From 1988dcd0a5ac2d16cf2d7dbc24304c94f26c2c0c Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Sun, 7 Jan 2018 22:49:53 -0200
Subject: Adds nodo::role::proxy::kvm and nodo::role::web::kvm

---
 manifests/role/proxy/kvm.pp   | 4 ++++
 manifests/role/web/kvm.pp     | 4 ++++
 manifests/subsystem/sysctl.pp | 1 +
 3 files changed, 9 insertions(+)
 create mode 100644 manifests/role/proxy/kvm.pp
 create mode 100644 manifests/role/web/kvm.pp

diff --git a/manifests/role/proxy/kvm.pp b/manifests/role/proxy/kvm.pp
new file mode 100644
index 0000000..f1a0d11
--- /dev/null
+++ b/manifests/role/proxy/kvm.pp
@@ -0,0 +1,4 @@
+# A proxy node that is a KVM guest
+class nodo::role::proxy::kvm inherits nodo::base::kvm {
+  include nodo::role::proxy
+}
diff --git a/manifests/role/web/kvm.pp b/manifests/role/web/kvm.pp
new file mode 100644
index 0000000..31a8b13
--- /dev/null
+++ b/manifests/role/web/kvm.pp
@@ -0,0 +1,4 @@
+# A web node that is a KVM guest
+class nodo::role::web::kvm inherits nodo::base::kvm {
+  include nodo::role::web
+}
diff --git a/manifests/subsystem/sysctl.pp b/manifests/subsystem/sysctl.pp
index 4329010..1f2cfda 100644
--- a/manifests/subsystem/sysctl.pp
+++ b/manifests/subsystem/sysctl.pp
@@ -1,6 +1,7 @@
 class nodo::subsystem::sysctl {
   class { 'nodo::subsystem::sysctl::disable_ipv6': }
   class { 'nodo::subsystem::sysctl::tcp_challenge_ack_limit': }
+  class { 'nodo::subsystem::sysctl::unprivileged_bpf_disabled': }
 
   # Root exploit fix, see http://wiki.debian.org/mmap_min_addr
   # Maybe this can be remove in the future or included in a sysctl puppet module
-- 
cgit v1.2.3