From 8c371f28860df560f3336bac7b6f7189c5f5a100 Mon Sep 17 00:00:00 2001
From: Maria Haider <mariah@nordu.net>
Date: Tue, 22 Mar 2022 15:53:32 +0100
Subject: [PATCH] add ufw rule for ssh

---
 global/overlay/etc/puppet/cosmos-rules.yaml   |  9 +++++++++
 .../etc/puppet/manifests/cosmos-site.pp       |  6 +++++-
 .../puppet/modules/eid/manifests/ssh_rules.pp | 19 -------------------
 3 files changed, 14 insertions(+), 20 deletions(-)
 delete mode 100644 global/overlay/etc/puppet/modules/eid/manifests/ssh_rules.pp

diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index 0c10c94e..b1b71451 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -532,6 +532,7 @@ natpub-1.komreg.net:
    autoupdate:
    md_publisher:
      keyname: natpub-1.komreg.net_infra
+     signer_ip_adress: '94.176.224.197'
    sunet::frontend::register_sites:
      sites:
        'md.swedenconnect.se':
@@ -558,6 +559,7 @@ eupub-1.komreg.net:
    autoupdate:
    md_publisher:
      keyname: eupub-1.komreg.net_infra
+     signer_ip_adress: '94.176.224.198'
    mdsl_publisher:
    sunet::frontend::register_sites:
      sites:
@@ -571,6 +573,7 @@ eupub-test-1.komreg.net:
    autoupdate:
    md_publisher:
      keyname: eupub-test-1.komreg.net_infra
+     signer_ip_adress: '89.45.237.138'
    mdsl_publisher:
    sunet::frontend::register_sites:
      sites:
@@ -628,6 +631,7 @@ natpub-2.komreg.net:
    autoupdate:
    md_publisher:
      keyname: natpub-2.komreg.net_infra
+     signer_ip_adress: '94.176.224.69'
    sunet::frontend::register_sites:
      sites:
        'md.swedenconnect.se':
@@ -640,6 +644,7 @@ natpub-test-2.komreg.net:
    autoupdate:
    md_publisher:
      keyname: natpub-test-2.komreg.net_infra
+     signer_ip_adress: '89.45.237.80'
    mdsl_publisher:
    sunet::frontend::register_sites:
      sites:
@@ -653,6 +658,7 @@ eupub-2.komreg.net:
    autoupdate:
    md_publisher:
      keyname: eupub-2.komreg.net_infra
+     signer_ip_adress: '94.176.224.70'
    mdsl_publisher:
    sunet::frontend::register_sites:
      sites:
@@ -666,6 +672,7 @@ eupub-test-2.komreg.net:
    autoupdate:
    md_publisher:
      keyname: eupub-test-2.komreg.net_infra
+     signer_ip_adress: '89.45.236.73'
    mdsl_publisher:
    sunet::frontend::register_sites:
      sites:
@@ -697,6 +704,7 @@ p1.komreg.net:
    autoupdate:
    md_publisher:
      keyname: p1.komreg.net_infra
+     signer_ip_adress: '89.45.233.92'
    sunet::frontend::register_sites:
      sites:
        'qa.md.swedenconnect.se':
@@ -710,6 +718,7 @@ p2.qa.komreg.net:
    autoupdate:
    md_publisher:
      keyname: p2.qa.komreg.net_infra
+     signer_ip_adress: '89.45.233.208'
    mdsl_publisher:
    sunet::frontend::register_sites:
      sites:
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index edd44d97..6358a451 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -227,7 +227,7 @@ class md_signer($dest_host=undef,$dest_dir="",$version="eidas") {
    }
 }
 
-class md_publisher(Array $allow_clients=['any'], $keyname=undef, String $dir="/var/www/html") {
+class md_publisher(Array $allow_clients=['any'], $keyname=undef, String $dir="/var/www/html", $signer_ip_adress=undef) {
    $_keyname = $keyname ? {
       undef   => $::fqdn,
       default => $keyname
@@ -272,6 +272,10 @@ class md_publisher(Array $allow_clients=['any'], $keyname=undef, String $dir="/v
       warning_age => '600',
       critical_age => '86400'
    }
+   sunet::misc::ufw_allow { "allow_ssh":
+    from => $signer_ip_adress,
+    port => '22',
+  }
 }
 
 class mdsl_publisher() {
diff --git a/global/overlay/etc/puppet/modules/eid/manifests/ssh_rules.pp b/global/overlay/etc/puppet/modules/eid/manifests/ssh_rules.pp
deleted file mode 100644
index 1d5c33ad..00000000
--- a/global/overlay/etc/puppet/modules/eid/manifests/ssh_rules.pp
+++ /dev/null
@@ -1,19 +0,0 @@
-class eid::ssh_rules{
-
-  $servers = ['nat', 'eu']
-  $servers.each |$servers|{
-    if $::fqdn == ${server}pub-test-1.komreg.net {
-      sunet::misc::ufw_allow { 'allow_${key}_ssh_1':
-        from =>  dnsLookup(${server}md-test-1.komreg.net)
-        port => '22',
-      }
-    }
-    if $::fqdn == ${server}pub-test-2.komreg.net {
-      sunet::misc::ufw_allow { 'allow_${key}_ssh_2':
-        from =>  dnsLookup(${server}md-test-2.komreg.net)
-        port => '22',
-      }
-    }
-  }
-
-}
\ No newline at end of file