# This manifest is managed using cosmos Exec { path => "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", } # include some of this stuff for additional features include cosmos::tools include cosmos::motd include cosmos::ntp include cosmos::rngtools include cosmos::preseed include ufw include apt include cosmos # you need a default node node default { class { 'sshserver': } class { 'mailclient': domain => 'nordu.net' } class { 'sshkeys': } } class dockerhost { class { 'sunet::dockerhost': } } class mailclient ($domain) { cosmos::preseed::preseed_package {"postfix": ensure => present, domain => $domain} } class sshserver { include augeas package {'openssh-server': ensure => latest } -> service { 'ssh': ensure => running } augeas { "sshd_config": context => "/files/etc/ssh/sshd_config", changes => [ "set PasswordAuthentication no", "set X11Forwarding no", "set LogLevel VERBOSE", # log pubkey used for root login ], notify => Service['ssh'], } -> file_line { 'no_sftp_subsystem': path => '/etc/ssh/sshd_config', match => 'Subsystem sftp /usr/lib/openssh/sftp-server', line => '#Subsystem sftp /usr/lib/openssh/sftp-server', notify => Service['ssh'], } ufw::allow { "allow-sshd": ip => 'any', port => 22 } } class sshkeys { ssh_authorized_key {'linus': ensure => present, name => 'linus@sunet.se, key => 'AAAAC3NzaC1lZDI1NTE5AAAAID4bv1RXziZSjHkKY5kDbxboNUGkHEpBivdX8fdvl7Zt', type => 'ssh-ed25519', user => 'root' } } node 'f1.ct.nordu.net' { sunet::cloudimage { 'frontend-1.urd.appendto.org': dhcp => false, repo => 'https://git.nordu.net/ct-ops.git', tagpattern => 'ct-ops', cpus => '16', memory => '16384', ip => '130.242.125.96', netmask => '255.255.255.192', gateway => '130.242.125.65', resolver => ['130.242.80.14','130.242.80.99'], } } node 'm1.ct.nordu.net' { sunet::cloudimage { 'frontend-2.urd.appendto.org': dhcp => false, repo => 'https://git.nordu.net/ct-ops.git', tagpattern => 'ct-ops', cpus => '16', memory => '16384', ip => '130.242.125.137', netmask => '255.255.255.192', gateway => '130.242.125.129', resolver => ['130.242.80.14','130.242.80.99'], ssh_keys => ['ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID4bv1RXziZSjHkKY5kDbxboNUGkHEpBivdX8fdvl7Zt linus@sunet.se'], } sunet::cloudimage { 'sign-2.urd.appendto.org': dhcp => false, repo => 'https://git.nordu.net/ct-ops.git', tagpattern => 'ct-ops', cpus => '2', memory => '4096', ip => '193.10.80.178', bridge => 'br1', netmask => '255.255.255.248', gateway => '193.10.80.177', resolver => ['130.242.80.14','130.242.80.99'], ssh_keys => ['ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID4bv1RXziZSjHkKY5kDbxboNUGkHEpBivdX8fdvl7Zt linus@sunet.se'], } } node 'm0.ct.nordu.net' { sunet::cloudimage { 'merge-1.urd.appendto.org': dhcp => false, repo => 'https://git.nordu.net/ct-ops.git', tagpattern => 'ct-ops', cpus => '8', memory => '16384', ip => '130.242.125.95', netmask => '255.255.255.192', gateway => '130.242.125.65', resolver => ['130.242.80.14','130.242.80.99'], } sunet::cloudimage { 'sign-1.urd.appendto.org': dhcp => false, repo => 'https://git.nordu.net/ct-ops.git', tagpattern => 'ct-ops', cpus => '2', memory => '4096', ip => '193.10.80.146', bridge => 'br1', netmask => '255.255.255.248', gateway => '193.10.80.145', resolver => ['130.242.80.14','130.242.80.99'], } } node 'NOTYET_frontend-1.urd.appendto.org' { catlfish::frontend { 'frontend-1': logname => 'urd.appendto.org' } catlfish::storage { 'storage-1': logname => 'urd.appendto.org' } } node 'NOTYET_frontend-2.urd.appendto.org' { catlfish::frontend { 'frontend-2': logname => 'urd.appendto.org' } catlfish::storage { 'storage-2': logname => 'urd.appendto.org' } } node 'NOTYET_merge-1.urd.appendto.org' { catlfish::merge { 'merge-1': logname => 'urd.appendto.org' } } node 'NOTYET_sign-1.urd.appendto.org' { catlfish::signing {'signing-1': logname => 'urd.appendto.org' } } node 'NOTYET_sign-2.urd.appendto.org' { catlfish::signing {'signing-2': logname => 'urd.appendto.org' } }