From e90ff033b42adf4dae4f40f79accb290469351c4 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Fri, 1 Sep 2017 11:49:36 +0000
Subject: [PATCH] salsa: allow postgresql connections from backuphosts through
 firewall

---
 modules/salsa/manifests/database.pp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/modules/salsa/manifests/database.pp b/modules/salsa/manifests/database.pp
index b363b7928..e2793c1e2 100644
--- a/modules/salsa/manifests/database.pp
+++ b/modules/salsa/manifests/database.pp
@@ -35,4 +35,10 @@ class salsa::database inherits salsa {
 			tag     => "postgresql::server::backup-source-sshkey",
 		}
 	}
+
+	@ferm::rule { "dsa-postgres-${postgresql::params::port}":
+		description => 'Allow postgress access from backup host',
+		domain      => '(ip ip6)',
+		rule        => "&SERVICE_RANGE(tcp, ${postgresql::params::port}, ( @ipfilter(\$HOST_PGBACKUPHOST) ))",
+	}
 }
-- 
2.20.1