# This manifest is managed using cosmos Exec { path => "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", } # include some of this stuff for additional features include cosmos::tools include cosmos::motd include cosmos::ntp include cosmos::rngtools include cosmos::preseed include ufw include apt include cosmos # you need a default node node default { class { 'sshserver': } class { 'mailclient': domain => 'nordu.net' } class { 'sshkeys': } } class dockerhost { class { 'sunet::dockerhost': } } class mailclient ($domain) { cosmos::preseed::preseed_package {"postfix": ensure => present, domain => $domain} } class sshserver { include augeas package {'openssh-server': ensure => latest } -> service { 'ssh': ensure => running } augeas { "sshd_config": context => "/files/etc/ssh/sshd_config", changes => [ "set PasswordAuthentication no", "set X11Forwarding no", "set LogLevel VERBOSE", # log pubkey used for root login ], notify => Service['ssh'], } -> file_line { 'no_sftp_subsystem': path => '/etc/ssh/sshd_config', match => 'Subsystem sftp /usr/lib/openssh/sftp-server', line => '#Subsystem sftp /usr/lib/openssh/sftp-server', notify => Service['ssh'], } ufw::allow { "allow-sshd": ip => 'any', port => 22 } } class sshkeys { ssh_authorized_key {'leifj+neo': ensure => present, name => 'leifj+neo@mnt.se', key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDVvB4gdJ6EWRmx8xUSxrhoUNnWxEf8ZwAqhzC1+7XBY/hSd/cbEotLB9gxgqt0CLW56VU4FPLTw8snD8tgsyZN6KH1Da7UXno8oMk8tJdwLQM0Ggx3aWuztItkDfBc3Lfvq5T07YfphqJO7rcSGbS4QQdflXuOM9JLi6NStVao0ia4aE6Tj68pVVb3++XYvqvbU6NtEICvkTxEY93YpnRSfeAi64hsbaqSTN4kpeltzoSD1Rikz2aQFtFXE03ZC48HtGGhdMFA/Ade6KWBDaXxHGARVQ9/UccfhaR2XSjVxSZ8FBNOzNsH4k9cQIb2ndkEOXZXnjF5ZjdI4ZU0F+t7', type => 'ssh-rsa', user => 'root' } ssh_authorized_key {'linus': ensure => present, name => 'linus@nordu.net', key => 'AAAAB3NzaC1kc3MAAACBAOgwalVrauBiUm0cJtiehqiXCarmP3LzpOVe/2Lhip3VyGNkCc0tI3ZcwTOuVSNbNAtUPbRFsp2qzNf6yHzDetolb+8oAWoLrNTnyJn/P6objJJ82U8EY1HK27flFpst1NBHzr9UQAKs+r51cszGHDjhXi001+liN2+qiaXRHmppAAAAFQDqf3RIdYsjmEK2ju8jBkcvhkYHQQAAAIEAydJS3s3eRXDiW5ynnQUZONjBwnBIhT6NEznb9FD/6QlfIL3Ay9sbxSQG3MKaC5xfS1TvjZBOTikYn0VFgzR6bXYJtscbH7Hu53X3uwzAi87pgwoE7/Rctf+o9RgGl/a7a/t+POHFYuOY4kSTqK/loKTu/y9BW0PbrPZ+cwIw1k4AAACBALbgqfua4HCdcCKA4Wv0SZ+p1xApNDi9CF33KhMvQ1wrQBCKBU+maTzO9phNFp1PjXv/JxhmkdHLL2lTo3iXdFSbpkwpBb9p649Kbko3L1XEUPZFz5Flt5H8L+FTTNnF5rHfadshr50r4DXYoEyfZFPEitthaS5dlesfyn/aHSN+', type => 'ssh-dss', user => 'root' } } node 'f1.ct.nordu.net' { sunet::cloudimage { 'frontend-1.urd.appendto.org': dhcp => false, repo => 'git://git.nordu.net/ct-ops.git', tagpattern => 'ct-ops', cpus => '16', memory => '16384', ip => '130.242.125.96', netmask => '255.255.255.192', gateway => '130.242.125.65', resolver => ['130.242.80.14','130.242.80.99'], } } node 'm1.ct.nordu.net' { sunet::cloudimage { 'frontend-2.urd.appendto.org': dhcp => false, repo => 'git://git.nordu.net/ct-ops.git', tagpattern => 'ct-ops', cpus => '16', memory => '16384', ip => '130.242.125.137', netmask => '255.255.255.192', gateway => '130.242.125.129', resolver => ['130.242.80.14','130.242.80.99'], ssh_keys => ['ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVvB4gdJ6EWRmx8xUSxrhoUNnWxEf8ZwAqhzC1+7XBY/hSd/cbEotLB9gxgqt0CLW56VU4FPLTw8snD8tgsyZN6KH1Da7UXno8oMk8tJdwLQM0Ggx3aWuztItkDfBc3Lfvq5T07YfphqJO7rcSGbS4QQdflXuOM9JLi6NStVao0ia4aE6Tj68pVVb3++XYvqvbU6NtEICvkTxEY93YpnRSfeAi64hsbaqSTN4kpeltzoSD1Rikz2aQFtFXE03ZC48HtGGhdMFA/Ade6KWBDaXxHGARVQ9/UccfhaR2XSjVxSZ8FBNOzNsH4k9cQIb2ndkEOXZXnjF5ZjdI4ZU0F+t7 leifj+00060AD478D6@sunet.se'] } sunet::cloudimage { 'sign-2.urd.appendto.org': dhcp => false, repo => 'git://git.nordu.net/ct-ops.git', tagpattern => 'ct-ops', cpus => '2', memory => '4096', ip => '193.10.80.178', bridge => 'br1', netmask => '255.255.255.248', gateway => '193.10.80.177', resolver => ['130.242.80.14','130.242.80.99'], ssh_keys => ['ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVvB4gdJ6EWRmx8xUSxrhoUNnWxEf8ZwAqhzC1+7XBY/hSd/cbEotLB9gxgqt0CLW56VU4FPLTw8snD8tgsyZN6KH1Da7UXno8oMk8tJdwLQM0Ggx3aWuztItkDfBc3Lfvq5T07YfphqJO7rcSGbS4QQdflXuOM9JLi6NStVao0ia4aE6Tj68pVVb3++XYvqvbU6NtEICvkTxEY93YpnRSfeAi64hsbaqSTN4kpeltzoSD1Rikz2aQFtFXE03ZC48HtGGhdMFA/Ade6KWBDaXxHGARVQ9/UccfhaR2XSjVxSZ8FBNOzNsH4k9cQIb2ndkEOXZXnjF5ZjdI4ZU0F+t7 leifj+00060AD478D6@sunet.se'] } } node 'm0.ct.nordu.net' { sunet::cloudimage { 'merge-1.urd.appendto.org': dhcp => false, repo => 'git://git.nordu.net/ct-ops.git', tagpattern => 'ct-ops', cpus => '8', memory => '16384', ip => '130.242.125.95', netmask => '255.255.255.192', gateway => '130.242.125.65', resolver => ['130.242.80.14','130.242.80.99'], } sunet::cloudimage { 'sign-1.urd.appendto.org': dhcp => false, repo => 'git://git.nordu.net/ct-ops.git', tagpattern => 'ct-ops', cpus => '2', memory => '4096', ip => '193.10.80.146', bridge => 'br1', netmask => '255.255.255.248', gateway => '193.10.80.145', resolver => ['130.242.80.14','130.242.80.99'], } } node 'NOTYET_frontend-1.urd.appendto.org' { catlfish::frontend { 'frontend-1': logname => 'urd.appendto.org' } catlfish::storage { 'storage-1': logname => 'urd.appendto.org' } } node 'NOTYET_frontend-2.urd.appendto.org' { catlfish::frontend { 'frontend-2': logname => 'urd.appendto.org' } catlfish::storage { 'storage-2': logname => 'urd.appendto.org' } } node 'NOTYET_merge-1.urd.appendto.org' { catlfish::merge { 'merge-1': logname => 'urd.appendto.org' } } node 'NOTYET_sign-1.urd.appendto.org' { catlfish::signing {'signing-1': logname => 'urd.appendto.org' } } node 'NOTYET_sign-2.urd.appendto.org' { catlfish::signing {'signing-2': logname => 'urd.appendto.org' } }