innholdet i manifest kommer

This commit is contained in:
Gloria Treider 2020-10-02 17:25:40 +02:00
parent 0a7983f17c
commit f5d9b1a06f
6 changed files with 160 additions and 0 deletions

View File

@ -0,0 +1,45 @@
# @summary A short summary of the purpose of this class
#
# A description of what this class does
#
# @example
# include profile::base_linux
#
# profile::base:linux
#
class profile::base_linux {
$root_ssh_key = lookup('base_linux::root_ssh_key')
$linux_sw_pkg = lookup('base_linux::linux_sw_pkg')
# careful when configuring ntp to avoid misuse (opening for DDOS)
class { 'ntp':
servers => [ 'ntp.ntnu.no' ],
restrict => [
'default kod nomodify notrap nopeer noquery',
'-6 default kod nomodify notrap nopeer noquery',
],
}
class { 'timezone':
timezone => 'Europe/Oslo',
}
package { $linux_sw_pkg:
ensure => latest,
}
# root@manager should be able to ssh without password to all
file { '/root/.ssh':
owner => 'root',
group => 'root',
mode => '0700',
ensure => 'directory',
}
ssh_authorized_key { 'root@manager':
user => 'root',
type => 'ssh-rsa',
key => $root_ssh_key,
require => File['/root/.ssh'],
}
}

View File

@ -0,0 +1,34 @@
#
# profile::base_windows
#
class profile::base_windows {
$win_sw_pkg = lookup('base_windows::win_sw_pkg')
# set default package provider on windows to chocolatey, please read https://chocolatey.org/security in
# the future maybe use DSC instead when this is ready:
# https://github.com/PowerShell/PackageManagementProviderResource
include chocolatey
# set chocolatey as default package provider on Windows
case $::operatingsystem {
'windows':
{ Package { provider => chocolatey, } }
default:
{ Package { provider => windows, } }
}
package { $win_sw_pkg:
ensure => 'latest',
}
# a specific version of vim I know is trusted
package { 'vim':
ensure => '8.0.604',
}
# use PowerShell DSC to set timezone
dsc_xtimezone { 'Oslo':
dsc_timezone => 'W. Europe Standard Time',
dsc_issingleinstance => 'yes',
}
# use PowerShell DSC protect against wannacry :)
dsc_windowsfeature {'FS-SMB1':
dsc_ensure => 'absent',
dsc_name => 'FS-SMB1',
}
}

View File

@ -0,0 +1,16 @@
class profile::consul::client {
package { 'unzip':
ensure => latest,
}
class { '::consul':
version => '1.6.0',
config_hash => {
'data_dir' => '/opt/consul',
'datacenter' => 'NTNU',
'log_level' => 'INFO',
'node_name' => $facts['hostname'],
'retry_join' => [ $::serverip ],
},
require => Package['unzip'],
}
}

View File

@ -0,0 +1,18 @@
class profile::consul::server {
package { 'unzip':
ensure => latest,
}
class { '::consul':
version => '1.6.0',
config_hash => {
'bootstrap_expect' => 3,
'data_dir' => '/opt/consul',
'datacenter' => 'NTNU',
'log_level' => 'INFO',
'node_name' => $facts['hostname'],
'server' => true,
'retry_join' => [ $::serverip ],
},
require => Package['unzip'],
}
}

View File

@ -0,0 +1,33 @@
class profile::dns::client {
$dir_ip = lookup( 'Address', undef, undef, '1.1.1.1' )
case $facts['os']['name'] {
'windows': {
dsc_dnsserveraddress { $dir_ip:
dsc_address => $dir_ip,
dsc_interfacealias => $facts['networking']['primary'],
dsc_addressfamily => 'IPv4',
dsc_validate => true,
}
dsc_dnsclientglobalsetting { 'domainname':
dsc_issingleinstance => yes,
dsc_suffixsearchlist => 'node.consul',
}
}
/^(Debian|Ubuntu)$/: {
class { 'netplan':
config_file => '/etc/netplan/50-cloud-init.yaml',
ethernets => {
'ens3' => {
'dhcp4' => true,
'nameservers' => {
'search' => ['node.consul'],
'addresses' => [ "$dir_ip" ],
}
}
},
netplan_apply => true,
}
}
default: { notify { 'Which OS? What?': } }
}
}

View File

@ -0,0 +1,14 @@
class profile::dns::server {
include dns::server
# Forwarders
dns::server::options { '/etc/bind/named.conf.options':
dnssec_enable => false,
dnssec_validation => no,
forwarders => [ '129.241.0.201' ],
}
dns::zone { 'consul':
zone_type => forward,
forward_policy => only,
allow_forwarder => [ '127.0.0.1 port 8600' ],
}
}