Merge branch 'master' of git.nordu.net:sunet-ops

author: Leif Johansson <leifj@sunet.se> 2014-03-03 10:35:00 +0100
committer: Leif Johansson <leifj@sunet.se> 2014-03-03 10:35:00 +0100
commit: 1c78441c007c16b247530402d8dbdd593dcdf70e (patch)
tree: 4806872861f0fda5cc9805d96f8b2b04f012274c /global/overlay/etc/puppet
parent: a20a151f7dcd25e20b207da744b3975df771bed0 (diff)
parent: baffa6e766cb7b69454f9d833e670003e6a8646f (diff)
3 files changed, 34 insertions, 3 deletions
diff --git a/global/overlay/etc/puppet/cosmos-modules.conf b/global/overlay/etc/puppet/cosmos-modules.conf
index deb781e..1a77592 100644
--- a/global/overlay/etc/puppet/cosmos-modules.conf
+++ b/global/overlay/etc/puppet/cosmos-modules.conf
@@ -4,7 +4,7 @@
 #concat puppetlabs/concat no
 #stdlib puppetlabs/stdlib no
 cosmos git://github.com/leifj/puppet-cosmos.git yes
-ufw attachmentgenie/ufw no
+ufw git://github.com/SUNET/puppet-module-ufw.git yes
 apt puppetlabs/apt no
 #vcsrepo puppetlabs/vcsrepo no
 #xinetd puppetlabs/xinetd no
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index d916f97..8b161a2 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -62,7 +62,7 @@ node 'sto-tug-kvm1.swamid.se' {
   class { 'dhcp':
       dnsdomain    => [ 'eduid.se','sunet.se' ],
       nameservers  => ['130.242.80.14','130.242.80.99'],
-      ntpservers   => ['pool.ntp.org'],
+      ntpservers   => ['ntp1.nordu.net','ntp2.nordu.net','Time1.Stupi.SE'],
       interfaces   => ['eth0'],
       #pxeserver    => '130.242.125.5',
       #pxefilename  => 'pxelinux.0'
@@ -266,7 +266,7 @@ class sunet-cdr {
   class { 'dhcp':
       dnsdomain    => [ 'eduid.se','sunet.se' ],
       nameservers  => ['130.242.80.14','130.242.80.99'],
-      ntpservers   => ['pool.ntp.org'],
+      ntpservers   => ['ntp1.nordu.net','ntp2.nordu.net','Time1.Stupi.SE'],
       interfaces   => ['bond0'],
       #pxeserver    => '130.242.125.5',
       #pxefilename  => 'pxelinux.0'
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp b/global/overlay/etc/puppet/modules/sunet/manifests/server.pp
index 9215c8f..875dc69 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/server.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/server.pp
@@ -6,4 +6,35 @@ define sunet::server() {
   # Add prerequisites for ethernet bonding, if physical server
   sunet::ethernet_bonding { 'sunet_ethernet_bonding': }
 
+# Removed until SWAMID hosts can have their ufw module updated  / ft
+#  # Ignore IPv6 multicast
+#  ufw::deny { 'ignore_v6_multicast':
+#    ip    => 'ff02::1',
+#    proto => 'any'  # 'ufw' has a hard-coded list of protocols, which does not include 'ipv6-icmp' :(
+#  }
+
+#  # Ignore IPv6 multicast PIM router talk
+#  ufw::deny { 'ignore_v6_multicast_PIM':
+#    ip    => 'ff02::d',
+#    proto => 'any'  # 'ufw' has a hard-coded list of protocols, which does not include 'ipv6-icmp' :(
+#  }
+
+  include augeas
+  augeas { "sshd_config":
+    context => "/files/etc/ssh/sshd_config",
+    changes => [
+      "set PasswordAuthentication no",
+      "set X11Forwarding no",
+      "set LogLevel VERBOSE",  # log pubkey used for root login
+    ],
+    notify => Service['ssh'],
+  } ->
+    file_line {
+      'no_sftp_subsystem':
+        path        => '/etc/ssh/sshd_config',
+        match       => 'Subsystem sftp /usr/lib/openssh/sftp-server',
+        line        => '#Subsystem sftp /usr/lib/openssh/sftp-server',
+    notify => Service['ssh'],
+  }
+
 }
author	Leif Johansson <leifj@sunet.se>	2014-03-03 10:35:00 +0100
committer	Leif Johansson <leifj@sunet.se>	2014-03-03 10:35:00 +0100
commit	1c78441c007c16b247530402d8dbdd593dcdf70e (patch)
tree	4806872861f0fda5cc9805d96f8b2b04f012274c /global/overlay/etc/puppet
parent	a20a151f7dcd25e20b207da744b3975df771bed0 (diff)
parent	baffa6e766cb7b69454f9d833e670003e6a8646f (diff)