Allow access to a git server to be restricted to certain nodes

author Tom Hughes <tom@compton.nu>

Wed, 2 Oct 2013 18:11:35 +0000 (19:11 +0100)

committer Tom Hughes <tom@compton.nu>

Wed, 2 Oct 2013 18:23:20 +0000 (19:23 +0100)
author Tom Hughes <tom@compton.nu>
Wed, 2 Oct 2013 18:11:35 +0000 (19:11 +0100)
committer Tom Hughes <tom@compton.nu>
Wed, 2 Oct 2013 18:23:20 +0000 (19:23 +0100)
diff --git a/cookbooks/git/recipes/server.rb b/cookbooks/git/recipes/server.rb

index 12b576aa10730517be9f56579775fd101454618d..4f537e62d0b7958f23608fd7eecddcb90ac40e0e 100644 (file)
--- a/cookbooks/git/recipes/server.rb
+++ b/cookbooks/git/recipes/server.rb
@@ -27,13 +27,29 @@ directory git_directory do
    mode 02775
  end
  
-firewall_rule "accept-git" do
-  action :accept
-  source "net"
-  dest "fw"
-  proto "tcp:syn"
-  dest_ports "git"
-  source_ports "1024:"
+if node[:git][:allowed_nodes]
+  search(:node, node[:git][:allowed_nodes]).each do |n|
+    n.interfaces(:role => :external).each do |interface|
+      firewall_rule "accept-git" do
+        action :accept
+        family interface[:family]
+        source "#{interface[:zone]}:#{interface[:address]}"
+        dest "fw"
+        proto "tcp:syn"
+        dest_ports "git"
+        source_ports "1024:"
+      end
+    end
+  end
+else
+  firewall_rule "accept-git" do
+    action :accept
+    source "net"
+    dest "fw"
+    proto "tcp:syn"
+    dest_ports "git"
+    source_ports "1024:"
+  end
  end
  
  Dir.new(git_directory).select { |name| name =~ /\.git$/ }.each do |repository|
author	Tom Hughes <tom@compton.nu>
	Wed, 2 Oct 2013 18:11:35 +0000 (19:11 +0100)
committer	Tom Hughes <tom@compton.nu>
	Wed, 2 Oct 2013 18:23:20 +0000 (19:23 +0100)