From b132b363cd78b644abf5b81d9be378b88af176d8 Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Fri, 17 Feb 2023 17:03:49 +0100
Subject: [PATCH] Wrapp in if clause for nftables

---
 manifests/app_type.pp | 19 +++++++++++--------
 manifests/proxysql.pp | 29 ++++++++++++++++-------------
 2 files changed, 27 insertions(+), 21 deletions(-)

diff --git a/manifests/app_type.pp b/manifests/app_type.pp
index a03c5ed..026d3f5 100644
--- a/manifests/app_type.pp
+++ b/manifests/app_type.pp
@@ -334,14 +334,17 @@ define sunetdrive::app_type (
       compose_filename => 'docker-compose.yml',
       description      => 'Nextcloud application',
     }
-    sunet::misc::ufw_allow { 'https':
-      from => '0.0.0.0/0',
-      port => 443,
-    }
-    sunet::nftables::docker_expose { 'https':
-      allow_clients => ['any'],
-      port          => 443,
-      iif           => 'ens3',
+    if $::facts['sunet_nftables_enabled'] == 'yes' {
+      sunet::nftables::docker_expose { 'https':
+        allow_clients => ['any'],
+        port          => 443,
+        iif           => 'ens3',
+      }
+    } else {
+      sunet::misc::ufw_allow { 'https':
+        from => '0.0.0.0/0',
+        port => 443,
+      }
     }
   }
 
diff --git a/manifests/proxysql.pp b/manifests/proxysql.pp
index 4fa7e58..05fc6b9 100644
--- a/manifests/proxysql.pp
+++ b/manifests/proxysql.pp
@@ -65,19 +65,22 @@ class sunetdrive::proxysql (
     content => template('sunetdrive/proxysql/my.cnf.erb'),
     mode    => '0644',
   }
-  sunet::misc::ufw_allow { 'stats_ports':
-    from => $tug_office,
-    port => 6080,
-  }
-  sunet::nftables::docker_expose { 'stats_ports':
-    allow_clients => $tug_office,
-    port          => 6080,
-    iif           => 'ens3',
-  }
-  sunet::nftables::docker_expose { 'proxysql':
-    allow_clients => ['any'],
-    port          => 6032,
-    iif           => 'ens3',
+  if $::facts['sunet_nftables_enabled'] == 'yes' {
+    sunet::nftables::docker_expose { 'stats_ports':
+      allow_clients => $tug_office,
+      port          => 6080,
+      iif           => 'ens3',
+    }
+    sunet::nftables::docker_expose { 'proxysql':
+      allow_clients => ['any'],
+      port          => 6032,
+      iif           => 'ens3',
+    }
+  } else {
+    sunet::misc::ufw_allow { 'stats_ports':
+      from => $tug_office,
+      port => 6080,
+    }
   }
 
   sunet::docker_compose { 'drive_proxysql_docker_compose':