1 files changed, 13 insertions, 44 deletions

diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp
index 0855b63..c83a37c 100644
--- a/global/overlay/etc/puppet/manifests/cosmos-site.pp
+++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp
@@ -4,27 +4,18 @@ Exec {
   path => "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
 }
 
-# include some of this stuff for additional features
-
-include cosmos::tools
-include cosmos::motd
-include cosmos::ntp
-include cosmos::rngtools
-include cosmos::preseed
-include ufw
-include apt
-include cosmos
-
-# you need a default node
+include nrpe
+
+class nunoc {
+  include sunet::tools
+  include sunet::motd
+  include sunet::ntp
+  include ufw
+  include apt
+  include apparmor
+}
 
 node default {
-
-   class { 'sshserver': }
-   class { 'mailclient':
-      domain => 'nordu.net'
-   }
-   class { 'sshkeys': }
-
 }
 
 class dockerhost {
@@ -35,33 +26,11 @@ class mailclient ($domain) {
    cosmos::preseed::preseed_package {"postfix": ensure => present, domain => $domain}
 }
 
-class sshserver {
-  include augeas
-  package {'openssh-server': ensure => latest } ->
-  service { 'ssh': ensure => running }
-  augeas { "sshd_config":
-    context => "/files/etc/ssh/sshd_config",
-    changes => [
-      "set PasswordAuthentication no",
-      "set X11Forwarding no",
-      "set LogLevel VERBOSE",  # log pubkey used for root login
-    ],
-    notify => Service['ssh'],
-  } ->
-    file_line {
-      'no_sftp_subsystem':
-        path        => '/etc/ssh/sshd_config',
-        match       => 'Subsystem sftp /usr/lib/openssh/sftp-server',
-        line        => '#Subsystem sftp /usr/lib/openssh/sftp-server',
-    notify => Service['ssh'],
+class ctops {
+  class { 'sunet::server':
+    unattended_upgrades => true,
   }
-  ufw::allow { "allow-sshd":
-      ip   => 'any',
-      port => 22
-  }
-}
 
-class sshkeys {
   ssh_authorized_key {'linus':
     ensure  => present,
     name    => 'linus@sunet.se,