Merge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa...

[mirror/dsa-puppet.git] / modules / ferm / templates / me.conf.erb

diff --git a/modules/ferm/templates/me.conf.erb b/modules/ferm/templates/me.conf.erb
index cfb8a3e..8ed1084 100644 (file)
--- a/modules/ferm/templates/me.conf.erb
+++ b/modules/ferm/templates/me.conf.erb
@@ -4,9 +4,70 @@
 ##
 
 
-@def $SSH_SOURCES = <%
-ssh_allowed = case nodename
-  when 'logtest01' then '0.0.0.0/0'
+@def $SSH_SOURCES = (<%=
+
+sshallowed = []
+
+case hostname
+  when 'logtest01', 'geo1', 'geo2', 'geo3', 'bartok', 'beethoven' then sshallowed << [ '$DSA_IPS', '$HOST_NAGIOS_V4', '$HOST_DB_V4' ]
+end
+
+case hostname
+  when 'bartok', 'beethoven' then sshallowed << '$HOST_DEBIAN_V4'
+end
+
+if sshallowed.length == 0
+  sshallowed = [ '0.0.0.0/0' ]
+end
+
+sshallowed.join(' ')
+%>);
+
+@def $SSH_V6_SOURCES = (<%=
+
+sshallowed = []
+
+case hostname
+  when 'logtest01', 'geo1', 'geo2', 'geo3', 'bartok', 'beethoven' then sshallowed << [ '$DSA_V6_IPS', '$HOST_NAGIOS_V6', '$HOST_DB_V6' ]
+end
+
+case hostname
+  when 'bartok', 'beethoven' then sshallowed << '$HOST_DEBIAN_V6'
+end
+
+if sshallowed.length == 0
+  sshallowed = [ '::' ]
 end
-ssh_allowed
-%>
+
+sshallowed.join(' ')
+%>);
+
+def $SMTP_SOURCES =(<%=
+
+smtpallowed = []
+
+if not nodeinfo['smarthost'].empty?
+  smtpallowed = [ '$HOST_MAILRELAY_V4', '$HOST_NAGIOS_V4' ]
+end
+
+if smtpallowed.length == 0
+  smtpallowed = [ '0.0.0.0/0' ]
+end
+
+smtpallowed.join(' ')
+%>);
+
+def $SMTP_V6_SOURCES =(<%=
+
+smtpallowed = []
+
+if not nodeinfo['smarthost'].empty?
+  smtpallowed = [ '$HOST_MAILRELAY_V6', '$HOST_NAGIOS_V6' ]
+end
+
+if smtpallowed.length == 0
+  smtpallowed = [ '::' ]
+end
+
+smtpallowed.join(' ')
+%>);