2013-09-02 14:01:50 +00:00
|
|
|
# This manifest is managed using cosmos
|
|
|
|
|
|
|
|
Exec {
|
|
|
|
path => "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
|
|
|
|
}
|
|
|
|
|
|
|
|
# include some of this stuff for additional features
|
|
|
|
|
|
|
|
#include cosmos::tools
|
|
|
|
#include cosmos::motd
|
|
|
|
#include cosmos::ntp
|
|
|
|
#include cosmos::rngtools
|
|
|
|
#include cosmos::preseed
|
2023-01-19 16:15:37 +00:00
|
|
|
#include ufw
|
|
|
|
#include apt
|
|
|
|
#include cosmos
|
2013-09-02 14:01:50 +00:00
|
|
|
|
|
|
|
# you need a default node
|
|
|
|
|
2023-01-19 16:15:37 +00:00
|
|
|
node default {
|
2013-09-02 14:01:50 +00:00
|
|
|
|
|
|
|
}
|
2024-03-01 12:55:23 +00:00
|
|
|
class infra_ca_rp {
|
|
|
|
sunet::ici_ca::rp { 'infra': }
|
|
|
|
}
|
2013-09-02 14:01:50 +00:00
|
|
|
# edit and uncomment to manage ssh root keys in a simple way
|
|
|
|
|
|
|
|
#class { 'cosmos::access':
|
|
|
|
# keys => [
|
|
|
|
# "ssh-rsa ..."
|
|
|
|
# ]
|
|
|
|
#}
|
|
|
|
|
|
|
|
# example config for the nameserver class which is matched in cosmos-rules.yaml
|
|
|
|
|
|
|
|
#class nameserver {
|
|
|
|
# package {'bind9':
|
2023-01-19 16:15:37 +00:00
|
|
|
# ensure => latest
|
|
|
|
# }
|
2013-09-02 14:01:50 +00:00
|
|
|
# service {'bind9':
|
|
|
|
# ensure => running
|
|
|
|
# }
|
|
|
|
# ufw::allow { "allow-dns-udp":
|
|
|
|
# ip => 'any',
|
|
|
|
# port => 53,
|
|
|
|
# proto => "udp"
|
|
|
|
# }
|
|
|
|
# ufw::allow { "allow-dns-tcp":
|
|
|
|
# ip => 'any',
|
|
|
|
# port => 53,
|
|
|
|
# proto => "tcp"
|
|
|
|
# }
|
|
|
|
#}
|