Patrik Lundin
f537508bee
Do not install ntp with cosmos script
...
This is handled with sunet::server
2024-10-17 16:36:45 +02:00
Patrik Lundin
443611dd3f
Merge pull request #49 from SUNET/john-permissions-fix
...
Enforce more strict permissions for files in Cosmos
2024-07-03 11:36:21 +02:00
Patrik Holmqvist
bc9d1dc960
Use upstream puppet modules for ubuntu24+.
...
This is how we do it in modern debian so it
makes sense to do it on modern ubuntu as well.
2024-06-19 14:02:24 +02:00
John Van de Meulebrouck Brendgard
8d4ce2d1b7
Make sure that COSMOS_BASE is only readable
...
by root since it's possible that the directory
can contain files that after applying the
overlay to / only should be read or writable
by root.
2023-11-17 15:03:47 +01:00
John Van de Meulebrouck Brendgard
75e566ab61
Make sure that /root in overlay is owned by root
...
as well as that /root/.ssh and its content is
only owned and readable by root. This is redundant
if the previous permissions were properly applied
and no other changes have been made by the user
or something else, but is added for good measure
as a layered defense.
2023-11-17 14:58:51 +01:00
Johan Wassberg
a6a67d355f
Diffable
2023-11-14 15:28:46 +01:00
Johan Wassberg
120c4a5a93
A few more depends for Bookworm
2023-11-14 15:27:45 +01:00
Johan Wassberg
58a9ca7aa9
No need of x11 on our servers
2023-10-02 12:39:44 +02:00
Micke Nordin
3aac1f97d8
Add additional packages for use with debian 12
...
This patch will install three packages that is needed for normal operations of puppet using puppet-sunet with multiverse on Debian 12:
cron puppet-module-puppetlabs-cron-core puppet-module-camptocamp-augeas
2023-07-10 16:32:20 +02:00
Patrik Lundin
906edf3caf
Merge pull request #32 from SUNET/feature-ft-install_eyaml
...
Install eyaml on newer hosts
2023-02-06 12:31:31 +01:00
Fredrik Thulin
25463e6013
respect COSMOS_VERBOSE
2023-02-03 16:04:51 +01:00
Fredrik Thulin
f9a286fc05
install eyaml on Ubuntu from 18.04 and Debian from version 10
2023-02-03 15:40:15 +01:00
Fredrik Thulin
e08346aa30
cleanup, use stamp-file, only run on old OS versions
2023-02-03 15:39:49 +01:00
Leif Johansson
d604d2fab5
set no-protection on the private key
2023-01-30 12:07:33 +01:00
Johan Wassberg
fb4849a0df
Use puppet that comes with OS
...
nunoc-ops does like this since 2018 so I think it will fly.
Also the package `puppet` seems to been around since at-least Ubuntu 14.04.
2023-01-17 13:53:13 +01:00
Patrik Lundin
68d0083557
Make overlay permission script global
...
This will make sure /root has proper permissions on our machines.
2022-12-05 15:02:37 +01:00
Fredrik Thulin
b5d538ece1
init, from eduid-ops
2019-04-04 14:59:36 +02:00
John Van de Meulebrouck Brendgard
2e2cc75029
Do not fetch puppet deb over http, instead do as seen in eduID
2016-08-27 23:51:58 +02:00
Fredrik Thulin
389c04019b
Add hiera-gpg for storing secrets used in templates.
2013-12-19 15:11:19 +01:00
Leif Johansson
b71aac9793
move package install to post-tasks before puppet
2013-09-03 11:31:05 +02:00
Leif Johansson
7515782eb5
import
2013-09-02 16:01:50 +02:00