X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Froles%2Fmanifests%2Fsreview.pp;h=1bc91edd8d08360bca8cc2b596b46b2182b209ce;hb=e1e98096227a0c09136d534a3b1a618c815cd8e9;hp=9a7afd0c6ad2c3d7d0a16ba131acd34cfad2919f;hpb=f941acf9c73167a6ac67fcacb1984d20c6f9930f;p=mirror%2Fdsa-puppet.git

diff --git a/modules/roles/manifests/sreview.pp b/modules/roles/manifests/sreview.pp
index 9a7afd0c6..1bc91edd8 100644
--- a/modules/roles/manifests/sreview.pp
+++ b/modules/roles/manifests/sreview.pp
@@ -1,3 +1,25 @@
 class roles::sreview {
-	ssl::service { 'sreview.debian.org': notify  => Exec['service apache2 reload'], key => true, }
+	ssl::service { 'sreview.debian.net': notify  => Exec['service apache2 reload'], key => true, }
+
+	$now = Timestamp()
+	$date = $now.strftime('%F')
+
+	if versioncmp($date, '2019-08-15') <= 0 {
+		ferm::rule { 'temporary-dc19-access':
+			description     => 'temporarily allow DC19 access, cf. RT#7845',
+			rule            => '&SERVICE_RANGE(tcp, 5432, ( 200.134.17.48/28 ))',
+		}
+	} else {
+		# also clean up pg_hba on vittoria
+		notify {"Temporary DC19 ferm rule expired, cf. RT#7845":
+			loglevel => warning, }
+	}
+
+	file { '/var/lib/systemd/linger':
+		ensure => directory,
+		mode   => '755',
+	}
+	file { '/var/lib/systemd/linger/sreview':
+		ensure => present,
+	}
 }