From: Peter Palfrader <peter@palfrader.org>
Date: Mon, 30 Sep 2019 06:17:35 +0000 (+0200)
Subject: Move draghi finger/ldap/ldaps fw into dbmaster role
X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fdsa-puppet.git;a=commitdiff_plain;h=5798c1ac4a2c2bd8737087b515d0eb4869482576

Move draghi finger/ldap/ldaps fw into dbmaster role
---

diff --git a/modules/ferm/manifests/per_host.pp b/modules/ferm/manifests/per_host.pp
index 7668641b8..970ff2b91 100644
--- a/modules/ferm/manifests/per_host.pp
+++ b/modules/ferm/manifests/per_host.pp
@@ -10,23 +10,6 @@ class ferm::per_host {
         rule        => '&SERVICE_RANGE(tcp, 3493, ( 82.195.75.64/26 192.168.43.0/24 ))'
       }
     }
-    draghi: {
-      ferm::rule { 'dsa-finger':
-        domain      => '(ip ip6)',
-        description => 'Allow finger access',
-        rule        => '&SERVICE(tcp, 79)'
-      }
-      ferm::rule { 'dsa-ldap':
-        domain      => '(ip ip6)',
-        description => 'Allow ldap access',
-        rule        => '&SERVICE(tcp, 389)'
-      }
-      ferm::rule { 'dsa-ldaps':
-        domain      => '(ip ip6)',
-        description => 'Allow ldaps access',
-        rule        => '&SERVICE(tcp, 636)'
-      }
-    }
     default: {}
   }
 
diff --git a/modules/roles/manifests/dbmaster.pp b/modules/roles/manifests/dbmaster.pp
index 1a0fa9edc..e78167a75 100644
--- a/modules/roles/manifests/dbmaster.pp
+++ b/modules/roles/manifests/dbmaster.pp
@@ -53,4 +53,11 @@ class roles::dbmaster {
     mail_user  => 'mail_db',
     mail_group => 'nogroup',
   }
+
+  ferm::rule::simple { 'finger':
+    port => 'finger',
+  }
+  ferm::rule::simple { 'ldap':
+    port => ['ldap', 'ldaps'],
+  }
 }