annotate manifests/nodes.pp @ 449:4a6ad700cded

Update config for real Raspberry Pi host * Add node config * Change Amavis setup because of Ubuntu differences * Change secondary IP address setup because Ubuntu still uses older networking approach * Make Postfix config more flexible
author IBBoard <dev@ibboard.co.uk>
date Wed, 26 Jul 2023 15:30:19 +0100
parents 9268fe05d0ab
children 65290cb0cec2
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
449
4a6ad700cded Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents: 445
diff changeset
1 node 'ibbpi.hostedpi.com' {
4a6ad700cded Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents: 445
diff changeset
2 class { 'ibboardvpsnode':
4a6ad700cded Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents: 445
diff changeset
3 primary_ip => '2a00:1098:0008:0157::1',
4a6ad700cded Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents: 445
diff changeset
4 gateway_ip => '2a00:1098:0008:0157::2',
4a6ad700cded Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents: 445
diff changeset
5 proxy_4to6_ip_prefix => '2a00:1098:0008:0157::01d4', # ::old4 for IPv4!
4a6ad700cded Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents: 445
diff changeset
6 proxy_upstream => ['2a00:1098::82:1000:3b:1:1', '2a00:1098::80:1000:3b:1:1'],
4a6ad700cded Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents: 445
diff changeset
7 nat64_ranges => ['64:ff9b::/96'],
4a6ad700cded Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents: 445
diff changeset
8 mailserver => 'mail.ibboard.co.uk',
4a6ad700cded Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents: 445
diff changeset
9 imapserver => 'imap.ibboard.co.uk',
4a6ad700cded Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents: 445
diff changeset
10 mailrelays => ['mx.mythic-beasts.com'],
4a6ad700cded Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents: 445
diff changeset
11 firewall_cmd => 'iptables',
4a6ad700cded Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents: 445
diff changeset
12 }
4a6ad700cded Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents: 445
diff changeset
13 firewall { '090 Allow SSH (IPv4-to-IPv6)':
4a6ad700cded Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents: 445
diff changeset
14 dport => 22,
4a6ad700cded Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents: 445
diff changeset
15 source => '2a00:1098:0:82:1000:0:5d5d:826a',
4a6ad700cded Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents: 445
diff changeset
16 proto => 'tcp',
4a6ad700cded Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents: 445
diff changeset
17 action => 'accept',
4a6ad700cded Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents: 445
diff changeset
18 }
4a6ad700cded Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents: 445
diff changeset
19 }
390
df5ad1612af7 Adapt configs to support Ubuntu
IBBoard <dev@ibboard.co.uk>
parents: 355
diff changeset
20 node 'vpsarm.home' {
355
60b13e6d83c5 Add CentOS 8 dev VM node
IBBoard <dev@ibboard.co.uk>
parents: 326
diff changeset
21 class { 'ibboardvpsnode':
390
df5ad1612af7 Adapt configs to support Ubuntu
IBBoard <dev@ibboard.co.uk>
parents: 355
diff changeset
22 primary_ip => '2a00:23c8:a480:3701:5054:ff:fe42:65f9',
355
60b13e6d83c5 Add CentOS 8 dev VM node
IBBoard <dev@ibboard.co.uk>
parents: 326
diff changeset
23 mailserver => 'mail.ibboard.co.uk',
60b13e6d83c5 Add CentOS 8 dev VM node
IBBoard <dev@ibboard.co.uk>
parents: 326
diff changeset
24 imapserver => 'imap.ibboard.co.uk',
60b13e6d83c5 Add CentOS 8 dev VM node
IBBoard <dev@ibboard.co.uk>
parents: 326
diff changeset
25 firewall_cmd => 'iptables',
60b13e6d83c5 Add CentOS 8 dev VM node
IBBoard <dev@ibboard.co.uk>
parents: 326
diff changeset
26 }
60b13e6d83c5 Add CentOS 8 dev VM node
IBBoard <dev@ibboard.co.uk>
parents: 326
diff changeset
27 }
445
9268fe05d0ab Add new Ubuntu test nodes
IBBoard <dev@ibboard.co.uk>
parents: 442
diff changeset
28 node 'vps-arm-2204.test.ibboard.co.uk' {
442
2879e2d4148e Configure test machine
IBBoard <dev@ibboard.co.uk>
parents: 428
diff changeset
29 class { 'ibboardvpsnode':
2879e2d4148e Configure test machine
IBBoard <dev@ibboard.co.uk>
parents: 428
diff changeset
30 primary_ip => 'fd21:d7cd:fe52:0:5054:ff:fee4:9b6e',
2879e2d4148e Configure test machine
IBBoard <dev@ibboard.co.uk>
parents: 428
diff changeset
31 mailserver => 'mail.ibboard.co.uk',
2879e2d4148e Configure test machine
IBBoard <dev@ibboard.co.uk>
parents: 428
diff changeset
32 imapserver => 'imap.ibboard.co.uk',
2879e2d4148e Configure test machine
IBBoard <dev@ibboard.co.uk>
parents: 428
diff changeset
33 firewall_cmd => 'iptables',
2879e2d4148e Configure test machine
IBBoard <dev@ibboard.co.uk>
parents: 428
diff changeset
34 }
2879e2d4148e Configure test machine
IBBoard <dev@ibboard.co.uk>
parents: 428
diff changeset
35 }
445
9268fe05d0ab Add new Ubuntu test nodes
IBBoard <dev@ibboard.co.uk>
parents: 442
diff changeset
36 node 'vps-2204.test.ibboard.co.uk' {
9268fe05d0ab Add new Ubuntu test nodes
IBBoard <dev@ibboard.co.uk>
parents: 442
diff changeset
37 class { 'ibboardvpsnode':
9268fe05d0ab Add new Ubuntu test nodes
IBBoard <dev@ibboard.co.uk>
parents: 442
diff changeset
38 primary_ip => 'fd21:d7cd:fe52:0:5054:ff:fec7:76c3',
9268fe05d0ab Add new Ubuntu test nodes
IBBoard <dev@ibboard.co.uk>
parents: 442
diff changeset
39 mailserver => 'mail.ibboard.co.uk',
9268fe05d0ab Add new Ubuntu test nodes
IBBoard <dev@ibboard.co.uk>
parents: 442
diff changeset
40 imapserver => 'imap.ibboard.co.uk',
9268fe05d0ab Add new Ubuntu test nodes
IBBoard <dev@ibboard.co.uk>
parents: 442
diff changeset
41 firewall_cmd => 'iptables',
9268fe05d0ab Add new Ubuntu test nodes
IBBoard <dev@ibboard.co.uk>
parents: 442
diff changeset
42 }
9268fe05d0ab Add new Ubuntu test nodes
IBBoard <dev@ibboard.co.uk>
parents: 442
diff changeset
43 }
247
308f69ca988c Add config for new server
IBBoard <dev@ibboard.co.uk>
parents: 151
diff changeset
44 node 'ibbvps.vs.mythic-beasts.com' {
308f69ca988c Add config for new server
IBBoard <dev@ibboard.co.uk>
parents: 151
diff changeset
45 class { 'ibboardvpsnode':
308f69ca988c Add config for new server
IBBoard <dev@ibboard.co.uk>
parents: 151
diff changeset
46 primary_ip => '2a00:1098:82:52::1',
284
9431aec4d998 Switch to using IPv6 prefix and IP per site
IBBoard <dev@ibboard.co.uk>
parents: 283
diff changeset
47 proxy_4to6_ip_prefix => '2a00:1098:82:52::01d4', # ::old4 for IPv4!
285
c0e989d32b5c Go back to IPv6, not hostnames, for up-stream
IBBoard <dev@ibboard.co.uk>
parents: 284
diff changeset
48 proxy_upstream => ['2a00:1098::82:1000:3b:1:1', '2a00:1098::80:1000:3b:1:1'],
428
7798ec0fd059 Change NAT64 allocation range
IBBoard <dev@ibboard.co.uk>
parents: 397
diff changeset
49 nat64_ranges => ['64:ff9b::/96'],
247
308f69ca988c Add config for new server
IBBoard <dev@ibboard.co.uk>
parents: 151
diff changeset
50 mailserver => 'mail.ibboard.co.uk',
308f69ca988c Add config for new server
IBBoard <dev@ibboard.co.uk>
parents: 151
diff changeset
51 imapserver => 'imap.ibboard.co.uk',
326
63e0b5149cfb Add fallback relays to Postfix
IBBoard <dev@ibboard.co.uk>
parents: 313
diff changeset
52 mailrelays => ['mx.mythic-beasts.com'],
247
308f69ca988c Add config for new server
IBBoard <dev@ibboard.co.uk>
parents: 151
diff changeset
53 firewall_cmd => 'iptables',
308f69ca988c Add config for new server
IBBoard <dev@ibboard.co.uk>
parents: 151
diff changeset
54 }
251
7307c3d59ce7 Enable console over admin shell via serial
IBBoard <dev@ibboard.co.uk>
parents: 247
diff changeset
55 # If the console fails to start, you may need to run "restorecon /etc/systemd/system/getty.target.wants/*"
7307c3d59ce7 Enable console over admin shell via serial
IBBoard <dev@ibboard.co.uk>
parents: 247
diff changeset
56 # to reset the SELinux context of the file
7307c3d59ce7 Enable console over admin shell via serial
IBBoard <dev@ibboard.co.uk>
parents: 247
diff changeset
57 service { 'serial-getty@ttyS0':
7307c3d59ce7 Enable console over admin shell via serial
IBBoard <dev@ibboard.co.uk>
parents: 247
diff changeset
58 ensure => 'running',
7307c3d59ce7 Enable console over admin shell via serial
IBBoard <dev@ibboard.co.uk>
parents: 247
diff changeset
59 enable => 'true',
7307c3d59ce7 Enable console over admin shell via serial
IBBoard <dev@ibboard.co.uk>
parents: 247
diff changeset
60 }
279
e36b7f4f85f2 Start to support IPv6 servers
IBBoard <dev@ibboard.co.uk>
parents: 251
diff changeset
61 firewall { '090 Allow SSH (IPv4-to-IPv6)':
e36b7f4f85f2 Start to support IPv6 servers
IBBoard <dev@ibboard.co.uk>
parents: 251
diff changeset
62 dport => 22,
285
c0e989d32b5c Go back to IPv6, not hostnames, for up-stream
IBBoard <dev@ibboard.co.uk>
parents: 284
diff changeset
63 source => '2a00:1098:0:82:1000:0:5d5d:826a',
279
e36b7f4f85f2 Start to support IPv6 servers
IBBoard <dev@ibboard.co.uk>
parents: 251
diff changeset
64 proto => 'tcp',
e36b7f4f85f2 Start to support IPv6 servers
IBBoard <dev@ibboard.co.uk>
parents: 251
diff changeset
65 action => 'accept',
e36b7f4f85f2 Start to support IPv6 servers
IBBoard <dev@ibboard.co.uk>
parents: 251
diff changeset
66 }
247
308f69ca988c Add config for new server
IBBoard <dev@ibboard.co.uk>
parents: 151
diff changeset
67 }