restrict ssh to tchaikovsky

[dsa-puppet.git] / modules / ferm / templates / me.conf.erb

diff --git a/modules/ferm/templates/me.conf.erb b/modules/ferm/templates/me.conf.erb
index 765363d1579fa6d5a7e209538456beacf111ab5d..1f0262f0b68bdff35bcbee940c4e3cb0f32e1bc8 100644 (file)
--- a/modules/ferm/templates/me.conf.erb
+++ b/modules/ferm/templates/me.conf.erb
@@ -9,7 +9,11 @@
 sshallowed = []
 
 case hostname
-  when 'logtest01', 'geo1', then sshallowed << [ '$DSA_IPS', '$HOST_NAGIOS_V4', '$HOST_DB_V4' ]
+  when 'logtest01', 'geo1', 'geo2', 'geo3', 'bartok', 'beethoven', 'tchaikovsky' then sshallowed << [ '$DSA_IPS', '$HOST_NAGIOS_V4', '$HOST_DB_V4' ]
+end
+
+case hostname
+  when 'bartok', 'beethoven' then sshallowed << '$HOST_DEBIAN_V4'
 end
 
 if sshallowed.length == 0
@@ -24,7 +28,11 @@ sshallowed.join(' ')
 sshallowed = []
 
 case hostname
-  when 'logtest01', 'geo1', 'geo2', 'geo3' then sshallowed << [ '$DSA_V6_IPS', '$HOST_NAGIOS_V6', '$HOST_DB_V6' ]
+  when 'logtest01', 'geo1', 'geo2', 'geo3', 'bartok', 'beethoven', 'tchaikovsky' then sshallowed << [ '$DSA_V6_IPS', '$HOST_NAGIOS_V6', '$HOST_DB_V6' ]
+end
+
+case hostname
+  when 'bartok', 'beethoven' then sshallowed << '$HOST_DEBIAN_V6'
 end
 
 if sshallowed.length == 0
@@ -33,3 +41,33 @@ end
 
 sshallowed.join(' ')
 %>);
+
+def $SMTP_SOURCES =(<%=
+
+smtpallowed = []
+
+if not nodeinfo['smarthost'].empty?
+  smtpallowed = [ '$HOST_MAILRELAY_V4', '$HOST_NAGIOS_V4' ]
+end
+
+if smtpallowed.length == 0
+  smtpallowed = [ '0.0.0.0/0' ]
+end
+
+smtpallowed.join(' ')
+%>);
+
+def $SMTP_V6_SOURCES =(<%=
+
+smtpallowed = []
+
+if not nodeinfo['smarthost'].empty?
+  smtpallowed = [ '$HOST_MAILRELAY_V6', '$HOST_NAGIOS_V6' ]
+end
+
+if smtpallowed.length == 0
+  smtpallowed = [ '::' ]
+end
+
+smtpallowed.join(' ')
+%>);