# This manifest is managed using cosmos

Exec {
  path => "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
}

# include some of this stuff for additional features

include cosmos::tools
include cosmos::motd
include cosmos::ntp
include cosmos::rngtools
include cosmos::preseed
include ufw
include apt
include cosmos

# you need a default node

node default {

   class { 'sshserver': }
   class { 'mailclient':
      domain => 'smtp.nordu.net'
   }
   class { 'sshkeys': }

}

class dockerhost {
   class { 'sunet::dockerhost': }
}

class mailclient ($domain) {
   cosmos::preseed::preseed_package {"postfix": ensure => present, domain => $domain}
}

class sshserver {
  include augeas
  package {'openssh-server': ensure => latest } ->
  service { 'ssh': ensure => running }
  augeas { "sshd_config":
    context => "/files/etc/ssh/sshd_config",
    changes => [
      "set PasswordAuthentication no",
      "set X11Forwarding no",
      "set LogLevel VERBOSE",  # log pubkey used for root login
    ],
    notify => Service['ssh'],
  } ->
    file_line {
      'no_sftp_subsystem':
        path        => '/etc/ssh/sshd_config',
        match       => 'Subsystem sftp /usr/lib/openssh/sftp-server',
        line        => '#Subsystem sftp /usr/lib/openssh/sftp-server',
    notify => Service['ssh'],
  }
  ufw::allow { "allow-sshd":
      ip   => 'any',
      port => 22
  }
}

class sshkeys {
   ssh_authorized_key {'leifj+neo':
    ensure  => present,
    name    => 'leifj+neo@mnt.se',
    key     => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDVvB4gdJ6EWRmx8xUSxrhoUNnWxEf8ZwAqhzC1+7XBY/hSd/cbEotLB9gxgqt0CLW56VU4FPLTw8snD8tgsyZN6KH1Da7UXno8oMk8tJdwLQM0Ggx3aWuztItkDfBc3Lfvq5T07YfphqJO7rcSGbS4QQdflXuOM9JLi6NStVao0ia4aE6Tj68pVVb3++XYvqvbU6NtEICvkTxEY93YpnRSfeAi64hsbaqSTN4kpeltzoSD1Rikz2aQFtFXE03ZC48HtGGhdMFA/Ade6KWBDaXxHGARVQ9/UccfhaR2XSjVxSZ8FBNOzNsH4k9cQIb2ndkEOXZXnjF5ZjdI4ZU0F+t7',
    type    => 'ssh-rsa',
    user    => 'root'
  }
  ssh_authorized_key {'linus':
    ensure  => present,
    name    => 'linus@nordu.net',
    key     => 'AAAAB3NzaC1kc3MAAACBAOgwalVrauBiUm0cJtiehqiXCarmP3LzpOVe/2Lhip3VyGNkCc0tI3ZcwTOuVSNbNAtUPbRFsp2qzNf6yHzDetolb+8oAWoLrNTnyJn/P6objJJ82U8EY1HK27flFpst1NBHzr9UQAKs+r51cszGHDjhXi001+liN2+qiaXRHmppAAAAFQDqf3RIdYsjmEK2ju8jBkcvhkYHQQAAAIEAydJS3s3eRXDiW5ynnQUZONjBwnBIhT6NEznb9FD/6QlfIL3Ay9sbxSQG3MKaC5xfS1TvjZBOTikYn0VFgzR6bXYJtscbH7Hu53X3uwzAi87pgwoE7/Rctf+o9RgGl/a7a/t+POHFYuOY4kSTqK/loKTu/y9BW0PbrPZ+cwIw1k4AAACBALbgqfua4HCdcCKA4Wv0SZ+p1xApNDi9CF33KhMvQ1wrQBCKBU+maTzO9phNFp1PjXv/JxhmkdHLL2lTo3iXdFSbpkwpBb9p649Kbko3L1XEUPZFz5Flt5H8L+FTTNnF5rHfadshr50r4DXYoEyfZFPEitthaS5dlesfyn/aHSN+',
    type    => 'ssh-rsa',
    user    => 'root'
  }
}

node f1.ct.nordu.net {
   sunet::cloudimage { 'ct-frontend-1.urd.appendto.org':
      dhcp       => false,
      repo       => 'git://git.nordu.net/ct-ops.git',
      tagpattern => 'ct-ops',
      cpus       => '8',
      memory     => '8196',
      ip         => '130.242.125.94',
      netmask    => '255.255.255.192',
      gateway    => '130.242.125.65',
      resolver   => '130.242.80.14 130.242.80.99'
   }
}

node m1.ct.nordu.net {
   sunet::cloudimage { 'ct-frontend-2.urd.appendto.org':
      dhcp       => false,
      repo       => 'git://git.nordu.net/ct-ops.git',
      tagpattern => 'ct-ops',
      cpus       => '8',
      memory     => '16384',
      ip         => '130.242.125.136',
      netmask    => '255.255.255.192',
      gateway    => '130.242.125.65',
      resolver   => '130.242.80.14 130.242.80.99'
   }
   sunet::cloudimage { 'ct-sign-2.urd.appendto.org':
      dhcp       => false,
      repo       => 'git://git.nordu.net/ct-ops.git',
      tagpattern => 'ct-ops',
      cpus       => '2',
      memory     => '4096',
      ip         => '193.10.80.177',
      netmask    => '255.255.255.254',
      gateway    => '193.10.80.176',
      resolver   => '130.242.80.14 130.242.80.99'
   }
}

node m0.ct.nordu.net {
   sunet::cloudimage { 'ct-merge-1.urd.appendto.org':
      dhcp       => false,
      repo       => 'git://git.nordu.net/ct-ops.git',
      tagpattern => 'ct-ops',
      cpus       => '8',
      memory     => '16384',
      ip         => '130.242.125.93',
      netmask    => '255.255.255.192',
      gateway    => '130.242.125.65',
      resolver   => '130.242.80.14 130.242.80.99'
   }
   sunet::cloudimage { 'ct-sign-1.urd.appendto.org':
      dhcp       => false,
      repo       => 'git://git.nordu.net/ct-ops.git',
      tagpattern => 'ct-ops',
      cpus       => '2',
      memory     => '4096',
      ip         => '193.10.80.145',
      netmask    => '255.255.255.254',
      gateway    => '193.10.80.144',
      resolver   => '130.242.80.14 130.242.80.99'
   }
}