define sunet::server() {

  # Set up encrypted swap
  sunet::encrypted_swap { 'sunet_encrypted_swap': }

  # Add prerequisites for ethernet bonding, if physical server
  sunet::ethernet_bonding { 'sunet_ethernet_bonding': }

# Removed until SWAMID hosts can have their ufw module updated  / ft
#  # Ignore IPv6 multicast
#  ufw::deny { 'ignore_v6_multicast':
#    ip    => 'ff02::1',
#    proto => 'any'  # 'ufw' has a hard-coded list of protocols, which does not include 'ipv6-icmp' :(
#  }

#  # Ignore IPv6 multicast PIM router talk
#  ufw::deny { 'ignore_v6_multicast_PIM':
#    ip    => 'ff02::d',
#    proto => 'any'  # 'ufw' has a hard-coded list of protocols, which does not include 'ipv6-icmp' :(
#  }

  include augeas
  augeas { "sshd_config":
    context => "/files/etc/ssh/sshd_config",
    changes => [
      "set PasswordAuthentication no",
      "set X11Forwarding no",
      "set LogLevel VERBOSE",  # log pubkey used for root login
    ],
    notify => Service['ssh'],
  } ->
    file_line {
      'no_sftp_subsystem':
        path        => '/etc/ssh/sshd_config',
        match       => 'Subsystem sftp /usr/lib/openssh/sftp-server',
        line        => '#Subsystem sftp /usr/lib/openssh/sftp-server',
    notify => Service['ssh'],
  }

}