geteduroam-ops/global/overlay/etc/puppet/cosmos-rules.yaml

299 lines
7.1 KiB
YAML

# Note that the matching is done with re.match()
'.+':
# Should be early in the alphabet since it's run in name-order !!! Not in order shown here
geteduroam:
sunet::server:
sshd_config: true
unattended_upgrades: true
unattended_upgrades_use_template: true
install_scriptherder: true
sunet::nagios::nrpe:
checks:
- nrpe_check_apt
- nrpe_check_dynamic_disk
- nrpe_check_entropy
- nrpe_check_load
- nrpe_check_memory
- nrpe_check_ntp_time
- nrpe_check_reboot
- nrpe_check_scriptherder
- nrpe_check_total_procs_lax
- nrpe_check_uptime
- nrpe_check_users
- nrpe_check_zombie_procs
internal-dco-prod-monitor-1.geteduroam.sunet.se:
geteduroam::monitor:
sunet::dockerhost2:
sunet::naemon_monitor:
domain: monitor.geteduroam.sunet.se
naemon_tag: v2024-10-10-01
thruk_tag: v2024-09-02-01
histou_tag: v2023-10-04-02
nagflux_tag: v2023-10-04-01
thruk_admins:
- jocar@sunet.se
- mhert@sunet.se
thruk_users:
- '*@sunet.se'
default_host_group: sunet::nagios::nrpe
nrpe_group: sunet::nagios::nrpe
internal-sto1-test-db-1.geteduroam.sunet.se:
sunet::fleetlock_client:
sunet::dockerhost2:
nat: false
sunet::mariadb::simple:
internal-dco-test-db-2.geteduroam.sunet.se:
sunet::fleetlock_client:
sunet::dockerhost2:
nat: false
sunet::mariadb::simple:
internal-sto3-test-db-3.geteduroam.sunet.se:
sunet::fleetlock_client:
sunet::dockerhost2:
nat: false
sunet::mariadb::simple:
internal-sto1-test-backup-1.geteduroam.sunet.se:
sunet::dockerhost2:
sunet::mariadb::backup:
sunet::baas2:
monitor_backups: false
nodename: F787C7718D44
backup_dirs:
- '/opt/mariadb/backups'
internal-sto1-prod-backup-1.geteduroam.sunet.se:
sunet::dockerhost2:
sunet::mariadb::backup:
sunet::baas2:
monitor_backups: false
nodename: 8EE2313F7A00
backup_dirs:
- '/opt/mariadb/backups'
internal-sto1-test-admin-1.geteduroam.sunet.se:
sunet::dockerhost2:
internal-sto1-test-app-1.geteduroam.sunet.se:
sunet::fleetlock_client:
sunet::frontend::register_sites:
sites:
'get.test.eduroam.se':
frontends:
- 'se-fre-lb-1.sunet.se'
- 'se-tug-lb-1.sunet.se'
port: '443'
sunet::dockerhost2:
sunet::geteduroam:
domain: get.test.eduroam.se
realm: get-v1.test.eduroam.se
radius: false
app_admins:
- jocar@sunet.se
- bjorn@sunet.se
- pax@sunet.se
- mifr@sunet.se
- mhert@sunet.se
customers:
sunet.se:
- member
internal-dco-test-app-2.geteduroam.sunet.se:
sunet::fleetlock_client:
sunet::frontend::register_sites:
sites:
'get.test.eduroam.se':
frontends:
- 'se-fre-lb-1.sunet.se'
- 'se-tug-lb-1.sunet.se'
port: '443'
sunet::dockerhost2:
sunet::geteduroam:
domain: get.test.eduroam.se
realm: get-v1.test.eduroam.se
radius: false
app_admins:
- jocar@sunet.se
- bjorn@sunet.se
- pax@sunet.se
- mifr@sunet.se
- mhert@sunet.se
customers:
sunet.se:
- member
internal-sto3-test-app-3.geteduroam.sunet.se:
sunet::fleetlock_client:
sunet::frontend::register_sites:
sites:
'get.test.eduroam.se':
frontends:
- 'se-fre-lb-1.sunet.se'
- 'se-tug-lb-1.sunet.se'
port: '443'
sunet::dockerhost2:
sunet::geteduroam:
domain: get.test.eduroam.se
realm: get-v1.test.eduroam.se
radius: false
app_admins:
- jocar@sunet.se
- bjorn@sunet.se
- pax@sunet.se
- mifr@sunet.se
- mhert@sunet.se
customers:
sunet.se:
- member
internal-sto1-test-radius-1.geteduroam.sunet.se:
sunet::fleetlock_client:
sunet::dockerhost2:
sunet::geteduroam:
domain: get.test.eduroam.se
realm: get-v1.test.eduroam.se
app: false
sunet::certbot::acmed:
sunet::certbot::sync::client:
sunet::certbot::sync::server:
internal-dco-test-radius-2.geteduroam.sunet.se:
sunet::fleetlock_client:
sunet::dockerhost2:
sunet::geteduroam:
domain: get.test.eduroam.se
realm: get-v1.test.eduroam.se
app: false
sunet::certbot::sync::client:
internal-sto3-test-radius-3.geteduroam.sunet.se:
sunet::fleetlock_client:
sunet::dockerhost2:
sunet::geteduroam:
domain: get.test.eduroam.se
realm: get-v1.test.eduroam.se
app: false
sunet::certbot::sync::client:
internal-sto1-prod-db-1.geteduroam.sunet.se:
sunet::fleetlock_client:
sunet::dockerhost2:
nat: false
geteduroam::db:
internal-dco-prod-db-2.geteduroam.sunet.se:
sunet::fleetlock_client:
sunet::dockerhost2:
nat: false
geteduroam::db:
internal-sto3-prod-db-3.geteduroam.sunet.se:
sunet::fleetlock_client:
sunet::dockerhost2:
nat: false
geteduroam::db:
internal-sto1-prod-app-1.geteduroam.sunet.se:
sunet::fleetlock_client:
sunet::dockerhost2:
sunet::geteduroam:
domain: geteduroam.se
realm: v1.geteduroam.se
radius: false
app_admins:
- jocar@sunet.se
- bjorn@sunet.se
- pax@sunet.se
- mifr@sunet.se
- mhert@sunet.se
customers:
sunet.se:
- member
sunet::frontend::register_sites:
sites:
'geteduroam.se':
frontends:
- tug-lb-1.sunet.se
- sthb-lb-1.sunet.se
port: '443'
internal-sto3-prod-app-3.geteduroam.sunet.se:
sunet::fleetlock_client:
sunet::dockerhost2:
sunet::geteduroam:
domain: geteduroam.se
realm: v1.geteduroam.se
radius: false
app_admins:
- jocar@sunet.se
- bjorn@sunet.se
- pax@sunet.se
- mifr@sunet.se
- mhert@sunet.se
customers:
sunet.se:
- member
sunet::frontend::register_sites:
sites:
'geteduroam.se':
frontends:
- tug-lb-1.sunet.se
- sthb-lb-1.sunet.se
port: '443'
internal-dco-prod-app-2.geteduroam.sunet.se:
sunet::fleetlock_client:
sunet::dockerhost2:
sunet::geteduroam:
domain: geteduroam.se
realm: v1.geteduroam.se
radius: false
app_admins:
- jocar@sunet.se
- bjorn@sunet.se
- pax@sunet.se
- mifr@sunet.se
- mhert@sunet.se
customers:
sunet.se:
- member
sunet::frontend::register_sites:
sites:
'geteduroam.se':
frontends:
- tug-lb-1.sunet.se
- sthb-lb-1.sunet.se
port: '443'
internal-sto1-prod-radius-1.geteduroam.sunet.se:
sunet::fleetlock_client:
sunet::dockerhost2:
sunet::geteduroam:
domain: geteduroam.se
realm: v1.geteduroam.se
app: false
sunet::certbot::acmed:
sunet::certbot::sync::server:
internal-dco-prod-radius-2.geteduroam.sunet.se:
sunet::fleetlock_client:
sunet::dockerhost2:
sunet::geteduroam:
domain: geteduroam.se
realm: v1.geteduroam.se
app: false
sunet::certbot::sync::client:
internal-sto3-prod-radius-3.geteduroam.sunet.se:
sunet::fleetlock_client:
sunet::dockerhost2:
sunet::geteduroam:
domain: geteduroam.se
realm: v1.geteduroam.se
app: false
sunet::certbot::sync::client: