aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--manifests/vm/instance.pp162
1 files changed, 162 insertions, 0 deletions
diff --git a/manifests/vm/instance.pp b/manifests/vm/instance.pp
new file mode 100644
index 0000000..4e8233f
--- /dev/null
+++ b/manifests/vm/instance.pp
@@ -0,0 +1,162 @@
+# Define a vm instance
+define nodo::vm::instance(
+ $context,
+ $distro = 'jessie',
+ $ensure = 'running',
+ $proxy = false,
+ $puppetmaster = false,
+ $gitd = false,
+ $mail = false,
+ $icecast = false,
+ $sound = false,
+ $tor = false,
+ $ticket = false,
+ $dns = false,
+ $jabber = false,
+ $mumble = false,
+ $gobby = false,
+ $yacy = false,
+ $rsync = false,
+ $avahi = false,
+ $munin_port = false,
+ $monkeysphere_ssh_port = false,
+ $network_prefix = hiera("nodo::vm::network_prefix", "192.168.0"),
+ $puppetmaster_port = '8140',
+ $puppetmaster_nonssl_port = '8141',
+) {
+
+ # Instance id
+ if $context <= 9 {
+ $id = "0$context"
+ } else {
+ $id = $context
+ }
+
+ # Tor port
+ case $tor_port {
+ '': { $tor_port = "9001" }
+ }
+
+ $dev = hiera('nodo::vm::interface', 'eth0')
+
+ # Apply firewall rules just for running vservers
+ case $ensure {
+ 'running': {
+ firewall::vserver::ssh { "$name":
+ destination => "$network_prefix.$context",
+ port_orig => "22$id",
+ port_dest => "22",
+ }
+
+ firewall::vserver::munin { "$name":
+ destination => "$network_prefix.$context",
+ port_orig => "49$id",
+ port_dest => "49$id",
+ zone => 'vm',
+ }
+
+ if $proxy {
+ class {
+ "firewall::vserver::http": destination => "$network_prefix.$context";
+ "firewall::vserver::https": destination => "$network_prefix.$context";
+ }
+ }
+
+ if $puppetmaster {
+ class {
+ "firewall::vserver::puppetmaster":
+ destination => "$network_prefix.$context",
+ puppetmaster_port => $puppetmaster_port,
+ puppetmaster_nonssl_port => $puppetmaster_nonssl_port,
+ zone => 'vm',
+ }
+ }
+
+ if $gitd {
+ class {
+ "firewall::vserver::gitd":
+ destination => "$network_prefix.$context",
+ zone => 'vm',
+ }
+ }
+
+ if $icecast {
+ class {
+ "firewall::vserver::icecast":
+ destination => "$network_prefix.$context",
+ zone => 'vm',
+ }
+ }
+
+ if $mail {
+ class {
+ "firewall::vserver::mail":
+ destination => "$network_prefix.$context",
+ zone => 'vm',
+ }
+ }
+
+ if $dns {
+ class {
+ "firewall::vserver::dns": destination => "$network_prefix.$context";
+ }
+ }
+
+ if $tor {
+ class {
+ "firewall::vserver::tor":
+ destination => "$network_prefix.$context",
+ zone => 'vm',
+ }
+ }
+
+ if $jabber {
+ class {
+ "firewall::vserver::jabber":
+ destination => "$network_prefix.$context",
+ zone => 'vm',
+ }
+ }
+
+ if $mumble {
+ class {
+ "firewall::vserver::mumble":
+ destination => "$network_prefix.$context",
+ zone => 'vm',
+ }
+ }
+
+ if $gobby {
+ class {
+ "firewall::vserver::gobby":
+ destination => "$network_prefix.$context",
+ zone => 'vm',
+ }
+ }
+
+ if $yacy {
+ class {
+ "firewall::vserver::yacy":
+ destination => "$network_prefix.$context",
+ zone => 'vm',
+ }
+ }
+
+ if $rsync {
+ class {
+ "firewall::vserver::rsync":
+ destination => "$network_prefix.$context",
+ zone => 'vm',
+ }
+ }
+
+ if $avahi {
+ class {
+ "firewall::vserver::mdns":
+ destination => "$network_prefix.$context",
+ zone => 'vm',
+ }
+ }
+ }
+ }
+}