From 1dee729d00307f93d600b5bb6902494bd30a4484 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Mon, 30 Sep 2019 08:13:43 +0200
Subject: [PATCH 1/1] Move kaufmann keyserver fw into keyring role

---
 modules/ferm/manifests/per_host.pp | 7 -------
 modules/roles/manifests/keyring.pp | 4 ++++
 2 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/modules/ferm/manifests/per_host.pp b/modules/ferm/manifests/per_host.pp
index 7c9e170a4..db1fdeb1f 100644
--- a/modules/ferm/manifests/per_host.pp
+++ b/modules/ferm/manifests/per_host.pp
@@ -10,13 +10,6 @@ class ferm::per_host {
         rule        => '&SERVICE_RANGE(tcp, 3493, ( 82.195.75.64/26 192.168.43.0/24 ))'
       }
     }
-    kaufmann: {
-      ferm::rule { 'dsa-hkp':
-        domain      => '(ip ip6)',
-        description => 'Allow hkp access',
-        rule        => '&SERVICE(tcp, 11371)'
-      }
-    }
     gombert: {
       ferm::rule { 'dsa-infinoted':
         domain      => '(ip ip6)',
diff --git a/modules/roles/manifests/keyring.pp b/modules/roles/manifests/keyring.pp
index cbdee8640..11be4ea63 100644
--- a/modules/roles/manifests/keyring.pp
+++ b/modules/roles/manifests/keyring.pp
@@ -16,6 +16,10 @@ class roles::keyring {
 
   $notify_address_bind = join(getfromhash($deprecated::allnodeinfo, 'denis.debian.org', 'ipHostNumber'), '; ')
 
+  ferm::rule::simple { 'keyserver':
+    port => 11371
+  }
+
   Ferm::Rule::Simple <<| tag == 'named::keyring::ferm' |>>
 
   concat::fragment { 'dsa-named-conf-puppet-misc---openpgpkey-zone':
-- 
2.20.1