feat: add crypto_policies (#192)

- ensure DEFAULT is used for EL8
- ensure DEFAULT:SHA1 is used for EL9, until issues with crypto are resolved for EL9

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/192

Puppetfile

@@ -57,6 +57,7 @@ mod 'stm-file_capability', '6.0.0'
 mod 'h0tw1r3-gitea', '3.2.0'
 mod 'rehan-mkdir', '2.0.0'
 mod 'tailoredautomation-patroni', '2.0.0'
+mod 'ssm-crypto_policies', '0.3.3'
 
 mod 'bind',
   :git => 'https://git.service.au-syd1.consul/unkinben/puppet-bind.git',

hieradata/os/AlmaLinux/AlmaLinux8.yaml

@@ -1,5 +1,7 @@
 # hieradata/os/AlmaLinux/AlmaLinux8.yaml
 ---
+crypto_policies::policy: 'DEFAULT:SHA1'
+
 profiles::packages::include:
   network-scripts: {}
 

hieradata/os/AlmaLinux/AlmaLinux9.yaml

@@ -1,5 +1,6 @@
 # hieradata/os/AlmaLinux/AlmaLinux9.yaml
 ---
+crypto_policies::policy: 'DEFAULT:SHA1'
 
 profiles::yum::global::repos:
   crb:

hieradata/os/AlmaLinux/all_releases.yaml

@@ -7,6 +7,7 @@ profiles::puppet::agent::puppet_version: '7.34.0'
 
 hiera_include:
   - profiles::almalinux::base
+  - crypto_policies
 
 profiles::packages::include:
   lzo: {}