add ufw rule for ssh

global/overlay/etc/puppet/cosmos-rules.yaml

@@ -532,6 +532,7 @@ natpub-1.komreg.net:
    autoupdate:
    md_publisher:
      keyname: natpub-1.komreg.net_infra
+     signer_ip_adress: '94.176.224.197'
    sunet::frontend::register_sites:
      sites:
        'md.swedenconnect.se':
@@ -558,6 +559,7 @@ eupub-1.komreg.net:
    autoupdate:
    md_publisher:
      keyname: eupub-1.komreg.net_infra
+     signer_ip_adress: '94.176.224.198'
    mdsl_publisher:
    sunet::frontend::register_sites:
      sites:
@@ -571,6 +573,7 @@ eupub-test-1.komreg.net:
    autoupdate:
    md_publisher:
      keyname: eupub-test-1.komreg.net_infra
+     signer_ip_adress: '89.45.237.138'
    mdsl_publisher:
    sunet::frontend::register_sites:
      sites:
@@ -628,6 +631,7 @@ natpub-2.komreg.net:
    autoupdate:
    md_publisher:
      keyname: natpub-2.komreg.net_infra
+     signer_ip_adress: '94.176.224.69'
    sunet::frontend::register_sites:
      sites:
        'md.swedenconnect.se':
@@ -640,6 +644,7 @@ natpub-test-2.komreg.net:
    autoupdate:
    md_publisher:
      keyname: natpub-test-2.komreg.net_infra
+     signer_ip_adress: '89.45.237.80'
    mdsl_publisher:
    sunet::frontend::register_sites:
      sites:
@@ -653,6 +658,7 @@ eupub-2.komreg.net:
    autoupdate:
    md_publisher:
      keyname: eupub-2.komreg.net_infra
+     signer_ip_adress: '94.176.224.70'
    mdsl_publisher:
    sunet::frontend::register_sites:
      sites:
@@ -666,6 +672,7 @@ eupub-test-2.komreg.net:
    autoupdate:
    md_publisher:
      keyname: eupub-test-2.komreg.net_infra
+     signer_ip_adress: '89.45.236.73'
    mdsl_publisher:
    sunet::frontend::register_sites:
      sites:
@@ -697,6 +704,7 @@ p1.komreg.net:
    autoupdate:
    md_publisher:
      keyname: p1.komreg.net_infra
+     signer_ip_adress: '89.45.233.92'
    sunet::frontend::register_sites:
      sites:
        'qa.md.swedenconnect.se':
@@ -710,6 +718,7 @@ p2.qa.komreg.net:
    autoupdate:
    md_publisher:
      keyname: p2.qa.komreg.net_infra
+     signer_ip_adress: '89.45.233.208'
    mdsl_publisher:
    sunet::frontend::register_sites:
      sites:

global/overlay/etc/puppet/manifests/cosmos-site.pp

@@ -227,7 +227,7 @@ class md_signer($dest_host=undef,$dest_dir="",$version="eidas") {
    }
 }
 
-class md_publisher(Array $allow_clients=['any'], $keyname=undef, String $dir="/var/www/html") {
+class md_publisher(Array $allow_clients=['any'], $keyname=undef, String $dir="/var/www/html", $signer_ip_adress=undef) {
    $_keyname = $keyname ? {
       undef   => $::fqdn,
       default => $keyname
@@ -272,6 +272,10 @@ class md_publisher(Array $allow_clients=['any'], $keyname=undef, String $dir="/v
       warning_age => '600',
       critical_age => '86400'
    }
+   sunet::misc::ufw_allow { "allow_ssh":
+    from => $signer_ip_adress,
+    port => '22',
+  }
 }
 
 class mdsl_publisher() {

global/overlay/etc/puppet/modules/eid/manifests/ssh_rules.pp

@@ -1,19 +0,0 @@
-class eid::ssh_rules{
-
-  $servers = ['nat', 'eu']
-  $servers.each |$servers|{
-    if $::fqdn == ${server}pub-test-1.komreg.net {
-      sunet::misc::ufw_allow { 'allow_${key}_ssh_1':
-        from =>  dnsLookup(${server}md-test-1.komreg.net)
-        port => '22',
-      }
-    }
-    if $::fqdn == ${server}pub-test-2.komreg.net {
-      sunet::misc::ufw_allow { 'allow_${key}_ssh_2':
-        from =>  dnsLookup(${server}md-test-2.komreg.net)
-        port => '22',
-      }
-    }
-  }
-
-}