lfisher47
commented
10 years ago I think individual modules is important because these modules can conflict with other modules that are needed to add extra configurations. I feel we should be able to grab something like the puppetlabs ssh module and use hieradata to apply the stig requirements. Otherwise the STIG module isn't useful for everyone and people will have to modify for their environment.
This module presents a conundrum. Namely, that it contains not one, but many modules covering a myriad of details across several technologies. As you know, r10k and Puppet labs in general is liking individual modules in their own Git repo now. So, here's our options:
Split all this out into a project that contains several modules, and use it as the stig, or make all the modules generic, and make a stig hieradata layout so that all the modules are generic, unless you classify a node as needing to be applied under stig. Then, you get all the values necessary for that level of security.
Discuss.