# This manifest is managed using cosmos Exec { path => "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", } # include some of this stuff for additional features include cosmos::tools include cosmos::motd include cosmos::ntp include cosmos::rngtools include cosmos::preseed include ufw include apt include cosmos # you need a default node node default { class { 'sshserver': } class { 'mailclient': domain => 'smtp.nordu.net' } class { 'sshkeys': } } class dockerhost { apt::source {'docker_official': location => 'https://get.docker.com/ubuntu', release => 'docker', repos => 'main', key => 'A88D21E9', include_src => false } package {'lxc-docker': ensure => latest } class {'docker': manage_package => false } } class webserver { ufw::allow { "allow-http": ip => 'any', port => 80 } ufw::allow { "allow-https": ip => 'any', port => 443 } } class mailclient ($domain) { cosmos::preseed::preseed_package {"postfix": ensure => present, domain => $domain} } class sshserver { include augeas augeas { "sshd_config": context => "/files/etc/ssh/sshd_config", changes => [ "set PasswordAuthentication no", "set X11Forwarding no", "set LogLevel VERBOSE", # log pubkey used for root login ], notify => Service['ssh'], } -> file_line { 'no_sftp_subsystem': path => '/etc/ssh/sshd_config', match => 'Subsystem sftp /usr/lib/openssh/sftp-server', line => '#Subsystem sftp /usr/lib/openssh/sftp-server', notify => Service['ssh'], } ufw::allow { "allow-sshd": ip => 'any', port => 22 } } class sshkeys { ssh_authorized_key {'leifj+neo': ensure => present, name => 'leifj+neo@mnt.se', key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDVvB4gdJ6EWRmx8xUSxrhoUNnWxEf8ZwAqhzC1+7XBY/hSd/cbEotLB9gxgqt0CLW56VU4FPLTw8snD8tgsyZN6KH1Da7UXno8oMk8tJdwLQM0Ggx3aWuztItkDfBc3Lfvq5T07YfphqJO7rcSGbS4QQdflXuOM9JLi6NStVao0ia4aE6Tj68pVVb3++XYvqvbU6NtEICvkTxEY93YpnRSfeAi64hsbaqSTN4kpeltzoSD1Rikz2aQFtFXE03ZC48HtGGhdMFA/Ade6KWBDaXxHGARVQ9/UccfhaR2XSjVxSZ8FBNOzNsH4k9cQIb2ndkEOXZXnjF5ZjdI4ZU0F+t7', type => 'ssh-rsa', user => 'root' } ssh_authorized_key {'linus': ensure => present, name => 'linus@nordu.net', key => 'AAAAB3NzaC1kc3MAAACBAOgwalVrauBiUm0cJtiehqiXCarmP3LzpOVe/2Lhip3VyGNkCc0tI3ZcwTOuVSNbNAtUPbRFsp2qzNf6yHzDetolb+8oAWoLrNTnyJn/P6objJJ82U8EY1HK27flFpst1NBHzr9UQAKs+r51cszGHDjhXi001+liN2+qiaXRHmppAAAAFQDqf3RIdYsjmEK2ju8jBkcvhkYHQQAAAIEAydJS3s3eRXDiW5ynnQUZONjBwnBIhT6NEznb9FD/6QlfIL3Ay9sbxSQG3MKaC5xfS1TvjZBOTikYn0VFgzR6bXYJtscbH7Hu53X3uwzAi87pgwoE7/Rctf+o9RgGl/a7a/t+POHFYuOY4kSTqK/loKTu/y9BW0PbrPZ+cwIw1k4AAACBALbgqfua4HCdcCKA4Wv0SZ+p1xApNDi9CF33KhMvQ1wrQBCKBU+maTzO9phNFp1PjXv/JxhmkdHLL2lTo3iXdFSbpkwpBb9p649Kbko3L1XEUPZFz5Flt5H8L+FTTNnF5rHfadshr50r4DXYoEyfZFPEitthaS5dlesfyn/aHSN+', type => 'ssh-rsa', user => 'root' } }