]>
Commit | Line | Data |
---|---|---|
f860f6d2 IB |
1 | class base_configuration ( |
2 | $hostname = undef, | |
3 | $username = "immae", | |
4 | $userid = 1000 | |
5 | ) { | |
87f0ebb7 IB |
6 | service { "sshd": |
7 | ensure => "running", | |
8 | enable => true, | |
9 | } | |
10 | service { "systemd-networkd.socket": | |
11 | ensure => "running", | |
12 | enable => true, | |
13 | } | |
14 | service { "systemd-networkd": | |
15 | ensure => "running", | |
16 | enable => true, | |
17 | } | |
18 | ||
f860f6d2 IB |
19 | unless empty($hostname) { |
20 | class { 'systemd::hostname': | |
21 | hostname => $hostname | |
22 | } | |
23 | } | |
24 | ||
25 | user { "${username}:${userid}": | |
26 | name => $username, | |
27 | uid => $userid, | |
28 | ensure => "present", | |
29 | groups => "wheel", | |
30 | managehome => true, | |
31 | notify => Exec["remove_password"] | |
32 | } | |
33 | ||
34 | exec { "remove_password": | |
35 | command => "/usr/bin/chage -d 0 $username && /usr/bin/passwd -d $username", | |
36 | refreshonly => true | |
37 | } | |
38 | ||
39 | ssh_authorized_key { $username: | |
40 | name => "immae@immae.eu", | |
41 | user => $username, | |
42 | type => "ssh-rsa", | |
43 | key => "AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5PgLBwMRyRwzJPnSgUyRAuB9AAxMijsw1pR/t/wmxQne1O5fIPOleHx+D8dyZbwm+XkzlcJpgT0Qy3qC9J8BPhshJvO/tA/8CI/oS/FE0uWsyACH1DMO2dk4gRRZGSE9IuzDMRPlnfZ3n0tdsPzzv3GH4It/oPIgsvkTowKztGLQ7Xmjr5BxzAhXcIQymqA0U3XWHSdWvnSRDaOFG0PDoVMS85IdwlviVKLnV5Sstb4NC/P28LFfgvW8DO/XrOqujgDomqTmR41dK/AyrGGOb2cQUMO4l8Oa+74aOyKaB61rr/rJkr+wCbEttkTvgFa6zZygSk3edfiWE2rgn4+v" | |
44 | } | |
45 | ||
46 | class { 'sudo': | |
cf36b39a IB |
47 | config_file_replace => false, |
48 | # Missing in the sudo package, should no be mandatory | |
49 | package_ldap => false | |
f860f6d2 IB |
50 | } |
51 | ||
52 | sudo::conf { 'wheel': | |
53 | priority => 10, | |
54 | content => "%wheel ALL=(ALL) ALL" | |
55 | } | |
56 | ||
57 | class { 'ssh::server': | |
58 | storeconfigs_enabled => false, | |
59 | options => { | |
60 | 'AcceptEnv' => undef, | |
61 | 'X11Forwarding' => 'yes', | |
62 | 'PrintMotd' => 'no', | |
63 | 'ChallengeResponseAuthentication' => 'no', | |
64 | 'Subsystem' => 'sftp /usr/lib/openssh/sftp-server', | |
65 | } | |
66 | } | |
8ed6fb29 | 67 | |
7a7f6544 IB |
68 | ensure_packages('ruby-shadow') |
69 | user { 'root': | |
70 | password => '!' | |
71 | } | |
72 | ||
73 | file { '/etc/pacman.d/mirrorlist': | |
74 | ensure => "present", | |
75 | path => "/etc/pacman.d/mirrorlist", | |
76 | source => 'puppet:///modules/base_configuration/mirrorlist', | |
77 | mode => "0644", | |
78 | owner => "root", | |
79 | group => "root" | |
80 | } | |
81 | ||
8ed6fb29 | 82 | class { 'pacman': |
87f0ebb7 IB |
83 | color => true, |
84 | usesyslog => true, | |
8ed6fb29 IB |
85 | } |
86 | ||
87 | pacman::repo { 'multilib': | |
88 | order => 15, | |
89 | include => '/etc/pacman.d/mirrorlist' | |
90 | } | |
a37e5d7a | 91 | |
91a2b30d IB |
92 | class { '::logrotate': |
93 | manage_cron_daily => false, | |
94 | config => { | |
95 | rotate_every => 'week', | |
96 | rotate => 4, | |
97 | create => true, | |
98 | compress => true, | |
99 | olddir => '/var/log/old', | |
100 | tabooext => "+ .pacorig .pacnew .pacsave", | |
101 | } | |
102 | } | |
103 | ||
104 | logrotate::rule { 'wtmp': | |
105 | path => '/var/log/wtmp', | |
106 | rotate_every => 'month', | |
107 | create => true, | |
108 | create_mode => '0664', | |
109 | create_owner => 'root', | |
110 | create_group => 'utmp', | |
111 | rotate => '1', | |
112 | minsize => '1M', | |
113 | } | |
114 | logrotate::rule { 'btmp': | |
115 | path => '/var/log/btmp', | |
116 | missingok => true, | |
117 | rotate_every => 'month', | |
118 | create => true, | |
119 | create_mode => '0600', | |
120 | create_owner => 'root', | |
121 | create_group => 'utmp', | |
122 | rotate => '1', | |
123 | } | |
124 | ||
a37e5d7a IB |
125 | ensure_packages(["whois"], { 'install_options' => '--asdeps' }) |
126 | class { 'fail2ban': | |
127 | logtarget => 'SYSLOG', | |
128 | backend => 'systemd' | |
129 | } | |
130 | fail2ban::jail { 'sshd': | |
131 | backend => 'systemd', | |
132 | port => 'ssh', | |
133 | filter => 'sshd', | |
134 | maxretry => 10, | |
135 | bantime => 86400, | |
136 | logpath => '', | |
137 | order => 10 | |
138 | } | |
f860f6d2 | 139 | } |