X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;ds=sidebyside;f=modules%2Froles%2Fmanifests%2Fbgp.pp;fp=modules%2Froles%2Fmanifests%2Fbgp.pp;h=ffcadc1cd5aee8b13e6fdcaece0629155b293b3e;hb=9f90645c16ed191842f982c489c01e9c9e6f6d96;hp=9e1cdf500f2cc68fd45e90749182a76c09ea6ada;hpb=a4306b2a5d8694309b25e08cd111edf9c3967ec1;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/bgp.pp b/modules/roles/manifests/bgp.pp
index 9e1cdf500..ffcadc1cd 100644
--- a/modules/roles/manifests/bgp.pp
+++ b/modules/roles/manifests/bgp.pp
@@ -1,22 +1,13 @@
-class roles::bgp {
-	$bgp_peers = $::hostname ? {
-		mirror-accumu => '2001:6b0:1e:2::1c6/128 130.242.6.198/32',
-		mirror-skroutz => '2a03:e40:42:200::151:1/128 2a03:e40:42:200::151:2/128 154.57.0.249/32 154.57.0.250',
-		default       => undef,
-	}
-
-	if ! $bgp_peers {
-		fail("Do not have bgp_peers set for $::hostname.")
-	}
-
-	ferm::rule { 'dsa-bgp':
-		description => 'Allow BGP from peers',
-		domain      => '(ip ip6)',
-		rule        => "&SERVICE_RANGE(tcp, bgp, ($bgp_peers))"
-	}
-
-	file { '/etc/network/interfaces.d/anycasted':
-		content => template('roles/anycast/interfaces.erb')
-	}
-
+class roles::bgp(
+  Array[Stdlib::IP::Address] $peers,
+){
+  ferm::rule::simple { 'dsa-bgp':
+    description => 'Allow BGP from peers',
+    ports       => 'bgp',
+    saddr       => $peers,
+  }
+
+  file { '/etc/network/interfaces.d/anycasted':
+    content => template('roles/anycast/interfaces.erb')
+  }
 }