From 828a5149687989eff11828fcb31f9af16e3222b8 Mon Sep 17 00:00:00 2001
From: Patrik Holmqvist <pahol@sunet.se>
Date: Fri, 4 Apr 2025 16:06:19 +0200
Subject: [PATCH] Limit access to only vpn towards monitoreidas, SC-2522

---
 global/overlay/etc/puppet/cosmos-rules.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index b1c5217e..7a4a6255 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -1250,6 +1250,8 @@ monitoreidas-prod-sto1-1.komreg.net:
    sunet::naemon_monitor:
       domain: monitor-eidas.komreg.net
       acme_protocol: acme-d
+      thruk_allow_clients:
+         - 130.242.121.23/32  # vpn1.sunet.se
       naemon_tag: latest
       thruk_tag: latest
       histou_tag: latest