--- lookup_options: hiera_classes: merge: strategy: deep profiles::packages::install: merge: strategy: deep profiles::packages::install_exclude: merge: strategy: deep profiles::packages::remove: merge: strategy: deep profiles::packages::remove_exclude: merge: strategy: deep profiles::pki::vault::alt_names: merge: strategy: deep profiles::pki::vault::ip_sans: merge: strategy: deep profiles::yum::global::managed_repos: merge: strategy: deep profiles::haproxy::server::defaults: merge: strategy: deep profiles::haproxy::server::globals: merge: strategy: deep profiles::haproxy::server::frontends: merge: strategy: deep profiles::haproxy::server::backends: merge: strategy: deep profiles::haproxy::server::mappings: merge: strategy: deep profiles::haproxy::server::listeners: merge: strategy: deep haproxy::backend: merge: strategy: deep sudo::configs: merge: strategy: deep profiles::base::groups::local: merge: strategy: deep profiles::dns::resolver::zones: merge: strategy: deep profiles::dns::resolver::acls: merge: strategy: deep profiles::dns::resolver::views: merge: strategy: deep profiles::dns::resolver::keys: merge: strategy: deep profiles::dns::master::zones: merge: strategy: deep profiles::dns::master::acls: merge: strategy: deep profiles::dns::master::views: merge: strategy: deep profiles::dns::master::keys: merge: strategy: deep consul::services: merge: strategy: deep consul::watch: merge: strategy: deep consul::check: merge: strategy: deep profiles::consul::client::node_rules: merge: strategy: deep profiles::consul::prepared_query::rules: merge: strategy: deep profiles::puppet::server::dns_alt_names: merge: strategy: deep profiles::puppet::client::dns_alt_names: merge: strategy: deep profiles::base::hosts::additional_hosts: merge: strategy: deep postgresql_config_entries: merge: strategy: deep profiles::yum::global::repos: merge: strategy: deep profiles::nginx::simpleproxy::nginx_aliases: merge: strategy: deep networking::interfaces: merge: strategy: deep networking::routes: merge: strategy: deep ssh::server::options: merge: strategy: deep mysql::db: merge: strategy: deep facts_path: '/opt/puppetlabs/facter/facts.d' hiera_include: - timezone - networking - ssh::server profiles::ntp::client::ntp_role: 'roles::infra::ntp::server' profiles::ntp::client::use_ntp: 'region' profiles::ntp::client::peers: - 0.pool.ntp.org - 1.pool.ntp.org - 2.pool.ntp.org - 3.pool.ntp.org profiles::base::puppet_servers: - 'prodinf01n01.main.unkin.net' profiles::dns::master::basedir: '/var/named/sources' profiles::dns::base::ns_role: 'roles::infra::dns::resolver' profiles::dns::base::use_ns: 'region' profiles::consul::server::members_role: roles::infra::storage::consul profiles::consul::token::node_editor::accessor_id: '024e27bd-c5bb-41e7-a578-b766509e11bc' profiles::consul::client::members_lookup: true profiles::consul::client::members_role: roles::infra::storage::consul profiles::consul::client::node_rules: - resource: node segment: "%{facts.networking.hostname}" disposition: write - resource: node segment: "%{facts.networking.fqdn}" disposition: write - resource: node segment: '' disposition: read profiles::packages::install: - bash-completion - bzip2 - ccze - curl - dstat - expect - gcc - gzip - git - htop - inotify-tools - iotop - jq - lz4 - mtr - ncdu - neovim - p7zip - pbzip2 - pigz - pv - python3.11 - rsync - screen - socat - strace - sysstat - tar - tmux - traceroute - unzip - vim - vnstat - wget - zsh - zstd profiles::packages::remove: - iwl100-firmware - iwl1000-firmware - iwl105-firmware - iwl135-firmware - iwl2000-firmware - iwl2030-firmware - iwl3160-firmware - iwl5000-firmware - iwl5150-firmware - iwl6000-firmware - iwl6000g2a-firmware - iwl6050-firmware - iwl7260-firmware - puppet7-release profiles::base::scripts::scripts: puppet: puppetwrapper.py profiles::puppet::client::server: 'puppet.query.consul' profiles::puppet::client::ca_server: 'puppetca.query.consul' profiles::puppet::client::environment: 'develop' profiles::puppet::client::runinterval: 1800 profiles::puppet::client::runtimeout: 3600 profiles::puppet::client::show_diff: true profiles::puppet::client::usecacheonfailure: false profiles::puppet::client::dns_alt_names: - "%{trusted.certname}" # puppetdb puppetdbapi: puppetdbapi.query.consul puppetdbsql: puppetdbsql.service.au-syd1.consul prometheus::node_exporter::export_scrape_job: true prometheus::systemd_exporter::export_scrape_job: true ssh::server::storeconfigs_enabled: false ssh::server::options: Protocol: '2' ListenAddress: - '127.0.0.1' - '%{facts.networking.ip}' SyslogFacility: 'AUTHPRIV' HostKey: - /etc/ssh/ssh_host_rsa_key - /etc/ssh/ssh_host_ecdsa_key - /etc/ssh/ssh_host_ed25519_key HostCertificate: /etc/ssh/ssh_host_rsa_key-cert.pem AuthorizedKeysFile: .ssh/authorized_keys PermitRootLogin: no PasswordAuthentication: no ChallengeResponseAuthentication: no PubkeyAuthentication: yes GSSAPIAuthentication: yes GSSAPICleanupCredentials: yes UsePAM: yes X11Forwarding: no PrintMotd: no AcceptEnv: - LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES - LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT - LC_IDENTIFICATION LC_ALL LANGUAGE - XMODIFIERS Subsystem: sftp /usr/libexec/openssh/sftp-server profiles::ssh::knownhosts::lines: - '@cert-authority * ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC1HD97vYxLTniE4qNpGuftUlvmkEXIuX8+7nbENv/IzsGUghEDRtyThjQ7ojNKIsQ7f8wXr0gMcI+fAPfrbcOMHCAoYMomikwL0b3h95SZI40q3CyM+0DMnwiVVDX6C1QxkO2Rv9cszSkCa85NotJhXiUuTBI9BFcRPy+mAhbpAru+bfypYofI0wW97XNTl8Jgwmni5MgutBIQAokFIn5ux8iWxndCH3AqDtmkwC5DfQeQ+wZx7rkwqJEpJffQzrjb1gIM6P9hDCVBBVPh/3o80IJ69rFWrJAZUb+JpG4cXJH0NcSW+wqc3JCT/x3q8VlHwOTXSlNNKtOJCRx73mB8e1XTTy2a9FgpKDDg5XQXWHAViJDz1RTRL9gRefMylRgKz4bXoTuY9kJWM8hPTyUejtukbJThlBJc3OmDxBZBF7F0iqB11pHexok43OCEiANodVa36eWu9/5X032Vm48fZ1/akDPY/NSy3wAn7kwut+A0/JAHFHASrq+1mt9YurkJegI+YHXO6eEWpBIpmI7ORHJbGL4MhkHrxYzVamuP8CkU7tXzsv138+wpOcRHNp9yJY4PT40BZkRf/O3O+jt3pj9Dj8rvgywF2W6hFzywh3Y78upOprRkQlQtHfsI8EyrYI8/hUw2u3H+3yPXh3YjWfqvWVG1BRLRHBV7m90uaw==' profiles::base::groups::local: admins: ensure: present gid: 10000 allowdupe: false forcelocal: true sudo::configs: admins: priority: 10 content: | %admins ALL=(ALL) NOPASSWD: ALL profiles::accounts::sysadmin::sshkeys: - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ8SRLlPiDylBpdWR9LpvPg4fDVD+DZst4yRPFwMMhta4mnB1H9XuvZkptDhXywWQ7QIcqa2WbhCen0OQJCtwn3s7EYtacmF5MxmwBYocPoK2AArGuh6NA9rwTdLrPdzhZ+gwe88PAzRLNzjm0ZBR+mA9saMbPJdqpKp0AWeAM8QofRQAWuCzQg9i0Pn1KDMvVDRHCZof4pVlHSTyHNektq4ifovn0zhKC8jD/cYu95mc5ftBbORexpGiQWwQ3HZw1IBe0ZETB1qPIPwsoJpt3suvMrL6T2//fcIIUE3TcyJKb/yhztja4TZs5jT8370G/vhlT70He0YPxqHub8ZfBv0khlkY93VBWYpNGJwM1fVqlw7XbfBNdOuJivJac8eW317ZdiDnKkBTxapThpPG3et9ib1HoPGKRsd/fICzNz16h2R3tddSdihTFL+bmTCa6Lo+5t5uRuFjQvhSLSgO2/gRAprc3scYOB4pY/lxOFfq3pU2VvSJtRgLNEYMUYKk= ben@unkin.net networking::interfaces: eth0: ensure: present family: inet method: static netmask: 255.255.255.0 onboot: true networking::routes: default: ensure: present interface: eth0 netmask: 0.0.0.0 network: default #profiles::base::hosts::additional_hosts: # - ip: 198.18.17.9 # hostname: prodinf01n09.main.unkin.net # aliases: # - prodinf01n09 # - ntp01.main.unkin.net # - ip: 198.18.17.10 # hostname: prodinf01n10.main.unkin.net # aliases: # - prodinf01n10 # - ntp02.main.unkin.net # - ip: 198.18.17.22 # hostname: prodinf01n22.main.unkin.net # aliases: # - prodinf01n22 # - repos.main.unkin.net