global/overlay/etc/puppet/modules/sunet/manifests/server.pp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21

define sunet::server() {

  # Set up encrypted swap
  sunet::encrypted_swap { 'sunet_encrypted_swap': }

  # Add prerequisites for ethernet bonding, if physical server
  sunet::ethernet_bonding { 'sunet_ethernet_bonding': }

  # Ignore IPv6 multicast
  ufw::deny { 'ignore_v6_multicast':
    ip    => 'ff02::1',
    proto => 'any'  # 'ufw' has a hard-coded list of protocols, which does not include 'ipv6-icmp' :(
  }

  # Ignore IPv6 multicast PIM router talk
  ufw::deny { 'ignore_v6_multicast_PIM':
    ip    => 'ff02::d',
    proto => 'any'  # 'ufw' has a hard-coded list of protocols, which does not include 'ipv6-icmp' :(
  }

}