# Define a virtual server instance define nodo::subsystem::virtual::instance( $vg, $context, $iface, $ram = '1024', $size = '10G', $ensure = 'running', $implementation = 'kvmx', $shell = undef, $supervise = '1', $proxy = false, $web = false, $gitd = false, $mail = false, $icecast = false, $tor = false, $ticket = false, $dns = false, $jabber = false, $mumble = false, $gobby = false, $yacy = false, $rsync = false, $avahi = false, $udev = false, $subnet = '10.1.1', $sshkey = '', $sshkey_type = 'ssh-rsa', $sshkey_options = [], $initial_user = 'user', $guest_domain = $::domain, ) { # Instance id if $context <= 9 { $id = "0$context" } else { $id = $context } if $implementation == 'kvmx' { virtual::kvm::kvmx::instance { $name: vg => $vg, size => $size, ram => $ram, udev => $udev, iface => $iface, shell => $shell, supervise => $supervise, initial_user => $initial_user, ip => "${subnet}.${context}", gateway => "${subnet}.1", guest_domain => $guest_domain, ssh_custom_pubkey => "/home/${name}/.ssh/authorized_keys", #require => Ssh_authorized_key["virtual-instance-${name}"], } } if $implementation == 'kvm-manager' { virtual::kvm::manager::instance { $name: vg => $vg, size => $size, ram => $ram, udev => $udev, iface => $iface, } } ssh_authorized_key { "virtual-instance-${name}": ensure => $sshkey ? { '' => absent, default => present, }, key => $sshkey, type => $sshkey_type, options => $sshkey_options, user => $name, require => File["/home/${name}"], } # Apply firewall rules just for running virtual machines case $ensure { 'running': { firewall::virtual::ssh { "$name": destination => "${subnet}.$context", port_orig => "22$id", port_dest => "22", } if $proxy { class { "firewall::virtual::http": destination => "${subnet}.$context"; "firewall::virtual::https": destination => "${subnet}.$context"; } } if $web { firewall::virtual::web { $name: destination => "${subnet}.$context", } } if $gitd { class { "firewall::virtual::gitd": destination => "${subnet}.$context"; } } if $icecast { class { "firewall::virtual::icecast": destination => "${subnet}.$context"; } } if $mail { class { "firewall::virtual::mail": destination => "${subnet}.$context"; } } if $dns { class { "firewall::virtual::dns": destination => "${subnet}.$context"; } } if $tor { class { "firewall::virtual::tor": destination => "${subnet}.$context"; } } if $jabber { class { "firewall::virtual::jabber": destination => "${subnet}.$context"; } } if $mumble { class { "firewall::virtual::mumble": destination => "${subnet}.$context"; } } if $gobby { class { "firewall::virtual::gobby": destination => "${subnet}.$context"; } } if $yacy { class { "firewall::virtual::yacy": destination => "${subnet}.$context"; } } if $rsync { class { "firewall::virtual::rsync": destination => "${subnet}.$context"; } } if $avahi { class { "firewall::virtual::mdns": destination => "${subnet}.$context"; } } } } }