From 71e1f00fc646d1d8babd8852af515918092c5aeb Mon Sep 17 00:00:00 2001
From: Tim Abbott <tabbott@zulip.com>
Date: Thu, 7 Nov 2013 17:47:23 -0500
Subject: [PATCH] puppet: Move our iptables config to zulip_internal.

(imported from commit f177b3989092f4fa7f00ae5bfb833ea23fe35489)
---
 puppet/zulip/manifests/base.pp                | 24 -------------------
 .../files/iptables/rules                      |  0
 puppet/zulip_internal/manifests/base.pp       | 24 +++++++++++++++++++
 3 files changed, 24 insertions(+), 24 deletions(-)
 rename puppet/{zulip => zulip_internal}/files/iptables/rules (100%)

diff --git a/puppet/zulip/manifests/base.pp b/puppet/zulip/manifests/base.pp
index 49c8790252..b37fc64497 100644
--- a/puppet/zulip/manifests/base.pp
+++ b/puppet/zulip/manifests/base.pp
@@ -70,28 +70,4 @@ class zulip::base {
     group  => 'zulip',
     mode   => 640,
   }
-
-  file { '/etc/iptables/rules':
-    ensure     => file,
-    mode       => 600,
-    source     => 'puppet:///modules/zulip/iptables/rules',
-    require    => Package['iptables-persistent'],
-  }
-  service { 'iptables-persistent':
-    ensure     => running,
-
-    # Because there is no running process for this service, the normal status
-    # checks fail.  Because puppet then thinks the service has been manually
-    # stopped, it won't restart it.  This fake status command will trick puppet
-    # into thinking the service is *always* running (which in a way it is, as
-    # iptables is part of the kernel.)
-    hasstatus => true,
-    status => "/bin/true",
-
-    # Under Debian, the "restart" parameter does not reload the rules, so tell
-    # Puppet to fall back to stop/start, which does work.
-    hasrestart => false,
-
-    subscribe  => File['/etc/iptables/rules'],
-  }
 }
diff --git a/puppet/zulip/files/iptables/rules b/puppet/zulip_internal/files/iptables/rules
similarity index 100%
rename from puppet/zulip/files/iptables/rules
rename to puppet/zulip_internal/files/iptables/rules
diff --git a/puppet/zulip_internal/manifests/base.pp b/puppet/zulip_internal/manifests/base.pp
index 1741dfe2ca..08be9282b8 100644
--- a/puppet/zulip_internal/manifests/base.pp
+++ b/puppet/zulip_internal/manifests/base.pp
@@ -109,4 +109,28 @@ class zulip_internal::base {
     mode => 755,
     source => "puppet:///modules/zulip_internal/nagios_plugins/",
   }
+
+  file { '/etc/iptables/rules':
+    ensure     => file,
+    mode       => 600,
+    source     => 'puppet:///modules/zulip_internal/iptables/rules',
+    require    => Package['iptables-persistent'],
+  }
+  service { 'iptables-persistent':
+    ensure     => running,
+
+    # Because there is no running process for this service, the normal status
+    # checks fail.  Because puppet then thinks the service has been manually
+    # stopped, it won't restart it.  This fake status command will trick puppet
+    # into thinking the service is *always* running (which in a way it is, as
+    # iptables is part of the kernel.)
+    hasstatus => true,
+    status => "/bin/true",
+
+    # Under Debian, the "restart" parameter does not reload the rules, so tell
+    # Puppet to fall back to stop/start, which does work.
+    hasrestart => false,
+
+    subscribe  => File['/etc/iptables/rules'],
+  }
 }