From 1cd5a0fc5ae58049e86911dedbb1f85a6b8e0da0 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Thu, 22 Aug 2019 10:47:51 +0200
Subject: [PATCH] move syslog ferm into syslog role

---
 modules/ferm/manifests/per_host.pp | 15 ---------------
 modules/roles/manifests/init.pp    |  2 +-
 modules/roles/manifests/loghost.pp | 13 +++++++++++++
 3 files changed, 14 insertions(+), 16 deletions(-)
 create mode 100644 modules/roles/manifests/loghost.pp

diff --git a/modules/ferm/manifests/per_host.pp b/modules/ferm/manifests/per_host.pp
index 7e650f82c..19d20aa7d 100644
--- a/modules/ferm/manifests/per_host.pp
+++ b/modules/ferm/manifests/per_host.pp
@@ -14,21 +14,6 @@ class ferm::per_host {
 				rule            => '&SERVICE_RANGE(tcp, 3493, ( 82.195.75.64/26 192.168.43.0/24 ))'
 			}
 		}
-		lotti,loghost-grnet-01,loghost-osuosl-01: {
-			@ferm::rule { 'dsa-syslog':
-				description     => 'Allow syslog access',
-				rule            => '&SERVICE_RANGE(tcp, 5140, $HOST_DEBIAN_V4)'
-			}
-			@ferm::rule { 'dsa-syslog-v6':
-				domain          => 'ip6',
-				description     => 'Allow syslog access',
-				rule            => '&SERVICE_RANGE(tcp, 5140, $HOST_DEBIAN_V6)'
-			}
-			@ferm::rule { 'fastly-syslog':
-				description     => 'Allow syslog access',
-				rule            => '&SERVICE_RANGE(tcp, 5141, $HOST_FASTLY)'
-			}
-		}
 		kaufmann: {
 			@ferm::rule { 'dsa-hkp':
 				domain          => '(ip ip6)',
diff --git a/modules/roles/manifests/init.pp b/modules/roles/manifests/init.pp
index 1837f948c..13ac01626 100644
--- a/modules/roles/manifests/init.pp
+++ b/modules/roles/manifests/init.pp
@@ -396,6 +396,6 @@ class roles {
 	}
 
 	if has_role('loghost') {
-		include syslog_ng::loghost
+		include roles::loghost
 	}
 }
diff --git a/modules/roles/manifests/loghost.pp b/modules/roles/manifests/loghost.pp
new file mode 100644
index 000000000..fb44c1eb8
--- /dev/null
+++ b/modules/roles/manifests/loghost.pp
@@ -0,0 +1,13 @@
+class roles::loghost {
+	include syslog_ng::loghost
+
+	ferm::rule { 'dsa-syslog':
+		domain          => '(ip ip6)',
+		description     => 'Allow syslog access',
+		rule            => '&SERVICE_RANGE(tcp, 5140, $HOST_DEBIAN)'
+	}
+	ferm::rule { 'fastly-syslog':
+		description     => 'Allow syslog access',
+		rule            => '&SERVICE_RANGE(tcp, 5141, $HOST_FASTLY)'
+	}
+}
-- 
2.20.1