Commit graph

18 commits

Author SHA1 Message Date
John Van de Meulebrouck Brendgard 8d4ce2d1b7
Make sure that COSMOS_BASE is only readable
by root since it's possible that the directory
can contain files that after applying the
overlay to / only should be read or writable
by root.
2023-11-17 15:03:47 +01:00
John Van de Meulebrouck Brendgard 75e566ab61
Make sure that /root in overlay is owned by root
as well as that /root/.ssh and its content is
only owned and readable by root. This is redundant
if the previous permissions were properly applied
and no other changes have been made by the user
or something else, but is added for good measure
as a layered defense.
2023-11-17 14:58:51 +01:00
Johan Wassberg a6a67d355f
Diffable 2023-11-14 15:28:46 +01:00
Johan Wassberg 120c4a5a93
A few more depends for Bookworm 2023-11-14 15:27:45 +01:00
Johan Wassberg 58a9ca7aa9
No need of x11 on our servers 2023-10-02 12:39:44 +02:00
Micke Nordin 3aac1f97d8
Add additional packages for use with debian 12
This patch will install three packages that is needed for normal operations of puppet using puppet-sunet with multiverse on Debian 12:

cron puppet-module-puppetlabs-cron-core puppet-module-camptocamp-augeas
2023-07-10 16:32:20 +02:00
Patrik Lundin 906edf3caf
Merge pull request #32 from SUNET/feature-ft-install_eyaml
Install eyaml on newer hosts
2023-02-06 12:31:31 +01:00
Fredrik Thulin 25463e6013
respect COSMOS_VERBOSE 2023-02-03 16:04:51 +01:00
Fredrik Thulin f9a286fc05
install eyaml on Ubuntu from 18.04 and Debian from version 10 2023-02-03 15:40:15 +01:00
Fredrik Thulin e08346aa30
cleanup, use stamp-file, only run on old OS versions 2023-02-03 15:39:49 +01:00
Leif Johansson d604d2fab5
set no-protection on the private key 2023-01-30 12:07:33 +01:00
Johan Wassberg fb4849a0df
Use puppet that comes with OS
nunoc-ops does like this since 2018 so I think it will fly.

Also the package `puppet` seems to been around since at-least Ubuntu 14.04.
2023-01-17 13:53:13 +01:00
Patrik Lundin 68d0083557
Make overlay permission script global
This will make sure /root has proper permissions on our machines.
2022-12-05 15:02:37 +01:00
Fredrik Thulin b5d538ece1
init, from eduid-ops 2019-04-04 14:59:36 +02:00
John Van de Meulebrouck Brendgard 2e2cc75029
Do not fetch puppet deb over http, instead do as seen in eduID 2016-08-27 23:51:58 +02:00
Fredrik Thulin 389c04019b Add hiera-gpg for storing secrets used in templates. 2013-12-19 15:11:19 +01:00
Leif Johansson b71aac9793 move package install to post-tasks before puppet 2013-09-03 11:31:05 +02:00
Leif Johansson 7515782eb5 import 2013-09-02 16:01:50 +02:00