eximconf: flag mail claiming to be from Debian's webmail administrators

[mirror/dsa-puppet.git] / modules / nagios / manifests / client.pp

diff --git a/modules/nagios/manifests/client.pp b/modules/nagios/manifests/client.pp
index 710378c..d86b39c 100644 (file)
--- a/modules/nagios/manifests/client.pp
+++ b/modules/nagios/manifests/client.pp
@@ -13,17 +13,7 @@ class nagios::client inherits nagios {
     pattern   => 'nrpe',
   }
 
-  ferm::rule { 'dsa-nagios-v4':
-    description => 'Allow nrpe from nagios master',
-    rule        => 'proto tcp mod state state (NEW) dport (5666) @subchain \'nagios\' { saddr ($HOST_NAGIOS_V4) ACCEPT; }',
-    notarule    => true,
-  }
-  ferm::rule { 'dsa-nagios-v6':
-    description => 'Allow nrpe from nagios master',
-    domain      => 'ip6',
-    rule        => 'proto tcp mod state state (NEW) dport (5666) @subchain \'nagios\' { saddr ($HOST_NAGIOS_V6) ACCEPT; }',
-    notarule    => true,
-  }
+  Ferm::Rule::Simple <<| tag == 'nagios-nrpe::server' |>>
 
   file { '/etc/default/nagios-nrpe-server':
     source  => 'puppet:///modules/nagios/common/default',
@@ -51,10 +41,19 @@ class nagios::client inherits nagios {
     source  => 'puppet:///files/empty/',
     notify  => Service['nagios-nrpe-server'],
   }
-  file { '/etc/nagios/nrpe.d/debianorg.cfg':
+
+  concat { '/etc/nagios/nrpe.d/debianorg.cfg':
+    ensure_newline => true,
+    warn           => '# This file is maintained with puppet',
+    notify         => Service['nagios-nrpe-server'],
+    mode           => '0444',
+  }
+  concat::fragment { 'nrpe-debian-staticchecks':
+    target  => '/etc/nagios/nrpe.d/debianorg.cfg',
     content => template('nagios/inc-debian.org.erb'),
-    notify  => Service['nagios-nrpe-server'],
   }
+  Concat::Fragment <<| tag == 'nagios-nrpe::server::debianorg.cfg' |>>
+
   file { '/etc/nagios/nrpe.d/nrpe_dsa.cfg':
     source => 'puppet:///modules/nagios/dsa-nagios/generated/nrpe_dsa.cfg',
     notify => Service['nagios-nrpe-server'],