From: Peter Palfrader <peter@palfrader.org>
Date: Fri, 13 Sep 2019 11:22:47 +0000 (+0200)
Subject: re-enable puppet access
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=f7adabc11f4b86313d541b2007570cf3e475320b;p=mirror%2Fdsa-puppet.git

re-enable puppet access
---

diff --git a/modules/puppetmaster/manifests/init.pp b/modules/puppetmaster/manifests/init.pp
index 28120f4bf..72eae64e4 100644
--- a/modules/puppetmaster/manifests/init.pp
+++ b/modules/puppetmaster/manifests/init.pp
@@ -10,15 +10,11 @@ class puppetmaster {
 		source => 'puppet:///modules/puppetmaster/puppetdb.conf'
 	}
 
-	#ferm::rule { 'dsa-puppet':
-	#	description     => 'Allow puppet access',
-	#	rule            => '&SERVICE_RANGE(tcp, 8140, $HOST_DEBIAN_V4)'
-	#}
-	#ferm::rule { 'dsa-puppet-v6':
-	#	domain          => 'ip6',
-	#	description     => 'Allow puppet access',
-	#	rule            => '&SERVICE_RANGE(tcp, 8140, $HOST_DEBIAN_V6)'
-	#}
+	ferm::rule { 'dsa-puppet':
+		description     => 'Allow puppet access',
+		domain          => '(ip ip6)',
+		rule            => '&SERVICE_RANGE(tcp, 8140, $HOST_DEBIAN)',
+	}
 
 	file { '/srv/puppet.debian.org/puppet-facts':
 		ensure => directory