diff --git a/hieradata/common.yaml b/hieradata/common.yaml index 3bee9e1..9e0f02e 100644 --- a/hieradata/common.yaml +++ b/hieradata/common.yaml @@ -36,6 +36,12 @@ lookup_options: profiles::haproxy::server::listeners: merge: strategy: deep + profiles::accounts::root::sshkeys: + merge: + strategy: deep + profiles::accounts::sysadmin::sshkeys: + merge: + strategy: deep haproxy::backend: merge: strategy: deep diff --git a/hieradata/roles/infra/incus/node.yaml b/hieradata/roles/infra/incus/node.yaml index d0bfeeb..4887b89 100644 --- a/hieradata/roles/infra/incus/node.yaml +++ b/hieradata/roles/infra/incus/node.yaml @@ -8,6 +8,7 @@ hiera_include: profiles::packages::include: bridge-utils: {} cephadm: {} + ceph-common: {} profiles::pki::vault::alt_names: - incus.service.consul @@ -27,6 +28,11 @@ profiles::ssh::sign::principals: - "%{hiera('networking_loopback1_ip')}" - "%{hiera('networking_loopback2_ip')}" +profiles::accounts::root::sshkeys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDEEiTQnbnfgIb2FAvrUzKkznB/Jyq06YXhP3E+Y8SmwFSeLZZPdZhKEiWRv0aY3zBIUgGsKmBXtPd8HTvQn959E6fgs3jNBtBIo76sTaR6LpNhb07tUuQDvycFlv3WZRgRu1s3RifNn0Ozfd7JPJtqjo/FGz8URtypkvOto4NnzkgOSjm1qOS6OjetBL2u+tB/h9vRDWIdKyEWqHp81aNqT9wv9MHMGBUCVNC7/WTblCsmL2rPY289dU9E/Ja5bAbNN+Lp23e8lQ+RoSeWmVIM7VCans78hLPzb2RqwNgWMBR2eStmGtHbOF1QYo3luC2GfGR7ImMfxgrR9NTu56nSHIOO+GCpWZEneIPGyLrL5vWWwhODIAJNjG6qGFeLL4PcQBYabI3fmoyrUOaMohiovLYGYs+9NK8wPOpVIP6i6CBq6RzVCjmgGq8x12dK8JhAkcoTfEcPdQwSJU/LRBFfLtRgtu1nb9BdSmotb3ESTSrXt+RYiPgAxatSSrN00qs= ceph-9a4b6eac-31d1-11f0-a634-00e04c680f5d +profiles::accounts::sysadmin::sshkeys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDEEiTQnbnfgIb2FAvrUzKkznB/Jyq06YXhP3E+Y8SmwFSeLZZPdZhKEiWRv0aY3zBIUgGsKmBXtPd8HTvQn959E6fgs3jNBtBIo76sTaR6LpNhb07tUuQDvycFlv3WZRgRu1s3RifNn0Ozfd7JPJtqjo/FGz8URtypkvOto4NnzkgOSjm1qOS6OjetBL2u+tB/h9vRDWIdKyEWqHp81aNqT9wv9MHMGBUCVNC7/WTblCsmL2rPY289dU9E/Ja5bAbNN+Lp23e8lQ+RoSeWmVIM7VCans78hLPzb2RqwNgWMBR2eStmGtHbOF1QYo3luC2GfGR7ImMfxgrR9NTu56nSHIOO+GCpWZEneIPGyLrL5vWWwhODIAJNjG6qGFeLL4PcQBYabI3fmoyrUOaMohiovLYGYs+9NK8wPOpVIP6i6CBq6RzVCjmgGq8x12dK8JhAkcoTfEcPdQwSJU/LRBFfLtRgtu1nb9BdSmotb3ESTSrXt+RYiPgAxatSSrN00qs= ceph-9a4b6eac-31d1-11f0-a634-00e04c680f5d + # configure consul service consul::services: incus: diff --git a/site/profiles/manifests/accounts/root.pp b/site/profiles/manifests/accounts/root.pp new file mode 100644 index 0000000..ebae0d4 --- /dev/null +++ b/site/profiles/manifests/accounts/root.pp @@ -0,0 +1,18 @@ +# manage the root user +class profiles::accounts::root ( + Optional[Array[String]] $sshkeys = undef, +) { + + if $sshkeys { + accounts::user { 'root': + sshkeys => $sshkeys, + } + } + + file {'/root/.config': + ensure => directory, + owner => 'root', + group => 'root', + mode => '0600', + } +} diff --git a/site/profiles/manifests/base.pp b/site/profiles/manifests/base.pp index 46df942..890fa6f 100644 --- a/site/profiles/manifests/base.pp +++ b/site/profiles/manifests/base.pp @@ -26,7 +26,7 @@ class profiles::base ( include profiles::base::scripts include profiles::base::hosts include profiles::base::groups - include profiles::base::root + include profiles::accounts::root include profiles::accounts::sysadmin if $facts['virtual'] != 'lxc' { include profiles::ntp::client diff --git a/site/profiles/manifests/base/root.pp b/site/profiles/manifests/base/root.pp deleted file mode 100644 index d53951e..0000000 --- a/site/profiles/manifests/base/root.pp +++ /dev/null @@ -1,13 +0,0 @@ -# manage the root user -class profiles::base::root { - - # TODO - # for now, add some root directories - - file {'/root/.config': - ensure => directory, - owner => 'root', - group => 'root', - mode => '0600', - } -}