aboutsummaryrefslogtreecommitdiff
path: root/personal_infra/puppet
diff options
context:
space:
mode:
Diffstat (limited to 'personal_infra/puppet')
-rw-r--r--personal_infra/puppet/modules/tinc/manifests/init.pp4
-rw-r--r--personal_infra/puppet/site/01-tinc.pp1
2 files changed, 3 insertions, 2 deletions
diff --git a/personal_infra/puppet/modules/tinc/manifests/init.pp b/personal_infra/puppet/modules/tinc/manifests/init.pp
index be373302..581593a6 100644
--- a/personal_infra/puppet/modules/tinc/manifests/init.pp
+++ b/personal_infra/puppet/modules/tinc/manifests/init.pp
@@ -1,4 +1,4 @@
-class tinc($tinc_name, $tinc_location, $tinc_connect_to, $tinc_locations, $tinc_ip, $tinc_netmask, $tinc_other_networks) {
+class tinc($tinc_name, $tinc_location, $tinc_connect_to, $tinc_locations, $tinc_ip, $tinc_netmask, $tinc_other_networks, $firewall = true) {
# https://bugzilla.redhat.com/show_bug.cgi?id=2153663
if($facts['os']['family'] == 'RedHat' and $facts['os']['release']['major'] == '9') {
copr {'tinc':
@@ -71,7 +71,7 @@ cat /etc/ansible/tinc/public_${location['address']}.pem >>/etc/tinc/${tinc_name}
notify => Service["tinc@${tinc_name}"],
}
- if ($facts['os']['family'] == 'RedHat') {
+ if ($facts['os']['family'] == 'RedHat' and $firewall) {
exec {'open firewall for tinc':
command => '/usr/bin/firewall-cmd --permanent --add-port=655/{tcp,udp}',
unless => '/usr/bin/firewall-cmd --query-port=655/udp',
diff --git a/personal_infra/puppet/site/01-tinc.pp b/personal_infra/puppet/site/01-tinc.pp
index 148e5988..7228a870 100644
--- a/personal_infra/puppet/site/01-tinc.pp
+++ b/personal_infra/puppet/site/01-tinc.pp
@@ -22,5 +22,6 @@ if 'tinc' in lookup("group_names") {
tinc_ip => lookup("network.self_internal_ip"),
tinc_netmask => lookup("network.self_internal_netmask"),
tinc_other_networks => $tinc_other_networks,
+ firewall => !lookup("network.disable_firewall"),
}
}
generated by cgit v1.2.3 (git 2.46.0) at 2026-02-02 11:43:17 +0000