diff options
| author | Linus Nordberg <linus@nordu.net> | 2017-07-29 21:54:57 +0200 |
|---|---|---|
| committer | Linus Nordberg <linus@nordu.net> | 2017-07-29 21:54:57 +0200 |
| commit | e72b75cdc7baaf4cb0ab164c62edaec60bc4eafa (patch) | |
| tree | ad5030c85ba3df5137664747b280cadf2fc6e472 | |
| parent | bea5dce15c07938afe74c2e68dc87781f66cb056 (diff) | |
Harden installations with class bastion.ct-ops-2017-07-29-v09
| -rw-r--r-- | global/overlay/etc/puppet/manifests/cosmos-site.pp | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 3020216..105c9a2 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -16,6 +16,18 @@ class nunoc { } node default { + if $::hostname =~ /ct.nordu.net/ { # kvm hosts need relaxed net? + class {'bastion': + fstab_fix_shm => false, + sysctl_net_hardening => false, + } + } else { + class {'bastion': + fstab_fix_shm => false, + fixperms_paranoia => true, + } + } + } class dockerhost { |