diff options
-rw-r--r-- | global/overlay/etc/puppet/cosmos-rules.yaml | 10 | ||||
-rw-r--r-- | global/overlay/etc/puppet/manifests/cosmos-site.pp | 57 | ||||
-rw-r--r-- | global/overlay/etc/puppet/manifests/nrpe.pp | 28 |
3 files changed, 49 insertions, 46 deletions
diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index b3f225b..87b4205 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -1,4 +1,10 @@ +'.+': + nunoc: + nrpe: '^[f,m][0-9]?.ct.nordu.net$': - dockerhost: + ctops: + mailclient: + domain: nordu.net '.+.appendto.org$': - dockerhost: + ctops: + dockerhost: diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 0855b63..c83a37c 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -4,27 +4,18 @@ Exec { path => "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", } -# include some of this stuff for additional features - -include cosmos::tools -include cosmos::motd -include cosmos::ntp -include cosmos::rngtools -include cosmos::preseed -include ufw -include apt -include cosmos - -# you need a default node +include nrpe + +class nunoc { + include sunet::tools + include sunet::motd + include sunet::ntp + include ufw + include apt + include apparmor +} node default { - - class { 'sshserver': } - class { 'mailclient': - domain => 'nordu.net' - } - class { 'sshkeys': } - } class dockerhost { @@ -35,33 +26,11 @@ class mailclient ($domain) { cosmos::preseed::preseed_package {"postfix": ensure => present, domain => $domain} } -class sshserver { - include augeas - package {'openssh-server': ensure => latest } -> - service { 'ssh': ensure => running } - augeas { "sshd_config": - context => "/files/etc/ssh/sshd_config", - changes => [ - "set PasswordAuthentication no", - "set X11Forwarding no", - "set LogLevel VERBOSE", # log pubkey used for root login - ], - notify => Service['ssh'], - } -> - file_line { - 'no_sftp_subsystem': - path => '/etc/ssh/sshd_config', - match => 'Subsystem sftp /usr/lib/openssh/sftp-server', - line => '#Subsystem sftp /usr/lib/openssh/sftp-server', - notify => Service['ssh'], +class ctops { + class { 'sunet::server': + unattended_upgrades => true, } - ufw::allow { "allow-sshd": - ip => 'any', - port => 22 - } -} -class sshkeys { ssh_authorized_key {'linus': ensure => present, name => 'linus@sunet.se, diff --git a/global/overlay/etc/puppet/manifests/nrpe.pp b/global/overlay/etc/puppet/manifests/nrpe.pp new file mode 100644 index 0000000..e85a926 --- /dev/null +++ b/global/overlay/etc/puppet/manifests/nrpe.pp @@ -0,0 +1,28 @@ +class nrpe { + require apt + class {'sunet::nagios': } + package {'nagios-plugins-contrib': ensure => latest} + package {'nagios-plugins-extra': ensure => latest} + + sunet::nagios::nrpe_command {'check_memory': + command_line => '/usr/lib/nagios/plugins/check_memory -w 10% -c 5%' + } + sunet::nagios::nrpe_command {'check_mem': + command_line => '/usr/lib/nagios/plugins/check_memory -w 10% -c 5%' + } + sunet::nagios::nrpe_command {'check_boot_15_5': + command_line => '/usr/lib/nagios/plugins/check_disk -w 15% -c 5% -p /boot' + } + sunet::nagios::nrpe_command {'check_entropy': + command_line => '/usr/lib/nagios/plugins/check_entropy' + } + sunet::nagios::nrpe_command {'check_ntp_time': + command_line => '/usr/lib/nagios/plugins/check_ntp_time -H localhost' + } + sunet::nagios::nrpe_command {'check_scriptherder': + command_line => '/usr/local/bin/scriptherder --mode check' + } + sunet::nagios::nrpe_command {'check_apt': + command_line => '/usr/lib/nagios/plugins/check_apt' + } +} |