projects / mirror / dsa-puppet.git / blob
? search:


0888833eacb1e7571852109940ded373c8cdf602
[mirror/dsa-puppet.git] / modules / roles / manifests / rtc.pp
1 class roles::rtc {
2
3         ssl::service { 'www.debian.org':
4                 tlsaport => [],
5                 notify  => Service['repro'],
6         }
7
8         ssl::service { 'sip-ws.debian.org':
9         }
10
11         dnsextras::tlsa_record{ 'tlsa-xmpp':
12                 zone     => 'debian.org',
13                 certfile => "/etc/puppet/modules/ssl/files/servicecerts/www.debian.org.crt",
14                 port     => [5061, 5222, 5269],
15                 hostname => $::fqdn,
16         }
17
18         @ferm::rule { 'dsa-xmpp-client-ip4':
19                 domain      => 'ip',
20                 description => 'XMPP connections (client to server)',
21                 rule        => 'proto tcp dport (5222) ACCEPT'
22         }
23         @ferm::rule { 'dsa-xmpp-client-ip6':
24                 domain      => 'ip6',
25                 description => 'XMPP connections (client to server)',
26                 rule        => 'proto tcp dport (5222) ACCEPT'
27         }
28         @ferm::rule { 'dsa-xmpp-server-ip4':
29                 domain      => 'ip',
30                 description => 'XMPP connections (server to server)',
31                 rule        => 'proto tcp dport (5269) ACCEPT'
32         }
33         @ferm::rule { 'dsa-xmpp-server-ip6':
34                 domain      => 'ip6',
35                 description => 'XMPP connections (server to server)',
36                 rule        => 'proto tcp dport (5269) ACCEPT'
37         }
38
39         @ferm::rule { 'dsa-sip-ws-ip4':
40                 domain      => 'ip',
41                 description => 'SIP connections (WebSocket; for WebRTC)',
42                 rule        => 'proto tcp dport (443) ACCEPT'
43         }
44         @ferm::rule { 'dsa-sip-ws-ip6':
45                 domain      => 'ip6',
46                 description => 'SIP connections (WebSocket; for WebRTC)',
47                 rule        => 'proto tcp dport (443) ACCEPT'
48         }
49         @ferm::rule { 'dsa-sip-tls-ip4':
50                 domain      => 'ip',
51                 description => 'SIP connections (TLS)',
52                 rule        => 'proto tcp dport (5061) ACCEPT'
53         }
54         @ferm::rule { 'dsa-sip-tls-ip6':
55                 domain      => 'ip6',
56                 description => 'SIP connections (TLS)',
57                 rule        => 'proto tcp dport (5061) ACCEPT'
58         }
59         @ferm::rule { 'dsa-turn-ip4':
60                 domain      => 'ip',
61                 description => 'TURN connections',
62                 rule        => 'proto udp dport (3478) ACCEPT'
63         }
64         @ferm::rule { 'dsa-turn-ip6':
65                 domain      => 'ip6',
66                 description => 'TURN connections',
67                 rule        => 'proto udp dport (3478) ACCEPT'
68         }
69         @ferm::rule { 'dsa-turn-tls-ip4':
70                 domain      => 'ip',
71                 description => 'TURN connections (TLS)',
72                 rule        => 'proto tcp dport (5349) ACCEPT'
73         }
74         @ferm::rule { 'dsa-turn-tls-ip6':
75                 domain      => 'ip6',
76                 description => 'TURN connections (TLS)',
77                 rule        => 'proto tcp dport (5349) ACCEPT'
78         }
79         @ferm::rule { 'dsa-rtp-ip4':
80                 domain      => 'ip',
81                 description => 'RTP streams',
82                 rule        => 'proto udp dport (49152:65535) ACCEPT'
83         }
84         @ferm::rule { 'dsa-rtp-ip6':
85                 domain      => 'ip6',
86                 description => 'RTP streams',
87                 rule        => 'proto udp dport (49152:65535) ACCEPT'
88         }
89
90         file { '/etc/monit/monit.d/50rtc':
91                 ensure  => absent,
92         }
93
94         service { 'repro':
95                 ensure  => running,
96         }
97 }
Unnamed repository; edit this file 'description' to name the repository.