-
Notifications
You must be signed in to change notification settings - Fork 0
/
mdm_artifacts.tf
155 lines (133 loc) · 4.46 KB
/
mdm_artifacts.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
# Monolith
resource "zentral_mdm_artifact" "monolith-default-enrollment" {
name = "Monolith - Default enrollment"
type = "Profile"
channel = "Device"
platforms = ["macOS"]
}
resource "zentral_mdm_profile" "monolith-default-enrollment-1" {
artifact_id = zentral_mdm_artifact.monolith-default-enrollment.id
source = base64encode(
templatefile(
"${path.module}/mobileconfigs/monolith.default-enrollment.v1.mobileconfig",
{
fqdn = var.fqdn,
secret = zentral_monolith_enrollment.default.secret
}
)
)
macos = true
version = 1
}
# Bootstrap package
resource "zentral_mdm_artifact" "bootstrap-pkg" {
name = "Monolith - Bootstrap package"
type = "Enterprise App"
channel = "Device"
platforms = ["macOS"]
auto_update = false
install_during_setup_assistant = true
requires = [zentral_mdm_artifact.monolith-default-enrollment.id]
}
resource "zentral_mdm_enterprise_app" "bootstrap-pkg-2024-001" {
artifact_id = zentral_mdm_artifact.bootstrap-pkg.id
package_uri = "s3://zentral-pro-services-artifacts-eu-central-1/saas-public/bootstrap-2024.007.pkg"
package_sha256 = "18b128e6e900ed42624ea9f574f7af8f3df8c6c8d0263981d6fee639c95b73f4"
macos = true
version = 1
}
# All
resource "zentral_mdm_artifact" "servicemanagement" {
name = "All - Managed Login Items settings"
type = "Profile"
channel = "Device"
platforms = ["macOS"]
}
resource "zentral_mdm_profile" "servicemanagement-1" {
artifact_id = zentral_mdm_artifact.servicemanagement.id
source = filebase64("${path.module}/mobileconfigs/all.servicemanagement.v1.mobileconfig")
macos = true
version = 2
}
# Google Santa
resource "zentral_mdm_artifact" "santa-tcc" {
name = "Santa - TCC"
type = "Profile"
channel = "Device"
platforms = ["macOS"]
}
resource "zentral_mdm_profile" "santa-tcc-1" {
artifact_id = zentral_mdm_artifact.santa-tcc.id
source = filebase64("${path.module}/mobileconfigs/santa.tcc.v1.mobileconfig")
macos = true
version = 1
}
resource "zentral_mdm_artifact" "santa-system-extension-policy" {
name = "Santa - System Extension policy"
type = "Profile"
channel = "Device"
platforms = ["macOS"]
}
resource "zentral_mdm_profile" "santa-system-extension-policy-1" {
artifact_id = zentral_mdm_artifact.santa-system-extension-policy.id
source = filebase64("${path.module}/mobileconfigs/santa.system-extension-policy.v1.mobileconfig")
macos = true
version = 1
}
resource "zentral_mdm_artifact" "santa-notificationsettings" {
name = "Santa - Notification settings"
type = "Profile"
channel = "Device"
platforms = ["macOS"]
}
resource "zentral_mdm_profile" "santa-notificationsettings-1" {
artifact_id = zentral_mdm_artifact.santa-notificationsettings.id
source = filebase64("${path.module}/mobileconfigs/santa.notificationsettings.v1.mobileconfig")
macos = true
version = 1
}
resource "zentral_mdm_artifact" "santa-default-configuration" {
name = "Santa - Default configuration"
type = "Profile"
channel = "Device"
platforms = ["macOS"]
}
resource "zentral_mdm_profile" "santa-default-configuration-1" {
artifact_id = zentral_mdm_artifact.santa-default-configuration.id
source = base64encode(
templatefile(
"${path.module}/mobileconfigs/santa.default-configuration.v1.mobileconfig",
{
fqdn = var.fqdn,
secret = zentral_santa_enrollment.default.secret
}
)
)
macos = true
version = 1
}
# Osquery
resource "zentral_mdm_artifact" "osquery-tcc" {
name = "Osquery - TCC"
type = "Profile"
channel = "Device"
platforms = ["macOS"]
}
resource "zentral_mdm_profile" "osquery-tcc-1" {
artifact_id = zentral_mdm_artifact.osquery-tcc.id
source = filebase64("${path.module}/mobileconfigs/osquery.tcc.v1.mobileconfig")
macos = true
version = 1
}
resource "zentral_mdm_artifact" "system-logging" {
name = "system logging - enable private data"
type = "Profile"
channel = "Device"
platforms = ["macOS"]
}
resource "zentral_mdm_profile" "system-logging-1" {
artifact_id = zentral_mdm_artifact.system-logging.id
source = filebase64("${path.module}/mobileconfigs/system.logging.v1.mobileconfig")
macos = true
version = 1
}