mirror of
https://github.com/zulip/zulip.git
synced 2025-11-18 12:54:58 +00:00
c9141785fd
This means that services will only open their ports if they are actually run, without having to clutter rules.v4 with a log of `if` statements. This does not go as far as using `puppetlabs/firewall`[1] because that would represent an additional DSL to learn; raw IPtables sections can easily be inserted into the generated iptables file via `concat::fragment` (either inline, or as a separate file), but config can be centralized next to the appropriate service. [1] https://forge.puppet.com/modules/puppetlabs/firewall
14 lines
281 B
Puppet
14 lines
281 B
Puppet
class zulip_ops::camo {
|
|
include zulip::camo
|
|
|
|
zulip_ops::firewall_allow { 'camo': port => '9292' }
|
|
|
|
file { '/etc/cron.d/camo':
|
|
ensure => file,
|
|
owner => 'root',
|
|
group => 'root',
|
|
mode => '0644',
|
|
source => 'puppet:///modules/zulip_ops/cron.d/camo',
|
|
}
|
|
}
|