summaryrefslogtreecommitdiff
path: root/global/overlay/etc/puppet/manifests/cosmos-site.pp
blob: 4dc4ddea6f2ee6da2b89a5b6c758c994719f3798 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
# This manifest is managed using cosmos

Exec {
  path => "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
}

# include some of this stuff for additional features

#include cosmos::tools
#include cosmos::motd
#include cosmos::ntp
#include cosmos::rngtools
#include cosmos::preseed
include ufw
include apt
include cosmos

# you need a default node

node default {

}

# edit and uncomment to manage ssh root keys in a simple way

#class { 'cosmos::access':
#   keys => [
#      "ssh-rsa ..."
#   ]
#}

# example config for the nameserver class which is matched in cosmos-rules.yaml

#class nameserver {
#   package {'bind9':
#      ensure => latest
#   }
#   service {'bind9':
#      ensure => running
#   }
#   ufw::allow { "allow-dns-udp":
#      ip   => 'any',
#      port => 53,
#      proto => "udp"
#   }
#   ufw::allow { "allow-dns-tcp":
#      ip   => 'any',
#      port => 53,
#      proto => "tcp"
#   }
#}


ufw::allow {"allow-ssh-tcp":
   ip => 'any',
   port => 22,
   proto => 'tcp'
}

node 'sto-tug-kvm1.swamid.se' {
   class { 'dhcp':
      dnsdomain    => [ 'eduid.se','sunet.se' ],
      nameservers  => ['130.242.80.14','130.242.80.99'],
      ntpservers   => ['pool.ntp.org'],
      interfaces   => ['eth0'],
      #pxeserver    => '130.242.125.5',
      #pxefilename  => 'pxelinux.0'
   }
   dhcp::pool {'install':
      network => '130.242.125.0',
      mask => '255.255.255.192',
      gateway => '130.242.125.1',
      range => ''
   }

   dhcp::pool {'eduid-tug-IdP':
      network => '130.242.130.0',
      mask => '255.255.255.248',
      gateway => '130.242.130.1',
      range => ''
   }

   dhcp::pool {'eduid-tug-auth':
      network => '130.242.130.8',
      mask => '255.255.255.248',
      gateway => '130.242.130.9',
      range => ''
   }

   dhcp::pool {'eduid-tug-other':
      network => '130.242.130.16',
      mask => '255.255.255.240',
      gateway => '130.242.130.17',
      range => ''
   }

   dhcp::host {
     'kvmidp-tug-2': mac => "24:b6:fd:fe:fa:51", ip => "130.242.130.4";
   }

   dhcp::host {
     'idp-tug-2a': mac => "52:54:00:01:00:01", ip => "130.242.130.5";
   }

   dhcp::host {
     'idp-tug-2b': mac => "52:54:00:01:00:02", ip => "130.242.130.6";
   }

   dhcp::host {
     'auth-tug-2': mac => "f0:4d:a2:73:4e:9b", ip => "130.242.130.12";
   }

   dhcp::host {
     'kvm-tug-2': mac => "f0:4d:a2:73:4f:82", ip => "130.242.130.20";
   }

   dhcp::host {
     'db-tug-2': mac => "24:b6:fd:fe:fa:f0", ip => "130.242.130.21";
   }
}