101 lines
2.8 KiB
YAML
101 lines
2.8 KiB
YAML
# Note that the matching is done with re.match()
|
|
'.*\.cert\.sunet\.se$':
|
|
soc:
|
|
sunet::starship:
|
|
sunet::server:
|
|
fail2ban: false
|
|
ssh_allow_from_anywhere: false
|
|
install_scriptherder: true
|
|
sunet::nagios::nrpe:
|
|
checks:
|
|
- nrpe_check_apt
|
|
- nrpe_check_dynamic_disk
|
|
- nrpe_check_entropy
|
|
- nrpe_check_load
|
|
- nrpe_check_memory
|
|
- nrpe_check_ntp_time
|
|
- nrpe_check_reboot
|
|
- nrpe_check_scriptherder
|
|
- nrpe_check_total_procs_lax
|
|
- nrpe_check_uptime
|
|
- nrpe_check_users
|
|
- nrpe_check_zombie_procs
|
|
|
|
'^vul-dashboard-test.cert.sunet.se$':
|
|
sunet::dockerhost2:
|
|
sunet::certbot::acmed:
|
|
soc::sso:
|
|
hostname: 'vul-dashboard-test.cert.sunet.se'
|
|
email: 'cert@cert.sunet.se'
|
|
service_endpoint: 'http://dashboard-dev:8000'
|
|
x_remote_user: true
|
|
groups:
|
|
- 'sunet-cert'
|
|
satosa: true
|
|
satosa_certbot: false
|
|
proxy: 'https://test-sso-proxy1.cert.sunet.se/idp'
|
|
entityID: 'https://test-sso-proxy.cert.sunet.se/idp'
|
|
# soc::vuln_dashboard:
|
|
|
|
test-sso-proxy1.cert.sunet.se:
|
|
sunet::dockerhost2:
|
|
sunet::certbot::acmed:
|
|
soc::satosa:
|
|
ext_cert: '/etc/letsencrypt/live/test-sso-proxy1.cert.sunet.se/fullchain.pem'
|
|
ext_cert_key: '/etc/letsencrypt/live/test-sso-proxy1.cert.sunet.se/privkey.pem'
|
|
ext_cert_vol: '/etc/letsencrypt'
|
|
|
|
intelmq-dev.cert.sunet.se:
|
|
soc::intelmq:
|
|
use_snakeoil: true
|
|
use_shib: true
|
|
soc::sso:
|
|
ssotype: 'apache'
|
|
groups:
|
|
- 'sunet-cert'
|
|
satosa: true
|
|
entityID: 'https://test-sso-proxy.cert.sunet.se/idp'
|
|
|
|
monitor-dev.cert.sunet.se:
|
|
sunet::dockerhost2:
|
|
soc::naemon_monitor:
|
|
domain: monitor-dev.cert.sunet.se
|
|
thruk_admins:
|
|
- bjorklund@sunet.se
|
|
default_host_group: sunet::nagios::nrpe
|
|
nrpe_group: sunet::nagios::nrpe
|
|
naemon_extra_volumes:
|
|
- '/opt/naemon_monitor/shibboleth2.xml:/etc/shibboleth/shibboleth2.xml:ro'
|
|
- '/opt/naemon_monitor/frontend.xml:/etc/shibboleth/frontend.xml:ro'
|
|
- '/opt/naemon_monitor/attribute-map.xml:/etc/shibboleth/attribute-map.xml:ro'
|
|
- '/opt/naemon_monitor/attribute-policy.xml:/etc/shibboleth/attribute-policy.xml:ro'
|
|
|
|
graylog-dev.cert.sunet.se:
|
|
sunet::dockerhost2:
|
|
sunet::certbot::acmed:
|
|
soc::sso:
|
|
groups:
|
|
- sunet-cert
|
|
entityID: 'https://test-sso-proxy.cert.sunet.se/idp'
|
|
x_remote_user: true
|
|
service_endpoint: 'http://server:9000'
|
|
extra_proxy_conf: '/opt/sso/apache/graylog.conf'
|
|
|
|
rt-test.cert.sunet.se:
|
|
sunet::certbot::acmed:
|
|
soc::sso:
|
|
ssotype: 'apache'
|
|
groups:
|
|
- 'sunet-cert'
|
|
satosa: true
|
|
entityID: 'https://test-sso-proxy.cert.sunet.se/idp'
|
|
|
|
zammad-test.cert.sunet.se:
|
|
sunet::dockerhost2:
|
|
sunet::certbot::acmed:
|
|
soc::sso:
|
|
service_endpoint: 'http://zammad-nginx:8080'
|
|
groups:
|
|
- 'sunet-cert'
|
|
entityID: 'https://test-sso-proxy.cert.sunet.se/idp'
|
|
remote_user: true
|