4 ssl::service { 'www.debian.org':
7 ssl::service { 'sip-ws.debian.org':
10 concat { '/etc/repro/www.debian.org-chained.crt':
12 concat::fragment { '/etc/ssl/debian/certs/www.debian.org.crt':
13 target => '/etc/repro/www.debian.org-chained.crt',
14 source => 'file:///etc/ssl/debian/certs/www.debian.org.crt',
16 require => File['/etc/ssl/debian/certs/www.debian.org.crt'],
18 concat::fragment { '/etc/ssl/debian/certs/www.debian.org.crt-chain':
19 target => '/etc/repro/www.debian.org-chained.crt',
20 source => 'file:///etc/ssl/debian/certs/www.debian.org.crt-chain',
22 require => File['/etc/ssl/debian/certs/www.debian.org.crt-chain'],
25 concat { '/etc/repro/sip-ws.debian.org-chained.crt':
27 concat::fragment { '/etc/ssl/debian/certs/sip-ws.debian.org.crt':
28 target => '/etc/repro/sip-ws.debian.org-chained.crt',
29 source => 'file:///etc/ssl/debian/certs/sip-ws.debian.org.crt',
31 require => File['/etc/ssl/debian/certs/sip-ws.debian.org.crt'],
33 concat::fragment { '/etc/ssl/debian/certs/sip-ws.debian.org.crt-chain':
34 target => '/etc/repro/sip-ws.debian.org-chained.crt',
35 source => 'file:///etc/ssl/debian/certs/sip-ws.debian.org.crt-chain',
37 require => File['/etc/ssl/debian/certs/sip-ws.debian.org.crt-chain'],
40 @ferm::rule { 'dsa-sip-ws-ip4':
42 description => 'SIP connections (WebSocket; for WebRTC)',
43 rule => 'proto tcp dport (443) ACCEPT'
45 @ferm::rule { 'dsa-sip-ws-ip6':
47 description => 'SIP connections (WebSocket; for WebRTC)',
48 rule => 'proto tcp dport (443) ACCEPT'
50 @ferm::rule { 'dsa-sip-tls-ip4':
52 description => 'SIP connections (TLS)',
53 rule => 'proto tcp dport (5061) ACCEPT'
55 @ferm::rule { 'dsa-sip-tls-ip6':
57 description => 'SIP connections (TLS)',
58 rule => 'proto tcp dport (5061) ACCEPT'
60 @ferm::rule { 'dsa-turn-ip4':
62 description => 'TURN connections',
63 rule => 'proto udp dport (3478) ACCEPT'
65 @ferm::rule { 'dsa-turn-ip6':
67 description => 'TURN connections',
68 rule => 'proto udp dport (3478) ACCEPT'
70 @ferm::rule { 'dsa-turn-tls-ip4':
72 description => 'TURN connections (TLS)',
73 rule => 'proto tcp dport (5349) ACCEPT'
75 @ferm::rule { 'dsa-turn-tls-ip6':
77 description => 'TURN connections (TLS)',
78 rule => 'proto tcp dport (5349) ACCEPT'
80 @ferm::rule { 'dsa-rtp-ip4':
82 description => 'RTP streams',
83 rule => 'proto udp dport (49152:65535) ACCEPT'
85 @ferm::rule { 'dsa-rtp-ip6':
87 description => 'RTP streams',
88 rule => 'proto udp dport (49152:65535) ACCEPT'
91 file { '/etc/monit/monit.d/50rtc':
92 source => 'puppet:///modules/roles/rtc/monit',