make master a jump host

[dsa-puppet.git] / modules / ferm / templates / me.conf.erb

diff --git a/modules/ferm/templates/me.conf.erb b/modules/ferm/templates/me.conf.erb
index 55b27e20cff336b5f02c1effd01a097a0547288c..86ee156058b1f2c3eebafbf9653946fe67c8bbf9 100644 (file)
--- a/modules/ferm/templates/me.conf.erb
+++ b/modules/ferm/templates/me.conf.erb
@@ -33,17 +33,9 @@ if %w{beethoven draghi}.include?(hostname) then
        ssh4allowed << '$HOST_DEBIAN_V4'
        ssh6allowed << '$HOST_DEBIAN_V6'
 end
-if %w{geo1 geo2 geo3}.include?(hostname) then
-       ssh4allowed << '194.177.211.209' # orff - master
-       ssh6allowed << '2001:648:2ffc:deb:213:72ff:fe69:e188' # orff - master
-end
-if %w{pasquini tristano}.include?(hostname) then
-       ssh4allowed << '206.12.19.23'    # ganeti2.debian.org
-       ssh4allowed << '206.12.19.213'   # tristano.debian.org
-       ssh4allowed << '206.12.19.217'   # pasquini.debian.org
-       ssh4allowed << '192.168.2.23'    # ganeti2.debprivate-ubc.debian.org
-       ssh4allowed << '192.168.2.213'   # tristano-mnt.debprivate-ubc.debian.org
-       ssh4allowed << '192.168.2.217'   # pasquini-mnt.debprivate-ubc.debian.org
+if %w{unger}.include?(hostname) then
+       ssh4allowed << '$UNGER_SSH_ACCESS'  # Ganneff
+       ssh6allowed << '$UNGER_SSH6_ACCESS' # Ganneff, but more address space
 end
 ssh4allowed.length == 0 and ssh4allowed << '0.0.0.0/0'
 ssh6allowed.length == 0 and ssh6allowed << '::/0'