X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/fa63c845987967418edaff22b75958916b19f19a..1670bf67670d031aa64d09ca99a718861106cf1d:/roles/nepomuk.rb

diff --git a/roles/nepomuk.rb b/roles/nepomuk.rb
index 4035409b2..474a43e83 100644
--- a/roles/nepomuk.rb
+++ b/roles/nepomuk.rb
@@ -4,44 +4,24 @@ description "Master role applied to nepomuk"
 default_attributes(
   :networking => {
     :firewall => {
-      :inet => [
-        {
-          :action => "ACCEPT",
-          :source => "net:77.95.64.120,77.95.64.131,77.95.64.139",
-          :dest => "fw",
-          :proto => "tcp",
-          :dest_ports => "5666",
-          :source_ports => "1024:",
-          :rate_limit => "-",
-          :connection_limit => "-"
-        }
+      :incoming => [
+        "tcp sport { 1024-65535 } tcp dport { 5666 } ip saddr { 77.95.64.120, 77.95.64.131, 77.95.64.139 } ct state new accept"
       ]
     },
     :interfaces => {
-      :external_ipv4 => {
-        :interface => "eth0",
-        :role => :external,
-        :family => :inet,
-        :address => "77.95.65.39",
-        :prefix => "27",
-        :gateway => "77.95.65.33"
-      },
-      :external_ipv6 => {
+      :external => {
         :interface => "eth0",
         :role => :external,
-        :family => :inet6,
-        :address => "2a03:9180:0:100::7",
-        :prefix => "64",
-        :gateway => "2a03:9180:0:100::1"
-      }
-    }
-  },
-  :sysctl => {
-    :kvm => {
-      :comment => "Tuning for KVM guest",
-      :parameters => {
-        "kernel.sched_min_granularity_ns" => 10000000,
-        "kernel.sched_wakeup_granularity_ns" => 15000000
+        :inet => {
+          :address => "77.95.65.39",
+          :prefix => "27",
+          :gateway => "77.95.65.33"
+        },
+        :inet6 => {
+          :address => "2a03:9180:0:100::7",
+          :prefix => "64",
+          :gateway => "2a03:9180:0:100::1"
+        }
       }
     }
   },