e5b25e5691adedb667e02d5d4ab672911c6074b2
[mirror/dsa-puppet.git] / modules / nfs_server / manifests / init.pp
1 class nfs_server {
2
3         package { [
4                         'nfs-common',
5                         'nfs-kernel-server'
6                 ]:
7                 ensure => installed
8         }
9
10         service { 'nfs-common':
11                 hasstatus   => false,
12                 status      => '/bin/true',
13         }
14         service { 'nfs-kernel-server':
15                 hasstatus   => false,
16                 status      => '/bin/true',
17         }
18
19         case $::hostname {
20                 lw01,lw02,lw03,lw04,lw09,lw10: {
21                         $client_range    = '(172.29.188.0/24)'
22                 }
23                 milanollo,senfter: {
24                         $client_range    = '172.29.122.0/24'
25                 }
26                 buxtehude: {
27                         $client_range    = '(172.29.40.0/22 206.12.19.126/32)'
28                 }
29                 gretchaninov: {
30                         $client_range    = '172.29.40.0/22'
31                 }
32                 sibelius: {
33                         $client_range    = '192.168.0.14/32'
34                 }
35                 default: {
36                         # Better than 0.0.0.0/0 - we really ought to configure a
37                         # client range for them all instead of exporting to the world.
38                         $client_range    = '127.0.0.0/8'
39                 }
40         }
41
42         ferm::rule { 'dsa-portmap':
43                 description => 'Allow portmap access',
44                 rule        => "&TCP_UDP_SERVICE_RANGE(111, $client_range)"
45         }
46         ferm::rule { 'dsa-nfs':
47                 description => 'Allow nfsd access',
48                 rule        => "&TCP_UDP_SERVICE_RANGE(2049, $client_range)"
49         }
50         ferm::rule { 'dsa-status':
51                 description => 'Allow statd access',
52                 rule        => "&TCP_UDP_SERVICE_RANGE(10000, $client_range)"
53         }
54         ferm::rule { 'dsa-mountd':
55                 description => 'Allow mountd access',
56                 rule        => "&TCP_UDP_SERVICE_RANGE(10002, $client_range)"
57         }
58         ferm::rule { 'dsa-lockd':
59                 description => 'Allow lockd access',
60                 rule        => "&TCP_UDP_SERVICE_RANGE(10003, $client_range)"
61         }
62
63         file { '/etc/default/nfs-common':
64                 source  => 'puppet:///modules/nfs_server/nfs-common.default',
65                 before  => Package['nfs-common'],
66                 notify  => Service['nfs-common'],
67         }
68         file { '/etc/default/nfs-kernel-server':
69                 source  => 'puppet:///modules/nfs_server/nfs-kernel-server.default',
70                 before  => Package['nfs-kernel-server'],
71                 notify  => Service['nfs-kernel-server'],
72         }
73         file { '/etc/modprobe.d/lockd.local':
74                 source => 'puppet:///modules/nfs_server/lockd.local.modprobe',
75                 before => Package['nfs-common'],
76                 notify => Service['nfs-common'],
77         }
78 }