From 30dabc2c67da363c39a013bb78ed529be47f951c Mon Sep 17 00:00:00 2001
From: Mikael Frykholm <mifr@sunet.se>
Date: Fri, 1 Mar 2024 12:26:29 +0100
Subject: [PATCH] Add ssh keys and generic setup stuff.

---
 global/overlay/etc/hiera/data/common.yaml     | 34 +++++++++++++++++++
 .../etc/puppet/modules/rut/manifests/init.pp  | 13 +++++++
 2 files changed, 47 insertions(+)
 create mode 100644 global/overlay/etc/hiera/data/common.yaml
 create mode 100644 global/overlay/etc/puppet/modules/rut/manifests/init.pp

diff --git a/global/overlay/etc/hiera/data/common.yaml b/global/overlay/etc/hiera/data/common.yaml
new file mode 100644
index 0000000..0f03fc8
--- /dev/null
+++ b/global/overlay/etc/hiera/data/common.yaml
@@ -0,0 +1,34 @@
+---
+nrpe_clients:
+   - 127.0.0.1            # localhost
+   - 127.0.1.1            # localhost
+   - 172.16.0.0/12        # docker containers
+   - 109.105.111.111      # nagiosxi.nordu.net
+   - 2001:948:4:6::111    # nagiosxi.nordu.net
+   - 89.47.184.128        # watcher.sunet.se
+   - 2001:6b0:5a:4020::8e # watcher.sunet.se
+
+syslog_servers:
+   - syslog.sunet.se:514
+
+mgmt_addresses:
+    - 130.242.125.68    # hoppjerka.sunet.se
+    - 2001:6b0:8:4::68  # hoppjerka.sunet.se
+    - 130.242.121.73    # joppherka.sunet.se
+    - 2001:6b0:7:6::73  # joppherka.sunet.se
+
+# Database of SSH keys. Presence of a key in this database does NOT mean it gets
+# installed anywhere. Real ACLs refer to keys in this database.
+sunetops_ssh_keys:
+  'root':
+    - 'berra+96E0A9D4'
+    - 'mariah+CA747E57'
+    - 'kjellman-000607431461'
+    - 'jonas-6CB01A0F'
+    - 'pahol+93F77273'
+
+rutops_ssh_keys:
+  'root':
+    - 'bjorn+8E2DA8EB05F646D7'
+    - 'mifr+1467F9D69135C236'
+    - 'jocar'
diff --git a/global/overlay/etc/puppet/modules/rut/manifests/init.pp b/global/overlay/etc/puppet/modules/rut/manifests/init.pp
new file mode 100644
index 0000000..00ab0a1
--- /dev/null
+++ b/global/overlay/etc/puppet/modules/rut/manifests/init.pp
@@ -0,0 +1,13 @@
+class rut {
+  include sunet::motd
+
+  sunet::ssh_keys { 'rutops':
+    config => safe_hiera('rutops_ssh_keys', {})
+  }
+
+  sunet::ssh_keys { 'sunetops':
+    config => safe_hiera('sunetops_ssh_keys', {})
+  }
+
+  include sunet::rsyslog
+}