From 47df1304ad8067cd1a220f80c910b61097f3a3e7 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Tue, 1 Oct 2019 15:24:17 +0200
Subject: [PATCH] retire manual firewalling on bmdb1 for dak replica access

---
 modules/ferm/manifests/per_host.pp | 21 ---------------------
 1 file changed, 21 deletions(-)

diff --git a/modules/ferm/manifests/per_host.pp b/modules/ferm/manifests/per_host.pp
index 50fe60741..49c7baacf 100644
--- a/modules/ferm/manifests/per_host.pp
+++ b/modules/ferm/manifests/per_host.pp
@@ -53,27 +53,6 @@ class ferm::per_host {
     default: {}
   }
 
-  # postgres stuff
-  case $::hostname {
-    bmdb1: {
-      ferm::rule { 'dsa-postgres-dak':
-        description => 'Allow postgress access to cluster: dak',
-        domain      => '(ip ip6)',
-        rule        => @("EOF"/$)
-          &SERVICE_RANGE(tcp, 5434, (
-            ${ join(getfromhash($deprecated::allnodeinfo, 'coccia.debian.org', 'ipHostNumber'), " ") }
-            ${ join(getfromhash($deprecated::allnodeinfo, 'quantz.debian.org', 'ipHostNumber'), " ") }
-            ${ join(getfromhash($deprecated::allnodeinfo, 'nono.debian.org', 'ipHostNumber'), " ") }
-            ${ join(getfromhash($deprecated::allnodeinfo, 'wuiet.debian.org', 'ipHostNumber'), " ") }
-            ${ join(getfromhash($deprecated::allnodeinfo, 'respighi.debian.org', 'ipHostNumber'), " ") }
-            ${ join(getfromhash($deprecated::allnodeinfo, 'usper.debian.org', 'ipHostNumber'), " ") }
-            ${ join(getfromhash($deprecated::allnodeinfo, 'ullmann.debian.org', 'ipHostNumber'), " ") }
-          ))
-          | EOF
-      }
-    }
-    default: {}
-  }
   # vpn fu
   case $::hostname {
     draghi: {
-- 
2.20.1