From 4fec931fb1f2025e74ac4e3b66e40c3d74910116 Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Sun, 27 Oct 2024 13:26:07 +1100
Subject: [PATCH] feat: add service data

- add pki certificates
- add consul service
- add ssh principals
---
 hieradata/roles/infra/proxy/jumphost.yaml | 29 +++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 hieradata/roles/infra/proxy/jumphost.yaml

diff --git a/hieradata/roles/infra/proxy/jumphost.yaml b/hieradata/roles/infra/proxy/jumphost.yaml
new file mode 100644
index 0000000..0135a87
--- /dev/null
+++ b/hieradata/roles/infra/proxy/jumphost.yaml
@@ -0,0 +1,29 @@
+profiles::pki::vault::alt_names:
+  - jumphost.service.consul
+  - jumphost.query.consul
+  - "jumphost.service.%{facts.country}-%{facts.region}.consul"
+
+profiles::ssh::sign::principals:
+  - jumphost.query.consul
+  - jumphost.service.consul
+  - jumphost.service.%{facts.country}-%{facts.region}.consul
+
+consul::services:
+  jumphost:
+    service_name: 'jumphost'
+    tags:
+      - 'jumphost'
+      - 'proxy'
+      - 'ssh'
+    address: "%{facts.networking.ip}"
+    port: 22
+    checks:
+      - id: 'ssh_tcp_check'
+        name: 'SSH TCP Check'
+        tcp: "%{facts.networking.ip}:22"
+        interval: '10s'
+        timeout: '1s'
+profiles::consul::client::node_rules:
+  - resource: service
+    segment: jumphost
+    disposition: write
-- 
2.47.3