diff options
Diffstat (limited to 'manifests/subsystem/virtual')
-rw-r--r-- | manifests/subsystem/virtual/instance.pp | 43 |
1 files changed, 28 insertions, 15 deletions
diff --git a/manifests/subsystem/virtual/instance.pp b/manifests/subsystem/virtual/instance.pp index a30cf9e..1ab3618 100644 --- a/manifests/subsystem/virtual/instance.pp +++ b/manifests/subsystem/virtual/instance.pp @@ -4,6 +4,7 @@ define nodo::subsystem::virtual::instance( $ensure = 'running', $proxy = false, $puppetmaster = false, + $web = false, $gitd = false, $mail = false, $icecast = false, @@ -42,96 +43,108 @@ define nodo::subsystem::virtual::instance( '': { $tor_port = "9001" } } + # Subnet + case $implementation { + 'vserver': { $subnet = "192.168.0" } + default: { $subnet = "10.1.1." } + } + $dev = hiera('nodo::subsystem::vm::interface', 'eth0') # Apply firewall rules just for running virtual machines case $ensure { 'running': { firewall::virtual::ssh { "$name": - destination => "192.168.0.$context", + destination => "${subnet}.$context", port_orig => "22$id", port_dest => "22", } if $proxy { class { - "firewall::virtual::http": destination => "192.168.0.$context"; - "firewall::virtual::https": destination => "192.168.0.$context"; + "firewall::virtual::http": destination => "${subnet}.$context"; + "firewall::virtual::https": destination => "${subnet}.$context"; } } if $puppetmaster { class { "firewall::virtual::puppetmaster": - destination => "192.168.0.$context", + destination => "${subnet}.$context", puppetmaster_port => $puppetmaster_port, puppetmaster_nonssl_port => $puppetmaster_nonssl_port, } } + if $web { + firewall::virtual::web { $name: + destination => "${subnet}.$context", + } + } + if $gitd { class { - "firewall::virtual::gitd": destination => "192.168.0.$context"; + "firewall::virtual::gitd": destination => "${subnet}.$context"; } } if $icecast { class { - "firewall::virtual::icecast": destination => "192.168.0.$context"; + "firewall::virtual::icecast": destination => "${subnet}.$context"; } } if $mail { class { - "firewall::virtual::mail": destination => "192.168.0.$context"; + "firewall::virtual::mail": destination => "${subnet}.$context"; } } if $dns { class { - "firewall::virtual::dns": destination => "192.168.0.$context"; + "firewall::virtual::dns": destination => "${subnet}.$context"; } } if $tor { class { - "firewall::virtual::tor": destination => "192.168.0.$context"; + "firewall::virtual::tor": destination => "${subnet}.$context"; } } if $jabber { class { - "firewall::virtual::jabber": destination => "192.168.0.$context"; + "firewall::virtual::jabber": destination => "${subnet}.$context"; } } if $mumble { class { - "firewall::virtual::mumble": destination => "192.168.0.$context"; + "firewall::virtual::mumble": destination => "${subnet}.$context"; } } if $gobby { class { - "firewall::virtual::gobby": destination => "192.168.0.$context"; + "firewall::virtual::gobby": destination => "${subnet}.$context"; } } if $yacy { class { - "firewall::virtual::yacy": destination => "192.168.0.$context"; + "firewall::virtual::yacy": destination => "${subnet}.$context"; } } if $rsync { class { - "firewall::virtual::rsync": destination => "192.168.0.$context"; + "firewall::virtual::rsync": destination => "${subnet}.$context"; } } if $avahi { class { - "firewall::virtual::mdns": destination => "192.168.0.$context"; + "firewall::virtual::mdns": destination => "${subnet}.$context"; } } } |