$ensure = 'running',
$proxy = false,
$puppetmaster = false,
+ $web = false,
$gitd = false,
$mail = false,
$icecast = false,
'': { $tor_port = "9001" }
}
+ # Subnet
+ case $implementation {
+ 'vserver': { $subnet = "192.168.0" }
+ default: { $subnet = "10.1.1." }
+ }
+
$dev = hiera('nodo::subsystem::vm::interface', 'eth0')
# Apply firewall rules just for running virtual machines
case $ensure {
'running': {
firewall::virtual::ssh { "$name":
- destination => "192.168.0.$context",
+ destination => "${subnet}.$context",
port_orig => "22$id",
port_dest => "22",
}
if $proxy {
class {
- "firewall::virtual::http": destination => "192.168.0.$context";
- "firewall::virtual::https": destination => "192.168.0.$context";
+ "firewall::virtual::http": destination => "${subnet}.$context";
+ "firewall::virtual::https": destination => "${subnet}.$context";
}
}
if $puppetmaster {
class {
"firewall::virtual::puppetmaster":
- destination => "192.168.0.$context",
+ destination => "${subnet}.$context",
puppetmaster_port => $puppetmaster_port,
puppetmaster_nonssl_port => $puppetmaster_nonssl_port,
}
}
+ if $web {
+ firewall::virtual::web { $name:
+ destination => "${subnet}.$context",
+ }
+ }
+
if $gitd {
class {
- "firewall::virtual::gitd": destination => "192.168.0.$context";
+ "firewall::virtual::gitd": destination => "${subnet}.$context";
}
}
if $icecast {
class {
- "firewall::virtual::icecast": destination => "192.168.0.$context";
+ "firewall::virtual::icecast": destination => "${subnet}.$context";
}
}
if $mail {
class {
- "firewall::virtual::mail": destination => "192.168.0.$context";
+ "firewall::virtual::mail": destination => "${subnet}.$context";
}
}
if $dns {
class {
- "firewall::virtual::dns": destination => "192.168.0.$context";
+ "firewall::virtual::dns": destination => "${subnet}.$context";
}
}
if $tor {
class {
- "firewall::virtual::tor": destination => "192.168.0.$context";
+ "firewall::virtual::tor": destination => "${subnet}.$context";
}
}
if $jabber {
class {
- "firewall::virtual::jabber": destination => "192.168.0.$context";
+ "firewall::virtual::jabber": destination => "${subnet}.$context";
}
}
if $mumble {
class {
- "firewall::virtual::mumble": destination => "192.168.0.$context";
+ "firewall::virtual::mumble": destination => "${subnet}.$context";
}
}
if $gobby {
class {
- "firewall::virtual::gobby": destination => "192.168.0.$context";
+ "firewall::virtual::gobby": destination => "${subnet}.$context";
}
}
if $yacy {
class {
- "firewall::virtual::yacy": destination => "192.168.0.$context";
+ "firewall::virtual::yacy": destination => "${subnet}.$context";
}
}
if $rsync {
class {
- "firewall::virtual::rsync": destination => "192.168.0.$context";
+ "firewall::virtual::rsync": destination => "${subnet}.$context";
}
}
if $avahi {
class {
- "firewall::virtual::mdns": destination => "192.168.0.$context";
+ "firewall::virtual::mdns": destination => "${subnet}.$context";
}
}
}
projects / puppet-nodo.git / commitdiff