hostname => $::fqdn,
}
- @ferm::rule { 'dsa-xmpp-client-ip4':
+ ferm::rule { 'dsa-xmpp-client-ip4':
domain => 'ip',
description => 'XMPP connections (client to server)',
rule => 'proto tcp dport (5222) ACCEPT'
}
- @ferm::rule { 'dsa-xmpp-client-ip6':
+ ferm::rule { 'dsa-xmpp-client-ip6':
domain => 'ip6',
description => 'XMPP connections (client to server)',
rule => 'proto tcp dport (5222) ACCEPT'
}
- @ferm::rule { 'dsa-xmpp-server-ip4':
+ ferm::rule { 'dsa-xmpp-server-ip4':
domain => 'ip',
description => 'XMPP connections (server to server)',
rule => 'proto tcp dport (5269) ACCEPT'
}
- @ferm::rule { 'dsa-xmpp-server-ip6':
+ ferm::rule { 'dsa-xmpp-server-ip6':
domain => 'ip6',
description => 'XMPP connections (server to server)',
rule => 'proto tcp dport (5269) ACCEPT'
}
- @ferm::rule { 'dsa-sip-ws-ip4':
+ ferm::rule { 'dsa-sip-ws-ip4':
domain => 'ip',
description => 'SIP connections (WebSocket; for WebRTC)',
rule => 'proto tcp dport (443) ACCEPT'
}
- @ferm::rule { 'dsa-sip-ws-ip6':
+ ferm::rule { 'dsa-sip-ws-ip6':
domain => 'ip6',
description => 'SIP connections (WebSocket; for WebRTC)',
rule => 'proto tcp dport (443) ACCEPT'
}
- @ferm::rule { 'dsa-sip-tls-ip4':
+ ferm::rule { 'dsa-sip-tls-ip4':
domain => 'ip',
description => 'SIP connections (TLS)',
rule => 'proto tcp dport (5061) ACCEPT'
}
- @ferm::rule { 'dsa-sip-tls-ip6':
+ ferm::rule { 'dsa-sip-tls-ip6':
domain => 'ip6',
description => 'SIP connections (TLS)',
rule => 'proto tcp dport (5061) ACCEPT'
}
- @ferm::rule { 'dsa-turn-ip4':
+ ferm::rule { 'dsa-turn-ip4':
domain => 'ip',
description => 'TURN connections',
rule => 'proto udp dport (3478) ACCEPT'
}
- @ferm::rule { 'dsa-turn-ip6':
+ ferm::rule { 'dsa-turn-ip6':
domain => 'ip6',
description => 'TURN connections',
rule => 'proto udp dport (3478) ACCEPT'
}
- @ferm::rule { 'dsa-turn-tls-ip4':
+ ferm::rule { 'dsa-turn-tls-ip4':
domain => 'ip',
description => 'TURN connections (TLS)',
rule => 'proto tcp dport (5349) ACCEPT'
}
- @ferm::rule { 'dsa-turn-tls-ip6':
+ ferm::rule { 'dsa-turn-tls-ip6':
domain => 'ip6',
description => 'TURN connections (TLS)',
rule => 'proto tcp dport (5349) ACCEPT'
}
- @ferm::rule { 'dsa-rtp-ip4':
+ ferm::rule { 'dsa-rtp-ip4':
domain => 'ip',
description => 'RTP streams',
rule => 'proto udp dport (49152:65535) ACCEPT'
}
- @ferm::rule { 'dsa-rtp-ip6':
+ ferm::rule { 'dsa-rtp-ip6':
domain => 'ip6',
description => 'RTP streams',
rule => 'proto udp dport (49152:65535) ACCEPT'
service { 'repro':
ensure => running,
}
+ dsa_systemd::override { 'repro':
+ content => @("EOF"),
+ [Unit]
+ After=network-online.target
+ | EOF
+ }
package { 'freeradius':
ensure => installed,
}
$radius_password = hkdf('/etc/puppet/secret', "rtc-${::hostname}-radius-password")
file { '/etc/freeradius/3.0/sites-available/rtc.debian.org':
- content => template('modules/roles/rtc/freeradius-rtc.erb'),
+ content => template('roles/rtc/freeradius-rtc.erb'),
mode => '0440',
group => freerad,
}
target => '../sites-available/rtc.debian.org',
}
file { '/etc/freeradius/3.0/mods-available/passwd_rtc':
- source => 'puppet:///modules/roles/rtc/freeradius-mod-passwd',
+ source => 'puppet:///modules/roles/rtc/freeradius-mod-passwd-rtc',
mode => '0440',
group => freerad,
}
target => '../mods-available/passwd_rtc',
}
file { '/etc/repro/radius-servers':
- content => @(EOF),
- localhost/localhost ${radius_password}
- | EOF
+ content => inline_template('localhost/localhost <%= @radius_password %>'),
mode => '0440',
group => repro,
notify => Service['repro'],
projects / mirror / dsa-puppet.git / blobdiff