#
# Cookbook:: kosmos_kvm
# Recipe:: host
#

package %w(virtinst libvirt-daemon-system)

directory "/var/lib/libvirt/images/base" do
  recursive true
  owner "libvirt-qemu"
  group "kvm"
  mode "0750"
end

# Base VM image
remote_file node["kosmos_kvm"]["host"]["qemu_base_image"]["path"] do
  source node["kosmos_kvm"]["host"]["qemu_base_image"]["url"]
  checksum node["kosmos_kvm"]["host"]["qemu_base_image"]["checksum"]
  owner "libvirt-qemu"
  group "kvm"
  mode "0640"
end

template "/usr/local/sbin/create_vm" do
  source "create_vm.erb"
  mode "0750"
  variables base_image_path: node["kosmos_kvm"]["host"]["qemu_base_image"]["path"]
end

firewall_rule 'ssh-alt-port' do
  port     [2222]
  protocol :tcp
  command  :allow
end

%w{
  10.0.0.0/8
  172.16.0.0/12
  192.168.0.0/16
  100.64.0.0/10
}.each do |ip|
  firewall_rule "unauthorized-private-network-#{ip}" do
    interface "enp35s0"
    destination ip
    direction :out
    protocol :none
    command  :deny
  end
end