]> git.donarmstrong.com Git - dsa-puppet.git/blob - modules/ferm/manifests/init.pp
projects / dsa-puppet.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
this should virtually work
[dsa-puppet.git] / modules / ferm / manifests / init.pp
1 class ferm {
2         define rule($domain="ip", $chain="INPUT", $rule, $description="", $prio="00") {
3                 file { "/etc/ferm/dsa.d/${prio}_${name}":
4                         ensure  => present,
5                         owner   => root,
6                         group   => root,
7                         mode    => 0400,
8                         content => template("ferm/ferm-rule.erb"),
9                         notify  => Exec["ferm restart"],
10                 }
11         }
12
13         # realize (i.e. enable) all @ferm::rule virtual resources
14         Rule <| |>
15
16         package { ferm: ensure => installed }
17
18         file { 
19                 "/etc/ferm/dsa.d":
20                         ensure => directory,
21                         purge   => true,
22                         force   => true,
23                         recurse => true,
24                         source  => "puppet:///files/empty/",
25                         require => Package["ferm"];
26                 "/etc/ferm/conf.d":
27                         ensure => directory,
28                         require => Package["ferm"];
29                 "/etc/ferm/ferm.conf":
30                         source  => "puppet:///ferm/ferm.conf",
31                         require => Package["ferm"],
32                         mode    => 0400,
33                         notify  => Exec["ferm restart"];
34                 "/etc/ferm/conf.d/me.conf":
35                         content => template("ferm/me.conf.erb"),
36                         require => Package["ferm"],
37                         mode    => 0400,
38                         notify  => Exec["ferm restart"];
39                 "/etc/ferm/conf.d/defs.conf":
40                         source  => "puppet:///ferm/defs.conf",
41                         require => Package["ferm"],
42                         mode    => 0400,
43                         notify  => Exec["ferm restart"];
44         }
45
46         exec { "ferm restart":
47                 command     => "/etc/init.d/ferm restart",
48                 refreshonly => true,
49         }
50
51 }
Unnamed repository; edit this file 'description' to name the repository.