aboutsummaryrefslogtreecommitdiff
path: root/manifests/subsystem/virtual/instance.pp
blob: 86b24907924a047dfddcc24db19ffa91866032b3 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

# Define a virtual server instance
define nodo::subsystem::virtual::instance(
  $vg,
  $context,
  $ram                   = '1024',
  $size                  = '10G',
  $ensure                = 'running',
  $proxy                 = false,
  $web                   = false,
  $gitd                  = false,
  $mail                  = false,
  $icecast               = false,
  $tor                   = false,
  $ticket                = false,
  $dns                   = false,
  $jabber                = false,
  $mumble                = false,
  $gobby                 = false,
  $yacy                  = false,
  $rsync                 = false,
  $avahi                 = false,
  $subnet                = '10.1.1',
) {
  # Instance id
  if $context <= 9 {
    $id = "0$context"
  } else {
    $id = $context
  }

  virtual::kvm::manager::instance { $name:
    vg   => $vg,
    size => $size,
    ram  => $ram,
  }

  # Apply firewall rules just for running virtual machines
  case $ensure {
    'running': {
      firewall::virtual::ssh { "$name":
        destination => "${subnet}.$context",
        port_orig => "22$id",
        port_dest => "22",
      }

      if $proxy {
        class {
          "firewall::virtual::http":  destination => "${subnet}.$context";
          "firewall::virtual::https": destination => "${subnet}.$context";
        }
      }

      if $web {
        firewall::virtual::web { $name:
          destination => "${subnet}.$context",
        }
      }

      if $gitd {
        class {
          "firewall::virtual::gitd": destination => "${subnet}.$context";
        }
      }

      if $icecast {
        class {
          "firewall::virtual::icecast": destination => "${subnet}.$context";
        }
      }

      if $mail {
        class {
          "firewall::virtual::mail": destination => "${subnet}.$context";
        }
      }

      if $dns {
        class {
          "firewall::virtual::dns": destination => "${subnet}.$context";
        }
      }

      if $tor {
        class {
          "firewall::virtual::tor": destination => "${subnet}.$context";
        }
      }

      if $jabber {
        class {
          "firewall::virtual::jabber": destination => "${subnet}.$context";
        }
      }

      if $mumble {
        class {
          "firewall::virtual::mumble": destination => "${subnet}.$context";
        }
      }

      if $gobby {
        class {
          "firewall::virtual::gobby": destination => "${subnet}.$context";
        }
      }

      if $yacy {
        class {
          "firewall::virtual::yacy": destination => "${subnet}.$context";
        }
      }

      if $rsync {
        class {
          "firewall::virtual::rsync": destination => "${subnet}.$context";
        }
      }

      if $avahi {
        class {
          "firewall::virtual::mdns": destination => "${subnet}.$context";
        }
      }
    }
  }
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-01 07:40:56 +0000