projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
do some basic traffic shaping on soriano
[mirror/dsa-puppet.git] / modules / roles / manifests / security_tracker.pp
diff --git a/modules/roles/manifests/security_tracker.pp b/modules/roles/manifests/security_tracker.pp
index 6319fbd..40ed08a 100644 (file)
--- a/modules/roles/manifests/security_tracker.pp
+++ b/modules/roles/manifests/security_tracker.pp
@@ -12,4 +12,20 @@ class roles::security_tracker {
                site   => 'security-tracker.debian.org',
                content => template('roles/apache-security-tracker.debian.org.conf.erb')
        }
+
+       # traffic shaping http traffic
+       @ferm::rule { 'dsa-security-tracker-shape':
+               table => 'mangle',
+               chain => 'OUTPUT',
+               rule  => "proto tcp dport 443 MARK set-mark 20",
+       }
+
+       file { '/usr/local/sbin/traffic-shape':
+               mode   => '0755',
+               content => template('roles/security-tracker/traffic-shape'),
+               notify => Exec['/usr/local/sbin/traffic-shape'],
+       }
+       exec { '/usr/local/sbin/traffic-shape':
+               refreshonly => true
+       }
 }
Unnamed repository; edit this file 'description' to name the repository.