/ferm/templates/me.conf.erb
@@ -0,0 +1,35 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+
+@def $SSH_SOURCES = (<%=
+
+sshallowed = []
+
+case hostname
+  when 'logtest01', 'geo1', 'geo2', 'geo3' then sshallowed << [ '$DSA_IPS', '$HOST_NAGIOS_V4', '$HOST_DB_V4' ]
+end
+
+if sshallowed.length == 0
+  sshallowed = [ '0.0.0.0' ]
+end
+
+sshallowed.join(' ')
+%>);
+
+@def $SSH_V6_SOURCES = (<%=
+
+sshallowed = []
+
+case hostname
+  when 'logtest01', 'geo1', 'geo2', 'geo3' then sshallowed << [ '$DSA_V6_IPS', '$HOST_NAGIOS_V6', '$HOST_DB_V6' ]
+end
+
+if sshallowed.length == 0
+  sshallowed = [ '::' ]
+end
+
+sshallowed.join(' ')
+%>);