projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Try to avoid reserved site keyword
[mirror/dsa-puppet.git] / modules / roles / manifests / keyring.pp
diff --git a/modules/roles/manifests/keyring.pp b/modules/roles/manifests/keyring.pp
index 74776d8..a411ff5 100644 (file)
--- a/modules/roles/manifests/keyring.pp
+++ b/modules/roles/manifests/keyring.pp
@@ -12,7 +12,13 @@ class roles::keyring {
 
        include named::authoritative
 
-       $notify_address = join(getfromhash($site::allnodeinfo, 'denis.debian.org', 'ipHostNumber'), "; ")
+       $notify_address_bind = join(getfromhash($deprecated::allnodeinfo, 'denis.debian.org', 'ipHostNumber'), "; ")
+
+       ferm::rule { '01-dsa-bind':
+               domain      => '(ip ip6)',
+               description => 'Allow nameserver access',
+               rule        => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_NAGIOS $HOST_DNSPRIMARY ) )',
+       }
 
        concat::fragment { 'dsa-named-conf-puppet-misc---openpgpkey-zone':
                target => '/etc/bind/named.conf.puppet-misc',
@@ -20,15 +26,15 @@ class roles::keyring {
                content  => @("EOF"),
                        zone "_openpgpkey.debian.org" {
                                type master;
-                                       file "/srv/keyring.debian.org/_openpgpkey.debian.org.zone";
-                                       allow-query { any; };
-                                       allow-transfer {
-                                               key tsig-denis.debian.org-kaufmann.debian.org ;
-                                               127.0.0.1;
-                                       };
-                                       also-notify {
-                                               $notify_address;
-                                       };
+                               file "/srv/keyring.debian.org/_openpgpkey.debian.org.zone";
+                               allow-query { any; };
+                               allow-transfer {
+                                       key tsig-denis.debian.org-kaufmann.debian.org ;
+                                       127.0.0.1;
+                               };
+                               also-notify {
+                                       $notify_address_bind;
+                               };
                        };
                        | EOF
        }
Unnamed repository; edit this file 'description' to name the repository.