1 files changed, 26 insertions, 1 deletions

diff --git a/global/overlay/etc/puppet/manifests/catlfish/frontend.pp b/global/overlay/etc/puppet/manifests/catlfish/frontend.pp
index 9307e1d..37d455f 100644
--- a/global/overlay/etc/puppet/manifests/catlfish/frontend.pp
+++ b/global/overlay/etc/puppet/manifests/catlfish/frontend.pp
@@ -6,11 +6,36 @@ define catlfish::frontend(
    $base = '/var/local/db/urd.appendto.org'
    file {$base: ensure => directory } ->
    file {"${base}/${name}": ensure => directory } ->
+   sunet::docker_run{"${name}_varnish":
+      image    => "docker.sunet.se/varnish",
+      imagetag => "latest",
+      env      => ["BACKEND_PORT=tcp://${name}_frontend.docker:8080"]
+      ports    => ["80:80"],
+   }
+   sunet::docker_run{"${name}_stud":
+      image    => "docker.sunet.se/stud",
+      imagetag => "latest",
+      volumes  => ["/etc/ssl:/etc/ssl"],
+      env      => ["BACKEND_PORT=tcp://${name}_varnish.docker:80"],
+      ports    => ["443:443"]
+   }
    sunet::docker_run {'${name}_frontend':
        image    => $image,
-       imagetag => $version
+       imagetag => $version,
        ports    => ["8080:8080","8082:8082"],
        volumes  => ["/data/${name}/catlfish:/usr/local/etc/catlfish:ro","${base}/${name}:/var/local/db/catlfish"],
        command  => ["frontend"]
    }
+   ufw::allow { "${name}-allow-http":
+      ip   => 'any',
+      port => 80
+   }
+   ufw::allow { "${name}-allow-https":
+      ip   => 'any',
+      port => 443
+   }
+   ufw:allow { "${name}-allow-8082-acl0":
+      ip     => '130.242.125.0/24',
+      port   => 8082
+   }
 }