aboutsummaryrefslogtreecommitdiff
path: root/manifests/subsystem
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/subsystem')
-rw-r--r--manifests/subsystem/virtual/instance.pp43
1 files changed, 28 insertions, 15 deletions
diff --git a/manifests/subsystem/virtual/instance.pp b/manifests/subsystem/virtual/instance.pp
index a30cf9e..1ab3618 100644
--- a/manifests/subsystem/virtual/instance.pp
+++ b/manifests/subsystem/virtual/instance.pp
@@ -4,6 +4,7 @@ define nodo::subsystem::virtual::instance(
$ensure = 'running',
$proxy = false,
$puppetmaster = false,
+ $web = false,
$gitd = false,
$mail = false,
$icecast = false,
@@ -42,96 +43,108 @@ define nodo::subsystem::virtual::instance(
'': { $tor_port = "9001" }
}
+ # Subnet
+ case $implementation {
+ 'vserver': { $subnet = "192.168.0" }
+ default: { $subnet = "10.1.1." }
+ }
+
$dev = hiera('nodo::subsystem::vm::interface', 'eth0')
# Apply firewall rules just for running virtual machines
case $ensure {
'running': {
firewall::virtual::ssh { "$name":
- destination => "192.168.0.$context",
+ destination => "${subnet}.$context",
port_orig => "22$id",
port_dest => "22",
}
if $proxy {
class {
- "firewall::virtual::http": destination => "192.168.0.$context";
- "firewall::virtual::https": destination => "192.168.0.$context";
+ "firewall::virtual::http": destination => "${subnet}.$context";
+ "firewall::virtual::https": destination => "${subnet}.$context";
}
}
if $puppetmaster {
class {
"firewall::virtual::puppetmaster":
- destination => "192.168.0.$context",
+ destination => "${subnet}.$context",
puppetmaster_port => $puppetmaster_port,
puppetmaster_nonssl_port => $puppetmaster_nonssl_port,
}
}
+ if $web {
+ firewall::virtual::web { $name:
+ destination => "${subnet}.$context",
+ }
+ }
+
if $gitd {
class {
- "firewall::virtual::gitd": destination => "192.168.0.$context";
+ "firewall::virtual::gitd": destination => "${subnet}.$context";
}
}
if $icecast {
class {
- "firewall::virtual::icecast": destination => "192.168.0.$context";
+ "firewall::virtual::icecast": destination => "${subnet}.$context";
}
}
if $mail {
class {
- "firewall::virtual::mail": destination => "192.168.0.$context";
+ "firewall::virtual::mail": destination => "${subnet}.$context";
}
}
if $dns {
class {
- "firewall::virtual::dns": destination => "192.168.0.$context";
+ "firewall::virtual::dns": destination => "${subnet}.$context";
}
}
if $tor {
class {
- "firewall::virtual::tor": destination => "192.168.0.$context";
+ "firewall::virtual::tor": destination => "${subnet}.$context";
}
}
if $jabber {
class {
- "firewall::virtual::jabber": destination => "192.168.0.$context";
+ "firewall::virtual::jabber": destination => "${subnet}.$context";
}
}
if $mumble {
class {
- "firewall::virtual::mumble": destination => "192.168.0.$context";
+ "firewall::virtual::mumble": destination => "${subnet}.$context";
}
}
if $gobby {
class {
- "firewall::virtual::gobby": destination => "192.168.0.$context";
+ "firewall::virtual::gobby": destination => "${subnet}.$context";
}
}
if $yacy {
class {
- "firewall::virtual::yacy": destination => "192.168.0.$context";
+ "firewall::virtual::yacy": destination => "${subnet}.$context";
}
}
if $rsync {
class {
- "firewall::virtual::rsync": destination => "192.168.0.$context";
+ "firewall::virtual::rsync": destination => "${subnet}.$context";
}
}
if $avahi {
class {
- "firewall::virtual::mdns": destination => "192.168.0.$context";
+ "firewall::virtual::mdns": destination => "${subnet}.$context";
}
}
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-31 03:58:23 +0000