diff options
| author | Linus Nordberg <linus@nordu.net> | 2017-07-28 19:15:53 +0200 |
|---|---|---|
| committer | Linus Nordberg <linus@nordu.net> | 2017-07-28 19:15:53 +0200 |
| commit | 0f516d67e070becab2ec3a35c5188dfa46c90b92 (patch) | |
| tree | f10051fdc4d0e64aa9dc99129fb85927d181e710 /global/overlay/etc/puppet/manifests/cosmos-site.pp | |
| parent | 177275e86e27cecaceb7e5c6bc4088114e89be35 (diff) | |
Empty the default node and add stuff to cosmos-rules.ct-ops-2017-07-28-v10
Diffstat (limited to 'global/overlay/etc/puppet/manifests/cosmos-site.pp')
| -rw-r--r-- | global/overlay/etc/puppet/manifests/cosmos-site.pp | 57 |
1 files changed, 13 insertions, 44 deletions
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 0855b63..c83a37c 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -4,27 +4,18 @@ Exec { path => "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", } -# include some of this stuff for additional features - -include cosmos::tools -include cosmos::motd -include cosmos::ntp -include cosmos::rngtools -include cosmos::preseed -include ufw -include apt -include cosmos - -# you need a default node +include nrpe + +class nunoc { + include sunet::tools + include sunet::motd + include sunet::ntp + include ufw + include apt + include apparmor +} node default { - - class { 'sshserver': } - class { 'mailclient': - domain => 'nordu.net' - } - class { 'sshkeys': } - } class dockerhost { @@ -35,33 +26,11 @@ class mailclient ($domain) { cosmos::preseed::preseed_package {"postfix": ensure => present, domain => $domain} } -class sshserver { - include augeas - package {'openssh-server': ensure => latest } -> - service { 'ssh': ensure => running } - augeas { "sshd_config": - context => "/files/etc/ssh/sshd_config", - changes => [ - "set PasswordAuthentication no", - "set X11Forwarding no", - "set LogLevel VERBOSE", # log pubkey used for root login - ], - notify => Service['ssh'], - } -> - file_line { - 'no_sftp_subsystem': - path => '/etc/ssh/sshd_config', - match => 'Subsystem sftp /usr/lib/openssh/sftp-server', - line => '#Subsystem sftp /usr/lib/openssh/sftp-server', - notify => Service['ssh'], +class ctops { + class { 'sunet::server': + unattended_upgrades => true, } - ufw::allow { "allow-sshd": - ip => 'any', - port => 22 - } -} -class sshkeys { ssh_authorized_key {'linus': ensure => present, name => 'linus@sunet.se, |