From 71d1889a4968b462892e5a53771918f5fbd31be4 Mon Sep 17 00:00:00 2001
From: Julian Labus <julian@labus-online.de>
Date: Fri, 29 Mar 2019 16:40:17 +0100
Subject: [PATCH] Role service-fastd-mesh: allow fastd-exporter access from all
 gateways

---
 .../templates/fastd_exporter_vhost.conf.j2                  | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/roles/service-fastd-mesh/templates/fastd_exporter_vhost.conf.j2 b/roles/service-fastd-mesh/templates/fastd_exporter_vhost.conf.j2
index 89f1148..b1d2a46 100644
--- a/roles/service-fastd-mesh/templates/fastd_exporter_vhost.conf.j2
+++ b/roles/service-fastd-mesh/templates/fastd_exporter_vhost.conf.j2
@@ -13,10 +13,12 @@ server {
 
       allow 127.0.0.0/8;
       allow ::1/128;
-{% for host in groups['ffmwu-monitoring'] %}
+{% for group in ['ffmwu-monitoring', 'ffmwu-gateways'] %}
+{% for host in groups[group] %}
       allow {{ lookup('dig', host, 'qtype=A') }};
       allow {{ lookup('dig', host, 'qtype=AAAA') }};
-      deny all;
 {% endfor %}
+{% endfor %}
+      deny all;
     }
 }