summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--global/overlay/etc/puppet/cosmos-rules.yaml7
-rw-r--r--global/overlay/etc/puppet/manifests/cosmos-site.pp34
2 files changed, 17 insertions, 24 deletions
diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index 36476b1..a102cf1 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -1,12 +1,13 @@
-# Don't enable class sunet for all hosts until tested.
-#'\.sunet\.se$':
-# sunet:
'^cdr\d+\.sunet\.se$':
sunet-cdr:
sunet:
'\.swamid\.se$':
sunet:
swamidops:
+ mailclient:
+ domain: sunet.se
+registry.swamid.se:
+ webserver:
md-master.reep.refeds.org:
sunet:
swamidops:
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index ae8012f..c9e5d19 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -21,27 +21,20 @@ node default {
}
-# example config for the nameserver class which is matched in cosmos-rules.yaml
-
-#class nameserver {
-# package {'bind9':
-# ensure => latest
-# }
-# service {'bind9':
-# ensure => running
-# }
-# ufw::allow { "allow-dns-udp":
-# ip => 'any',
-# port => 53,
-# proto => "udp"
-# }
-# ufw::allow { "allow-dns-tcp":
-# ip => 'any',
-# port => 53,
-# proto => "tcp"
-# }
-#}
+class webserver {
+ ufw::allow { "allow-http":
+ ip => 'any',
+ port => 80
+ }
+ ufw::allow { "allow-https":
+ ip => 'any',
+ port => 443
+ }
+}
+class mailclient ($domain) {
+ mnt::preseed::preseed_package {"postfix": ensure => present, domain => $domain}
+}
node 'sto-tug-kvm1.swamid.se' {
@@ -124,7 +117,6 @@ node 'md-master.reep.refeds.org' {
}
node 'registry.swamid.se' {
- #include cosmos::httpsproxy
class {'pyff':
load => ['/opt/peer/vf_repo'],
validUntil => 'P10D',