Major refactor

author: Silvio Rhatto <rhatto@riseup.net> 2013-04-12 17:09:03 -0300
committer: Silvio Rhatto <rhatto@riseup.net> 2013-04-12 17:09:03 -0300
commit: fe1c86b8f938283e9dd8196a8b11a9648f4b49e6 (patch)
tree: c2d999eca03862a3e4af57e0885397adf6bbc6ec /manifests/role/router.pp
parent: ec5c750d12bdc7948bb3c04f0c72817718a0bf47 (diff)
download: puppet-nodo-fe1c86b8f938283e9dd8196a8b11a9648f4b49e6.tar.gz
puppet-nodo-fe1c86b8f938283e9dd8196a8b11a9648f4b49e6.tar.bz2
1 files changed, 25 insertions, 0 deletions
diff --git a/manifests/role/router.pp b/manifests/role/router.pp
new file mode 100644
index 0000000..068837d
--- /dev/null
+++ b/manifests/role/router.pp
@@ -0,0 +1,25 @@
+class nodo::role::router inherits nodo::appliance {
+  # We use monitor class on the router as the DNS server might by
+  # inside a vserver and thus cannot access the network devices directly
+  include nodo::utils::dns
+
+  # Network auditing
+  include nodo::utils::network::analyzer
+
+  # Enable IP forwarding
+  augeas { 'enable_ip_forwarding':
+    changes => 'set /files/etc/shorewall/shorewall.conf/IP_FORWARDING On',
+    lens    => 'Shellvars.lns',
+    incl    => '/etc/shorewall/shorewall.conf',
+    notify  => Service[shorewall];
+  }
+
+  # Make sure shorewall is reloaded after dhcp renew
+  file { '/etc/dhcp/dhclient-exit-hooks.d/shorewall':
+    ensure => present,
+    owner  => root,
+    group  => root,
+    mode   => 0644,
+    source => 'puppet:///modules/site_nodo/dhclient-exit-hooks.d/shorewall'
+  }
+}
author	Silvio Rhatto <rhatto@riseup.net>	2013-04-12 17:09:03 -0300
committer	Silvio Rhatto <rhatto@riseup.net>	2013-04-12 17:09:03 -0300
commit	fe1c86b8f938283e9dd8196a8b11a9648f4b49e6 (patch)
tree	c2d999eca03862a3e4af57e0885397adf6bbc6ec /manifests/role/router.pp
parent	ec5c750d12bdc7948bb3c04f0c72817718a0bf47 (diff)
download	puppet-nodo-fe1c86b8f938283e9dd8196a8b11a9648f4b49e6.tar.gz puppet-nodo-fe1c86b8f938283e9dd8196a8b11a9648f4b49e6.tar.bz2