]>
Commit | Line | Data |
---|---|---|
1 | class base_configuration ( | |
2 | $hostname = undef, | |
3 | $username = "immae", | |
4 | $userid = 1000 | |
5 | ) { | |
6 | unless empty($hostname) { | |
7 | class { 'systemd::hostname': | |
8 | hostname => $hostname | |
9 | } | |
10 | } | |
11 | ||
12 | user { "${username}:${userid}": | |
13 | name => $username, | |
14 | uid => $userid, | |
15 | ensure => "present", | |
16 | groups => "wheel", | |
17 | managehome => true, | |
18 | notify => Exec["remove_password"] | |
19 | } | |
20 | ||
21 | exec { "remove_password": | |
22 | command => "/usr/bin/chage -d 0 $username && /usr/bin/passwd -d $username", | |
23 | refreshonly => true | |
24 | } | |
25 | ||
26 | ssh_authorized_key { $username: | |
27 | name => "immae@immae.eu", | |
28 | user => $username, | |
29 | type => "ssh-rsa", | |
30 | key => "AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5PgLBwMRyRwzJPnSgUyRAuB9AAxMijsw1pR/t/wmxQne1O5fIPOleHx+D8dyZbwm+XkzlcJpgT0Qy3qC9J8BPhshJvO/tA/8CI/oS/FE0uWsyACH1DMO2dk4gRRZGSE9IuzDMRPlnfZ3n0tdsPzzv3GH4It/oPIgsvkTowKztGLQ7Xmjr5BxzAhXcIQymqA0U3XWHSdWvnSRDaOFG0PDoVMS85IdwlviVKLnV5Sstb4NC/P28LFfgvW8DO/XrOqujgDomqTmR41dK/AyrGGOb2cQUMO4l8Oa+74aOyKaB61rr/rJkr+wCbEttkTvgFa6zZygSk3edfiWE2rgn4+v" | |
31 | } | |
32 | ||
33 | class { 'sudo': | |
34 | config_file_replace => false | |
35 | } | |
36 | ||
37 | sudo::conf { 'wheel': | |
38 | priority => 10, | |
39 | content => "%wheel ALL=(ALL) ALL" | |
40 | } | |
41 | ||
42 | class { 'ssh::server': | |
43 | storeconfigs_enabled => false, | |
44 | options => { | |
45 | 'AcceptEnv' => undef, | |
46 | 'X11Forwarding' => 'yes', | |
47 | 'PrintMotd' => 'no', | |
48 | 'ChallengeResponseAuthentication' => 'no', | |
49 | 'Subsystem' => 'sftp /usr/lib/openssh/sftp-server', | |
50 | } | |
51 | } | |
52 | ||
53 | class { 'pacman': | |
54 | color => true, | |
55 | } | |
56 | ||
57 | pacman::repo { 'multilib': | |
58 | order => 15, | |
59 | include => '/etc/pacman.d/mirrorlist' | |
60 | } | |
61 | ||
62 | class { '::logrotate': | |
63 | manage_cron_daily => false, | |
64 | config => { | |
65 | rotate_every => 'week', | |
66 | rotate => 4, | |
67 | create => true, | |
68 | compress => true, | |
69 | olddir => '/var/log/old', | |
70 | tabooext => "+ .pacorig .pacnew .pacsave", | |
71 | } | |
72 | } | |
73 | ||
74 | logrotate::rule { 'wtmp': | |
75 | path => '/var/log/wtmp', | |
76 | rotate_every => 'month', | |
77 | create => true, | |
78 | create_mode => '0664', | |
79 | create_owner => 'root', | |
80 | create_group => 'utmp', | |
81 | rotate => '1', | |
82 | minsize => '1M', | |
83 | } | |
84 | logrotate::rule { 'btmp': | |
85 | path => '/var/log/btmp', | |
86 | missingok => true, | |
87 | rotate_every => 'month', | |
88 | create => true, | |
89 | create_mode => '0600', | |
90 | create_owner => 'root', | |
91 | create_group => 'utmp', | |
92 | rotate => '1', | |
93 | } | |
94 | ||
95 | ensure_packages(["whois"], { 'install_options' => '--asdeps' }) | |
96 | class { 'fail2ban': | |
97 | logtarget => 'SYSLOG', | |
98 | backend => 'systemd' | |
99 | } | |
100 | fail2ban::jail { 'sshd': | |
101 | backend => 'systemd', | |
102 | port => 'ssh', | |
103 | filter => 'sshd', | |
104 | maxretry => 10, | |
105 | bantime => 86400, | |
106 | logpath => '', | |
107 | order => 10 | |
108 | } | |
109 | } |