move pg rule from veyepar to sreview

diff --git a/modules/roles/manifests/sreview.pp b/modules/roles/manifests/sreview.pp
index 30cc47d..c9e4fec 100644 (file)
--- a/modules/roles/manifests/sreview.pp
+++ b/modules/roles/manifests/sreview.pp
@@ -1,3 +1,17 @@
 class roles::sreview {
        ssl::service { 'sreview.debian.net': notify  => Exec['service apache2 reload'], key => true, }
+
+       $now = Timestamp()
+       $date = $now.strftime('%F')
+
+       if versioncmp($date, '2019-08-15') <= 0 {
+               @ferm::rule { 'temporary-dc19-access':
+                       description     => 'temporarily allow DC19 access, cf. RT#7845',
+                       rule            => '&SERVICE_RANGE(tcp, 5432, ( 200.134.17.48/28 ))',
+               }
+       } else {
+               # also clean up pg_hba on vittoria
+               notify {"Temporary DC19 ferm rule expired, cf. RT#7845":
+                       loglevel => warning, }
+       }
 }

diff --git a/modules/roles/manifests/veyepar.pp b/modules/roles/manifests/veyepar.pp
index 4f8aa21..a602475 100644 (file)
--- a/modules/roles/manifests/veyepar.pp
+++ b/modules/roles/manifests/veyepar.pp
@@ -1,16 +1,3 @@
 class roles::veyepar {
        ssl::service { 'veyepar.debian.org': notify  => Exec['service apache2 reload'], key => true, }
-
-       $now = Timestamp()
-       $date = $now.strftime('%F')
-
-       if versioncmp($date, '2019-08-15') <= 0 {
-               @ferm::rule { 'temporary-dc19-access':
-                       description     => 'temporarily allow DC19 access, cf. RT#7845',
-                       rule            => '&SERVICE_RANGE(tcp, 5432, ( 200.134.17.48/28 ))',
-               }
-       } else {
-               notify {"Temporary DC19 ferm rule expired, cf. RT#7845":
-                       loglevel => warning, }
-       }
 }