[perso/Immae/Projets/Puppet.git] / modules / base_configuration / manifests / init.pp

class base_configuration (
  $hostname = undef,
  $username = "immae",
  $userid   = 1000
) {
  unless empty($hostname) {
    class { 'systemd::hostname':
      hostname => $hostname
    }
  }

  user { "${username}:${userid}":
    name       => $username,
    uid        => $userid,
    ensure     => "present",
    groups     => "wheel",
    managehome => true,
    notify     => Exec["remove_password"]
  }

  exec { "remove_password":
    command     => "/usr/bin/chage -d 0 $username && /usr/bin/passwd -d $username",
    refreshonly => true
  }

  ssh_authorized_key { $username:
    name => "immae@immae.eu",
    user => $username,
    type => "ssh-rsa",
    key  => "AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5PgLBwMRyRwzJPnSgUyRAuB9AAxMijsw1pR/t/wmxQne1O5fIPOleHx+D8dyZbwm+XkzlcJpgT0Qy3qC9J8BPhshJvO/tA/8CI/oS/FE0uWsyACH1DMO2dk4gRRZGSE9IuzDMRPlnfZ3n0tdsPzzv3GH4It/oPIgsvkTowKztGLQ7Xmjr5BxzAhXcIQymqA0U3XWHSdWvnSRDaOFG0PDoVMS85IdwlviVKLnV5Sstb4NC/P28LFfgvW8DO/XrOqujgDomqTmR41dK/AyrGGOb2cQUMO4l8Oa+74aOyKaB61rr/rJkr+wCbEttkTvgFa6zZygSk3edfiWE2rgn4+v"
  }

  class { 'sudo':
    config_file_replace => false
  }

  sudo::conf { 'wheel':
    priority => 10,
    content  => "%wheel ALL=(ALL) ALL"
  }

  class { 'ssh::server':
     storeconfigs_enabled => false,
     options => {
        'AcceptEnv'                       => undef,
        'X11Forwarding'                   => 'yes',
        'PrintMotd'                       => 'no',
        'ChallengeResponseAuthentication' => 'no',
        'Subsystem'                       => 'sftp /usr/lib/openssh/sftp-server',
     }
  }

  class { 'pacman':
    color => true,
  }

  pacman::repo { 'multilib':
    order   => 15,
    include => '/etc/pacman.d/mirrorlist'
  }

  class { '::logrotate':
    manage_cron_daily => false,
    config => {
      rotate_every => 'week',
      rotate       => 4,
      create       => true,
      compress     => true,
      olddir       => '/var/log/old',
      tabooext     => "+ .pacorig .pacnew .pacsave",
    }
  }

  logrotate::rule { 'wtmp':
    path         => '/var/log/wtmp',
    rotate_every => 'month',
    create       => true,
    create_mode  => '0664',
    create_owner => 'root',
    create_group => 'utmp',
    rotate       => '1',
    minsize      => '1M',
  }
  logrotate::rule { 'btmp':
    path         => '/var/log/btmp',
    missingok    => true,
    rotate_every => 'month',
    create       => true,
    create_mode  => '0600',
    create_owner => 'root',
    create_group => 'utmp',
    rotate       => '1',
  }

  ensure_packages(["whois"], { 'install_options' => '--asdeps' })
  class { 'fail2ban':
    logtarget => 'SYSLOG',
    backend   => 'systemd'
  }
  fail2ban::jail { 'sshd':
    backend  => 'systemd',
    port     => 'ssh',
    filter   => 'sshd',
    maxretry => 10,
    bantime  => 86400,
    logpath  => '',
    order    => 10
  }
}
Commit	Line	Data
f860f6d2 IB	1	class base_configuration (
	2	$hostname = undef,
	3	$username = "immae",
	4	$userid = 1000
	5	) {
	6	unless empty($hostname) {
	7	class { 'systemd::hostname':
	8	hostname => $hostname
	9	}
	10	}
	11
	12	user { "${username}:${userid}":
	13	name => $username,
	14	uid => $userid,
	15	ensure => "present",
	16	groups => "wheel",
	17	managehome => true,
	18	notify => Exec["remove_password"]
	19	}
	20
	21	exec { "remove_password":
	22	command => "/usr/bin/chage -d 0 $username && /usr/bin/passwd -d $username",
	23	refreshonly => true
	24	}
	25
	26	ssh_authorized_key { $username:
	27	name => "immae@immae.eu",
	28	user => $username,
	29	type => "ssh-rsa",
	30	key => "AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5PgLBwMRyRwzJPnSgUyRAuB9AAxMijsw1pR/t/wmxQne1O5fIPOleHx+D8dyZbwm+XkzlcJpgT0Qy3qC9J8BPhshJvO/tA/8CI/oS/FE0uWsyACH1DMO2dk4gRRZGSE9IuzDMRPlnfZ3n0tdsPzzv3GH4It/oPIgsvkTowKztGLQ7Xmjr5BxzAhXcIQymqA0U3XWHSdWvnSRDaOFG0PDoVMS85IdwlviVKLnV5Sstb4NC/P28LFfgvW8DO/XrOqujgDomqTmR41dK/AyrGGOb2cQUMO4l8Oa+74aOyKaB61rr/rJkr+wCbEttkTvgFa6zZygSk3edfiWE2rgn4+v"
	31	}
	32
	33	class { 'sudo':
	34	config_file_replace => false
	35	}
	36
	37	sudo::conf { 'wheel':
	38	priority => 10,
	39	content => "%wheel ALL=(ALL) ALL"
	40	}
	41
	42	class { 'ssh::server':
	43	storeconfigs_enabled => false,
	44	options => {
	45	'AcceptEnv' => undef,
	46	'X11Forwarding' => 'yes',
	47	'PrintMotd' => 'no',
	48	'ChallengeResponseAuthentication' => 'no',
	49	'Subsystem' => 'sftp /usr/lib/openssh/sftp-server',
	50	}
	51	}
8ed6fb29 IB	52
	53	class { 'pacman':
	54	color => true,
	55	}
	56
	57	pacman::repo { 'multilib':
	58	order => 15,
	59	include => '/etc/pacman.d/mirrorlist'
	60	}
a37e5d7a	61
91a2b30d IB	62	class { '::logrotate':
	63	manage_cron_daily => false,
	64	config => {
	65	rotate_every => 'week',
	66	rotate => 4,
	67	create => true,
	68	compress => true,
	69	olddir => '/var/log/old',
	70	tabooext => "+ .pacorig .pacnew .pacsave",
	71	}
	72	}
	73
	74	logrotate::rule { 'wtmp':
	75	path => '/var/log/wtmp',
	76	rotate_every => 'month',
	77	create => true,
	78	create_mode => '0664',
	79	create_owner => 'root',
	80	create_group => 'utmp',
	81	rotate => '1',
	82	minsize => '1M',
	83	}
	84	logrotate::rule { 'btmp':
	85	path => '/var/log/btmp',
	86	missingok => true,
	87	rotate_every => 'month',
	88	create => true,
	89	create_mode => '0600',
	90	create_owner => 'root',
	91	create_group => 'utmp',
	92	rotate => '1',
	93	}
	94
a37e5d7a IB	95	ensure_packages(["whois"], { 'install_options' => '--asdeps' })
	96	class { 'fail2ban':
	97	logtarget => 'SYSLOG',
	98	backend => 'systemd'
	99	}
	100	fail2ban::jail { 'sshd':
	101	backend => 'systemd',
	102	port => 'ssh',
	103	filter => 'sshd',
	104	maxretry => 10,
	105	bantime => 86400,
	106	logpath => '',
	107	order => 10
	108	}
f860f6d2	109	}