3 ssl::service { 'www.debian.org':
6 ssl::service { 'sip-ws.debian.org':
9 concat { '/etc/repro/www.debian.org-chained.crt':
11 concat::fragment { '/etc/ssl/debian/certs/www.debian.org.crt':
12 target => '/etc/repro/www.debian.org-chained.crt',
13 source => 'file:///etc/ssl/debian/certs/www.debian.org.crt',
15 require => File['/etc/ssl/debian/certs/www.debian.org.crt'],
17 concat::fragment { '/etc/ssl/debian/certs/www.debian.org.crt-chain':
18 target => '/etc/repro/www.debian.org-chained.crt',
19 source => 'file:///etc/ssl/debian/certs/www.debian.org.crt-chain',
21 require => File['/etc/ssl/debian/certs/www.debian.org.crt-chain'],
24 concat { '/etc/repro/sip-ws.debian.org-chained.crt':
26 concat::fragment { '/etc/ssl/debian/certs/sip-ws.debian.org.crt':
27 target => '/etc/repro/sip-ws.debian.org-chained.crt',
28 source => 'file:///etc/ssl/debian/certs/sip-ws.debian.org.crt',
30 require => File['/etc/ssl/debian/certs/sip-ws.debian.org.crt'],
32 concat::fragment { '/etc/ssl/debian/certs/sip-ws.debian.org.crt-chain':
33 target => '/etc/repro/sip-ws.debian.org-chained.crt',
34 source => 'file:///etc/ssl/debian/certs/sip-ws.debian.org.crt-chain',
36 require => File['/etc/ssl/debian/certs/sip-ws.debian.org.crt-chain'],
39 @ferm::rule { 'dsa-xmpp-client-ip4':
41 description => 'XMPP connections (client to server)',
42 rule => 'proto tcp dport (5222) ACCEPT'
44 @ferm::rule { 'dsa-xmpp-client-ip6':
46 description => 'XMPP connections (client to server)',
47 rule => 'proto tcp dport (5222) ACCEPT'
49 @ferm::rule { 'dsa-xmpp-server-ip4':
51 description => 'XMPP connections (server to server)',
52 rule => 'proto tcp dport (5269) ACCEPT'
54 @ferm::rule { 'dsa-xmpp-server-ip6':
56 description => 'XMPP connections (server to server)',
57 rule => 'proto tcp dport (5269) ACCEPT'
60 @ferm::rule { 'dsa-sip-ws-ip4':
62 description => 'SIP connections (WebSocket; for WebRTC)',
63 rule => 'proto tcp dport (443) ACCEPT'
65 @ferm::rule { 'dsa-sip-ws-ip6':
67 description => 'SIP connections (WebSocket; for WebRTC)',
68 rule => 'proto tcp dport (443) ACCEPT'
70 @ferm::rule { 'dsa-sip-tls-ip4':
72 description => 'SIP connections (TLS)',
73 rule => 'proto tcp dport (5061) ACCEPT'
75 @ferm::rule { 'dsa-sip-tls-ip6':
77 description => 'SIP connections (TLS)',
78 rule => 'proto tcp dport (5061) ACCEPT'
80 @ferm::rule { 'dsa-turn-ip4':
82 description => 'TURN connections',
83 rule => 'proto udp dport (3478) ACCEPT'
85 @ferm::rule { 'dsa-turn-ip6':
87 description => 'TURN connections',
88 rule => 'proto udp dport (3478) ACCEPT'
90 @ferm::rule { 'dsa-turn-tls-ip4':
92 description => 'TURN connections (TLS)',
93 rule => 'proto tcp dport (5349) ACCEPT'
95 @ferm::rule { 'dsa-turn-tls-ip6':
97 description => 'TURN connections (TLS)',
98 rule => 'proto tcp dport (5349) ACCEPT'
100 @ferm::rule { 'dsa-rtp-ip4':
102 description => 'RTP streams',
103 rule => 'proto udp dport (49152:65535) ACCEPT'
105 @ferm::rule { 'dsa-rtp-ip6':
107 description => 'RTP streams',
108 rule => 'proto udp dport (49152:65535) ACCEPT'
111 file { '/etc/monit/monit.d/50rtc':
112 source => 'puppet:///modules/roles/rtc/monit',