RT #4908 - deploy XMPP service

[dsa-puppet.git] / modules / roles / manifests / rtc.pp

diff --git a/modules/roles/manifests/rtc.pp b/modules/roles/manifests/rtc.pp
index 2609e5d43dff8717d7c66b69d9fabfdaef6d68c5..c5e9da3d796de1496a014be6911ada5788c4a257 100644 (file)
--- a/modules/roles/manifests/rtc.pp
+++ b/modules/roles/manifests/rtc.pp
@@ -1,5 +1,4 @@
 class roles::rtc {
-       include concat::setup
 
        ssl::service { 'www.debian.org':
        }
@@ -37,6 +36,27 @@ class roles::rtc {
                require     => File['/etc/ssl/debian/certs/sip-ws.debian.org.crt-chain'],
        }
 
+       @ferm::rule { 'dsa-xmpp-client-ip4':
+               domain      => 'ip',
+               description => 'XMPP connections (client to server)',
+               rule        => 'proto tcp dport (5222) ACCEPT'
+       }
+       @ferm::rule { 'dsa-xmpp-client-ip6':
+               domain      => 'ip6',
+               description => 'XMPP connections (client to server)',
+               rule        => 'proto tcp dport (5222) ACCEPT'
+       }
+       @ferm::rule { 'dsa-xmpp-server-ip4':
+               domain      => 'ip',
+               description => 'XMPP connections (server to server)',
+               rule        => 'proto tcp dport (5269) ACCEPT'
+       }
+       @ferm::rule { 'dsa-xmpp-server-ip6':
+               domain      => 'ip6',
+               description => 'XMPP connections (server to server)',
+               rule        => 'proto tcp dport (5269) ACCEPT'
+       }
+
        @ferm::rule { 'dsa-sip-ws-ip4':
                domain      => 'ip',
                description => 'SIP connections (WebSocket; for WebRTC)',