move munin rules from conf.d to the rules dir

diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp
index a912a28..340292b 100644 (file)
--- a/modules/ferm/manifests/init.pp
+++ b/modules/ferm/manifests/init.pp
@@ -82,10 +82,26 @@ class ferm {
                content => template('ferm/defs.conf.erb'),
                notify  => Service['ferm'],
        }
+
        file { '/etc/ferm/conf.d/50-munin-interfaces.conf':
                content => template('ferm/conf.d-munin-interfaces.conf.erb'),
                notify  => Service['ferm'],
        }
+       @ferm::rule { 'dsa-munin-interfaces-in':
+               prio        => '001',
+               description => 'munin accounting',
+               chain       => 'INPUT',
+               domain      => '(ip ip6)',
+               rule        => 'daddr ($MUNIN_IPS) NOP;'
+       }
+       @ferm::rule { 'dsa-munin-interfaces-out':
+               prio        => '001',
+               description => 'munin accounting',
+               chain       => 'OUTPUT',
+               domain      => '(ip ip6)',
+               rule        => 'saddr ($MUNIN_IPS) NOP;'
+       }
+
        augeas { 'logrotate_ulogd2':
                context => '/files/etc/logrotate.d/ulogd2',
                changes => [

diff --git a/modules/ferm/templates/conf.d-munin-interfaces.conf.erb b/modules/ferm/templates/conf.d-munin-interfaces.conf.erb
index f017050..3296e54 100644 (file)
--- a/modules/ferm/templates/conf.d-munin-interfaces.conf.erb
+++ b/modules/ferm/templates/conf.d-munin-interfaces.conf.erb
@@ -12,6 +12,3 @@ rescue
        ''
 end
 %>);
-
-domain (ip ip6) { chain INPUT  { daddr ($MUNIN_IPS) NOP; } }
-domain (ip ip6) { chain OUTPUT { saddr ($MUNIN_IPS) NOP; } }