# HG changeset patch # User IBBoard # Date 1690381819 -3600 # Node ID 4a6ad700cded284b7d71138afa720980319516f2 # Parent 460bf6514bd8a5d91da74e504d6de752e100910f Update config for real Raspberry Pi host * Add node config * Change Amavis setup because of Ubuntu differences * Change secondary IP address setup because Ubuntu still uses older networking approach * Make Postfix config more flexible diff -r 460bf6514bd8 -r 4a6ad700cded manifests/nodes.pp --- a/manifests/nodes.pp Sat Jul 15 13:31:32 2023 +0100 +++ b/manifests/nodes.pp Wed Jul 26 15:30:19 2023 +0100 @@ -1,3 +1,22 @@ +node 'ibbpi.hostedpi.com' { + class { 'ibboardvpsnode': + primary_ip => '2a00:1098:0008:0157::1', + gateway_ip => '2a00:1098:0008:0157::2', + proxy_4to6_ip_prefix => '2a00:1098:0008:0157::01d4', # ::old4 for IPv4! + proxy_upstream => ['2a00:1098::82:1000:3b:1:1', '2a00:1098::80:1000:3b:1:1'], + nat64_ranges => ['64:ff9b::/96'], + mailserver => 'mail.ibboard.co.uk', + imapserver => 'imap.ibboard.co.uk', + mailrelays => ['mx.mythic-beasts.com'], + firewall_cmd => 'iptables', + } + firewall { '090 Allow SSH (IPv4-to-IPv6)': + dport => 22, + source => '2a00:1098:0:82:1000:0:5d5d:826a', + proto => 'tcp', + action => 'accept', + } +} node 'vpsarm.home' { class { 'ibboardvpsnode': primary_ip => '2a00:23c8:a480:3701:5054:ff:fe42:65f9', diff -r 460bf6514bd8 -r 4a6ad700cded manifests/templates.pp --- a/manifests/templates.pp Sat Jul 15 13:31:32 2023 +0100 +++ b/manifests/templates.pp Wed Jul 26 15:30:19 2023 +0100 @@ -62,6 +62,7 @@ class basevpsnode ( $primary_ip, + $gateway_ip = undef, $proxy_4to6_ip_prefix = undef, $proxy_upstream = undef, $nat64_ranges = [], @@ -89,14 +90,44 @@ } if $proxy_4to6_ip_prefix != undef { - # …:1 to …:9 for websites, …:10 for mail - $ipv6_addresses = Integer[1, 10].map |$octet| { "$proxy_4to6_ip_prefix:$octet" } + if $operatingsystem == 'Ubuntu' { + # Ubuntu can't parse the existing file, so we need to brute-force it with a template + file { "/etc/network/interfaces.d/eth0": + content => epp('privat/eth0.epp', + { + default_address => $primary_ip, + gateway_address => $gateway_ip, + prefix_address => $proxy_4to6_ip_prefix, + } + ), + } - $ipv6_secondaries = join($ipv6_addresses, " ") +# # …:1 to …:9 for websites, …:10 for mail +# Integer[1, 10].each |$octet| { +# augeas { "IPv6 secondary address $octet": +# context => "/files/etc/network/interfaces.d/eth0", +# changes => [ +# "set auto[child::1 = 'eth0:$octet']/1 eth0:$octet", +# "set no-auto-down[child::1 = 'eth0:$octet']/1 eth0:$octet", +# "set iface[. = 'eth0:$octet'] eth0:$octet", +# "set iface[. = 'eth0:$octet']/family inet6", +# "set iface[. = 'eth0:$octet']/method static", +# "set iface[. = 'eth0:$octet']/address $proxy_4to6_ip_prefix:$octet", +# "set iface[. = 'eth0:$octet']/netmask 64", +# +# ], +# } +# } + } + else { + # …:1 to …:9 for websites, …:10 for mail + $ipv6_addresses = Integer[1, 10].map |$octet| { "$proxy_4to6_ip_prefix:$octet" } + $ipv6_secondaries = join($ipv6_addresses, " ") - augeas {'IPv6 secondary addresses': - context => "/files/etc/sysconfig/network-scripts/ifcfg-eth0", - changes => "set IPV6ADDR_SECONDARIES '\"$ipv6_secondaries\"'", + augeas {'IPv6 secondary addresses': + context => "/files/etc/sysconfig/network-scripts/ifcfg-eth0", + changes => "set IPV6ADDR_SECONDARIES '\"$ipv6_secondaries\"'", + } } } @@ -229,7 +260,7 @@ require => Package['unbound'], notify => Service['unbound'], } - file { '/etc/NetworkManager/conf.d': + file { ['/etc/NetworkManager', '/etc/NetworkManager/conf.d']: ensure => directory } file { '/etc/NetworkManager/conf.d/local-dns-resolver.conf': @@ -344,6 +375,11 @@ ensure => installed } } + elsif $osfamily == 'Debian' { + package { 'dnsutils': + ensure => installed + } + } } class logrotate { @@ -642,6 +678,7 @@ class ibboardvpsnode ( $primary_ip, + $gateway_ip = undef, $proxy_4to6_ip_prefix = undef, $proxy_upstream = undef, $nat64_ranges = [], @@ -652,6 +689,7 @@ ){ class { 'basevpsnode': primary_ip => $primary_ip, + gateway_ip => $gateway_ip, proxy_4to6_ip_prefix => $proxy_4to6_ip_prefix, proxy_upstream => $proxy_upstream, nat64_ranges => $nat64_ranges, @@ -914,7 +952,10 @@ if $osfamily == 'RedHat' { $spamassassin_deps = ['perl-File-MimeInfo'] $spamassassin_dir = '/etc/mail/spamassassin/' - $amavis_dir = '/etc/amavisd/' + $amavis_config = '/etc/amavisd/amavisd.conf' + $amavis_rundir = '/var/run/amavisd' + $amavis_spooldir = '/var/spool/amavisd' + $amavis_quarantinedir = '$HOME_DIR/quarantine' $amavis_service = 'amavisd' # CentOS has a Clam service, but we call on demand (Ubuntu doesn't have a service) service { 'clamd@amavisd': @@ -925,7 +966,10 @@ elsif $osfamily == 'Debian' { $spamassassin_deps = ['libfile-mimeinfo-perl'] $spamassassin_dir = '/etc/spamassassin/' - $amavis_dir = '/etc/amavis/' + $amavis_config = '/etc/amavis/conf.d/60-puppeted' + $amavis_rundir = '/var/run/amavis' + $amavis_spooldir = '/var/lib/amavis' + $amavis_quarantinedir = '$HOME_DIR/virusmails' $amavis_service = 'amavis' } package { $spamassassin_deps: @@ -939,9 +983,16 @@ ensure => 'running', enable => 'true', } - file { "${amavis_dir}amavisd.conf": + file { $amavis_config: ensure => present, - source => 'puppet:///private/postfix/amavisd.conf', + content => epp('privat/postfix/amavis.conf.epp', + { + fqdn => $::fqdn, + rundir => $amavis_rundir, + spooldir => $amavis_spooldir, + quarantinedir => $amavis_quarantinedir, + } + ), tag => 'av', } file { "${spamassassin_dir}local.cf": diff -r 460bf6514bd8 -r 4a6ad700cded modules/privat/templates/eth0.epp --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/privat/templates/eth0.epp Wed Jul 26 15:30:19 2023 +0100 @@ -0,0 +1,41 @@ +<%- | + Stdlib::IP::Address::V6 $default_address, + Stdlib::IP::Address::V6 $gateway_address, + Stdlib::IP::Address::V6 $prefix_address, # Not actually an IP, but looks like one +| -%> +auto eth0 +no-auto-down eth0 +iface eth0 inet6 static + address <%= $default_address %> + netmask 64 + gateway <%= $gateway_address %> +iface eth0:1 inet6 static + address <%= $prefix_address %>:1 + netmask 64 +iface eth0:2 inet6 static + address <%= $prefix_address %>:2 + netmask 64 +iface eth0:3 inet6 static + address <%= $prefix_address %>:3 + netmask 64 +iface eth0:4 inet6 static + address <%= $prefix_address %>:4 + netmask 64 +iface eth0:5 inet6 static + address <%= $prefix_address %>:5 + netmask 64 +iface eth0:6 inet6 static + address <%= $prefix_address %>:6 + netmask 64 +iface eth0:7 inet6 static + address <%= $prefix_address %>:7 + netmask 64 +iface eth0:8 inet6 static + address <%= $prefix_address %>:8 + netmask 64 +iface eth0:9 inet6 static + address <%= $prefix_address %>:9 + netmask 64 +iface eth0:10 inet6 static + address <%= $prefix_address %>:10 + netmask 64 diff -r 460bf6514bd8 -r 4a6ad700cded modules/privat/templates/postfix --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/modules/privat/templates/postfix Wed Jul 26 15:30:19 2023 +0100 @@ -0,0 +1,1 @@ +../../../private/postfix/templates \ No newline at end of file