Install OVH vps from scratch

[perso/Immae/Projets/Puppet.git] / modules / base_configuration / manifests / init.pp

diff --git a/modules/base_configuration/manifests/init.pp b/modules/base_configuration/manifests/init.pp
index 4c6ca1e155cd5d210644aade25a239ea74322aaf..8b2ce4ccb6ebba10eaa7526b802ddacab87bca49 100644 (file)
--- a/modules/base_configuration/manifests/init.pp
+++ b/modules/base_configuration/manifests/init.pp
@@ -1,14 +1,59 @@
 class base_configuration (
-  $hostname = undef,
-  $username = "immae",
-  $userid   = 1000
+  $hostname  = undef,
+  $username  = "immae",
+  $userid    = 1000,
+  $code_path = undef,
+  $device    = undef,
 ) {
+  unless empty($device) {
+    class { 'grub_install':
+      device => $device,
+    }
+  }
+
+  class { 'locales': }
+
+  unless empty($code_path) {
+    class { 'cron_puppet':
+      code_path => $code_path,
+    }
+  }
+
+  service { "sshd":
+    #ensure => "running",
+    enable => true,
+  }
+  service { "systemd-networkd":
+    #ensure => "running",
+    enable => true,
+  }
+  service { "systemd-resolved":
+    #ensure => "running",
+    enable => true,
+  }
+
+  file { "/etc/localtime":
+    ensure => "link",
+    target => "../usr/share/zoneinfo/Europe/Paris"
+  }
+
+  exec { "set_locale":
+    command     => "/usr/bin/systemd-firstboot --locale=fr_FR.UTF-8",
+    creates     => "/etc/locale.conf",
+  }
+
   unless empty($hostname) {
-    class { 'systemd::hostname':
-      hostname => $hostname
+    exec { "set_hostname":
+      command     => "/usr/bin/systemd-firstboot --hostname=$hostname",
+      creates     => "/etc/hostname",
     }
   }
 
+  file { "/etc/vconsole.conf":
+    ensure => "link",
+    target => "/dev/null",
+  }
+
   user { "${username}:${userid}":
     name       => $username,
     uid        => $userid,
@@ -31,7 +76,9 @@ class base_configuration (
   }
 
   class { 'sudo':
-    config_file_replace => false
+    config_file_replace => false,
+    # Missing in the sudo package, should no be mandatory
+    package_ldap        => false
   }
 
   sudo::conf { 'wheel':
@@ -49,4 +96,114 @@ class base_configuration (
         'Subsystem'                       => 'sftp /usr/lib/openssh/sftp-server',
      }
   }
+
+  ensure_packages('ruby-shadow')
+  user { 'root':
+    password => '!'
+  }
+
+  file { '/etc/modprobe.d/pcspkr_no_autoload.conf':
+     ensure => "present",
+     path   => "/etc/modprobe.d/pcspkr_no_autoload.conf",
+     source => 'puppet:///modules/base_configuration/pcspkr_no_autoload.conf',
+     mode   => "0644",
+     owner  => "root",
+     group  => "root"
+  }
+
+  file { '/etc/systemd/system/getty@tty1.service.d/':
+    ensure => "directory",
+    path   => "/etc/systemd/system/getty@tty1.service.d/",
+    mode   => "0755",
+    owner  => "root",
+    group  => "root"
+  }
+
+  file { '/etc/systemd/system/getty@tty1.service.d/noclear.conf':
+     ensure  => "present",
+     path    => "/etc/systemd/system/getty@tty1.service.d/noclear.conf",
+     source  => 'puppet:///modules/base_configuration/getty_conf_override.conf',
+     recurse =>  true,
+     mode    => "0644",
+     owner   => "root",
+     group   => "root"
+  }
+
+  file { '/etc/systemd/network/en-dhcp.network':
+     ensure => "present",
+     path   => "/etc/systemd/network/en-dhcp.network",
+     source => 'puppet:///modules/base_configuration/en-dhcp.network',
+     mode   => "0644",
+     owner  => "root",
+     group  => "root"
+  }
+
+  file { '/etc/pacman.d/mirrorlist':
+     ensure  => "present",
+     path    => "/etc/pacman.d/mirrorlist",
+     source  => 'puppet:///modules/base_configuration/mirrorlist',
+     mode    => "0644",
+     owner   => "root",
+     group   => "root"
+  }
+
+  class { 'pacman':
+    color     => true,
+    usesyslog => true,
+  }
+
+  pacman::repo { 'multilib':
+    order   => 15,
+    include => '/etc/pacman.d/mirrorlist'
+  }
+
+  class { '::logrotate':
+    manage_cron_daily => false,
+    config => {
+      rotate_every => 'week',
+      rotate       => 4,
+      create       => true,
+      compress     => true,
+      olddir       => '/var/log/old',
+      tabooext     => "+ .pacorig .pacnew .pacsave",
+    }
+  }
+
+  logrotate::rule { 'wtmp':
+    path         => '/var/log/wtmp',
+    rotate_every => 'month',
+    create       => true,
+    create_mode  => '0664',
+    create_owner => 'root',
+    create_group => 'utmp',
+    rotate       => 1,
+    minsize      => '1M',
+  }
+  logrotate::rule { 'btmp':
+    path         => '/var/log/btmp',
+    missingok    => true,
+    rotate_every => 'month',
+    create       => true,
+    create_mode  => '0600',
+    create_owner => 'root',
+    create_group => 'utmp',
+    rotate       => 1,
+  }
+
+  ensure_packages(["whois"], { 'install_options' => '--asdeps' })
+  class { 'fail2ban':
+    logtarget => 'SYSLOG',
+    backend   => 'systemd'
+  }
+  fail2ban::jail { 'sshd':
+    backend  => 'systemd',
+    port     => 'ssh',
+    filter   => 'sshd',
+    maxretry => 10,
+    bantime  => 86400,
+    logpath  => '',
+    order    => 10
+  }
+
+  class { 'aur': }
 }