From 0aed5422c6f4efcc5d8b801680e6fde03e1d1fa0 Mon Sep 17 00:00:00 2001
From: Ryan Rotter <rrotter@users.noreply.github.com>
Date: Mon, 4 Nov 2024 16:48:14 -0500
Subject: [PATCH] duplicate firewall exported resources

Add a duplicate of every @@firewall resource with 'firewall6-*' prefix
to prepare for upgrading firewall module.
---
 manifests/profile/haproxy.pp                  |  9 +++++++++
 manifests/profile/prometheus.pp               | 10 ++++++++++
 manifests/profile/prometheus/exporter/node.pp |  9 +++++++++
 manifests/unison/client.pp                    |  8 ++++++++
 4 files changed, 36 insertions(+)

diff --git a/manifests/profile/haproxy.pp b/manifests/profile/haproxy.pp
index 76ac322d8..1d6ef491f 100644
--- a/manifests/profile/haproxy.pp
+++ b/manifests/profile/haproxy.pp
@@ -139,6 +139,15 @@
     tag    => 'haproxy'
   }
 
+  @@firewall { "200 HTTP firewall6: HAProxy ${::hostname}":
+    proto  => 'tcp',
+    dport  => [80, 443],
+    source => $::ipaddress,
+    state  => 'NEW',
+    action => 'accept',
+    tag    => 'firewall6-haproxy'
+  }
+
   # HAProxy should listen for kubernetes connections.
   nebula::exposed_port { '200 kubectl':
     port  => 6443,
diff --git a/manifests/profile/prometheus.pp b/manifests/profile/prometheus.pp
index d4008005d..369153e99 100644
--- a/manifests/profile/prometheus.pp
+++ b/manifests/profile/prometheus.pp
@@ -241,6 +241,16 @@
         tag    => "${::datacenter}_prometheus_public_ipmi_exporter",
         dport  => 9290,
       ;
+
+      "010 prometheus public node exporter firewall6 ${::hostname} ${address}":
+        tag    => "firewall6-${::datacenter}_prometheus_public_node_exporter",
+        dport  => 9100,
+      ;
+
+      "010 prometheus public ipmi exporter firewall6 ${::hostname} ${address}":
+        tag    => "firewall6-${::datacenter}_prometheus_public_ipmi_exporter",
+        dport  => 9290,
+      ;
     }
   }
 
diff --git a/manifests/profile/prometheus/exporter/node.pp b/manifests/profile/prometheus/exporter/node.pp
index ddfa86818..7d80f09e0 100644
--- a/manifests/profile/prometheus/exporter/node.pp
+++ b/manifests/profile/prometheus/exporter/node.pp
@@ -157,6 +157,15 @@
       state  => 'NEW',
       action => 'accept',
     }
+
+    @@firewall { "300 pushgateway firewall6 ${::hostname} ${address}":
+      tag    => "firewall6-${monitoring_datacenter}_pushgateway_node",
+      proto  => 'tcp',
+      dport  => 9091,
+      source => $address,
+      state  => 'NEW',
+      action => 'accept',
+    }
   }
 
   ensure_packages(['curl', 'jq'])
diff --git a/manifests/unison/client.pp b/manifests/unison/client.pp
index 3d23f7f7d..1c88918e4 100644
--- a/manifests/unison/client.pp
+++ b/manifests/unison/client.pp
@@ -43,4 +43,12 @@
     tag    =>  "unison-client-${title}"
   }
 
+  @@firewall { "200 Unison firewall6: ${title} ${::hostname}":
+    proto  => 'tcp',
+    dport  => [$port],
+    source => $::ipaddress,
+    state  => 'NEW',
+    action => 'accept',
+    tag    =>  "firewall6-unison-client-${title}"
+  }
 }