diff options
-rw-r--r-- | manifests/vm/instance.pp | 162 |
1 files changed, 162 insertions, 0 deletions
diff --git a/manifests/vm/instance.pp b/manifests/vm/instance.pp new file mode 100644 index 0000000..4e8233f --- /dev/null +++ b/manifests/vm/instance.pp @@ -0,0 +1,162 @@ +# Define a vm instance +define nodo::vm::instance( + $context, + $distro = 'jessie', + $ensure = 'running', + $proxy = false, + $puppetmaster = false, + $gitd = false, + $mail = false, + $icecast = false, + $sound = false, + $tor = false, + $ticket = false, + $dns = false, + $jabber = false, + $mumble = false, + $gobby = false, + $yacy = false, + $rsync = false, + $avahi = false, + $munin_port = false, + $monkeysphere_ssh_port = false, + $network_prefix = hiera("nodo::vm::network_prefix", "192.168.0"), + $puppetmaster_port = '8140', + $puppetmaster_nonssl_port = '8141', +) { + + # Instance id + if $context <= 9 { + $id = "0$context" + } else { + $id = $context + } + + # Tor port + case $tor_port { + '': { $tor_port = "9001" } + } + + $dev = hiera('nodo::vm::interface', 'eth0') + + # Apply firewall rules just for running vservers + case $ensure { + 'running': { + firewall::vserver::ssh { "$name": + destination => "$network_prefix.$context", + port_orig => "22$id", + port_dest => "22", + } + + firewall::vserver::munin { "$name": + destination => "$network_prefix.$context", + port_orig => "49$id", + port_dest => "49$id", + zone => 'vm', + } + + if $proxy { + class { + "firewall::vserver::http": destination => "$network_prefix.$context"; + "firewall::vserver::https": destination => "$network_prefix.$context"; + } + } + + if $puppetmaster { + class { + "firewall::vserver::puppetmaster": + destination => "$network_prefix.$context", + puppetmaster_port => $puppetmaster_port, + puppetmaster_nonssl_port => $puppetmaster_nonssl_port, + zone => 'vm', + } + } + + if $gitd { + class { + "firewall::vserver::gitd": + destination => "$network_prefix.$context", + zone => 'vm', + } + } + + if $icecast { + class { + "firewall::vserver::icecast": + destination => "$network_prefix.$context", + zone => 'vm', + } + } + + if $mail { + class { + "firewall::vserver::mail": + destination => "$network_prefix.$context", + zone => 'vm', + } + } + + if $dns { + class { + "firewall::vserver::dns": destination => "$network_prefix.$context"; + } + } + + if $tor { + class { + "firewall::vserver::tor": + destination => "$network_prefix.$context", + zone => 'vm', + } + } + + if $jabber { + class { + "firewall::vserver::jabber": + destination => "$network_prefix.$context", + zone => 'vm', + } + } + + if $mumble { + class { + "firewall::vserver::mumble": + destination => "$network_prefix.$context", + zone => 'vm', + } + } + + if $gobby { + class { + "firewall::vserver::gobby": + destination => "$network_prefix.$context", + zone => 'vm', + } + } + + if $yacy { + class { + "firewall::vserver::yacy": + destination => "$network_prefix.$context", + zone => 'vm', + } + } + + if $rsync { + class { + "firewall::vserver::rsync": + destination => "$network_prefix.$context", + zone => 'vm', + } + } + + if $avahi { + class { + "firewall::vserver::mdns": + destination => "$network_prefix.$context", + zone => 'vm', + } + } + } + } +} |