From ddc3f673d3d119cfb9b1d207fa04487a15e5375c Mon Sep 17 00:00:00 2001 From: Micke Nordin Date: Fri, 17 Feb 2023 14:46:22 +0100 Subject: [PATCH] Use ufw from puppet sunet instead --- manifests/app_type.pp | 4 ++++ manifests/proxysql.pp | 8 ++++++++ manifests/satosa.pp | 4 ++-- 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/manifests/app_type.pp b/manifests/app_type.pp index f562e50..abf302c 100644 --- a/manifests/app_type.pp +++ b/manifests/app_type.pp @@ -338,6 +338,10 @@ define sunetdrive::app_type ( from => '0.0.0.0/0', port => 443, } + sunet::nftables::docker_expose { 'https': + from => ['any'] + port => 443, + } } } diff --git a/manifests/proxysql.pp b/manifests/proxysql.pp index 38f370c..96b0cc1 100644 --- a/manifests/proxysql.pp +++ b/manifests/proxysql.pp @@ -69,6 +69,14 @@ class sunetdrive::proxysql ( from => $tug_office, port => 6080, } + sunet::nftables::docker_expose { 'stats_ports': + from => $tug_office, + port => 6080, + } + sunet::nftables::docker_expose { 'proxysql': + from => ['any'], + port => 6032, + } sunet::docker_compose { 'drive_proxysql_docker_compose': content => template('sunetdrive/proxysql/docker-compose_proxysql.yml.erb'), diff --git a/manifests/satosa.pp b/manifests/satosa.pp index 08b0a9e..52ab62d 100644 --- a/manifests/satosa.pp +++ b/manifests/satosa.pp @@ -49,7 +49,7 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa', notify => Sunet::Docker_run['satosa'] } } - ufw::allow { 'satosa-allow-https': + sunet::misc::ufw_allow { 'satosa-allow-https': ip => 'any', port => '443' } @@ -63,7 +63,7 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa', ports => ['80:80'], env => ['ACME_URL=http://acme-c.sunet.se'] } - ufw::allow { 'satosa-allow-http': + sunet::misc::ufw_allow { 'satosa-allow-http': ensure => $dehydrated_status, ip => 'any', port => '80'