view manifests/nodes.pp @ 462:2f2ecf1f0215

Reduce PHP FPM overheads * Reduce "max idle servers", which leaves LOTS of unused servers sitting around most of the time * Remove old, unused static config file
author IBBoard <dev@ibboard.co.uk>
date Sat, 18 Nov 2023 18:38:12 +0000
parents 4a6ad700cded
children 65290cb0cec2
line wrap: on
line source

node 'ibbpi.hostedpi.com' {
	class { 'ibboardvpsnode':
		primary_ip => '2a00:1098:0008:0157::1',
		gateway_ip => '2a00:1098:0008:0157::2',
		proxy_4to6_ip_prefix => '2a00:1098:0008:0157::01d4', # ::old4 for IPv4!
		proxy_upstream => ['2a00:1098::82:1000:3b:1:1', '2a00:1098::80:1000:3b:1:1'],
		nat64_ranges => ['64:ff9b::/96'],
		mailserver => 'mail.ibboard.co.uk',
		imapserver => 'imap.ibboard.co.uk',
		mailrelays => ['mx.mythic-beasts.com'],
		firewall_cmd => 'iptables',
	}
	firewall { '090 Allow SSH (IPv4-to-IPv6)':
		dport => 22,
		source => '2a00:1098:0:82:1000:0:5d5d:826a',
		proto => 'tcp',
		action => 'accept',
	}
}
node 'vpsarm.home' {
	class { 'ibboardvpsnode':
		primary_ip => '2a00:23c8:a480:3701:5054:ff:fe42:65f9',
		mailserver => 'mail.ibboard.co.uk',
		imapserver => 'imap.ibboard.co.uk',
		firewall_cmd => 'iptables',
	}
}
node 'vps-arm-2204.test.ibboard.co.uk' {
	class { 'ibboardvpsnode':
		primary_ip => 'fd21:d7cd:fe52:0:5054:ff:fee4:9b6e',
		mailserver => 'mail.ibboard.co.uk',
		imapserver => 'imap.ibboard.co.uk',
		firewall_cmd => 'iptables',
	}
}
node 'vps-2204.test.ibboard.co.uk' {
	class { 'ibboardvpsnode':
		primary_ip => 'fd21:d7cd:fe52:0:5054:ff:fec7:76c3',
		mailserver => 'mail.ibboard.co.uk',
		imapserver => 'imap.ibboard.co.uk',
		firewall_cmd => 'iptables',
	}
}
node 'ibbvps.vs.mythic-beasts.com' {
	class { 'ibboardvpsnode':
		primary_ip => '2a00:1098:82:52::1',
		proxy_4to6_ip_prefix => '2a00:1098:82:52::01d4', # ::old4 for IPv4!
		proxy_upstream => ['2a00:1098::82:1000:3b:1:1', '2a00:1098::80:1000:3b:1:1'],
		nat64_ranges => ['64:ff9b::/96'],
		mailserver => 'mail.ibboard.co.uk',
		imapserver => 'imap.ibboard.co.uk',
		mailrelays => ['mx.mythic-beasts.com'],
		firewall_cmd => 'iptables',
	}
	# If the console fails to start, you may need to run "restorecon /etc/systemd/system/getty.target.wants/*"
	# to reset the SELinux context of the file
	service { 'serial-getty@ttyS0':
		ensure => 'running',
		enable => 'true',
	}
	firewall { '090 Allow SSH (IPv4-to-IPv6)':
		dport => 22,
		source => '2a00:1098:0:82:1000:0:5d5d:826a',
		proto => 'tcp',
		action => 'accept',
	}
}