From fe1c86b8f938283e9dd8196a8b11a9648f4b49e6 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Fri, 12 Apr 2013 17:09:03 -0300
Subject: Major refactor

---
 manifests/role/router.pp | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 manifests/role/router.pp

(limited to 'manifests/role/router.pp')

diff --git a/manifests/role/router.pp b/manifests/role/router.pp
new file mode 100644
index 0000000..068837d
--- /dev/null
+++ b/manifests/role/router.pp
@@ -0,0 +1,25 @@
+class nodo::role::router inherits nodo::appliance {
+  # We use monitor class on the router as the DNS server might by
+  # inside a vserver and thus cannot access the network devices directly
+  include nodo::utils::dns
+
+  # Network auditing
+  include nodo::utils::network::analyzer
+
+  # Enable IP forwarding
+  augeas { 'enable_ip_forwarding':
+    changes => 'set /files/etc/shorewall/shorewall.conf/IP_FORWARDING On',
+    lens    => 'Shellvars.lns',
+    incl    => '/etc/shorewall/shorewall.conf',
+    notify  => Service[shorewall];
+  }
+
+  # Make sure shorewall is reloaded after dhcp renew
+  file { '/etc/dhcp/dhclient-exit-hooks.d/shorewall':
+    ensure => present,
+    owner  => root,
+    group  => root,
+    mode   => 0644,
+    source => 'puppet:///modules/site_nodo/dhclient-exit-hooks.d/shorewall'
+  }
+}
-- 
cgit v1.2.3