Skip to content
Snippets Groups Projects

Test->production

Merged Test->production
test into production
Merged Magnus Toneby requested to merge test into production
Viewing commit 58f9644d
Prev Next
Show latest version
1 file
+ 33
45
Compare changes
  • Side-by-side
  • Inline
manifests/foliofront.pp
+ 33
45
@@ -143,50 +143,38 @@ class folioscripts::foliofront {
# lint:endignore
}
if fact('server_firewall_provider') == 'firewalld' {
server_firewall::address_set { 'vpn':
addresses => [
'130.236.110.0/24',
'10.240.0.0/12',
],
}
firewalld_rich_rule { 'Access ssh from VPN':
service => 'ssh',
family => 'ipv4',
zone => 'liu',
action => 'accept',
source => { 'ipset' => 'vpn_v4', },
}
firewalld_service {
default:
ensure => present,
zone => 'public';
'Apache web http public access':
service => 'http';
'Apache web https public access':
service => 'https';
}
firewalld_service {
default:
ensure => present,
zone => 'liu';
'Apache web http liu access':
service => 'http';
'Apache web https liu access':
service => 'https';
}
} else {
server_firewall::rules_file { '59-permit_vpn_ssh.rules':
content => file("${module_name}/permit_vpn_ssh.rules"),
}
server_firewall::rules_file { '58-permit_api.rules':
content => file("${module_name}/permit_api.rules"),
}
server_firewall::rules_file { '57-permit_www.rules':
content => file("${module_name}/permit_www.rules"),
}
server_firewall::address_set { 'vpn':
addresses => [
'130.236.110.0/24',
'10.240.0.0/12',
],
}
firewalld_rich_rule { 'Access ssh from VPN':
service => 'ssh',
family => 'ipv4',
zone => 'liu',
action => 'accept',
source => { 'ipset' => 'vpn_v4', },
}
firewalld_service {
default:
ensure => present,
zone => 'public';
'Apache web http public access':
service => 'http';
'Apache web https public access':
service => 'https';
}
firewalld_service {
default:
ensure => present,
zone => 'liu';
'Apache web http liu access':
service => 'http';
'Apache web https liu access':
service => 'https';
}
}