summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--global/overlay/etc/puppet/cosmos-rules.yaml10
-rw-r--r--global/overlay/etc/puppet/manifests/cosmos-site.pp57
-rw-r--r--global/overlay/etc/puppet/manifests/nrpe.pp28
3 files changed, 49 insertions, 46 deletions
diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index b3f225b..87b4205 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -1,4 +1,10 @@
+'.+':
+ nunoc:
+ nrpe:
'^[f,m][0-9]?.ct.nordu.net$':
- dockerhost:
+ ctops:
+ mailclient:
+ domain: nordu.net
'.+.appendto.org$':
- dockerhost:
+ ctops:
+ dockerhost:
diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 0855b63..c83a37c 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -4,27 +4,18 @@ Exec {
path => "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
}
-# include some of this stuff for additional features
-
-include cosmos::tools
-include cosmos::motd
-include cosmos::ntp
-include cosmos::rngtools
-include cosmos::preseed
-include ufw
-include apt
-include cosmos
-
-# you need a default node
+include nrpe
+
+class nunoc {
+ include sunet::tools
+ include sunet::motd
+ include sunet::ntp
+ include ufw
+ include apt
+ include apparmor
+}
node default {
-
- class { 'sshserver': }
- class { 'mailclient':
- domain => 'nordu.net'
- }
- class { 'sshkeys': }
-
}
class dockerhost {
@@ -35,33 +26,11 @@ class mailclient ($domain) {
cosmos::preseed::preseed_package {"postfix": ensure => present, domain => $domain}
}
-class sshserver {
- include augeas
- package {'openssh-server': ensure => latest } ->
- service { 'ssh': ensure => running }
- augeas { "sshd_config":
- context => "/files/etc/ssh/sshd_config",
- changes => [
- "set PasswordAuthentication no",
- "set X11Forwarding no",
- "set LogLevel VERBOSE", # log pubkey used for root login
- ],
- notify => Service['ssh'],
- } ->
- file_line {
- 'no_sftp_subsystem':
- path => '/etc/ssh/sshd_config',
- match => 'Subsystem sftp /usr/lib/openssh/sftp-server',
- line => '#Subsystem sftp /usr/lib/openssh/sftp-server',
- notify => Service['ssh'],
+class ctops {
+ class { 'sunet::server':
+ unattended_upgrades => true,
}
- ufw::allow { "allow-sshd":
- ip => 'any',
- port => 22
- }
-}
-class sshkeys {
ssh_authorized_key {'linus':
ensure => present,
name => 'linus@sunet.se,
diff --git a/global/overlay/etc/puppet/manifests/nrpe.pp b/global/overlay/etc/puppet/manifests/nrpe.pp
new file mode 100644
index 0000000..e85a926
--- /dev/null
+++ b/global/overlay/etc/puppet/manifests/nrpe.pp
@@ -0,0 +1,28 @@
+class nrpe {
+ require apt
+ class {'sunet::nagios': }
+ package {'nagios-plugins-contrib': ensure => latest}
+ package {'nagios-plugins-extra': ensure => latest}
+
+ sunet::nagios::nrpe_command {'check_memory':
+ command_line => '/usr/lib/nagios/plugins/check_memory -w 10% -c 5%'
+ }
+ sunet::nagios::nrpe_command {'check_mem':
+ command_line => '/usr/lib/nagios/plugins/check_memory -w 10% -c 5%'
+ }
+ sunet::nagios::nrpe_command {'check_boot_15_5':
+ command_line => '/usr/lib/nagios/plugins/check_disk -w 15% -c 5% -p /boot'
+ }
+ sunet::nagios::nrpe_command {'check_entropy':
+ command_line => '/usr/lib/nagios/plugins/check_entropy'
+ }
+ sunet::nagios::nrpe_command {'check_ntp_time':
+ command_line => '/usr/lib/nagios/plugins/check_ntp_time -H localhost'
+ }
+ sunet::nagios::nrpe_command {'check_scriptherder':
+ command_line => '/usr/local/bin/scriptherder --mode check'
+ }
+ sunet::nagios::nrpe_command {'check_apt':
+ command_line => '/usr/lib/nagios/plugins/check_apt'
+ }
+}