From 80d192bd8d8323c54af988280a615e3565d808f4 Mon Sep 17 00:00:00 2001
From: Patrik Lundin <patlu@sunet.se>
Date: Mon, 27 May 2024 15:35:35 +0200
Subject: [PATCH] Add basic cosmos-rules defaults

Fetched from knubbis-ops
---
 global/overlay/etc/puppet/cosmos-rules.yaml | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/global/overlay/etc/puppet/cosmos-rules.yaml b/global/overlay/etc/puppet/cosmos-rules.yaml
index cffd808..eb48ab6 100644
--- a/global/overlay/etc/puppet/cosmos-rules.yaml
+++ b/global/overlay/etc/puppet/cosmos-rules.yaml
@@ -1,3 +1,17 @@
 # Note that the matching is done with re.match()
-'^ns[0-9]?.mnt.se$':
-   nameserver:
+'.+':
+   sunet::server:
+      fail2ban: false
+      unattended_upgrades: true
+      disable_ipv6_privacy: true
+      disable_all_local_users: true
+      install_scriptherder: true
+   sunet::ntp:
+      disable_pool_ntp_org: true
+      set_servers: [
+        "gbg1.ntp.se",
+        "mmo1.ntp.se",
+        "sth1.ntp.se",
+        "svl1.ntp.se",
+        "lul1.ntp.se",
+      ]