]>
Commit | Line | Data |
---|---|---|
f860f6d2 | 1 | class base_configuration ( |
ba2cf1b5 IB |
2 | $hostname = undef, |
3 | $username = "immae", | |
4 | $userid = 1000, | |
5 | $code_path = undef, | |
6 | $device = undef, | |
f860f6d2 | 7 | ) { |
ba2cf1b5 IB |
8 | unless empty($device) { |
9 | class { 'grub_install': | |
10 | device => $device, | |
11 | } | |
12 | } | |
13 | ||
14 | class { 'locales': } | |
15 | ||
16 | unless empty($code_path) { | |
17 | class { 'cron_puppet': | |
18 | code_path => $code_path, | |
19 | } | |
20 | } | |
21 | ||
87f0ebb7 | 22 | service { "sshd": |
ba2cf1b5 | 23 | #ensure => "running", |
87f0ebb7 IB |
24 | enable => true, |
25 | } | |
ba2cf1b5 IB |
26 | service { "systemd-networkd": |
27 | #ensure => "running", | |
87f0ebb7 IB |
28 | enable => true, |
29 | } | |
ba2cf1b5 IB |
30 | service { "systemd-resolved": |
31 | #ensure => "running", | |
87f0ebb7 IB |
32 | enable => true, |
33 | } | |
34 | ||
ba2cf1b5 IB |
35 | file { "/etc/localtime": |
36 | ensure => "link", | |
37 | target => "../usr/share/zoneinfo/Europe/Paris" | |
38 | } | |
39 | ||
40 | exec { "set_locale": | |
41 | command => "/usr/bin/systemd-firstboot --locale=fr_FR.UTF-8", | |
42 | creates => "/etc/locale.conf", | |
43 | } | |
44 | ||
f860f6d2 | 45 | unless empty($hostname) { |
ba2cf1b5 IB |
46 | exec { "set_hostname": |
47 | command => "/usr/bin/systemd-firstboot --hostname=$hostname", | |
48 | creates => "/etc/hostname", | |
f860f6d2 IB |
49 | } |
50 | } | |
51 | ||
ba2cf1b5 IB |
52 | file { "/etc/vconsole.conf": |
53 | ensure => "link", | |
54 | target => "/dev/null", | |
55 | } | |
56 | ||
f860f6d2 IB |
57 | user { "${username}:${userid}": |
58 | name => $username, | |
59 | uid => $userid, | |
60 | ensure => "present", | |
61 | groups => "wheel", | |
62 | managehome => true, | |
63 | notify => Exec["remove_password"] | |
64 | } | |
65 | ||
66 | exec { "remove_password": | |
67 | command => "/usr/bin/chage -d 0 $username && /usr/bin/passwd -d $username", | |
68 | refreshonly => true | |
69 | } | |
70 | ||
71 | ssh_authorized_key { $username: | |
72 | name => "immae@immae.eu", | |
73 | user => $username, | |
74 | type => "ssh-rsa", | |
75 | key => "AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5PgLBwMRyRwzJPnSgUyRAuB9AAxMijsw1pR/t/wmxQne1O5fIPOleHx+D8dyZbwm+XkzlcJpgT0Qy3qC9J8BPhshJvO/tA/8CI/oS/FE0uWsyACH1DMO2dk4gRRZGSE9IuzDMRPlnfZ3n0tdsPzzv3GH4It/oPIgsvkTowKztGLQ7Xmjr5BxzAhXcIQymqA0U3XWHSdWvnSRDaOFG0PDoVMS85IdwlviVKLnV5Sstb4NC/P28LFfgvW8DO/XrOqujgDomqTmR41dK/AyrGGOb2cQUMO4l8Oa+74aOyKaB61rr/rJkr+wCbEttkTvgFa6zZygSk3edfiWE2rgn4+v" | |
76 | } | |
77 | ||
78 | class { 'sudo': | |
cf36b39a IB |
79 | config_file_replace => false, |
80 | # Missing in the sudo package, should no be mandatory | |
81 | package_ldap => false | |
f860f6d2 IB |
82 | } |
83 | ||
84 | sudo::conf { 'wheel': | |
85 | priority => 10, | |
86 | content => "%wheel ALL=(ALL) ALL" | |
87 | } | |
88 | ||
89 | class { 'ssh::server': | |
90 | storeconfigs_enabled => false, | |
91 | options => { | |
92 | 'AcceptEnv' => undef, | |
93 | 'X11Forwarding' => 'yes', | |
94 | 'PrintMotd' => 'no', | |
95 | 'ChallengeResponseAuthentication' => 'no', | |
96 | 'Subsystem' => 'sftp /usr/lib/openssh/sftp-server', | |
97 | } | |
98 | } | |
8ed6fb29 | 99 | |
7a7f6544 IB |
100 | ensure_packages('ruby-shadow') |
101 | user { 'root': | |
102 | password => '!' | |
103 | } | |
104 | ||
ba2cf1b5 IB |
105 | file { '/etc/modprobe.d/pcspkr_no_autoload.conf': |
106 | ensure => "present", | |
107 | path => "/etc/modprobe.d/pcspkr_no_autoload.conf", | |
108 | source => 'puppet:///modules/base_configuration/pcspkr_no_autoload.conf', | |
109 | mode => "0644", | |
110 | owner => "root", | |
111 | group => "root" | |
112 | } | |
113 | ||
114 | file { '/etc/systemd/system/getty@tty1.service.d/': | |
115 | ensure => "directory", | |
116 | path => "/etc/systemd/system/getty@tty1.service.d/", | |
117 | mode => "0755", | |
118 | owner => "root", | |
119 | group => "root" | |
120 | } | |
121 | ||
122 | file { '/etc/systemd/system/getty@tty1.service.d/noclear.conf': | |
123 | ensure => "present", | |
124 | path => "/etc/systemd/system/getty@tty1.service.d/noclear.conf", | |
125 | source => 'puppet:///modules/base_configuration/getty_conf_override.conf', | |
126 | recurse => true, | |
127 | mode => "0644", | |
128 | owner => "root", | |
129 | group => "root" | |
130 | } | |
131 | ||
132 | file { '/etc/systemd/network/en-dhcp.network': | |
133 | ensure => "present", | |
134 | path => "/etc/systemd/network/en-dhcp.network", | |
135 | source => 'puppet:///modules/base_configuration/en-dhcp.network', | |
136 | mode => "0644", | |
137 | owner => "root", | |
138 | group => "root" | |
139 | } | |
140 | ||
7a7f6544 IB |
141 | file { '/etc/pacman.d/mirrorlist': |
142 | ensure => "present", | |
143 | path => "/etc/pacman.d/mirrorlist", | |
144 | source => 'puppet:///modules/base_configuration/mirrorlist', | |
145 | mode => "0644", | |
146 | owner => "root", | |
147 | group => "root" | |
148 | } | |
149 | ||
8ed6fb29 | 150 | class { 'pacman': |
87f0ebb7 IB |
151 | color => true, |
152 | usesyslog => true, | |
8ed6fb29 IB |
153 | } |
154 | ||
155 | pacman::repo { 'multilib': | |
156 | order => 15, | |
157 | include => '/etc/pacman.d/mirrorlist' | |
158 | } | |
a37e5d7a | 159 | |
91a2b30d IB |
160 | class { '::logrotate': |
161 | manage_cron_daily => false, | |
162 | config => { | |
163 | rotate_every => 'week', | |
164 | rotate => 4, | |
165 | create => true, | |
166 | compress => true, | |
167 | olddir => '/var/log/old', | |
168 | tabooext => "+ .pacorig .pacnew .pacsave", | |
169 | } | |
170 | } | |
171 | ||
172 | logrotate::rule { 'wtmp': | |
173 | path => '/var/log/wtmp', | |
174 | rotate_every => 'month', | |
175 | create => true, | |
176 | create_mode => '0664', | |
177 | create_owner => 'root', | |
178 | create_group => 'utmp', | |
ba2cf1b5 | 179 | rotate => 1, |
91a2b30d IB |
180 | minsize => '1M', |
181 | } | |
182 | logrotate::rule { 'btmp': | |
183 | path => '/var/log/btmp', | |
184 | missingok => true, | |
185 | rotate_every => 'month', | |
186 | create => true, | |
187 | create_mode => '0600', | |
188 | create_owner => 'root', | |
189 | create_group => 'utmp', | |
ba2cf1b5 | 190 | rotate => 1, |
91a2b30d IB |
191 | } |
192 | ||
a37e5d7a IB |
193 | ensure_packages(["whois"], { 'install_options' => '--asdeps' }) |
194 | class { 'fail2ban': | |
195 | logtarget => 'SYSLOG', | |
196 | backend => 'systemd' | |
197 | } | |
198 | fail2ban::jail { 'sshd': | |
199 | backend => 'systemd', | |
200 | port => 'ssh', | |
201 | filter => 'sshd', | |
202 | maxretry => 10, | |
203 | bantime => 86400, | |
204 | logpath => '', | |
205 | order => 10 | |
206 | } | |
ba2cf1b5 IB |
207 | |
208 | class { 'aur': } | |
f860f6d2 | 209 | } |