63 lines
No EOL
1.7 KiB
Puppet
63 lines
No EOL
1.7 KiB
Puppet
class net::cisoassistant_test ($ciso_service_name='') {
|
|
$nftables_rules = {
|
|
'allow_access_to_cisoassistant' => {
|
|
from => 'any',
|
|
port => 8443,
|
|
to => 'any',
|
|
proto => 'tcp',
|
|
},
|
|
'allow_access_to_cisoassistant_api' => {
|
|
from => 'any',
|
|
port => 9443,
|
|
to => 'any',
|
|
proto => 'tcp',
|
|
},
|
|
'allow_access_to_always_https_acme_c' => {
|
|
from => 'any',
|
|
port => 80,
|
|
to => 'any',
|
|
proto => 'tcp',
|
|
},
|
|
}
|
|
$nftables_rules.each |$name, $params| {
|
|
sunet::nftables::allow { $name:
|
|
* => $params,
|
|
}
|
|
}
|
|
|
|
ensure_resource('file','/opt/cisoas', { ensure => directory } )
|
|
ensure_resource('file','/opt/cisoas/compose', { ensure => directory } )
|
|
|
|
sunet::docker_compose {'cisoas':
|
|
service_name => 'cisoas',
|
|
description => 'CISO Assistant',
|
|
compose_dir => '/opt/cisoas/compose',
|
|
content => template('net/cisoassistant/docker-compose.yml.erb'),
|
|
}
|
|
|
|
file { '/opt/cisoas/update-cisoas-enterprise.sh':
|
|
mode => '0744',
|
|
owner => 'root',
|
|
group => 'root',
|
|
content => file('net/cisoassistant/update-cisoas-enterprise_test.sh'),
|
|
}
|
|
|
|
file { '/opt/cisoas/update-ciso-assistant.sh':
|
|
mode => '0744',
|
|
owner => 'root',
|
|
group => 'root',
|
|
content => file('net/cisoassistant/update-ciso-assistant.sh'),
|
|
}
|
|
|
|
file { '/opt/cisoas/Caddyfile':
|
|
owner => 'root',
|
|
group => 'root',
|
|
content => template('net/cisoassistant/Caddyfile.erb'),
|
|
}
|
|
|
|
sunet::scriptherder::cronjob { 'Upgrade cisoassistant images':
|
|
cmd => '/opt/cisoas/update-cisoas-enterprise.sh',
|
|
weekday => 'Saturday',
|
|
ok_criteria => ['exit_status=0', 'max_age=10d'],
|
|
}
|
|
} |