Mercurial > repos > other > Puppet

annotate manifests/nodes.pp @ 428:7798ec0fd059

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Change NAT64 allocation range We use this to block outbound emails to IPv4 addresses that got converted by DNS64. MythicBeasts changed it to the "well-known prefix" some time before April 2021. But we only just found out when an email bounced.
author IBBoard <dev@ibboard.co.uk>
date Fri, 04 Nov 2022 20:29:31 +0000
parents e22eee1d79ef
children 2879e2d4148e
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
390
df5ad1612af7 Adapt configs to support Ubuntu
IBBoard <dev@ibboard.co.uk>
parents: 355
diff changeset
1 node 'vpsarm.home' {
355
60b13e6d83c5 Add CentOS 8 dev VM node
IBBoard <dev@ibboard.co.uk>
parents: 326
diff changeset
2 class { 'ibboardvpsnode':
390
df5ad1612af7 Adapt configs to support Ubuntu
IBBoard <dev@ibboard.co.uk>
parents: 355
diff changeset
3 primary_ip => '2a00:23c8:a480:3701:5054:ff:fe42:65f9',
355
60b13e6d83c5 Add CentOS 8 dev VM node
IBBoard <dev@ibboard.co.uk>
parents: 326
diff changeset
4 mailserver => 'mail.ibboard.co.uk',
60b13e6d83c5 Add CentOS 8 dev VM node
IBBoard <dev@ibboard.co.uk>
parents: 326
diff changeset
5 imapserver => 'imap.ibboard.co.uk',
60b13e6d83c5 Add CentOS 8 dev VM node
IBBoard <dev@ibboard.co.uk>
parents: 326
diff changeset
6 firewall_cmd => 'iptables',
60b13e6d83c5 Add CentOS 8 dev VM node
IBBoard <dev@ibboard.co.uk>
parents: 326
diff changeset
7 }
60b13e6d83c5 Add CentOS 8 dev VM node
IBBoard <dev@ibboard.co.uk>
parents: 326
diff changeset
8 }
247
308f69ca988c Add config for new server
IBBoard <dev@ibboard.co.uk>
parents: 151
diff changeset
9 node 'ibbvps.vs.mythic-beasts.com' {
308f69ca988c Add config for new server
IBBoard <dev@ibboard.co.uk>
parents: 151
diff changeset
10 class { 'ibboardvpsnode':
308f69ca988c Add config for new server
IBBoard <dev@ibboard.co.uk>
parents: 151
diff changeset
11 primary_ip => '2a00:1098:82:52::1',
284
9431aec4d998 Switch to using IPv6 prefix and IP per site
IBBoard <dev@ibboard.co.uk>
parents: 283
diff changeset
12 proxy_4to6_ip_prefix => '2a00:1098:82:52::01d4', # ::old4 for IPv4!
285
c0e989d32b5c Go back to IPv6, not hostnames, for up-stream
IBBoard <dev@ibboard.co.uk>
parents: 284
diff changeset
13 proxy_upstream => ['2a00:1098::82:1000:3b:1:1', '2a00:1098::80:1000:3b:1:1'],
428
7798ec0fd059 Change NAT64 allocation range
IBBoard <dev@ibboard.co.uk>
parents: 397
diff changeset
14 nat64_ranges => ['64:ff9b::/96'],
247
308f69ca988c Add config for new server
IBBoard <dev@ibboard.co.uk>
parents: 151
diff changeset
15 mailserver => 'mail.ibboard.co.uk',
308f69ca988c Add config for new server
IBBoard <dev@ibboard.co.uk>
parents: 151
diff changeset
16 imapserver => 'imap.ibboard.co.uk',
326
63e0b5149cfb Add fallback relays to Postfix
IBBoard <dev@ibboard.co.uk>
parents: 313
diff changeset
17 mailrelays => ['mx.mythic-beasts.com'],
247
308f69ca988c Add config for new server
IBBoard <dev@ibboard.co.uk>
parents: 151
diff changeset
18 firewall_cmd => 'iptables',
308f69ca988c Add config for new server
IBBoard <dev@ibboard.co.uk>
parents: 151
diff changeset
19 }
251
7307c3d59ce7 Enable console over admin shell via serial
IBBoard <dev@ibboard.co.uk>
parents: 247
diff changeset
20 # If the console fails to start, you may need to run "restorecon /etc/systemd/system/getty.target.wants/*"
7307c3d59ce7 Enable console over admin shell via serial
IBBoard <dev@ibboard.co.uk>
parents: 247
diff changeset
21 # to reset the SELinux context of the file
7307c3d59ce7 Enable console over admin shell via serial
IBBoard <dev@ibboard.co.uk>
parents: 247
diff changeset
22 service { 'serial-getty@ttyS0':
7307c3d59ce7 Enable console over admin shell via serial
IBBoard <dev@ibboard.co.uk>
parents: 247
diff changeset
23 ensure => 'running',
7307c3d59ce7 Enable console over admin shell via serial
IBBoard <dev@ibboard.co.uk>
parents: 247
diff changeset
24 enable => 'true',
7307c3d59ce7 Enable console over admin shell via serial
IBBoard <dev@ibboard.co.uk>
parents: 247
diff changeset
25 }
279
e36b7f4f85f2 Start to support IPv6 servers
IBBoard <dev@ibboard.co.uk>
parents: 251
diff changeset
26 firewall { '090 Allow SSH (IPv4-to-IPv6)':
e36b7f4f85f2 Start to support IPv6 servers
IBBoard <dev@ibboard.co.uk>
parents: 251
diff changeset
27 dport => 22,
285
c0e989d32b5c Go back to IPv6, not hostnames, for up-stream
IBBoard <dev@ibboard.co.uk>
parents: 284
diff changeset
28 source => '2a00:1098:0:82:1000:0:5d5d:826a',
279
e36b7f4f85f2 Start to support IPv6 servers
IBBoard <dev@ibboard.co.uk>
parents: 251
diff changeset
29 proto => 'tcp',
e36b7f4f85f2 Start to support IPv6 servers
IBBoard <dev@ibboard.co.uk>
parents: 251
diff changeset
30 action => 'accept',
e36b7f4f85f2 Start to support IPv6 servers
IBBoard <dev@ibboard.co.uk>
parents: 251
diff changeset
31 }
247
308f69ca988c Add config for new server
IBBoard <dev@ibboard.co.uk>
parents: 151
diff changeset
32 }