diff --git a/manifests/hosts/elsasum.pp b/manifests/hosts/elsasum.pp new file mode 100644 index 0000000000000000000000000000000000000000..5cc60731491cc40ad89fe62320abb64fdc193128 --- /dev/null +++ b/manifests/hosts/elsasum.pp @@ -0,0 +1,18 @@ +# @summary A short summary of the purpose of this class +# +# A description of what this class does +# +# @example +# include kmaccess::hosts::elsasum +class kmaccess::hosts::elsasum { + firewalld_port { + default: + ensure => present, + port => 8080, + protocol => 'tcp'; + 'Allow port 8080 from public Zone': + zone => 'public'; + 'Allow port 8080 from liu Zone': + zone => 'liu'; + } +} diff --git a/manifests/init.pp b/manifests/init.pp new file mode 100644 index 0000000000000000000000000000000000000000..38c8a8dd1092fb26d90130cb40d46f8cd2eda0dd --- /dev/null +++ b/manifests/init.pp @@ -0,0 +1,63 @@ +# @summary A short summary of the purpose of this class +# +# A description of what this class does +# +# @example +# include kmaccess +class kmaccess { + $host = fact('networking.fqdn') + $cfg = "kmaccess::hosts::${host}" + if defined($cfg) { + include $cfg + } + profiles::letsencrypt::cert { $host : } + user { 'kmservice' : + ensure => 'present', + shell => '/sbin/nologin', + system => true, + } + file { '/etc/sudoers.d/02-kmservice' : + ensure => 'present', + owner => 'root', + mode => '0755', + content => 'micjo73,arnjo82,danho69 ALL=(kmservice) NOPASSWD: ALL', + } + users::liu_user { 'micjo73' : + commonname => 'Michael Jonasson', + shell => '/bin/bash', + sshkey => 'AAAAC3NzaC1lZDI1NTE5AAAAIFqOg7hZVQPG6sfTUhkLFB1cec1Wdg/7cmiJBdCHXXu5', + sshkeytype => 'ssh-ed25519', + } + users::liu_user { 'arnjo82' : + commonname => 'Arne Jönsson', + shell => '/bin/bash', + sshkey => 'AAAAC3NzaC1lZDI1NTE5AAAAIDMyqLt93NFeXcnaerqXbSfmciU6odXY6d+BVdmcUeCS', + sshkeytype => 'ssh-ed25519', + } + users::liu_user { 'danho69' : + commonname => 'Daniel Holmer', + shell => '/bin/bash', + sshkey => 'AAAAC3NzaC1lZDI1NTE5AAAAIE6BNeP0nZY58yWieADalkfPqgHHyl8bH5hQvPa7+eS0', + sshkeytype => 'ssh-ed25519', + } + firewalld_service { 'Allow http from liu Zone': + ensure => present, + zone => 'liu', + service => 'http', + } + firewalld_service { 'Allow https from liu Zone': + ensure => present, + zone => 'liu', + service => 'https', + } + firewalld_service { 'Allow http from public Zone': + ensure => present, + zone => 'public', + service => 'http', + } + firewalld_service { 'Allow https from public Zone': + ensure => present, + zone => 'public', + service => 'https', + } +} diff --git a/spec/classes/hosts/elsasum_spec.rb b/spec/classes/hosts/elsasum_spec.rb new file mode 100644 index 0000000000000000000000000000000000000000..62809cca5afd63dade1040b84af54bca6eeae0d5 --- /dev/null +++ b/spec/classes/hosts/elsasum_spec.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'kmaccess::hosts::elsasum' do + on_supported_os.each do |os, os_facts| + context "on #{os}" do + let(:facts) { os_facts } + + it { is_expected.to compile.with_all_deps } + end + end +end diff --git a/spec/classes/kmaccess_spec.rb b/spec/classes/kmaccess_spec.rb new file mode 100644 index 0000000000000000000000000000000000000000..38163e383549bc0a0b3ac2db0f3383832b25e2f9 --- /dev/null +++ b/spec/classes/kmaccess_spec.rb @@ -0,0 +1,13 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe 'kmaccess' do + on_supported_os.each do |os, os_facts| + context "on #{os}" do + let(:facts) { os_facts } + + it { is_expected.to compile.with_all_deps } + end + end +end