Allow DC19 access to the PG on vittoria, re: RT#7845

diff --git a/modules/roles/manifests/veyepar.pp b/modules/roles/manifests/veyepar.pp
index a602475..4f8aa21 100644 (file)
--- a/modules/roles/manifests/veyepar.pp
+++ b/modules/roles/manifests/veyepar.pp
@@ -1,3 +1,16 @@
 class roles::veyepar {
        ssl::service { 'veyepar.debian.org': notify  => Exec['service apache2 reload'], key => true, }
+
+       $now = Timestamp()
+       $date = $now.strftime('%F')
+
+       if versioncmp($date, '2019-08-15') <= 0 {
+               @ferm::rule { 'temporary-dc19-access':
+                       description     => 'temporarily allow DC19 access, cf. RT#7845',
+                       rule            => '&SERVICE_RANGE(tcp, 5432, ( 200.134.17.48/28 ))',
+               }
+       } else {
+               notify {"Temporary DC19 ferm rule expired, cf. RT#7845":
+                       loglevel => warning, }
+       }
 }