class base_configuration (
- $hostname = undef,
- $username = "immae",
- $userid = 1000
+ $hostname = undef,
+ $username = "immae",
+ $userid = 1000,
+ $code_path = undef,
+ $device = undef,
) {
+ unless empty($device) {
+ class { 'grub_install':
+ device => $device,
+ }
+ }
+
+ class { 'locales': }
+
+ unless empty($code_path) {
+ class { 'cron_puppet':
+ code_path => $code_path,
+ }
+ }
+
+ service { "sshd":
+ #ensure => "running",
+ enable => true,
+ }
+ service { "systemd-networkd":
+ #ensure => "running",
+ enable => true,
+ }
+ service { "systemd-resolved":
+ #ensure => "running",
+ enable => true,
+ }
+
+ file { "/etc/localtime":
+ ensure => "link",
+ target => "../usr/share/zoneinfo/Europe/Paris"
+ }
+
+ exec { "set_locale":
+ command => "/usr/bin/systemd-firstboot --locale=fr_FR.UTF-8",
+ creates => "/etc/locale.conf",
+ }
+
unless empty($hostname) {
- class { 'systemd::hostname':
- hostname => $hostname
+ exec { "set_hostname":
+ command => "/usr/bin/systemd-firstboot --hostname=$hostname",
+ creates => "/etc/hostname",
}
}
+ file { "/etc/vconsole.conf":
+ ensure => "link",
+ target => "/dev/null",
+ }
+
user { "${username}:${userid}":
name => $username,
uid => $userid,
}
class { 'sudo':
- config_file_replace => false
+ config_file_replace => false,
+ # Missing in the sudo package, should no be mandatory
+ package_ldap => false
}
sudo::conf { 'wheel':
'Subsystem' => 'sftp /usr/lib/openssh/sftp-server',
}
}
+
+ ensure_packages('ruby-shadow')
+ user { 'root':
+ password => '!'
+ }
+
+ file { '/etc/modprobe.d/pcspkr_no_autoload.conf':
+ ensure => "present",
+ path => "/etc/modprobe.d/pcspkr_no_autoload.conf",
+ source => 'puppet:///modules/base_configuration/pcspkr_no_autoload.conf',
+ mode => "0644",
+ owner => "root",
+ group => "root"
+ }
+
+ file { '/etc/systemd/system/getty@tty1.service.d/':
+ ensure => "directory",
+ path => "/etc/systemd/system/getty@tty1.service.d/",
+ mode => "0755",
+ owner => "root",
+ group => "root"
+ }
+
+ file { '/etc/systemd/system/getty@tty1.service.d/noclear.conf':
+ ensure => "present",
+ path => "/etc/systemd/system/getty@tty1.service.d/noclear.conf",
+ source => 'puppet:///modules/base_configuration/getty_conf_override.conf',
+ recurse => true,
+ mode => "0644",
+ owner => "root",
+ group => "root"
+ }
+
+ file { '/etc/systemd/network/en-dhcp.network':
+ ensure => "present",
+ path => "/etc/systemd/network/en-dhcp.network",
+ source => 'puppet:///modules/base_configuration/en-dhcp.network',
+ mode => "0644",
+ owner => "root",
+ group => "root"
+ }
+
+ file { '/etc/pacman.d/mirrorlist':
+ ensure => "present",
+ path => "/etc/pacman.d/mirrorlist",
+ source => 'puppet:///modules/base_configuration/mirrorlist',
+ mode => "0644",
+ owner => "root",
+ group => "root"
+ }
+
+ class { 'pacman':
+ color => true,
+ usesyslog => true,
+ }
+
+ pacman::repo { 'multilib':
+ order => 15,
+ include => '/etc/pacman.d/mirrorlist'
+ }
+
+ class { '::logrotate':
+ manage_cron_daily => false,
+ config => {
+ rotate_every => 'week',
+ rotate => 4,
+ create => true,
+ compress => true,
+ olddir => '/var/log/old',
+ tabooext => "+ .pacorig .pacnew .pacsave",
+ }
+ }
+
+ logrotate::rule { 'wtmp':
+ path => '/var/log/wtmp',
+ rotate_every => 'month',
+ create => true,
+ create_mode => '0664',
+ create_owner => 'root',
+ create_group => 'utmp',
+ rotate => 1,
+ minsize => '1M',
+ }
+ logrotate::rule { 'btmp':
+ path => '/var/log/btmp',
+ missingok => true,
+ rotate_every => 'month',
+ create => true,
+ create_mode => '0600',
+ create_owner => 'root',
+ create_group => 'utmp',
+ rotate => 1,
+ }
+
+ ensure_packages(["whois"], { 'install_options' => '--asdeps' })
+ class { 'fail2ban':
+ logtarget => 'SYSLOG',
+ backend => 'systemd'
+ }
+ fail2ban::jail { 'sshd':
+ backend => 'systemd',
+ port => 'ssh',
+ filter => 'sshd',
+ maxretry => 10,
+ bantime => 86400,
+ logpath => '',
+ order => 10
+ }
+
+ class { 'aur': }
}