# This manifest is managed using cosmos

Exec {
  path => "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
}

# include some of this stuff for additional features

#include cosmos::tools
#include cosmos::motd
#include cosmos::ntp
#include cosmos::rngtools
#include cosmos::preseed
#include ufw
#include apt
#include cosmos

# you need a default node

node default {

}

$ssh_authorized_keys = hiera_hash('ssh_authorized_keys', undef)
if is_hash($ssh_authorized_keys) {
  create_resources('ssh_authorized_key', $ssh_authorized_keys)
}

# edit and uncomment to manage ssh root keys in a simple way

#class { 'cosmos::access':
#   keys => [
#      "ssh-rsa ..."
#   ]
#}

# example config for the nameserver class which is matched in cosmos-rules.yaml

#class nameserver {
#   package {'bind9':
#      ensure => latest
#   }
#   service {'bind9':
#      ensure => running
#   }
#   ufw::allow { "allow-dns-udp":
#      ip   => 'any',
#      port => 53,
#      proto => "udp"
#   }
#   ufw::allow { "allow-dns-tcp":
#      ip   => 'any',
#      port => 53,
#      proto => "tcp"
#   }
#}

if $::facts['hostname'] =~ /^k8s[wc]/ {
    warning('Setting nftables to installed but disabled')
    ensure_resource ('class','sunet::nftables::init', { enabled => false })
} else {
    warning('Enabling nftables')
    ensure_resource ('class','sunet::nftables::init', { })
}