swedenconnect/eid-ops
0
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added Björn Mattsson's SSH key

Browse source
This commit is contained in:
Maria Haider 2021-03-19 13:40:03 +01:00
parent 1daaf51d97
commit a545da76af
Signed by: mariah
GPG key ID: 7414A760CA747E57
1 changed files with 13 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
global/overlay/etc/puppet/manifests/cosmos-site.pp
View file

@ -131,7 +131,7 @@ class https_server {
} }
class eidas_log { class eidas_log {
ensure_resource('file','/etc/logrotate.d',{ ensure_resource('file','/etc/logrotate.d',{
ensure => 'directory', ensure => 'directory',
mode => '0755' mode => '0755'
}) })
@ -225,7 +225,7 @@ class md_signer($dest_host=undef,$dest_dir="",$version="eidas") {
} }
class md_publisher(Array $allow_clients=['any'], $keyname=undef, String $dir="/var/www/html") { class md_publisher(Array $allow_clients=['any'], $keyname=undef, String $dir="/var/www/html") {
$_keyname = $keyname ? { $_keyname = $keyname ? {
undef => $::fqdn, undef => $::fqdn,
default => $keyname default => $keyname
} }
@ -238,7 +238,7 @@ class md_publisher(Array $allow_clients=['any'], $keyname=undef, String $dir="/v
ssh_key_type => safe_hiera('publisher_ssh_key_type') ssh_key_type => safe_hiera('publisher_ssh_key_type')
} -> } ->
package {['lighttpd','attr']: ensure => latest } -> package {['lighttpd','attr']: ensure => latest } ->
exec {'enable-ssl': exec {'enable-ssl':
command => "/usr/sbin/lighttpd-enable-mod ssl", command => "/usr/sbin/lighttpd-enable-mod ssl",
onlyif => "test ! -h /etc/lighttpd/conf-enabled/*ssl*" onlyif => "test ! -h /etc/lighttpd/conf-enabled/*ssl*"
} -> } ->
@ -689,7 +689,7 @@ class metadatamgrs {
} }
class konsulter { class konsulter {
ssh_authorized_key {'stefan_santesson': ssh_authorized_key {'stefan_santesson':
ensure => present, ensure => present,
name => 'stefan@aaa-sec.com', name => 'stefan@aaa-sec.com',
type => 'ssh-rsa', type => 'ssh-rsa',
@ -870,6 +870,14 @@ class sunetops {
user => 'root' user => 'root'
} }
ssh_authorized_key {'bjorn+8E2DA8EB05F646D7':
ensure => present,
name => 'bjorn+8E2DA8EB05F646D7',
type => 'ssh-rsa',
key => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDO1nktCA7fWcbmXAlcSEAeAxqlo2bobQblqqhvbjzmDfZdvhUYRXNjc2R4GjAU60yB/qqODE2km1z2xcIojlT/uHIXPx7jkSXvDZQFVDWplGiWKbOZS/apvva2vHBtfDBPSQnDSxr3sINAqehG58gL1coP95uWXodXSfv+BzGqQfYomlqU9f5qjXT2vFA+0XzoGTT9yG2utD3uhYd1k9EN+ED6NCXyCsUoihtEI8M8fF0Sps/QYpdyR34yP98lL+8DwZCtq0eQRMhF6mTcRcTDFdYdgS8jL+lSbw9DaPrWhGll0ie/Xk/v9RC+d3FGE6av0e8YDboNlduwy2iUbA1w1ll/VUOmXy6gudIZ91Edl+sOOyDVfLY3+Dz+RnmoSuCoWyJ00KovBIfgDOUDKe0QMHyVZ9ccMMihTUMUfJ7kYQ9EuidBLsy9GO+ar7FFPHYyVKiWYoxFBafAtIVDM79v9KvQeF2PAfuhSM3yIXeSb+8cp2ANVLX5dncoMPEgdfFRVie5HMwMct+BFwkyIuQ8++kCInGxbM5X1B3uhYTlkYyT3eAR3jHiwZoiBssCPXtmkXjJ0CFB1BcBlGSZktFoBRstGlEb/nEpTH/71JdA60a1eNwbhslNpAWfi3Jco3QPKBoRdwbeIsmDrK1hpJZG9Ke/jZxr3WSv39tu0l4JAw==',
user => 'root'
}
# OS hardening # OS hardening
if $::hostname =~ /kvm/ { if $::hostname =~ /kvm/ {
class {'bastion': class {'bastion':
@ -940,7 +948,7 @@ class nagios_monitor {
$web_admin_user = 'nagiosadmin'; $web_admin_user = 'nagiosadmin';
package { 'xsltproc': ensure => installed} package { 'xsltproc': ensure => installed}
class { 'webserver': } class { 'webserver': }
class { 'nagioscfg': class { 'nagioscfg':
hostgroups => $::roles, hostgroups => $::roles,