Fix up SGSN config on nitb systems

modules/rhizo_base/templates/make_sgsn_acl_config.erb

@@ -1,4 +1,5 @@
 #!/bin/bash
+_auth=`psql postgresql://rhizomatica:<%= @pgsql_pwd %>@localhost:5432/rhizomatica -t -c "SELECT msisdn from subscribers where subscription_status=1" | grep . | sed -n '1h;1!H;${g;s/\n/,/g;p;}'`
 cat << EOF
 !
 ! Osmocom SGSN configuration
@@ -23,10 +24,10 @@ sgsn
  ggsn 0 echo-interval 60
  auth-policy acl-only
 EOF
-echo "SELECT imsi from subscriber where authorized=1 ORDER BY imsi;" | sudo /usr/bin/sqlite3 /var/lib/osmocom/hlr.sqlite3 | grep "^[0-9].*" | sed 's/\(.*\)/ imsi-acl add \1/'
+echo "SELECT imsi from subscriber where extension in ($_auth) ORDER BY imsi;" | sudo /usr/bin/sqlite3 /var/lib/osmocom/hlr.sqlite3 | grep "^[0-9].*" | sed 's/\(.*\)/ imsi-acl add \1/'
 cat << EOF
- gsup remote-ip 127.0.0.1
- gsup remote-port 4222
+ !gsup remote-ip <%= @vpn_ip_address %>
+ !gsup remote-port 4222
 !
 ns
  timer tns-block 3

modules/rhizo_base/templates/rhizomatica.cron.erb

@@ -74,8 +74,10 @@ PYTHONPATH=$PYTHONPATH:/var/rhizomatica/rccn
 #Restart osmo-nitb every 6 hours (This wasn't working anyway. If it is needed, do something more elegant!)
 #  0 */6   *   *   *     root /usr/bin/sv restart osmo-nitb 2>&1 > /dev/null
 
+<% if @osmo_stack != 'split' -%>
 # Rebuild ACL config and restart the SGSN (stopgap pre HLR solution, we loose all PDP contexts)
-#  55 2     *   *   *    root /etc/osmocom/make_sgsn_acl_config > /etc/osmocom/osmo-sgsn.cfg ; systemctl restart osmo-sgsn
+  55 2     *   *   *    root /etc/osmocom/make_sgsn_acl_config > /etc/osmocom/osmo-sgsn.cfg ; systemctl restart osmo-sgsn
+<% end -%>
 
 # It's a new day....
   30  5  *   *   *      root /home/rhizomatica/bin/check_broken.sh