projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
bgp -> hiera role
[mirror/dsa-puppet.git] / modules / roles / manifests / bgp.pp
diff --git a/modules/roles/manifests/bgp.pp b/modules/roles/manifests/bgp.pp
index 9e1cdf5..ffcadc1 100644 (file)
--- a/modules/roles/manifests/bgp.pp
+++ b/modules/roles/manifests/bgp.pp
@@ -1,22 +1,13 @@
-class roles::bgp {
-       $bgp_peers = $::hostname ? {
-               mirror-accumu => '2001:6b0:1e:2::1c6/128 130.242.6.198/32',
-               mirror-skroutz => '2a03:e40:42:200::151:1/128 2a03:e40:42:200::151:2/128 154.57.0.249/32 154.57.0.250',
-               default       => undef,
-       }
-
-       if ! $bgp_peers {
-               fail("Do not have bgp_peers set for $::hostname.")
-       }
-
-       ferm::rule { 'dsa-bgp':
-               description => 'Allow BGP from peers',
-               domain      => '(ip ip6)',
-               rule        => "&SERVICE_RANGE(tcp, bgp, ($bgp_peers))"
-       }
-
-       file { '/etc/network/interfaces.d/anycasted':
-               content => template('roles/anycast/interfaces.erb')
-       }
-
+class roles::bgp(
+  Array[Stdlib::IP::Address] $peers,
+){
+  ferm::rule::simple { 'dsa-bgp':
+    description => 'Allow BGP from peers',
+    ports       => 'bgp',
+    saddr       => $peers,
+  }
+
+  file { '/etc/network/interfaces.d/anycasted':
+    content => template('roles/anycast/interfaces.erb')
+  }
 }
Unnamed repository; edit this file 'description' to name the repository.