restrict schroeder ssh

[dsa-puppet.git] / modules / ferm / templates / me.conf.erb

##
## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
##

<%=
  out=''
  case hostname
  when 'schroeder' then 
    out = '@def $CARNET = ( 193.198.184.8/29 161.53.160.133 161.53.160.90 161.53.11.222 161.53.12.134 161.53.12.142 161.53.12.143 )'
  end
  out
%>

@def $SSH_SOURCES = (<%=

sshallowed = []

case hostname
  when 'logtest01', 'geo1', 'geo2', 'geo3', 'bartok', 'beethoven', 'tchaikovsky' then sshallowed << [ '$DSA_IPS', '$HOST_NAGIOS_V4', '$HOST_DB_V4' ]
  when 'schroeder' then sshallowed << [ '$DSA_IPS', '$HOST_NAGIOS_V4', '$HOST_DB_V4', '$CARNET' ]
end

case hostname
  when 'bartok', 'beethoven' then sshallowed << '$HOST_DEBIAN_V4'
end

if sshallowed.length == 0
  sshallowed = [ '0.0.0.0/0' ]
end

sshallowed.join(' ')
%>);

@def $SSH_V6_SOURCES = (<%=

sshallowed = []

case hostname
  when 'logtest01', 'geo1', 'geo2', 'geo3', 'bartok', 'beethoven', 'schroeder', 'tchaikovsky' then sshallowed << [ '$DSA_V6_IPS', '$HOST_NAGIOS_V6', '$HOST_DB_V6' ]
end

case hostname
  when 'bartok', 'beethoven' then sshallowed << '$HOST_DEBIAN_V6'
end

if sshallowed.length == 0
  sshallowed = [ '::' ]
end

sshallowed.join(' ')
%>);

def $SMTP_SOURCES =(<%=

smtpallowed = []

if not nodeinfo['smarthost'].empty?
  smtpallowed = [ '$HOST_MAILRELAY_V4', '$HOST_NAGIOS_V4' ]
end

if smtpallowed.length == 0
  smtpallowed = [ '0.0.0.0/0' ]
end

smtpallowed.join(' ')
%>);

def $SMTP_V6_SOURCES =(<%=

smtpallowed = []

if not nodeinfo['smarthost'].empty?
  smtpallowed = [ '$HOST_MAILRELAY_V6', '$HOST_NAGIOS_V6' ]
end

if smtpallowed.length == 0
  smtpallowed = [ '::' ]
end

smtpallowed.join(' ')
%>);