From: Peter Palfrader <peter@palfrader.org>
Date: Fri, 1 Sep 2017 11:49:36 +0000 (+0000)
Subject: salsa: allow postgresql connections from backuphosts through firewall
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=e90ff033b42adf4dae4f40f79accb290469351c4;p=mirror%2Fdsa-puppet.git

salsa: allow postgresql connections from backuphosts through firewall
---

diff --git a/modules/salsa/manifests/database.pp b/modules/salsa/manifests/database.pp
index b363b7928..e2793c1e2 100644
--- a/modules/salsa/manifests/database.pp
+++ b/modules/salsa/manifests/database.pp
@@ -35,4 +35,10 @@ class salsa::database inherits salsa {
 			tag     => "postgresql::server::backup-source-sshkey",
 		}
 	}
+
+	@ferm::rule { "dsa-postgres-${postgresql::params::port}":
+		description => 'Allow postgress access from backup host',
+		domain      => '(ip ip6)',
+		rule        => "&SERVICE_RANGE(tcp, ${postgresql::params::port}, ( @ipfilter(\$HOST_PGBACKUPHOST) ))",
+	}
 }