diff options
-rw-r--r-- | global/overlay/etc/puppet/cosmos-rules.yaml | 11 | ||||
-rw-r--r-- | global/overlay/etc/puppet/manifests/cosmos-site.pp | 33 |
2 files changed, 21 insertions, 23 deletions
diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml index 5e654c6..5376303 100644 --- a/global/overlay/etc/puppet/cosmos-rules.yaml +++ b/global/overlay/etc/puppet/cosmos-rules.yaml @@ -1,15 +1,12 @@ '^cdr\d+\.sunet\.se$': - sshaccess: sunet-cdr: sunetops: '\.swamid\.se$': - sshaccess: sunetops: swamidops: mailclient: domain: sunet.se '\.sunet\.se$': - sshaccess: sunetops: mailclient: domain: sunet.se @@ -29,15 +26,12 @@ mdx2.swamid.se: dockerhost: docker_signer: sto-tug-kvm2.swamid.se: - sshaccess: webserver: sunet::dockerhost: reep.tid.isoc.org: - sshaccess: swamidops: dockerhost: md-master.reep.refeds.org: - sshaccess: swamidops: '^random\d+\.nordu\.net$': entropyserver: @@ -53,3 +47,8 @@ www2.eduid.se: webserver: '^web-db[0-9]+\.sunet\.se$': webbackend: +'\.nordu\.net$': + sunetops: + mailclient: + domain: nordu.net + diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 109c00b..60e5ad1 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -13,10 +13,24 @@ include ufw include apt include cosmos -# you need a default node +class sshaccess { + package { ['openssh-server', 'emacs23-nox']: + ensure => 'installed' + } -node default { + ufw::allow { 'allow-ssh-sunet': + port => '22', + ip => 'any', # both IPv4 and IPv6 + proto => 'tcp' + } -> + service { 'ssh': + ensure => 'running', + } +} +# you need a default node, all nodes need ssh + ufw +node default { + include sshaccess } class dockerhost { @@ -569,21 +583,6 @@ class sunet-dhcp-hosts { dhcp::host { 'mdx2.swamid': mac => "52:54:00:30:be:dd", ip => "130.242.125.92" } } -class sshaccess { - package { ['openssh-server', 'emacs23-nox']: - ensure => 'installed' - } - - ufw::allow { 'allow-ssh-sunet': - port => '22', - ip => 'any', # both IPv4 and IPv6 - proto => 'tcp' - } -> - service { 'ssh': - ensure => 'running', - } -} - class sunetops { sunet::server { 'sunet_server': } |