projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Have the tracker role declare its exim virtualdomain
[mirror/dsa-puppet.git] / modules / ferm / templates / me.conf.erb
diff --git a/modules/ferm/templates/me.conf.erb b/modules/ferm/templates/me.conf.erb
index 615f633..829d71a 100644 (file)
--- a/modules/ferm/templates/me.conf.erb
+++ b/modules/ferm/templates/me.conf.erb
@@ -25,8 +25,9 @@ should_restrict = restrict_ssh.include?(@hostname)
 
 
 if should_restrict then
-       ssh4allowed << %w{$DSA_IPS    $HOST_NAGIOS_V4 $HOST_MUNIN_V4 $HOST_DB_V4}
-       ssh6allowed << %w{$DSA_V6_IPS $HOST_NAGIOS_V6 $HOST_MUNIN_V6 $HOST_DB_V6}
+       # draghi makes for a nice jumphost
+       ssh4allowed << %w{$DSA_IPS    $HOST_NAGIOS_V4 $HOST_MUNIN_V4  82.195.75.106}
+       ssh6allowed << %w{$DSA_V6_IPS $HOST_NAGIOS_V6 $HOST_MUNIN_V6  2001:41b8:202:deb:1a1a:0:52c3:4b6a}
 
        if %w{draghi}.include?(@hostname) then
                ssh4allowed << '$HOST_DEBIAN_V4'
@@ -39,39 +40,6 @@ if should_restrict then
                ssh4allowed << %w{$HOST_DEBIAN_V4}
                ssh6allowed << %w{$HOST_DEBIAN_V6}
        end
-
-       if scope.function_has_role(['debian_mirror']) or
-          scope.function_has_role(['security_mirror']) or
-          scope.function_has_role(['debug_mirror']) or
-          scope.function_has_role(['historical_mirror']) or
-          scope.function_has_role(['syncproxy']) then
-               ssh4allowed << '$HOST_MIRRORMASTER_V4'
-               ssh6allowed << '$HOST_MIRRORMASTER_V6'
-       end
-       if scope.function_has_role(['debian_mirror']) or
-          scope.function_has_role(['syncproxy']) then
-               ssh4allowed << '$HOST_SYNCPROXY_V4'
-               ssh6allowed << '$HOST_SYNCPROXY_V6'
-       end
-       if scope.function_has_role(['security_mirror']) or
-          scope.function_has_role(['syncproxy']) then
-               ssh4allowed << '$HOST_SECMASTER_V4'
-               ssh6allowed << '$HOST_SECMASTER_V6'
-       end
-       if scope.function_has_role(['historical_mirror']) then
-               ssh4allowed << '$HOST_ARCHIVEMASTER_V4'
-               ssh6allowed << '$HOST_ARCHIVEMASTER_V6'
-       end
-       if scope.function_has_role(['syncproxy']) then
-               ssh4allowed << '$HOST_FTPMASTER_V4'
-               ssh6allowed << '$HOST_FTPMASTER_V6'
-               ssh4allowed << '$HOST_PORTSMASTER_V4'
-               ssh6allowed << '$HOST_PORTSMASTER_V6'
-       end
-       if scope.function_has_role(['debug_mirror']) then
-               ssh4allowed << '$HOST_FTPMASTER_V4'
-               ssh6allowed << '$HOST_FTPMASTER_V6'
-       end
 end
 ssh4allowed.length == 0 and ssh4allowed << '0.0.0.0/0'
 ssh6allowed.length == 0 and ssh6allowed << '::/0'
Unnamed repository; edit this file 'description' to name the repository.