6 files changed, 49 insertions, 41 deletions

diff --git a/manifests/rules/munin.pp b/manifests/rules/munin.pp
index 26cebfe..0c86abe 100644
--- a/manifests/rules/munin.pp
+++ b/manifests/rules/munin.pp
@@ -1,10 +1,10 @@
 class shorewall::rules::munin(
-  $munin_port = hiera('munin_port','4949'),
-  $munin_collector = hiera('munin_collector','127.0.0.1'),
-  $collector_source = hiera('shorewall_munin_in_collector_source','net')
+  $munin_port = '4949',
+  $munin_collector = '127.0.0.1',
+  $collector_source = 'net'
 ){
     shorewall::params { 'MUNINPORT': value => $munin_port }
-    shorewall::params { 'MUNINCOLLECTOR': value => $munin_collector }
+    shorewall::params { 'MUNINCOLLECTOR': value => join($munin_collector,',') }
     shorewall::rule{'net-me-munin-tcp':
         source          => "${collector_source}:\$MUNINCOLLECTOR",
         destination     => '$FW',
diff --git a/manifests/rules/out/ibackup.pp b/manifests/rules/out/ibackup.pp
index 48714af..856bcdb 100644
--- a/manifests/rules/out/ibackup.pp
+++ b/manifests/rules/out/ibackup.pp
@@ -1,12 +1,12 @@
 class shorewall::rules::out::ibackup(
-  $backup_host = hiera('shorewall_ibackup_host')
-) {
-    shorewall::rule { 'me-net-tcp_backupssh':
-        source          => '$FW',
-        destination     => "net:${backup_host}",
-        proto           => 'tcp',
-        destinationport => 'ssh',
-        order           => 240,
-        action          => 'ACCEPT';
-    }
+  $backup_host
+){
+  shorewall::rule { 'me-net-tcp_backupssh':
+    source          => '$FW',
+    destination     => "net:${backup_host}",
+    proto           => 'tcp',
+    destinationport => 'ssh',
+    order           => 240,
+    action          => 'ACCEPT';
+  }
 }
diff --git a/manifests/rules/out/munin.pp b/manifests/rules/out/munin.pp
index 7b0a015..004a3d5 100644
--- a/manifests/rules/out/munin.pp
+++ b/manifests/rules/out/munin.pp
@@ -1,10 +1,10 @@
 class shorewall::rules::out::munin {
-    shorewall::rule { 'me-net-rcp_muninhost':
-        source          => '$FW',
-        destination     => 'net',
-        proto           => 'tcp',
-        destinationport => '4949',
-        order           => 340,
-        action          => 'ACCEPT';
-    }
+  shorewall::rule { 'me-net-rcp_muninhost':
+    source          => '$FW',
+    destination     => 'net',
+    proto           => 'tcp',
+    destinationport => '4949',
+    order           => 340,
+    action          => 'ACCEPT';
+  }
 }
diff --git a/manifests/rules/out/puppet.pp b/manifests/rules/out/puppet.pp
index 5cd4643..cbe8cce 100644
--- a/manifests/rules/out/puppet.pp
+++ b/manifests/rules/out/puppet.pp
@@ -1,12 +1,20 @@
-class shorewall::rules::out::puppet {
-    include ::shorewall::rules::puppet
-    # we want to connect to the puppet server
-    shorewall::rule { 'me-net-puppet_tcp':
-        source          =>      '$FW',
-        destination     =>      'net:$PUPPETSERVER',
-        proto           =>      'tcp',
-        destinationport =>      '$PUPPETSERVER_PORT,$PUPPETSERVER_SIGN_PORT',
-        order           =>      340,
-        action          =>      'ACCEPT';
-    }
+class shorewall::rules::out::puppet(
+  $puppetserver = "puppet.${::domain}",
+  $puppetserver_port = 8140,
+  $puppetserver_signport = 8141
+) {
+  class{'shorewall::rules::puppet':
+    puppetserver          => $puppetserver,
+    puppetserver_port     => $puppetserver_port,
+    puppetserver_signport => $puppetserver_signport,
+  }
+  # we want to connect to the puppet server
+  shorewall::rule { 'me-net-puppet_tcp':
+    source          =>      '$FW',
+    destination     =>      'net:$PUPPETSERVER',
+    proto           =>      'tcp',
+    destinationport =>      '$PUPPETSERVER_PORT,$PUPPETSERVER_SIGN_PORT',
+    order           =>      340,
+    action          =>      'ACCEPT';
+  }
 }
diff --git a/manifests/rules/puppet.pp b/manifests/rules/puppet.pp
index c6fc09b..84e7d81 100644
--- a/manifests/rules/puppet.pp
+++ b/manifests/rules/puppet.pp
@@ -1,11 +1,11 @@
 class shorewall::rules::puppet(
-  $puppetserver = hiera('shorewall_puppetserver',"puppet.${domain}"),
-  $puppetserver_port = hiera('shorewall_puppetserver_port',8140) ,
-  $puppetserver_signport = hiera('shorewall_puppetserver_signport',8141) ,
-) {
+  $puppetserver = "puppet.${::domain}",
+  $puppetserver_port = 8140,
+  $puppetserver_signport = 8141
+){
   shorewall::params{
-        'PUPPETSERVER':             value => $puppetserver;
-        'PUPPETSERVER_PORT':        value => $puppetserver_port;
-        'PUPPETSERVER_SIGN_PORT':   value => $puppetserver_signport;
+    'PUPPETSERVER':             value => $puppetserver;
+    'PUPPETSERVER_PORT':        value => $puppetserver_port;
+    'PUPPETSERVER_SIGN_PORT':   value => $puppetserver_signport;
   }
 }
diff --git a/manifests/rules/ssh.pp b/manifests/rules/ssh.pp
index 3b7efa2..3a1b530 100644
--- a/manifests/rules/ssh.pp
+++ b/manifests/rules/ssh.pp
@@ -1,6 +1,6 @@
 class shorewall::rules::ssh(
   $ports,
-  $source = hiera('shorewall_ssh_in_source','net')
+  $source = 'net'
 ) {
   shorewall::rule { 'net-me-tcp_ssh':
     source          => $shorewall::rules::ssh::source,