From e72b75cdc7baaf4cb0ab164c62edaec60bc4eafa Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Sat, 29 Jul 2017 21:54:57 +0200 Subject: Harden installations with class bastion. --- global/overlay/etc/puppet/manifests/cosmos-site.pp | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/global/overlay/etc/puppet/manifests/cosmos-site.pp b/global/overlay/etc/puppet/manifests/cosmos-site.pp index 3020216..105c9a2 100644 --- a/global/overlay/etc/puppet/manifests/cosmos-site.pp +++ b/global/overlay/etc/puppet/manifests/cosmos-site.pp @@ -16,6 +16,18 @@ class nunoc { } node default { + if $::hostname =~ /ct.nordu.net/ { # kvm hosts need relaxed net? + class {'bastion': + fstab_fix_shm => false, + sysctl_net_hardening => false, + } + } else { + class {'bastion': + fstab_fix_shm => false, + fixperms_paranoia => true, + } + } + } class dockerhost { -- cgit v1.1