| 1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
 | # Define a virtual server instance
define nodo::subsystem::virtual::instance(
  $vg,
  $context,
  $ram                   = '1024',
  $size                  = '10G',
  $ensure                = 'running',
  $proxy                 = false,
  $web                   = false,
  $gitd                  = false,
  $mail                  = false,
  $icecast               = false,
  $tor                   = false,
  $ticket                = false,
  $dns                   = false,
  $jabber                = false,
  $mumble                = false,
  $gobby                 = false,
  $yacy                  = false,
  $rsync                 = false,
  $avahi                 = false,
  $udev                  = false,
  $subnet                = '10.1.1',
  $sshkey                = '',
  $sshkey_type           = 'ssh-rsa',
  $sshkey_options        = [],
) {
  # Instance id
  if $context <= 9 {
    $id = "0$context"
  } else {
    $id = $context
  }
  virtual::kvm::manager::instance { $name:
    vg   => $vg,
    size => $size,
    ram  => $ram,
    udev => $udev,
  }
  if $sshkey != '' {
    ssh_authorized_key { "virtual-instance-${name}":
      ensure  => present,
      key     => $sshkey,
      type    => $sshkey_type,
      options => $sshkey_options,
      user    => $name,
      require => User["${name}"],
    }
  }
  # Apply firewall rules just for running virtual machines
  case $ensure {
    'running': {
      firewall::virtual::ssh { "$name":
        destination => "${subnet}.$context",
        port_orig => "22$id",
        port_dest => "22",
      }
      if $proxy {
        class {
          "firewall::virtual::http":  destination => "${subnet}.$context";
          "firewall::virtual::https": destination => "${subnet}.$context";
        }
      }
      if $web {
        firewall::virtual::web { $name:
          destination => "${subnet}.$context",
        }
      }
      if $gitd {
        class {
          "firewall::virtual::gitd": destination => "${subnet}.$context";
        }
      }
      if $icecast {
        class {
          "firewall::virtual::icecast": destination => "${subnet}.$context";
        }
      }
      if $mail {
        class {
          "firewall::virtual::mail": destination => "${subnet}.$context";
        }
      }
      if $dns {
        class {
          "firewall::virtual::dns": destination => "${subnet}.$context";
        }
      }
      if $tor {
        class {
          "firewall::virtual::tor": destination => "${subnet}.$context";
        }
      }
      if $jabber {
        class {
          "firewall::virtual::jabber": destination => "${subnet}.$context";
        }
      }
      if $mumble {
        class {
          "firewall::virtual::mumble": destination => "${subnet}.$context";
        }
      }
      if $gobby {
        class {
          "firewall::virtual::gobby": destination => "${subnet}.$context";
        }
      }
      if $yacy {
        class {
          "firewall::virtual::yacy": destination => "${subnet}.$context";
        }
      }
      if $rsync {
        class {
          "firewall::virtual::rsync": destination => "${subnet}.$context";
        }
      }
      if $avahi {
        class {
          "firewall::virtual::mdns": destination => "${subnet}.$context";
        }
      }
    }
  }
}
 |