# Classes for all hosts
include snmpd
- include sudoers
class { 'iptables':
public_tcp_ports => $iptables_public_tcp_ports,
- public_udp_ports => $all_udp,
+ public_udp_ports => $iptables_public_udp_ports,
rules4 => $iptables_rules4,
rules6 => $iptables_rules6,
}
require => Class['pip'],
}
- # add hosts entries
+ # manage root ssh
+ if ! defined(File['/root/.ssh']) {
+ file { '/root/.ssh':
+ ensure => directory,
+ mode => '0700',
+ }
+ }
+
+ # ensure that we have non-pass sudo, and
+ # not require tty
+ file_line { 'sudo_rule_no_pw':
+ path => '/etc/sudoers',
+ line => '%wheel ALL=(ALL) NOPASSWD: ALL',
+ }
+ file_line { 'sudo_rule_notty':
+ path => '/etc/sudoers',
+ line => 'Defaults requiretty',
+ match => '.*requiretty.*',
+ match_for_absence => true,
+ ensure => absent,
+ multiple => true,
+ }
+
+ # update hosts
create_resources('host', hiera_hash('hosts'))
}