modules/roles/manifests/rtc.pp

   1 class roles::rtc {
   2
   3         ssl::service { 'www.debian.org':
   4         }
   5
   6         ssl::service { 'sip-ws.debian.org':
   7         }
   8
   9         concat { '/etc/repro/www.debian.org-chained.crt':
  10         }
  11         concat::fragment { '/etc/ssl/debian/certs/www.debian.org.crt':
  12                 target      => '/etc/repro/www.debian.org-chained.crt',
  13                 source      => 'file:///etc/ssl/debian/certs/www.debian.org.crt',
  14                 order       => 00,
  15                 require     => File['/etc/ssl/debian/certs/www.debian.org.crt'],
  16         }
  17         concat::fragment { '/etc/ssl/debian/certs/www.debian.org.crt-chain':
  18                 target      => '/etc/repro/www.debian.org-chained.crt',
  19                 source      => 'file:///etc/ssl/debian/certs/www.debian.org.crt-chain',
  20                 order       => 99,
  21                 require     => File['/etc/ssl/debian/certs/www.debian.org.crt-chain'],
  22         }
  23
  24         concat { '/etc/repro/sip-ws.debian.org-chained.crt':
  25         }
  26         concat::fragment { '/etc/ssl/debian/certs/sip-ws.debian.org.crt':
  27                 target      => '/etc/repro/sip-ws.debian.org-chained.crt',
  28                 source      => 'file:///etc/ssl/debian/certs/sip-ws.debian.org.crt',
  29                 order       => 00,
  30                 require     => File['/etc/ssl/debian/certs/sip-ws.debian.org.crt'],
  31         }
  32         concat::fragment { '/etc/ssl/debian/certs/sip-ws.debian.org.crt-chain':
  33                 target      => '/etc/repro/sip-ws.debian.org-chained.crt',
  34                 source      => 'file:///etc/ssl/debian/certs/sip-ws.debian.org.crt-chain',
  35                 order       => 99,
  36                 require     => File['/etc/ssl/debian/certs/sip-ws.debian.org.crt-chain'],
  37         }
  38
  39         @ferm::rule { 'dsa-xmpp-client-ip4':
  40                 domain      => 'ip',
  41                 description => 'XMPP connections (client to server)',
  42                 rule        => 'proto tcp dport (5222) ACCEPT'
  43         }
  44         @ferm::rule { 'dsa-xmpp-client-ip6':
  45                 domain      => 'ip6',
  46                 description => 'XMPP connections (client to server)',
  47                 rule        => 'proto tcp dport (5222) ACCEPT'
  48         }
  49         @ferm::rule { 'dsa-xmpp-server-ip4':
  50                 domain      => 'ip',
  51                 description => 'XMPP connections (server to server)',
  52                 rule        => 'proto tcp dport (5269) ACCEPT'
  53         }
  54         @ferm::rule { 'dsa-xmpp-server-ip6':
  55                 domain      => 'ip6',
  56                 description => 'XMPP connections (server to server)',
  57                 rule        => 'proto tcp dport (5269) ACCEPT'
  58         }
  59
  60         @ferm::rule { 'dsa-sip-ws-ip4':
  61                 domain      => 'ip',
  62                 description => 'SIP connections (WebSocket; for WebRTC)',
  63                 rule        => 'proto tcp dport (443) ACCEPT'
  64         }
  65         @ferm::rule { 'dsa-sip-ws-ip6':
  66                 domain      => 'ip6',
  67                 description => 'SIP connections (WebSocket; for WebRTC)',
  68                 rule        => 'proto tcp dport (443) ACCEPT'
  69         }
  70         @ferm::rule { 'dsa-sip-tls-ip4':
  71                 domain      => 'ip',
  72                 description => 'SIP connections (TLS)',
  73                 rule        => 'proto tcp dport (5061) ACCEPT'
  74         }
  75         @ferm::rule { 'dsa-sip-tls-ip6':
  76                 domain      => 'ip6',
  77                 description => 'SIP connections (TLS)',
  78                 rule        => 'proto tcp dport (5061) ACCEPT'
  79         }
  80         @ferm::rule { 'dsa-turn-ip4':
  81                 domain      => 'ip',
  82                 description => 'TURN connections',
  83                 rule        => 'proto udp dport (3478) ACCEPT'
  84         }
  85         @ferm::rule { 'dsa-turn-ip6':
  86                 domain      => 'ip6',
  87                 description => 'TURN connections',
  88                 rule        => 'proto udp dport (3478) ACCEPT'
  89         }
  90         @ferm::rule { 'dsa-turn-tls-ip4':
  91                 domain      => 'ip',
  92                 description => 'TURN connections (TLS)',
  93                 rule        => 'proto tcp dport (5349) ACCEPT'
  94         }
  95         @ferm::rule { 'dsa-turn-tls-ip6':
  96                 domain      => 'ip6',
  97                 description => 'TURN connections (TLS)',
  98                 rule        => 'proto tcp dport (5349) ACCEPT'
  99         }
 100         @ferm::rule { 'dsa-rtp-ip4':
 101                 domain      => 'ip',
 102                 description => 'RTP streams',
 103                 rule        => 'proto udp dport (49152:65535) ACCEPT'
 104         }
 105         @ferm::rule { 'dsa-rtp-ip6':
 106                 domain      => 'ip6',
 107                 description => 'RTP streams',
 108                 rule        => 'proto udp dport (49152:65535) ACCEPT'
 109         }
 110
 111         file { '/etc/monit/monit.d/50rtc':
 112                 ensure  => absent,
 113         }
 114 }