Mercurial > repos > other > Puppet
view manifests/nodes.pp @ 284:9431aec4d998
Switch to using IPv6 prefix and IP per site
This is because the proxy seems to break SNI, so we need an IP
per SSL cert. We're not short of IPv6 addresses, though!
Also corrected to "4to6" naming, because we're letting IPv4 access
an IPv6 site
author | IBBoard <dev@ibboard.co.uk> |
---|---|
date | Sun, 16 Feb 2020 12:07:35 +0000 |
parents | d29f477c51d4 |
children | c0e989d32b5c |
line wrap: on
line source
node 'clouduk.ibboard.co.uk' { class { 'ibboardvpsnode': primary_ip => '213.229.111.243', mailserver => 'mail.ibboard.co.uk', imapserver => 'imap.ibboard.co.uk', firewall_cmd => 'iptables', } } node 'cloudtest.ibboard.co.uk' { class { 'ibboardvpsnode': primary_ip => '192.168.1.78', mailserver => 'mail.ibboard.co.uk', imapserver => 'imap.ibboard.co.uk', firewall_cmd => 'iptables', } } node 'ibbvps.vs.mythic-beasts.com' { class { 'ibboardvpsnode': primary_ip => '2a00:1098:82:52::1', proxy_4to6_ip_prefix => '2a00:1098:82:52::01d4', # ::old4 for IPv4! proxy_upstream => ['proxy.mythic-beasts.com'], mailserver => 'mail.ibboard.co.uk', imapserver => 'imap.ibboard.co.uk', firewall_cmd => 'iptables', } # If the console fails to start, you may need to run "restorecon /etc/systemd/system/getty.target.wants/*" # to reset the SELinux context of the file service { 'serial-getty@ttyS0': ensure => 'running', enable => 'true', } firewall { '090 Allow SSH (IPv4-to-IPv6)': dport => 22, source => 'geryon.mythic-beasts.com', proto => 'tcp', action => 'accept', } }