Use ufw from puppet sunet instead

This commit is contained in:
Micke Nordin 2023-02-17 14:46:22 +01:00
parent 3979367a7d
commit ddc3f673d3
Signed by untrusted user: Micke
GPG key ID: 0DA0A7A5708FE257
3 changed files with 14 additions and 2 deletions

View file

@ -338,6 +338,10 @@ define sunetdrive::app_type (
from => '0.0.0.0/0', from => '0.0.0.0/0',
port => 443, port => 443,
} }
sunet::nftables::docker_expose { 'https':
from => ['any']
port => 443,
}
} }
} }

View file

@ -69,6 +69,14 @@ class sunetdrive::proxysql (
from => $tug_office, from => $tug_office,
port => 6080, port => 6080,
} }
sunet::nftables::docker_expose { 'stats_ports':
from => $tug_office,
port => 6080,
}
sunet::nftables::docker_expose { 'proxysql':
from => ['any'],
port => 6032,
}
sunet::docker_compose { 'drive_proxysql_docker_compose': sunet::docker_compose { 'drive_proxysql_docker_compose':
content => template('sunetdrive/proxysql/docker-compose_proxysql.yml.erb'), content => template('sunetdrive/proxysql/docker-compose_proxysql.yml.erb'),

View file

@ -49,7 +49,7 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa',
notify => Sunet::Docker_run['satosa'] notify => Sunet::Docker_run['satosa']
} }
} }
ufw::allow { 'satosa-allow-https': sunet::misc::ufw_allow { 'satosa-allow-https':
ip => 'any', ip => 'any',
port => '443' port => '443'
} }
@ -63,7 +63,7 @@ class sunetdrive::satosa($dehydrated_name=undef,$image='docker.sunet.se/satosa',
ports => ['80:80'], ports => ['80:80'],
env => ['ACME_URL=http://acme-c.sunet.se'] env => ['ACME_URL=http://acme-c.sunet.se']
} }
ufw::allow { 'satosa-allow-http': sunet::misc::ufw_allow { 'satosa-allow-http':
ensure => $dehydrated_status, ensure => $dehydrated_status,
ip => 'any', ip => 'any',
port => '80' port => '80'