From a5bf8cc321386b14ccd69b9a0e4ac4ff35f05c37 Mon Sep 17 00:00:00 2001
From: Leif Johansson <leifj@sunet.se>
Date: Tue, 30 Sep 2014 10:49:34 +0200
Subject: mailsetup and registry webserver rules

---
 global/overlay/etc/puppet/cosmos-rules.yaml        |  7 +++--
 global/overlay/etc/puppet/manifests/cosmos-site.pp | 34 +++++++++-------------
 2 files changed, 17 insertions(+), 24 deletions(-)

(limited to 'global')

diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index 36476b1..a102cf1 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -1,12 +1,13 @@
-# Don't enable class sunet for all hosts until tested.
-#'\.sunet\.se$':
-#   sunet:
 '^cdr\d+\.sunet\.se$':
    sunet-cdr:
    sunet:
 '\.swamid\.se$':
    sunet:
    swamidops:
+   mailclient:
+      domain: sunet.se
+registry.swamid.se:
+   webserver:
 md-master.reep.refeds.org:
    sunet:
    swamidops:
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index ae8012f..c9e5d19 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -21,27 +21,20 @@ node default {
 
 }
 
-# example config for the nameserver class which is matched in cosmos-rules.yaml
-
-#class nameserver {
-#   package {'bind9':
-#      ensure => latest
-#   }
-#   service {'bind9':
-#      ensure => running
-#   }
-#   ufw::allow { "allow-dns-udp":
-#      ip   => 'any',
-#      port => 53,
-#      proto => "udp"
-#   }
-#   ufw::allow { "allow-dns-tcp":
-#      ip   => 'any',
-#      port => 53,
-#      proto => "tcp"
-#   }
-#}
+class webserver {
+   ufw::allow { "allow-http":
+      ip   => 'any',
+      port => 80
+   }
+   ufw::allow { "allow-https":
+      ip   => 'any',
+      port => 443
+   }
+}
 
+class mailclient ($domain) {
+   mnt::preseed::preseed_package {"postfix": ensure => present, domain => $domain}
+}
 
 node 'sto-tug-kvm1.swamid.se' {
 
@@ -124,7 +117,6 @@ node 'md-master.reep.refeds.org' {
 }
 
 node 'registry.swamid.se' {
-   #include cosmos::httpsproxy
    class {'pyff':
       load => ['/opt/peer/vf_repo'],
       validUntil => 'P10D',
-- 
cgit v1.1