Use ufw from puppet sunet instead

2023-02-17 14:46:22 +01:00 · 2023-02-17 14:46:22 +01:00 · ddc3f673d3
parent 3979367a7d
commit ddc3f673d3
3 changed files with 14 additions and 2 deletions
--- a/manifests/app_type.pp
+++ b/manifests/app_type.pp
@ -338,6 +338,10 @@ define sunetdrive::app_type (
      from => '0.0.0.0/0',
      port => 443,
    }
+    sunet::nftables::docker_expose { 'https':
+      from => ['any']
+      port => 443,
+    }
  }

 }
--- a/manifests/proxysql.pp
+++ b/manifests/proxysql.pp
@ -69,6 +69,14 @@ class sunetdrive::proxysql (
    from => $tug_office,
    port => 6080,
  }
+  sunet::nftables::docker_expose { 'stats_ports':
+    from => $tug_office,
+    port => 6080,
+  }
+  sunet::nftables::docker_expose { 'proxysql':
+    from => ['any'],
+    port => 6032,
+  }

  sunet::docker_compose { 'drive_proxysql_docker_compose':
    content          => template('sunetdrive/proxysql/docker-compose_proxysql.yml.erb'),
--- a/manifests/satosa.pp
+++ b/manifests/satosa.pp
@ -49,7 +49,7 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa',
      notify  => Sunet::Docker_run['satosa']
    }
  }
-  ufw::allow { 'satosa-allow-https':
+  sunet::misc::ufw_allow { 'satosa-allow-https':
    ip   => 'any',
    port => '443'
  }
@ -63,7 +63,7 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa',
    ports  => ['80:80'],
    env    => ['ACME_URL=http://acme-c.sunet.se']
  }
-  ufw::allow { 'satosa-allow-http':
+  sunet::misc::ufw_allow { 'satosa-allow-http':
    ensure => $dehydrated_status,
    ip     => 'any',
    port   => '80'