2 files changed, 108 insertions, 1 deletions
diff --git a/personal_infra/puppet/site/julius.ces.int.pdp7.net.pp b/personal_infra/puppet/site/julius.ces.int.pdp7.net.pp
new file mode 100644
index 00000000..56e6a8ab
--- /dev/null
+++ b/personal_infra/puppet/site/julius.ces.int.pdp7.net.pp
@@ -0,0 +1,107 @@
+node 'julius.ces.int.pdp7.net' {
+  # further provisioning:
+  #
+  # - (provision using an initial dummy user)
+  # - remove initial user
+  # - set up root password
+
+  # Raspberry Pi stuff; disable root
+  file {'/etc/cloud/cloud.cfg':
+    content => @("EOT")
+    disable_root: false
+
+    # This will cause the set+update hostname module to not operate (if true)
+    preserve_hostname: false
+
+    # If you use datasource_list array, keep array items in a single line.
+    # If you use multi line array, ds-identify script won't read array items.
+    # Example datasource config
+    # datasource:
+    #   Ec2:
+    #     metadata_urls: [ 'blah.com' ]
+    #     timeout: 5 # (defaults to 50 seconds)
+    #     max_wait: 10 # (defaults to 120 seconds)
+
+    # The modules that run in the 'init' stage
+    cloud_init_modules:
+      - seed_random
+      - bootcmd
+      - write_files
+      - disk_setup
+      - mounts
+      - set_hostname
+      - update_hostname
+      - update_etc_hosts
+      - ca_certs
+      - rsyslog
+      - users_groups
+      - ssh
+      - set_passwords
+
+    # The modules that run in the 'config' stage
+    cloud_config_modules:
+      - ssh_import_id
+      - keyboard
+      - locale
+      - ntp
+      - timezone
+      - raspberry_pi
+      - disable_ec2_metadata
+      - runcmd
+
+    # The modules that run in the 'final' stage
+    cloud_final_modules:
+      - package_update_upgrade_install
+      - write_files_deferred
+      - puppet
+      - chef
+      - ansible
+      - mcollective
+      - salt_minion
+      - reset_rmc
+      - netplan_nm_patch
+      - scripts_vendor
+      - scripts_per_once
+      - scripts_per_boot
+      - scripts_per_instance
+      - scripts_user
+      - ssh_authkey_fingerprints
+      - keys_to_console
+      - install_hotplug
+      - phone_home
+      - final_message
+      - power_state_change
+
+    # System and/or distro specific settings
+    # (not accessible to handlers/transforms)
+    system_info:
+      # This will affect which distro class gets used
+      distro: raspberry-pi-os
+      # Default user name + that default users groups (if added/used)
+      network:
+        renderers: ['netplan', 'network-manager']
+        activators: ['netplan', 'network-manager']
+      # If set to true, cloud-init will not use fallback network config.
+      # In Photon and Raspberry Pi OS, we have default network settings,
+      # hence if network settings are not explicitly given in metadata,
+      # don't use fallback network config.
+      disable_fallback_netcfg: true
+      ntp_client: 'systemd-timesyncd'
+      ssh_svcname: ssh
+
+    hostname: julius
+    fqdn: julius.ces.int.pdp7.net
+
+    | - EOT
+    ,
+  }
+
+  file {'/etc/ssh/sshd_config.d/99-allow-root.conf':
+    content => @("EOT")
+    PermitRootLogin yes
+    | - EOT
+    ,
+  }
+  ~>
+  service {'ssh':}
+}
diff --git a/personal_infra/puppet/site/nagios.h1.int.pdp7.net.pp b/personal_infra/puppet/site/nagios.h1.int.pdp7.net.pp
index 4d9dd8c6..15eb743d 100644
--- a/personal_infra/puppet/site/nagios.h1.int.pdp7.net.pp
+++ b/personal_infra/puppet/site/nagios.h1.int.pdp7.net.pp
@@ -56,7 +56,7 @@ node 'nagios.h1.int.pdp7.net' {
 
   nagios_command {'check_alex.corcoles.net-gemini-cert':
     command_name => 'check_alex.corcoles.net-gemini-cert',
-    command_line => '/usr/lib64/nagios/plugins/check_ssl_validity -H alex.corcoles.net -I alex.corcoles.net -p 1965 -c 10 5',
+    command_line => '/usr/lib64/nagios/plugins/check_ssl_validity -H alex.corcoles.net -I alex.corcoles.net -p 1965 -c 10 -w 5',
     require => Package['nagios'],
     notify => Service['nagios'],
     owner => 'nagios',