Puppet Class: role::bastionhost::twofa

Defined in:
modules/role/manifests/bastionhost/twofa.pp

Overview



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# File 'modules/role/manifests/bastionhost/twofa.pp', line 1

class role::bastionhost::twofa {
    system::role { 'bastionhost::twofa':
        description => 'Bastion host using two factor authentication',
    }

    include ::bastionhost
    include ::standard
    include ::profile::base::firewall
    include ::profile::backup::host

    # Needed to allow installation of servers in the labs subnet
    include ::profile::access_new_install
    include ::passwords::yubiauth

    backup::set {'home': }

    require_package('libpam-yubico')

    ferm::service { 'ssh':
        desc  => 'SSH open from everywhere, this is a bastion host',
        prio  => '01',
        proto => 'tcp',
        port  => 'ssh',
    }

    $api_key = $passwords::yubiauth::api_key

    file { '/etc/pam.d/sshd':
        ensure  => present,
        owner   => 'root',
        group   => 'root',
        mode    => '0440',
        content => template('role/bastionhost/pam-sshd.erb'),
        require => Package['openssh-server'],
    }
}