diff options
Diffstat (limited to 'personal_infra/puppet')
4 files changed, 113 insertions, 6 deletions
diff --git a/personal_infra/puppet/modules/flexisip/manifests/init.pp b/personal_infra/puppet/modules/flexisip/manifests/init.pp index 9ed962de..a4836329 100644 --- a/personal_infra/puppet/modules/flexisip/manifests/init.pp +++ b/personal_infra/puppet/modules/flexisip/manifests/init.pp @@ -4,28 +4,28 @@ class flexisip($flexisip_sdp_port_range_min, $flexisip_sdp_port_range_max, $flex # keep this repository enabled even if you enable beta/alpha repositories [Belledonne-stable] name=Belledonne-stable - baseurl=http://www.linphone.org/snapshots/$contentdir/$releasever/stable + baseurl=https://download.linphone.org/snapshots/$contentdir/$releasever/stable enabled=1 gpgcheck=0 # enable this if you want post-release patches [Belledonne-hotfix] name=Belledonne-hotfix - baseurl=http://www.linphone.org/snapshots/$contentdir/$releasever/hotfix + baseurl=https://download.linphone.org/snapshots/$contentdir/$releasever/hotfix enabled=1 gpgcheck=0 # enable this if you want next release beta packages [Belledonne-beta] name=Belledonne-beta - baseurl=http://www.linphone.org/snapshots/$contentdir/$releasever/beta + baseurl=https://download.linphone.org/snapshots/$contentdir/$releasever/beta enabled=0 gpgcheck=0 # enable this to have development (unstable) packages [Belledonne-alpha] name=Belledonne-alpha - baseurl=http://www.linphone.org/snapshots/$contentdir/$releasever/alpha + baseurl=https://download.linphone.org/snapshots/$contentdir/$releasever/alpha enabled=0 gpgcheck=0 | EOT diff --git a/personal_infra/puppet/site/julius.ces.int.pdp7.net.pp b/personal_infra/puppet/site/julius.ces.int.pdp7.net.pp new file mode 100644 index 00000000..56e6a8ab --- /dev/null +++ b/personal_infra/puppet/site/julius.ces.int.pdp7.net.pp @@ -0,0 +1,107 @@ +node 'julius.ces.int.pdp7.net' { + # further provisioning: + # + # - (provision using an initial dummy user) + # - remove initial user + # - set up root password + + # Raspberry Pi stuff; disable root + file {'/etc/cloud/cloud.cfg': + content => @("EOT") + disable_root: false + + # This will cause the set+update hostname module to not operate (if true) + preserve_hostname: false + + # If you use datasource_list array, keep array items in a single line. + # If you use multi line array, ds-identify script won't read array items. + # Example datasource config + # datasource: + # Ec2: + # metadata_urls: [ 'blah.com' ] + # timeout: 5 # (defaults to 50 seconds) + # max_wait: 10 # (defaults to 120 seconds) + + # The modules that run in the 'init' stage + cloud_init_modules: + - seed_random + - bootcmd + - write_files + - disk_setup + - mounts + - set_hostname + - update_hostname + - update_etc_hosts + - ca_certs + - rsyslog + - users_groups + - ssh + - set_passwords + + # The modules that run in the 'config' stage + cloud_config_modules: + - ssh_import_id + - keyboard + - locale + - ntp + - timezone + - raspberry_pi + - disable_ec2_metadata + - runcmd + + # The modules that run in the 'final' stage + cloud_final_modules: + - package_update_upgrade_install + - write_files_deferred + - puppet + - chef + - ansible + - mcollective + - salt_minion + - reset_rmc + - netplan_nm_patch + - scripts_vendor + - scripts_per_once + - scripts_per_boot + - scripts_per_instance + - scripts_user + - ssh_authkey_fingerprints + - keys_to_console + - install_hotplug + - phone_home + - final_message + - power_state_change + + # System and/or distro specific settings + # (not accessible to handlers/transforms) + system_info: + # This will affect which distro class gets used + distro: raspberry-pi-os + # Default user name + that default users groups (if added/used) + network: + renderers: ['netplan', 'network-manager'] + activators: ['netplan', 'network-manager'] + # If set to true, cloud-init will not use fallback network config. + # In Photon and Raspberry Pi OS, we have default network settings, + # hence if network settings are not explicitly given in metadata, + # don't use fallback network config. + disable_fallback_netcfg: true + ntp_client: 'systemd-timesyncd' + ssh_svcname: ssh + + hostname: julius + fqdn: julius.ces.int.pdp7.net + + | - EOT + , + } + + file {'/etc/ssh/sshd_config.d/99-allow-root.conf': + content => @("EOT") + PermitRootLogin yes + | - EOT + , + } + ~> + service {'ssh':} +} diff --git a/personal_infra/puppet/site/maelcum.mad.int.pdp7.net.pp b/personal_infra/puppet/site/maelcum.mad.int.pdp7.net.pp index ec1b6300..f69a137f 100644 --- a/personal_infra/puppet/site/maelcum.mad.int.pdp7.net.pp +++ b/personal_infra/puppet/site/maelcum.mad.int.pdp7.net.pp @@ -7,7 +7,7 @@ node 'maelcum.mad.int.pdp7.net' { dhcp-host=d8:8c:79:1a:11:59,chromecast,10.34.10.3 host-record=maelcum.mad.int.pdp7.net,maelcum,10.34.10.2 - dhcp-option=tag:!noroutes,option:classless-static-route,192.168.76.0/24,10.34.10.2,10.43.43.0/24,10.34.10.2,10.17.19.0/24,10.34.10.2 + dhcp-option=tag:!noroutes,option:classless-static-route,192.168.76.0/24,10.34.10.2,10.43.43.0/24,10.34.10.2,10.17.19.0/24,10.34.10.2,0.0.0.0/0,10.34.10.1 # Kobo dhcp-host=a4:3c:d7:39:c6:29,set:noroutes | EOT diff --git a/personal_infra/puppet/site/nagios.h1.int.pdp7.net.pp b/personal_infra/puppet/site/nagios.h1.int.pdp7.net.pp index 4d9dd8c6..15eb743d 100644 --- a/personal_infra/puppet/site/nagios.h1.int.pdp7.net.pp +++ b/personal_infra/puppet/site/nagios.h1.int.pdp7.net.pp @@ -56,7 +56,7 @@ node 'nagios.h1.int.pdp7.net' { nagios_command {'check_alex.corcoles.net-gemini-cert': command_name => 'check_alex.corcoles.net-gemini-cert', - command_line => '/usr/lib64/nagios/plugins/check_ssl_validity -H alex.corcoles.net -I alex.corcoles.net -p 1965 -c 10 5', + command_line => '/usr/lib64/nagios/plugins/check_ssl_validity -H alex.corcoles.net -I alex.corcoles.net -p 1965 -c 10 -w 5', require => Package['nagios'], notify => Service['nagios'], owner => 'nagios', |