From 6605aa629b31ed231c2dbf29c8b2f4c8585e2de7 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 22 Sep 2019 18:47:44 +0200
Subject: [PATCH 1/1] Allow nagios to ssh to our hosts

---
 modules/nagios/manifests/server.pp | 7 +++++++
 modules/ssh/manifests/init.pp      | 1 +
 2 files changed, 8 insertions(+)

diff --git a/modules/nagios/manifests/server.pp b/modules/nagios/manifests/server.pp
index 4db55d98b..a67e17edd 100644
--- a/modules/nagios/manifests/server.pp
+++ b/modules/nagios/manifests/server.pp
@@ -169,4 +169,11 @@ class nagios::server {
     port        => '7', # will be overwritten on collection
     saddr       => $base::public_addresses,
   }
+  # and we want to monitor ssh
+  @@ferm::rule::simple { "dsa-ssh-from-nagios-${::fqdn}":
+    tag         => 'ssh::server::from::nagios',
+    description => 'Allow ssh access from the nagios server',
+    chain       => 'ssh',
+    saddr       => $base::public_addresses,
+  }
 }
diff --git a/modules/ssh/manifests/init.pp b/modules/ssh/manifests/init.pp
index 32442f6f5..3021e3a0e 100644
--- a/modules/ssh/manifests/init.pp
+++ b/modules/ssh/manifests/init.pp
@@ -18,6 +18,7 @@ class ssh {
     chain       => 'ssh',
     rule        => 'saddr ($SSH_SOURCES) ACCEPT'
   }
+  Ferm::Rule::Simple <<| tag == 'ssh::server::from::nagios' |>>
 
   file { '/etc/ssh/ssh_config':
     content => template('ssh/ssh_config.erb'),
-- 
2.20.1