X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=modules%2Fferm%2Fmanifests%2Fper-host.pp;h=a5717e15d4b3dbf76f4d87142b0d0c8ec23a8a12;hb=6047b4170980bbcad7f4015c954a9d061b5c4324;hp=88873041e8b041b701565870c80767f2d1898238;hpb=d89f3fe9d84c8353a103b4fc576f2aac10633e64;p=dsa-puppet.git

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 88873041..a5717e15 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -1,36 +1,46 @@
 class ferm::per-host {
-    case $hostname {
+    case $::hostname {
         ancina,zandonai,zelenka: {
             include ferm::zivit
         }
     }
 
-    case $hostname {
-        chopin,franck,gluck,kaufmann,kassia,klecker,lobos,merikanto,merkel,morricone,ravel,ries,rietz,saens,schein,senfl,stabile,steffani,valente,villa,wieck,wolkenstein: {
-            include ferm::rsync
-        }
-    }
-
-    case $hostname {
-        chopin,franck,gluck,kassia,klecker,lobos,morricone,ravel,ries,rietz,saens,schein,steffani,valente,villa,wieck,stabile: {
+    case $::hostname {
+        chopin,franck,gluck,kassia,klecker,lobos,morricone,ravel,ries,rietz,saens,schein,santoro,steffani,valente,villa,wieck,stabile,bizet: {
             include ferm::ftp
         }
     }
 
-    case $hostname {
+    case $::hostname {
         piatti,samosa: {
             @ferm::rule { "dsa-udd-stunnel":
                 description  => "port 8080 for udd stunnel",
                 rule         => "&SERVICE_RANGE(tcp, http-alt, ( 192.25.206.16 70.103.162.29 217.196.43.134 ))"
             }
         }
-	danzi: {
-            @ferm::rule { "dsa-postgres-danzi":
-                description     => "Allow postgress access",
-                rule            => "&SERVICE_RANGE(tcp, 5433, ( 206.12.19.0/24 ))"
-            }
+        danzi: {
+                @ferm::rule {
+                    "dsa-postgres-danzi":
+                        description     => "Allow postgress access",
+                        rule            => "&SERVICE_RANGE(tcp, 5433, ( 206.12.19.0/24 ))"
+                        ;
+                    "dsa-postgres2-danzi":
+                        description     => "Allow postgress access2",
+                        rule            => "&SERVICE_RANGE(tcp, 5437, ( 206.12.19.0/24 ))"
+                        ;
+                    "dsa-postgres3-danzi":
+                        description     => "Allow postgress access2",
+                        rule            => "&SERVICE_RANGE(tcp, 5436, ( 206.12.19.0/24 ))"
+                        ;
+                }
 
-	}
+        }
+        abel,alwyn,rietz: {
+            @ferm::rule { "dsa-tftp":
+                description     => "Allow tftp access",
+                rule            => "&SERVICE(udp, 69)"
+            }
+        }
         paganini: {
             @ferm::rule { "dsa-dhcp":
                 description     => "Allow dhcp access",
@@ -62,10 +72,6 @@ class ferm::per-host {
                 description     => "Allow powell to seed BT",
                 rule            => "proto tcp dport 8000:8100 jump ACCEPT"
             }
-            @ferm::rule { "dsa-powell-rsync":
-                description     => "Hoster wants to sync from here, and why not",
-                rule            => "&SERVICE_RANGE(tcp, rsync, ( 195.20.242.90 192.25.206.33 82.195.75.106 206.12.19.118 ))"
-            }
         }
         heininen,lotti: {
             @ferm::rule { "dsa-syslog":
@@ -85,7 +91,14 @@ class ferm::per-host {
                 rule            => "&SERVICE(tcp, 11371)"
             }
         }
-        liszt: {
+        gombert: {
+            @ferm::rule { "dsa-infinoted":
+                domain          => "(ip ip6)",
+                description     => "Allow infinoted access",
+                rule            => "&SERVICE(tcp, 6523)"
+            }
+        }
+        bendel,liszt: {
             @ferm::rule { "smtp":
                 domain          => "(ip ip6)",
                 description     => "Allow smtp access",
@@ -132,6 +145,13 @@ class ferm::per-host {
                 rule            => "&TCP_UDP_SERVICE(5080)"
             }
         }
+	scelsi: {
+            @ferm::rule { "dc11-icecast":
+                domain          => "(ip ip6)",
+                description     => "Allow icecast access",
+                rule            => "&SERVICE(tcp, 8000)"
+            }
+	}
     }
 
     case $hostname { rautavaara,luchesi: {
@@ -154,6 +174,7 @@ class ferm::per-host {
                                 proto udp dport (53 123) ACCEPT;
                                 proto tcp dport 8140 daddr 82.195.75.104 ACCEPT; # puppethost
                                 proto tcp dport 5140 daddr (82.195.75.98 206.12.19.121) ACCEPT; # loghost
+                                proto tcp dport 11371 daddr 82.195.75.107 ACCEPT; # keyring host
                                 proto tcp dport (25 submission) daddr ($HOST_MAILRELAY_V4) ACCEPT
                                '
         }
@@ -200,7 +221,7 @@ class ferm::per-host {
     }
 
     # redirect snapshot into varnish
-    case $hostname {
+    case $::hostname {
         sibelius: {
             @ferm::rule { "dsa-snapshot-varnish":
                 rule            => '&SERVICE(tcp, 6081)',
@@ -208,7 +229,7 @@ class ferm::per-host {
             @ferm::rule { "dsa-nat-snapshot-varnish":
                 table           => 'nat',
                 chain           => 'PREROUTING',
-                rule            => 'proto tcp daddr 193.62.202.28 dport 80 REDIRECT to-ports 6081',
+                rule            => 'proto tcp daddr 193.62.202.30 dport 80 REDIRECT to-ports 6081',
             }
         }
         stabile: {
@@ -222,6 +243,10 @@ class ferm::per-host {
             }
         }
     }
+
+    if $::rsyncd {
+        include ferm::rsync
+    }
 }
 
 # vim:set et: