From a74b52357ea7cd46947ea6f31d09bf550c2debe2 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Tue, 13 Nov 2018 13:53:14 +0100
Subject: [PATCH] ferm cleanup: bmdb1:dedup

---
 modules/ferm/manifests/per_host.pp | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/modules/ferm/manifests/per_host.pp b/modules/ferm/manifests/per_host.pp
index bd270c926..624216a6e 100644
--- a/modules/ferm/manifests/per_host.pp
+++ b/modules/ferm/manifests/per_host.pp
@@ -187,6 +187,15 @@ class ferm::per_host {
 					))
 					| EOF
 			}
+			@ferm::rule { 'dsa-postgres-dedup':
+				description     => 'Allow postgress access to cluster: dedup',
+				domain          => '(ip ip6)',
+				rule            => @("EOF"/$)
+					&SERVICE_RANGE(tcp, 5439, (
+						${ join(getfromhash($site::allnodeinfo, 'delfin.debian.org', 'ipHostNumber'), " ") }
+					))
+					| EOF
+			}
 
 			@ferm::rule { 'dsa-postgres-backup':
 				description     => 'Allow postgress access',
@@ -198,17 +207,6 @@ class ferm::per_host {
 				rule            => '&SERVICE_RANGE(tcp, (5440), ( $HOST_PGBACKUPHOST_V6 ))'
 			}
 
-			@ferm::rule { 'dsa-postgres-dedup':
-				# ubc, wuit
-				description     => 'Allow postgress access',
-				rule            => '&SERVICE_RANGE(tcp, (5439), ( 5.153.231.17/32 ))'
-			}
-			@ferm::rule { 'dsa-postgres-dedup6':
-				domain          => 'ip6',
-				description     => 'Allow postgress access',
-				rule            => '&SERVICE_RANGE(tcp, (5439), ( 2001:41c8:1000:21::21:17/128 ))'
-			}
-
 			@ferm::rule { 'dsa-postgres-debsources':
 				description     => 'Allow postgress access',
 				rule            => '&SERVICE_RANGE(tcp, (5440), ( 5.153.231.38/32 ))'
-- 
2.20.1