soc-ops/global/overlay/etc/puppet/cosmos-rules.yaml

# Note that the matching is done with re.match()
'.*\.cert\.sunet\.se$':
  soc:
  sunet::starship:
  sunet::server:
    fail2ban: false
    ssh_allow_from_anywhere: false
    install_scriptherder: true
  sunet::nagios::nrpe:
    checks:
      - nrpe_check_apt
      - nrpe_check_dynamic_disk
      - nrpe_check_entropy
      - nrpe_check_load
      - nrpe_check_memory
      - nrpe_check_ntp_time
      - nrpe_check_reboot
      - nrpe_check_scriptherder
      - nrpe_check_total_procs_lax
      - nrpe_check_uptime
      - nrpe_check_users
      - nrpe_check_zombie_procs

'^vul-dashboard-test.cert.sunet.se$':
  sunet::dockerhost2:
  sunet::certbot::acmed:
  soc::sso:
    hostname: 'vul-dashboard-test.cert.sunet.se'
    email: 'cert@cert.sunet.se'
    service_endpoint: 'http://dashboard-dev:8000'
    x_remote_user: true
    groups:
      - 'sunet-cert'
    satosa: true
    satosa_certbot: false
    proxy: 'https://test-sso-proxy1.cert.sunet.se/idp'
    entityID: 'https://test-sso-proxy.cert.sunet.se/idp'
  soc::vuln_dashboard:

test-sso-proxy1.cert.sunet.se:
  sunet::dockerhost2:
  sunet::certbot::acmed:
  soc::satosa:
    ext_cert: '/etc/letsencrypt/live/test-sso-proxy1.cert.sunet.se/fullchain.pem'
    ext_cert_key: '/etc/letsencrypt/live/test-sso-proxy1.cert.sunet.se/privkey.pem'
    ext_cert_vol: '/etc/letsencrypt'

intelmq-dev.cert.sunet.se:
  soc::intelmq:
    use_snakeoil: true
    use_shib: true
  soc::sso:
    ssotype: 'apache'
    groups:
      - 'sunet-cert'
    satosa: true
    entityID: 'https://test-sso-proxy.cert.sunet.se/idp'

monitor-dev.cert.sunet.se:
  sunet::dockerhost2:
  soc::naemon_monitor:
    domain: monitor-dev.cert.sunet.se
    thruk_admins:
      - bjorklund@sunet.se
    default_host_group: sunet::nagios::nrpe
    nrpe_group: sunet::nagios::nrpe
    naemon_extra_volumes:
      - '/opt/naemon_monitor/shibboleth2.xml:/etc/shibboleth/shibboleth2.xml:ro'
      - '/opt/naemon_monitor/frontend.xml:/etc/shibboleth/frontend.xml:ro'
      - '/opt/naemon_monitor/attribute-map.xml:/etc/shibboleth/attribute-map.xml:ro'
      - '/opt/naemon_monitor/attribute-policy.xml:/etc/shibboleth/attribute-policy.xml:ro'

graylog-dev.cert.sunet.se:
  sunet::dockerhost2:
  sunet::certbot::acmed:
  soc::sso:
    groups:
      - sunet-cert
    entityID: 'https://test-sso-proxy.cert.sunet.se/idp'
    x_remote_user: true
    service_endpoint: 'http://server:9000'
Changed example regex to make it a bit more apparent that the regex is to be used with re.match and not re.search 2019-02-12 16:21:24 +01:00			`# Note that the matching is done with re.match()`
First try just to deloy ssh keys. 2024-10-25 13:03:34 +02:00			`'.*\.cert\.sunet\.se$':`
Add soc class, will it work? 2024-10-28 10:34:42 +01:00			`soc:`
Fixed typio. 2024-10-31 13:23:12 +01:00			`sunet::starship:`
First try just to deloy ssh keys. 2024-10-25 13:03:34 +02:00			`sunet::server:`
Disable fail2ban. 2024-10-25 16:04:10 +02:00			`fail2ban: false`
First try just to deloy ssh keys. 2024-10-25 13:03:34 +02:00			`ssh_allow_from_anywhere: false`
Deploy naemon_monitor on monitor-dev. 2024-11-27 14:31:27 +01:00			`install_scriptherder: true`
			`sunet::nagios::nrpe:`
Testing out sunet::nagios::nrpe 2024-11-29 10:40:41 +01:00			`checks:`
			`- nrpe_check_apt`
			`- nrpe_check_dynamic_disk`
			`- nrpe_check_entropy`
			`- nrpe_check_load`
			`- nrpe_check_memory`
			`- nrpe_check_ntp_time`
			`- nrpe_check_reboot`
			`- nrpe_check_scriptherder`
			`- nrpe_check_total_procs_lax`
			`- nrpe_check_uptime`
			`- nrpe_check_users`
			`- nrpe_check_zombie_procs`
Let's see if anything works ... or just bombs 2024-10-28 15:19:24 +01:00
Preparing vul dashbaord and sso. 2024-10-31 13:09:38 +01:00			`'^vul-dashboard-test.cert.sunet.se$':`
			`sunet::dockerhost2:`
Set up acme-d. 2024-10-31 13:37:55 +01:00			`sunet::certbot::acmed:`
Set up SSO. 2024-10-31 13:51:26 +01:00			`soc::sso:`
Typo 2024-10-31 14:15:01 +01:00			`hostname: 'vul-dashboard-test.cert.sunet.se'`
Set up SSO. 2024-10-31 13:51:26 +01:00			`email: 'cert@cert.sunet.se'`
Use correct docker image for vuln-dashboard 2024-12-06 13:54:07 +01:00			`service_endpoint: 'http://dashboard-dev:8000'`
Set up SSO. 2024-10-31 13:51:26 +01:00			`x_remote_user: true`
			`groups:`
			`- 'sunet-cert'`
			`satosa: true`
			`satosa_certbot: false`
Correct proxy url. 2024-11-04 09:47:34 +01:00			`proxy: 'https://test-sso-proxy1.cert.sunet.se/idp'`
SSO proxy fixes 2024-11-20 09:08:20 +01:00			`entityID: 'https://test-sso-proxy.cert.sunet.se/idp'`
- != _ 2024-12-06 13:18:18 +01:00			`soc::vuln_dashboard:`
Added a lot of SSO stuff and base for SSO proxy. 2024-10-29 10:59:13 +01:00
			`test-sso-proxy1.cert.sunet.se:`
			`sunet::dockerhost2:`
commit commit. 2024-10-30 13:25:26 +01:00			`sunet::certbot::acmed:`
Fixing with satosa. 2024-10-30 13:39:04 +01:00			`soc::satosa:`
Switch to soc::satosa 2024-10-31 08:52:40 +01:00			`ext_cert: '/etc/letsencrypt/live/test-sso-proxy1.cert.sunet.se/fullchain.pem'`
			`ext_cert_key: '/etc/letsencrypt/live/test-sso-proxy1.cert.sunet.se/privkey.pem'`
			`ext_cert_vol: '/etc/letsencrypt'`
Added new host 2024-11-13 16:26:40 +01:00
			`intelmq-dev.cert.sunet.se:`
First test soc::intelmq: 2024-11-13 16:35:12 +01:00			`soc::intelmq:`
Bugfix. 2024-11-14 14:20:01 +01:00			`use_snakeoil: true`
Fixes with auth.. 2024-11-20 14:24:53 +01:00			`use_shib: true`
Added sso-rules for intelmq-dev 2024-11-20 13:23:36 +01:00			`soc::sso:`
Bugfix. 2024-11-20 13:31:52 +01:00			`ssotype: 'apache'`
Added sso-rules for intelmq-dev 2024-11-20 13:23:36 +01:00			`groups:`
			`- 'sunet-cert'`
			`satosa: true`
			`entityID: 'https://test-sso-proxy.cert.sunet.se/idp'`
Start install monitor-dev 2024-11-27 14:16:16 +01:00
Setup monitor-dev 2024-11-27 14:25:03 +01:00			`monitor-dev.cert.sunet.se:`
Start install monitor-dev 2024-11-27 14:16:16 +01:00			`sunet::dockerhost2:`
Copy class sunet::naemon_monitor to soc as we use acme-d for certs. 2024-11-27 15:56:01 +01:00			`soc::naemon_monitor:`
Deploy naemon_monitor on monitor-dev. 2024-11-27 14:31:27 +01:00			`domain: monitor-dev.cert.sunet.se`
Typo 2024-11-27 14:33:15 +01:00			`thruk_admins:`
Deploy naemon_monitor on monitor-dev. 2024-11-27 14:31:27 +01:00			`- bjorklund@sunet.se`
Add missing shib config 2024-11-28 13:58:23 +01:00			`default_host_group: sunet::nagios::nrpe`
Deploy naemon_monitor on monitor-dev. 2024-11-27 14:31:27 +01:00			`nrpe_group: sunet::nagios::nrpe`
Rolling back some custom things i naemon_monitor 2024-11-29 15:16:34 +01:00			`naemon_extra_volumes:`
			`- '/opt/naemon_monitor/shibboleth2.xml:/etc/shibboleth/shibboleth2.xml:ro'`
			`- '/opt/naemon_monitor/frontend.xml:/etc/shibboleth/frontend.xml:ro'`
			`- '/opt/naemon_monitor/attribute-map.xml:/etc/shibboleth/attribute-map.xml:ro'`
			`- '/opt/naemon_monitor/attribute-policy.xml:/etc/shibboleth/attribute-policy.xml:ro'`
First setup of graylog-dev.cert.sunet.se 2024-12-11 13:29:33 +01:00
			`graylog-dev.cert.sunet.se:`
			`sunet::dockerhost2:`
			`sunet::certbot::acmed:`
Typo. 2024-12-11 13:38:33 +01:00			`soc::sso:`
Setup SSO on graylog-dev 2024-12-11 13:36:54 +01:00			`groups:`
			`- sunet-cert`
			`entityID: 'https://test-sso-proxy.cert.sunet.se/idp'`
			`x_remote_user: true`
			`service_endpoint: 'http://server:9000'`