# Note that the matching is done with re.match()
'.*\.cert\.sunet\.se$':
soc:
sunet::starship:
sunet::server:
fail2ban: false
ssh_allow_from_anywhere: false
install_scriptherder: true
sunet::nagios::nrpe:
checks:
- nrpe_check_apt
- nrpe_check_dynamic_disk
- nrpe_check_entropy
- nrpe_check_load
- nrpe_check_memory
- nrpe_check_ntp_time
- nrpe_check_reboot
- nrpe_check_scriptherder
- nrpe_check_total_procs_lax
- nrpe_check_uptime
- nrpe_check_users
- nrpe_check_zombie_procs
'^vul-dashboard-test.cert.sunet.se$':
sunet::dockerhost2:
sunet::certbot::acmed:
soc::sso:
hostname: 'vul-dashboard-test.cert.sunet.se'
email: 'cert@cert.sunet.se'
service_endpoint: 'http://dashboard-dev:8000'
x_remote_user: true
groups:
- 'sunet-cert'
satosa: true
satosa_certbot: false
proxy: 'https://test-sso-proxy1.cert.sunet.se/idp'
entityID: 'https://test-sso-proxy.cert.sunet.se/idp'
soc::vuln_dashboard:
test-sso-proxy1.cert.sunet.se:
sunet::dockerhost2:
sunet::certbot::acmed:
soc::satosa:
ext_cert: '/etc/letsencrypt/live/test-sso-proxy1.cert.sunet.se/fullchain.pem'
ext_cert_key: '/etc/letsencrypt/live/test-sso-proxy1.cert.sunet.se/privkey.pem'
ext_cert_vol: '/etc/letsencrypt'
intelmq-dev.cert.sunet.se:
soc::intelmq:
use_snakeoil: true
use_shib: true
soc::sso:
ssotype: 'apache'
groups:
- 'sunet-cert'
satosa: true
entityID: 'https://test-sso-proxy.cert.sunet.se/idp'
monitor-dev.cert.sunet.se:
sunet::dockerhost2:
soc::naemon_monitor:
domain: monitor-dev.cert.sunet.se
thruk_admins:
- bjorklund@sunet.se
default_host_group: sunet::nagios::nrpe
nrpe_group: sunet::nagios::nrpe
naemon_extra_volumes:
- '/opt/naemon_monitor/shibboleth2.xml:/etc/shibboleth/shibboleth2.xml:ro'
- '/opt/naemon_monitor/frontend.xml:/etc/shibboleth/frontend.xml:ro'
- '/opt/naemon_monitor/attribute-map.xml:/etc/shibboleth/attribute-map.xml:ro'
- '/opt/naemon_monitor/attribute-policy.xml:/etc/shibboleth/attribute-policy.xml:ro'