X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fpuppetmaster%2Fmanifests%2Finit.pp;h=72eae64e4bc27db2b9352f0ad828608af6dd0110;hb=f7adabc11f4b86313d541b2007570cf3e475320b;hp=f16e715bb63f30716548355174dae9813efd1bd5;hpb=64b4b975f9581f52656f8efa15624ab0593b2485;p=mirror%2Fdsa-puppet.git

diff --git a/modules/puppetmaster/manifests/init.pp b/modules/puppetmaster/manifests/init.pp
index f16e715bb..72eae64e4 100644
--- a/modules/puppetmaster/manifests/init.pp
+++ b/modules/puppetmaster/manifests/init.pp
@@ -6,15 +6,14 @@ class puppetmaster {
 	file { '/etc/puppet/hiera.yaml':
 		source => 'puppet:///modules/puppetmaster/hiera.yaml'
 	}
-
-	@ferm::rule { 'dsa-puppet':
-		description     => 'Allow puppet access',
-		rule            => '&SERVICE_RANGE(tcp, 8140, $HOST_DEBIAN_V4)'
+	file { '/etc/puppet/puppetdb.conf':
+		source => 'puppet:///modules/puppetmaster/puppetdb.conf'
 	}
-	@ferm::rule { 'dsa-puppet-v6':
-		domain          => 'ip6',
+
+	ferm::rule { 'dsa-puppet':
 		description     => 'Allow puppet access',
-		rule            => '&SERVICE_RANGE(tcp, 8140, $HOST_DEBIAN_V6)'
+		domain          => '(ip ip6)',
+		rule            => '&SERVICE_RANGE(tcp, 8140, $HOST_DEBIAN)',
 	}
 
 	file { '/srv/puppet.debian.org/puppet-facts':
@@ -23,4 +22,17 @@ class puppetmaster {
 	concat { '/srv/puppet.debian.org/puppet-facts/onionbalance-services.yaml':
 	}
 	Concat::Fragment <<| tag == "onionbalance-services.yaml" |>>
+
+	file { '/etc/cron.d/puppet-update-fastly-ips': ensure => absent, }
+	file { '/etc/cron.d/update-fastly-ips': ensure => absent, }
+	concat::fragment { 'dsa-puppet-stuff---fastly-ips':
+		target => '/etc/cron.d/dsa-puppet-stuff',
+		content  => @(EOF)
+			@daily	root	/usr/local/bin/update-fastly-ips /srv/puppet.debian.org/puppet-facts/fastly_ranges.yaml
+			| EOF
+	}
+	file { '/usr/local/bin/update-fastly-ips':
+		source => 'puppet:///modules/puppetmaster/update-fastly-ips.sh',
+		mode   => '0555',
+	}
 }