]> git.donarmstrong.com Git - dsa-puppet.git/blob - modules/roles/manifests/sip.pp
projects / dsa-puppet.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
create a concatenated ssl cert (end-entity cert + intermediate cert)
[dsa-puppet.git] / modules / roles / manifests / sip.pp
1 class roles::sip {
2         include concat::setup
3
4         ssl::service { 'www.debian.org':
5         }
6
7         concat { '/etc/ssl/debian/certs/www.debian.org-chained.crt':
8                 ensure      => present,
9         }
10         concat::fragment { '/etc/ssl/debian/certs/www.debian.org.crt':
11                 target      => '/etc/ssl/debian/certs/www.debian.org-chained.crt',
12                 source      => 'file:///etc/ssl/debian/certs/www.debian.org.crt',
13                 order       => 00,
14         }
15         concat::fragment { '/etc/ssl/debian/certs/www.debian.org.crt-chain':
16                 target      => '/etc/ssl/debian/certs/www.debian.org-chained.crt',
17                 source      => 'file:///etc/ssl/debian/certs/www.debian.org.crt-chain',
18                 order       => 99,
19         }
20
21         @ferm::rule { 'dsa-sip-ws-ip4':
22                 domain      => 'ip',
23                 description => 'SIP connections (WebSocket; for WebRTC)',
24                 rule        => 'proto tcp dport (443) ACCEPT'
25         }
26         @ferm::rule { 'dsa-sip-ws-ip6':
27                 domain      => 'ip6',
28                 description => 'SIP connections (WebSocket; for WebRTC)',
29                 rule        => 'proto tcp dport (443) ACCEPT'
30         }
31         @ferm::rule { 'dsa-sip-tls-ip4':
32                 domain      => 'ip',
33                 description => 'SIP connections (TLS)',
34                 rule        => 'proto tcp dport (5061) ACCEPT'
35         }
36         @ferm::rule { 'dsa-sip-tls-ip6':
37                 domain      => 'ip6',
38                 description => 'SIP connections (TLS)',
39                 rule        => 'proto tcp dport (5061) ACCEPT'
40         }
41         @ferm::rule { 'dsa-turn-ip4':
42                 domain      => 'ip',
43                 description => 'TURN connections',
44                 rule        => 'proto udp dport (3478) ACCEPT'
45         }
46         @ferm::rule { 'dsa-turn-ip6':
47                 domain      => 'ip6',
48                 description => 'TURN connections',
49                 rule        => 'proto udp dport (3478) ACCEPT'
50         }
51         @ferm::rule { 'dsa-turn-tls-ip4':
52                 domain      => 'ip',
53                 description => 'TURN connections (TLS)',
54                 rule        => 'proto tcp dport (5349) ACCEPT'
55         }
56         @ferm::rule { 'dsa-turn-tls-ip6':
57                 domain      => 'ip6',
58                 description => 'TURN connections (TLS)',
59                 rule        => 'proto tcp dport (5349) ACCEPT'
60         }
61         @ferm::rule { 'dsa-rtp-ip4':
62                 domain      => 'ip',
63                 description => 'RTP streams',
64                 rule        => 'proto udp dport (49152:65535) ACCEPT'
65         }
66         @ferm::rule { 'dsa-rtp-ip6':
67                 domain      => 'ip6',
68                 description => 'RTP streams',
69                 rule        => 'proto udp dport (49152:65535) ACCEPT'
70         }
71 }
Unnamed repository; edit this file 'description' to name the repository.