initial

a7a043da · Nils Olof Paulsson · f6e52de0 · a7a043da · a7a043da · a7a043da
Commit a7a043da authored 1 year ago by Nils Olof Paulsson
--- a/manifests/hosts/elsasum.pp
+++ b/manifests/hosts/elsasum.pp
+# @summary A short summary of the purpose of this class
+#
+# A description of what this class does
+#
+# @example
+#   include kmaccess::hosts::elsasum
+class kmaccess::hosts::elsasum {
+  firewalld_port {
+    default:
+      ensure   => present,
+      port     => 8080,
+      protocol => 'tcp';
+    'Allow port 8080 from public Zone':
+      zone     => 'public';
+    'Allow port 8080 from liu Zone':
+      zone     => 'liu';
+  }
+}
--- a/manifests/init.pp
+++ b/manifests/init.pp
+# @summary A short summary of the purpose of this class
+#
+# A description of what this class does
+#
+# @example
+#   include kmaccess
+class kmaccess {
+  $host = fact('networking.fqdn')
+  $cfg = "kmaccess::hosts::${host}"
+  if defined($cfg) {
+    include $cfg
+  }
+  profiles::letsencrypt::cert { $host : }
+  user { 'kmservice' :
+    ensure => 'present',
+    shell  => '/sbin/nologin',
+    system => true,
+  }
+  file { '/etc/sudoers.d/02-kmservice' :
+    ensure => 'present',
+    owner  => 'root',
+    mode   => '0755',
+    content => 'micjo73,arnjo82,danho69 ALL=(kmservice) NOPASSWD: ALL',
+  }
+  users::liu_user { 'micjo73' :
+    commonname => 'Michael Jonasson',
+    shell      => '/bin/bash',
+    sshkey     => 'AAAAC3NzaC1lZDI1NTE5AAAAIFqOg7hZVQPG6sfTUhkLFB1cec1Wdg/7cmiJBdCHXXu5',
+    sshkeytype => 'ssh-ed25519',
+  }
+  users::liu_user { 'arnjo82' :
+    commonname => 'Arne Jönsson',
+    shell      => '/bin/bash',
+    sshkey     => 'AAAAC3NzaC1lZDI1NTE5AAAAIDMyqLt93NFeXcnaerqXbSfmciU6odXY6d+BVdmcUeCS',
+    sshkeytype => 'ssh-ed25519',
+  }
+  users::liu_user { 'danho69' :
+    commonname => 'Daniel Holmer',
+    shell      => '/bin/bash',
+    sshkey     => 'AAAAC3NzaC1lZDI1NTE5AAAAIE6BNeP0nZY58yWieADalkfPqgHHyl8bH5hQvPa7+eS0',
+    sshkeytype => 'ssh-ed25519',
+  }
+  firewalld_service { 'Allow http from liu Zone':
+    ensure  => present,
+    zone    => 'liu',
+    service => 'http',
+  }
+  firewalld_service { 'Allow https from liu Zone':
+    ensure  => present,
+    zone    => 'liu',
+    service => 'https',
+  }
+  firewalld_service { 'Allow http from public Zone':
+    ensure  => present,
+    zone    => 'public',
+    service => 'http',
+  }
+  firewalld_service { 'Allow https from public Zone':
+    ensure  => present,
+    zone    => 'public',
+    service => 'https',
+  }
+}
--- a/spec/classes/hosts/elsasum_spec.rb
+++ b/spec/classes/hosts/elsasum_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'kmaccess::hosts::elsasum' do
+  on_supported_os.each do |os, os_facts|
+    context "on #{os}" do
+      let(:facts) { os_facts }
+
+      it { is_expected.to compile.with_all_deps }
+    end
+  end
+end
--- a/spec/classes/kmaccess_spec.rb
+++ b/spec/classes/kmaccess_spec.rb
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'kmaccess' do
+  on_supported_os.each do |os, os_facts|
+    context "on #{os}" do
+      let(:facts) { os_facts }
+
+      it { is_expected.to compile.with_all_deps }
+    end
+  end
+end