Mercurial > repos > other > Puppet
annotate manifests/nodes.pp @ 482:d83de9b3a62b default tip
Update hiera.yaml within Puppet config
Forgot that we manage it from here. Now has content to match
new packages
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Fri, 30 Aug 2024 16:10:36 +0100 |
| parents | 36eacac6bf5e |
| children |
| rev | line source |
|---|---|
|
449
4a6ad700cded
Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents:
445
diff
changeset
|
1 node 'ibbpi.hostedpi.com' { |
|
4a6ad700cded
Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents:
445
diff
changeset
|
2 class { 'ibboardvpsnode': |
|
4a6ad700cded
Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents:
445
diff
changeset
|
3 primary_ip => '2a00:1098:0008:0157::1', |
|
4a6ad700cded
Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents:
445
diff
changeset
|
4 gateway_ip => '2a00:1098:0008:0157::2', |
|
4a6ad700cded
Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents:
445
diff
changeset
|
5 proxy_4to6_ip_prefix => '2a00:1098:0008:0157::01d4', # ::old4 for IPv4! |
|
4a6ad700cded
Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents:
445
diff
changeset
|
6 proxy_upstream => ['2a00:1098::82:1000:3b:1:1', '2a00:1098::80:1000:3b:1:1'], |
|
4a6ad700cded
Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents:
445
diff
changeset
|
7 nat64_ranges => ['64:ff9b::/96'], |
|
4a6ad700cded
Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents:
445
diff
changeset
|
8 mailserver => 'mail.ibboard.co.uk', |
|
4a6ad700cded
Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents:
445
diff
changeset
|
9 imapserver => 'imap.ibboard.co.uk', |
|
4a6ad700cded
Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents:
445
diff
changeset
|
10 mailrelays => ['mx.mythic-beasts.com'], |
|
4a6ad700cded
Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents:
445
diff
changeset
|
11 firewall_cmd => 'iptables', |
|
4a6ad700cded
Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents:
445
diff
changeset
|
12 } |
|
4a6ad700cded
Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents:
445
diff
changeset
|
13 firewall { '090 Allow SSH (IPv4-to-IPv6)': |
|
4a6ad700cded
Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents:
445
diff
changeset
|
14 dport => 22, |
|
4a6ad700cded
Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents:
445
diff
changeset
|
15 source => '2a00:1098:0:82:1000:0:5d5d:826a', |
|
4a6ad700cded
Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents:
445
diff
changeset
|
16 proto => 'tcp', |
|
481
36eacac6bf5e
Fix missed firewall rules updates
IBBoard <dev@ibboard.co.uk>
parents:
480
diff
changeset
|
17 jump => 'accept', |
|
449
4a6ad700cded
Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents:
445
diff
changeset
|
18 } |
| 471 | 19 firewall { '090 Allow SSH (SSH proxy)': |
| 20 dport => 22, | |
| 21 source => '2a00:1098:0:84:1000:3:0:2', | |
| 22 proto => 'tcp', | |
|
481
36eacac6bf5e
Fix missed firewall rules updates
IBBoard <dev@ibboard.co.uk>
parents:
480
diff
changeset
|
23 jump => 'accept', |
| 471 | 24 } |
|
449
4a6ad700cded
Update config for real Raspberry Pi host
IBBoard <dev@ibboard.co.uk>
parents:
445
diff
changeset
|
25 } |
| 445 | 26 node 'vps-2204.test.ibboard.co.uk' { |
| 27 class { 'ibboardvpsnode': | |
|
480
2c3e745be8d2
Update server defs and own modules to match
IBBoard <dev@ibboard.co.uk>
parents:
471
diff
changeset
|
28 primary_ip => '2a10:8702:8:5200:5054:ff:fec7:76c3', |
| 445 | 29 mailserver => 'mail.ibboard.co.uk', |
| 30 imapserver => 'imap.ibboard.co.uk', | |
| 31 firewall_cmd => 'iptables', | |
| 32 } | |
| 33 } | |
| 247 | 34 node 'ibbvps.vs.mythic-beasts.com' { |
| 35 class { 'ibboardvpsnode': | |
| 36 primary_ip => '2a00:1098:82:52::1', | |
|
284
9431aec4d998
Switch to using IPv6 prefix and IP per site
IBBoard <dev@ibboard.co.uk>
parents:
283
diff
changeset
|
37 proxy_4to6_ip_prefix => '2a00:1098:82:52::01d4', # ::old4 for IPv4! |
|
285
c0e989d32b5c
Go back to IPv6, not hostnames, for up-stream
IBBoard <dev@ibboard.co.uk>
parents:
284
diff
changeset
|
38 proxy_upstream => ['2a00:1098::82:1000:3b:1:1', '2a00:1098::80:1000:3b:1:1'], |
| 428 | 39 nat64_ranges => ['64:ff9b::/96'], |
| 247 | 40 mailserver => 'mail.ibboard.co.uk', |
| 41 imapserver => 'imap.ibboard.co.uk', | |
| 326 | 42 mailrelays => ['mx.mythic-beasts.com'], |
| 247 | 43 firewall_cmd => 'iptables', |
| 44 } | |
|
251
7307c3d59ce7
Enable console over admin shell via serial
IBBoard <dev@ibboard.co.uk>
parents:
247
diff
changeset
|
45 # If the console fails to start, you may need to run "restorecon /etc/systemd/system/getty.target.wants/*" |
|
7307c3d59ce7
Enable console over admin shell via serial
IBBoard <dev@ibboard.co.uk>
parents:
247
diff
changeset
|
46 # to reset the SELinux context of the file |
|
7307c3d59ce7
Enable console over admin shell via serial
IBBoard <dev@ibboard.co.uk>
parents:
247
diff
changeset
|
47 service { 'serial-getty@ttyS0': |
|
7307c3d59ce7
Enable console over admin shell via serial
IBBoard <dev@ibboard.co.uk>
parents:
247
diff
changeset
|
48 ensure => 'running', |
|
7307c3d59ce7
Enable console over admin shell via serial
IBBoard <dev@ibboard.co.uk>
parents:
247
diff
changeset
|
49 enable => 'true', |
|
7307c3d59ce7
Enable console over admin shell via serial
IBBoard <dev@ibboard.co.uk>
parents:
247
diff
changeset
|
50 } |
| 279 | 51 firewall { '090 Allow SSH (IPv4-to-IPv6)': |
| 52 dport => 22, | |
|
285
c0e989d32b5c
Go back to IPv6, not hostnames, for up-stream
IBBoard <dev@ibboard.co.uk>
parents:
284
diff
changeset
|
53 source => '2a00:1098:0:82:1000:0:5d5d:826a', |
| 279 | 54 proto => 'tcp', |
|
481
36eacac6bf5e
Fix missed firewall rules updates
IBBoard <dev@ibboard.co.uk>
parents:
480
diff
changeset
|
55 jump => 'accept', |
| 279 | 56 } |
| 247 | 57 } |