X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fkeyring.pp;h=cbdee86402400713a55887da8e4e82db7b22533a;hb=1243bf252a0fc453755439a860e90a6d0fd30f48;hp=f9e181d47a693b73530c59458c29d30c31709bd1;hpb=3d7b5c94261b98c299d7e68baa4eedb59d1b6a73;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/keyring.pp b/modules/roles/manifests/keyring.pp
index f9e181d47..cbdee8640 100644
--- a/modules/roles/manifests/keyring.pp
+++ b/modules/roles/manifests/keyring.pp
@@ -1,4 +1,6 @@
 class roles::keyring {
+  include apache2
+
   rsync::site { 'keyring':
     source  => 'puppet:///modules/roles/keyring/rsyncd.conf',
     sslname => 'keyring.debian.org',
@@ -14,11 +16,7 @@ class roles::keyring {
 
   $notify_address_bind = join(getfromhash($deprecated::allnodeinfo, 'denis.debian.org', 'ipHostNumber'), '; ')
 
-  ferm::rule { '01-dsa-bind':
-    domain      => '(ip ip6)',
-    description => 'Allow nameserver access',
-    rule        => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_NAGIOS $HOST_DNSPRIMARY ) )',
-  }
+  Ferm::Rule::Simple <<| tag == 'named::keyring::ferm' |>>
 
   concat::fragment { 'dsa-named-conf-puppet-misc---openpgpkey-zone':
     target  => '/etc/bind/named.conf.puppet-misc',