restrict postgres on nominatim to internal ip

[chef.git] / roles / ucl-wates.rb

diff --git a/roles/ucl-wates.rb b/roles/ucl-wates.rb
index c571bf61f96ff7e3c02e1c59334929f88a6c66c4..bba547e0f29ac9769bba3ab68c4ff30e942aeec8 100644 (file)
--- a/roles/ucl-wates.rb
+++ b/roles/ucl-wates.rb
@@ -1,10 +1,38 @@
 name "ucl-wates"
 description "Role applied to all servers at UCL which are in Wates House"
 
+default_attributes(
+  :networking => {
+    :roles => {
+      :internal => {
+        :inet => {
+          :prefix => "20",
+          :gateway => "10.0.0.3"
+        }
+      },
+      :external => {
+        :zone => "ucl",
+        :inet => {
+          :prefix => "24",
+          :gateway => "128.40.168.126"
+        }
+      }
+    }
+  },
+  :sysctl => {
+    :sack => {
+      :comment => "Disable SACK as the UCL firewall breaks it",
+      :parameters => {
+        "net.ipv4.tcp_sack" => "0"
+      }
+    }
+  }
+)
+
 override_attributes(
   :networking => {
-    :nameservers => [ "10.0.0.3", "8.8.8.8", "8.8.4.4" ],
-    :search => [ "ucl.openstreetmap.org", "openstreetmap.org" ]
+    :nameservers => ["10.0.0.3", "8.8.8.8", "8.8.4.4"],
+    :search => ["ucl.openstreetmap.org", "openstreetmap.org"]
   }
 )