From: Peter Palfrader Date: Mon, 30 Sep 2019 06:13:43 +0000 (+0200) Subject: Move kaufmann keyserver fw into keyring role X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=1dee729d00307f93d600b5bb6902494bd30a4484;p=mirror%2Fdsa-puppet.git Move kaufmann keyserver fw into keyring role --- diff --git a/modules/ferm/manifests/per_host.pp b/modules/ferm/manifests/per_host.pp index 7c9e170a4..db1fdeb1f 100644 --- a/modules/ferm/manifests/per_host.pp +++ b/modules/ferm/manifests/per_host.pp @@ -10,13 +10,6 @@ class ferm::per_host { rule => '&SERVICE_RANGE(tcp, 3493, ( 82.195.75.64/26 192.168.43.0/24 ))' } } - kaufmann: { - ferm::rule { 'dsa-hkp': - domain => '(ip ip6)', - description => 'Allow hkp access', - rule => '&SERVICE(tcp, 11371)' - } - } gombert: { ferm::rule { 'dsa-infinoted': domain => '(ip ip6)', diff --git a/modules/roles/manifests/keyring.pp b/modules/roles/manifests/keyring.pp index cbdee8640..11be4ea63 100644 --- a/modules/roles/manifests/keyring.pp +++ b/modules/roles/manifests/keyring.pp @@ -16,6 +16,10 @@ class roles::keyring { $notify_address_bind = join(getfromhash($deprecated::allnodeinfo, 'denis.debian.org', 'ipHostNumber'), '; ') + ferm::rule::simple { 'keyserver': + port => 11371 + } + Ferm::Rule::Simple <<| tag == 'named::keyring::ferm' |>> concat::fragment { 'dsa-named-conf-puppet-misc---openpgpkey-zone':