`gibran.hcoop.net` is virtual machine at digital ocean that will become our primary afs server

It is named after the author Kahlil Gibran

== Setup Notes ==

Or: things that need to go into Puppet

 * added /opt/puppetlabs/bin/ to root $PATH in .bashrc, should be done in /etc/profile.d/
 * removed `joe` (or at least `update-alternatives editor` to either vim or emacs...)
 * set domain name to hcoop.net manually
 * set `search hcoop.net` in `/etc/resolv.conf` manually
 * root has basic emacs config for puppet-mode and melpa (probably no need to formalize that...)
 * manually installed libnss-afs

=== todo ===

 * default "cloud-config" system may be active, check license and remove if it is non-free
  * looks like it might just be https://help.ubuntu.com/community/CloudInit which would make it acceptable to keep in place

== Puppet ==

=== puppetserver ===

 * Installed https://apt.puppetlabs.com/puppet5-release-stretch.deb manually
 * Packages: puppetserver, puppet-agent
 * added /opt/puppetlabs/bin/ to root $PATH in .bashrc

Puppet git structure (different repos for each): /etc/puppetlabs/puppet, /etc/puppetlabs/code/environments/production (excludes modules), /etc/puppetlabs/code/environments/production/modules/hcoop. Subject to change.

Git repos structure and tracking of installed modules will be revisited once we need to set up multiple environments. For now, ` /etc/puppetlabs/code/environments/production/modules/hcoop` is where all of our code aside from node definitions lives.

Puppet module structure:

 * hcoop
   * server
     * $server (e.g. gibran)
   * service
     * openafs-client

=== puppetdb ===

install guide is weird

 puppet resource package puppetdb ensure=latest
 puppet resource package puppetdb-termini ensure=latest
 puppet module install puppetlabs-puppetdb

=== installed modules ===

 * puppetlabs-firewall
 * puppetlabs-puppetdb
 * alexharvey-firewall_multi (says incompatible, but works... enough).
 * stm-resolv_conf
 * ccin2p3-mit_krb5
 * stm-debconf
 * saz-sudo

=== style guide ===

Ideas for keeping consistency among admins

 * Use firewall_multi for all rules unless it really is ipv4 or ipv6 only, provider is set in defaults and will keep ipv4 and ipv6 firewall in sync
 * Should pass puppet-lint (enforce using git hook) / rspect https://puppet.com/docs/puppet/5.5/style_guide.html
 * Inheritance is discouraged? Avoiding it for now
 * Files controlled by puppet have comment "Puppet controlled" somewhere near the top
 * Some structure to firewall rule numbers
  * Under 100 for core system things that need to go near the beginning
  * Over 900 for core system things that need to go near the end (e.g. jumping to fwtool output chains)