X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=modules%2Fferm%2Fmanifests%2Fper-host.pp;h=6f8b41860120b2259df03c253b7204fe5b1729c5;hb=d56ca7cb70039b036d91f93cfb33cb1fb7743e82;hp=607f41f150ba9f604669ff5cfed5880b2167aa9a;hpb=ef9474f024e3c590873ca05b0b8c19d0921df0cc;p=dsa-puppet.git

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 607f41f1..6f8b4186 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -38,16 +38,6 @@ class ferm::per-host {
 				rule            => '&SERVICE(udp, 69)'
 			}
 		}
-		#paganini: {
-		#	@ferm::rule { 'dsa-dhcp':
-		#		description     => 'Allow dhcp access',
-		#		rule            => '&SERVICE(udp, 67)'
-		#	}
-		#	@ferm::rule { 'dsa-tftp':
-		#		description     => 'Allow tftp access',
-		#		rule            => '&SERVICE(udp, 69)'
-		#	}
-		#}
 		lotti,lully: {
 			@ferm::rule { 'dsa-syslog':
 				description     => 'Allow syslog access',
@@ -74,11 +64,6 @@ class ferm::per-host {
 			}
 		}
 		draghi: {
-			#@ferm::rule { 'dsa-bind':
-			#    domain          => '(ip ip6)',
-			#    description     => 'Allow nameserver access',
-			#    rule            => '&TCP_UDP_SERVICE(53)'
-			#}
 			@ferm::rule { 'dsa-finger':
 				domain          => '(ip ip6)',
 				description     => 'Allow finger access',
@@ -204,6 +189,16 @@ class ferm::per-host {
 		default: {}
 	}
 
+	# solr stuff
+	case $::hostname {
+		stockhausen: {
+			@ferm::rule { 'dsa-solr-jetty':
+				description     => 'Allow jetty access',
+				rule            => '&SERVICE_RANGE(tcp, 8080, ( 82.195.75.100/32 ))'
+			}
+		}
+	}
+
 	# postgres stuff
 	case $::hostname {
 		ullmann: {
@@ -218,17 +213,6 @@ class ferm::per-host {
 				rule            => '&SERVICE_RANGE(tcp, 5452, ( 2607:f8f0:610:4000:216:36ff:fe40:3860/128 2001:41b8:202:deb:216:36ff:fe40:4001/128 2001:41c8:1000:21::21:14/128 2001:41c8:1000:21::21:11/32 2001:41c8:1000:21::21:21/128 ))'
 			}
 		}
-		grieg: {
-			@ferm::rule { 'dsa-postgres-ullmann':
-				description     => 'Allow postgress access',
-				rule            => '&SERVICE_RANGE(tcp, 5433, ( 206.12.19.141/32 ))'
-			}
-			@ferm::rule { 'dsa-postgres-ullmann6':
-				domain          => '(ip6)',
-				description     => 'Allow postgress access',
-				rule            => '&SERVICE_RANGE(tcp, 5433, ( 2607:f8f0:610:4000:6564:a62:ce0c:138d/128 ))'
-			}
-		}
 		franck: {
 			@ferm::rule { 'dsa-postgres-franck':
 				description     => 'Allow postgress access',
@@ -239,16 +223,26 @@ class ferm::per-host {
 				description     => 'Allow postgress access',
 				rule            => '&SERVICE_RANGE(tcp, 5433, ( 2001:41c8:1000:21::21:10/128 ))'
 			}
+
+			@ferm::rule { 'dsa-postgres-backup':
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, 5433, ( 5.153.231.12/32 ))'
+			}
+			@ferm::rule { 'dsa-postgres-backup6':
+				domain          => 'ip6',
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, 5433, ( 2001:41c8:1000:21::21:12/128 ))'
+			}
 		}
 		bmdb1: {
 			@ferm::rule { 'dsa-postgres-main':
 				description     => 'Allow postgress access',
-				rule            => '&SERVICE_RANGE(tcp, 5435, ( 5.153.231.14/32 5.153.231.23/32 5.153.231.25/32 ))'
+				rule            => '&SERVICE_RANGE(tcp, 5435, ( 5.153.231.14/32 5.153.231.23/32 5.153.231.25/32 206.12.19.141/32 ))'
 			}
 			@ferm::rule { 'dsa-postgres-main6':
 				domain          => 'ip6',
 				description     => 'Allow postgress access',
-				rule            => '&SERVICE_RANGE(tcp, 5435, ( 2001:41c8:1000:21::21:14/128 2001:41c8:1000:21::21:23/128 2001:41c8:1000:21::21:25/128 ))'
+				rule            => '&SERVICE_RANGE(tcp, 5435, ( 2001:41c8:1000:21::21:14/128 2001:41c8:1000:21::21:23/128 2001:41c8:1000:21::21:25/128 2607:f8f0:610:4000:6564:a62:ce0c:138d/128 ))'
 			}
 			@ferm::rule { 'dsa-postgres-dak':
 				description     => 'Allow postgress access',
@@ -279,6 +273,17 @@ class ferm::per-host {
 				description     => 'Allow postgress access1',
 				rule            => '&SERVICE_RANGE(tcp, 5437, ( 2001:41c8:1000:21::21:19/128 ))'
 			}
+
+			@ferm::rule { 'dsa-postgres-backup':
+				# ubc, wuit
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, (5435 5436), ( 5.153.231.12/32 ))'
+			}
+			@ferm::rule { 'dsa-postgres-backup6':
+				domain          => 'ip6',
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, (5435 5436), ( 2001:41c8:1000:21::21:12/128 ))'
+			}
 		}
 		danzi: {
 			@ferm::rule { 'dsa-postgres-danzi':
@@ -305,6 +310,37 @@ class ferm::per-host {
 				rule            => '&SERVICE_RANGE(tcp, 5438, ( 206.12.19.0/24 ))'
 			}
 
+			@ferm::rule { 'dsa-postgres-backup':
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, 5433, ( 5.153.231.12/32 ))'
+			}
+			@ferm::rule { 'dsa-postgres-backup6':
+				domain          => 'ip6',
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, 5433, ( 2001:41c8:1000:21::21:12/128 ))'
+			}
+		}
+		chopin: {
+			@ferm::rule { 'dsa-postgres-backup':
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, 5432, ( 5.153.231.12/32 ))'
+			}
+			@ferm::rule { 'dsa-postgres-backup6':
+				domain          => 'ip6',
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, 5432, ( 2001:41c8:1000:21::21:12/128 ))'
+			}
+		}
+		sibelius: {
+			@ferm::rule { 'dsa-postgres-backup':
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, 5433, ( 5.153.231.12/32 ))'
+			}
+			@ferm::rule { 'dsa-postgres-backup6':
+				domain          => 'ip6',
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, 5433, ( 2001:41c8:1000:21::21:12/128 ))'
+			}
 		}
 		default: {}
 	}