[perso/Immae/Projets/Puppet.git] / modules / base_configuration / manifests / init.pp

class base_configuration (
  $hostname = undef,
  $username = "immae",
  $userid   = 1000
) {
  service { "sshd":
    ensure => "running",
    enable => true,
  }
  service { "systemd-networkd.socket":
    ensure => "running",
    enable => true,
  }
  service { "systemd-networkd":
    ensure => "running",
    enable => true,
  }

  unless empty($hostname) {
    class { 'systemd::hostname':
      hostname => $hostname
    }
  }

  user { "${username}:${userid}":
    name       => $username,
    uid        => $userid,
    ensure     => "present",
    groups     => "wheel",
    managehome => true,
    notify     => Exec["remove_password"]
  }

  exec { "remove_password":
    command     => "/usr/bin/chage -d 0 $username && /usr/bin/passwd -d $username",
    refreshonly => true
  }

  ssh_authorized_key { $username:
    name => "immae@immae.eu",
    user => $username,
    type => "ssh-rsa",
    key  => "AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5PgLBwMRyRwzJPnSgUyRAuB9AAxMijsw1pR/t/wmxQne1O5fIPOleHx+D8dyZbwm+XkzlcJpgT0Qy3qC9J8BPhshJvO/tA/8CI/oS/FE0uWsyACH1DMO2dk4gRRZGSE9IuzDMRPlnfZ3n0tdsPzzv3GH4It/oPIgsvkTowKztGLQ7Xmjr5BxzAhXcIQymqA0U3XWHSdWvnSRDaOFG0PDoVMS85IdwlviVKLnV5Sstb4NC/P28LFfgvW8DO/XrOqujgDomqTmR41dK/AyrGGOb2cQUMO4l8Oa+74aOyKaB61rr/rJkr+wCbEttkTvgFa6zZygSk3edfiWE2rgn4+v"
  }

  class { 'sudo':
    config_file_replace => false,
    # Missing in the sudo package, should no be mandatory
    package_ldap        => false
  }

  sudo::conf { 'wheel':
    priority => 10,
    content  => "%wheel ALL=(ALL) ALL"
  }

  class { 'ssh::server':
     storeconfigs_enabled => false,
     options => {
        'AcceptEnv'                       => undef,
        'X11Forwarding'                   => 'yes',
        'PrintMotd'                       => 'no',
        'ChallengeResponseAuthentication' => 'no',
        'Subsystem'                       => 'sftp /usr/lib/openssh/sftp-server',
     }
  }

  ensure_packages('ruby-shadow')
  user { 'root':
    password => '!'
  }

  file { '/etc/pacman.d/mirrorlist':
     ensure  => "present",
     path    => "/etc/pacman.d/mirrorlist",
     source  => 'puppet:///modules/base_configuration/mirrorlist',
     mode    => "0644",
     owner   => "root",
     group   => "root"
  }

  class { 'pacman':
    color     => true,
    usesyslog => true,
  }

  pacman::repo { 'multilib':
    order   => 15,
    include => '/etc/pacman.d/mirrorlist'
  }

  class { '::logrotate':
    manage_cron_daily => false,
    config => {
      rotate_every => 'week',
      rotate       => 4,
      create       => true,
      compress     => true,
      olddir       => '/var/log/old',
      tabooext     => "+ .pacorig .pacnew .pacsave",
    }
  }

  logrotate::rule { 'wtmp':
    path         => '/var/log/wtmp',
    rotate_every => 'month',
    create       => true,
    create_mode  => '0664',
    create_owner => 'root',
    create_group => 'utmp',
    rotate       => '1',
    minsize      => '1M',
  }
  logrotate::rule { 'btmp':
    path         => '/var/log/btmp',
    missingok    => true,
    rotate_every => 'month',
    create       => true,
    create_mode  => '0600',
    create_owner => 'root',
    create_group => 'utmp',
    rotate       => '1',
  }

  ensure_packages(["whois"], { 'install_options' => '--asdeps' })
  class { 'fail2ban':
    logtarget => 'SYSLOG',
    backend   => 'systemd'
  }
  fail2ban::jail { 'sshd':
    backend  => 'systemd',
    port     => 'ssh',
    filter   => 'sshd',
    maxretry => 10,
    bantime  => 86400,
    logpath  => '',
    order    => 10
  }
}
Commit	Line	Data
f860f6d2 IB	1	class base_configuration (
	2	$hostname = undef,
	3	$username = "immae",
	4	$userid = 1000
	5	) {
87f0ebb7 IB	6	service { "sshd":
	7	ensure => "running",
	8	enable => true,
	9	}
	10	service { "systemd-networkd.socket":
	11	ensure => "running",
	12	enable => true,
	13	}
	14	service { "systemd-networkd":
	15	ensure => "running",
	16	enable => true,
	17	}
	18
f860f6d2 IB	19	unless empty($hostname) {
	20	class { 'systemd::hostname':
	21	hostname => $hostname
	22	}
	23	}
	24
	25	user { "${username}:${userid}":
	26	name => $username,
	27	uid => $userid,
	28	ensure => "present",
	29	groups => "wheel",
	30	managehome => true,
	31	notify => Exec["remove_password"]
	32	}
	33
	34	exec { "remove_password":
	35	command => "/usr/bin/chage -d 0 $username && /usr/bin/passwd -d $username",
	36	refreshonly => true
	37	}
	38
	39	ssh_authorized_key { $username:
	40	name => "immae@immae.eu",
	41	user => $username,
	42	type => "ssh-rsa",
	43	key => "AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5PgLBwMRyRwzJPnSgUyRAuB9AAxMijsw1pR/t/wmxQne1O5fIPOleHx+D8dyZbwm+XkzlcJpgT0Qy3qC9J8BPhshJvO/tA/8CI/oS/FE0uWsyACH1DMO2dk4gRRZGSE9IuzDMRPlnfZ3n0tdsPzzv3GH4It/oPIgsvkTowKztGLQ7Xmjr5BxzAhXcIQymqA0U3XWHSdWvnSRDaOFG0PDoVMS85IdwlviVKLnV5Sstb4NC/P28LFfgvW8DO/XrOqujgDomqTmR41dK/AyrGGOb2cQUMO4l8Oa+74aOyKaB61rr/rJkr+wCbEttkTvgFa6zZygSk3edfiWE2rgn4+v"
	44	}
	45
	46	class { 'sudo':
cf36b39a IB	47	config_file_replace => false,
	48	# Missing in the sudo package, should no be mandatory
	49	package_ldap => false
f860f6d2 IB	50	}
	51
	52	sudo::conf { 'wheel':
	53	priority => 10,
	54	content => "%wheel ALL=(ALL) ALL"
	55	}
	56
	57	class { 'ssh::server':
	58	storeconfigs_enabled => false,
	59	options => {
	60	'AcceptEnv' => undef,
	61	'X11Forwarding' => 'yes',
	62	'PrintMotd' => 'no',
	63	'ChallengeResponseAuthentication' => 'no',
	64	'Subsystem' => 'sftp /usr/lib/openssh/sftp-server',
	65	}
	66	}
8ed6fb29	67
7a7f6544 IB	68	ensure_packages('ruby-shadow')
	69	user { 'root':
	70	password => '!'
	71	}
	72
	73	file { '/etc/pacman.d/mirrorlist':
	74	ensure => "present",
	75	path => "/etc/pacman.d/mirrorlist",
	76	source => 'puppet:///modules/base_configuration/mirrorlist',
	77	mode => "0644",
	78	owner => "root",
	79	group => "root"
	80	}
	81
8ed6fb29	82	class { 'pacman':
87f0ebb7 IB	83	color => true,
87f0ebb7 IB	84	usesyslog => true,
8ed6fb29 IB	85	}
	86
	87	pacman::repo { 'multilib':
	88	order => 15,
	89	include => '/etc/pacman.d/mirrorlist'
	90	}
a37e5d7a	91
91a2b30d IB	92	class { '::logrotate':
	93	manage_cron_daily => false,
	94	config => {
	95	rotate_every => 'week',
	96	rotate => 4,
	97	create => true,
	98	compress => true,
	99	olddir => '/var/log/old',
	100	tabooext => "+ .pacorig .pacnew .pacsave",
	101	}
	102	}
	103
	104	logrotate::rule { 'wtmp':
	105	path => '/var/log/wtmp',
	106	rotate_every => 'month',
	107	create => true,
	108	create_mode => '0664',
	109	create_owner => 'root',
	110	create_group => 'utmp',
	111	rotate => '1',
	112	minsize => '1M',
	113	}
	114	logrotate::rule { 'btmp':
	115	path => '/var/log/btmp',
	116	missingok => true,
	117	rotate_every => 'month',
	118	create => true,
	119	create_mode => '0600',
	120	create_owner => 'root',
	121	create_group => 'utmp',
	122	rotate => '1',
	123	}
	124
a37e5d7a IB	125	ensure_packages(["whois"], { 'install_options' => '--asdeps' })
	126	class { 'fail2ban':
	127	logtarget => 'SYSLOG',
	128	backend => 'systemd'
	129	}
	130	fail2ban::jail { 'sshd':
	131	backend => 'systemd',
	132	port => 'ssh',
	133	filter => 'sshd',
	134	maxretry => 10,
	135	bantime => 86400,
	136	logpath => '',
	137	order => 10
	138	}
f860f6d2	139	}