-class base_configuration (
- $hostname = undef,
- $username = "immae",
- $userid = 1000,
- $code_path = undef,
- $device = undef,
-) {
- unless empty($device) {
- class { 'grub_install':
- device => $device,
- }
- }
-
- class { 'locales': }
-
- unless empty($code_path) {
- class { 'cron_puppet':
- code_path => $code_path,
- }
- }
-
- service { "sshd":
- #ensure => "running",
- enable => true,
- }
- service { "systemd-networkd":
- #ensure => "running",
- enable => true,
- }
- service { "systemd-resolved":
- #ensure => "running",
- enable => true,
- }
-
- file { "/etc/localtime":
- ensure => "link",
- target => "../usr/share/zoneinfo/Europe/Paris"
- }
-
- exec { "set_locale":
- command => "/usr/bin/systemd-firstboot --locale=fr_FR.UTF-8",
- creates => "/etc/locale.conf",
- }
-
- unless empty($hostname) {
- exec { "set_hostname":
- command => "/usr/bin/systemd-firstboot --hostname=$hostname",
- creates => "/etc/hostname",
- }
- }
-
- file { "/etc/vconsole.conf":
- ensure => "link",
- target => "/dev/null",
- }
-
- user { "${username}:${userid}":
- name => $username,
- uid => $userid,
- ensure => "present",
- groups => "wheel",
- managehome => true,
- notify => Exec["remove_password"]
- }
-
- exec { "remove_password":
- command => "/usr/bin/chage -d 0 $username && /usr/bin/passwd -d $username",
- refreshonly => true
- }
-
- ssh_authorized_key { $username:
- name => "immae@immae.eu",
- user => $username,
- type => "ssh-rsa",
- key => "AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5PgLBwMRyRwzJPnSgUyRAuB9AAxMijsw1pR/t/wmxQne1O5fIPOleHx+D8dyZbwm+XkzlcJpgT0Qy3qC9J8BPhshJvO/tA/8CI/oS/FE0uWsyACH1DMO2dk4gRRZGSE9IuzDMRPlnfZ3n0tdsPzzv3GH4It/oPIgsvkTowKztGLQ7Xmjr5BxzAhXcIQymqA0U3XWHSdWvnSRDaOFG0PDoVMS85IdwlviVKLnV5Sstb4NC/P28LFfgvW8DO/XrOqujgDomqTmR41dK/AyrGGOb2cQUMO4l8Oa+74aOyKaB61rr/rJkr+wCbEttkTvgFa6zZygSk3edfiWE2rgn4+v"
- }
-
- class { 'sudo':
- config_file_replace => false,
- # Missing in the sudo package, should no be mandatory
- package_ldap => false
- }
-
- sudo::conf { 'wheel':
- priority => 10,
- content => "%wheel ALL=(ALL) ALL"
- }
-
- class { 'ssh::server':
- storeconfigs_enabled => false,
- options => {
- 'AcceptEnv' => undef,
- 'X11Forwarding' => 'yes',
- 'PrintMotd' => 'no',
- 'ChallengeResponseAuthentication' => 'no',
- 'Subsystem' => 'sftp /usr/lib/openssh/sftp-server',
- }
- }
-
- ensure_packages('ruby-shadow')
- user { 'root':
- password => '!'
- }
-
- file { '/etc/modprobe.d/pcspkr_no_autoload.conf':
- ensure => "present",
- path => "/etc/modprobe.d/pcspkr_no_autoload.conf",
- source => 'puppet:///modules/base_configuration/pcspkr_no_autoload.conf',
- mode => "0644",
- owner => "root",
- group => "root"
- }
-
- file { '/etc/systemd/system/getty@tty1.service.d/':
- ensure => "directory",
- path => "/etc/systemd/system/getty@tty1.service.d/",
- mode => "0755",
- owner => "root",
- group => "root"
- }
-
- file { '/etc/systemd/system/getty@tty1.service.d/noclear.conf':
- ensure => "present",
- path => "/etc/systemd/system/getty@tty1.service.d/noclear.conf",
- source => 'puppet:///modules/base_configuration/getty_conf_override.conf',
- recurse => true,
- mode => "0644",
- owner => "root",
- group => "root"
- }
-
- file { '/etc/systemd/network/en-dhcp.network':
- ensure => "present",
- path => "/etc/systemd/network/en-dhcp.network",
- source => 'puppet:///modules/base_configuration/en-dhcp.network',
- mode => "0644",
- owner => "root",
- group => "root"
- }
-
- file { '/etc/pacman.d/mirrorlist':
- ensure => "present",
- path => "/etc/pacman.d/mirrorlist",
- source => 'puppet:///modules/base_configuration/mirrorlist',
- mode => "0644",
- owner => "root",
- group => "root"
- }
-
- class { 'pacman':
- color => true,
- usesyslog => true,
- }
-
- pacman::repo { 'multilib':
- order => 15,
- include => '/etc/pacman.d/mirrorlist'
- }
-
- class { '::logrotate':
- manage_cron_daily => false,
- config => {
- rotate_every => 'week',
- rotate => 4,
- create => true,
- compress => true,
- olddir => '/var/log/old',
- tabooext => "+ .pacorig .pacnew .pacsave",
- }
- }
-
- logrotate::rule { 'wtmp':
- path => '/var/log/wtmp',
- rotate_every => 'month',
- create => true,
- create_mode => '0664',
- create_owner => 'root',
- create_group => 'utmp',
- rotate => 1,
- minsize => '1M',
- }
- logrotate::rule { 'btmp':
- path => '/var/log/btmp',
- missingok => true,
- rotate_every => 'month',
- create => true,
- create_mode => '0600',
- create_owner => 'root',
- create_group => 'utmp',
- rotate => 1,
- }
-
- ensure_packages(["whois"], { 'install_options' => '--asdeps' })
- class { 'fail2ban':
- logtarget => 'SYSLOG',
- backend => 'systemd'
- }
- fail2ban::jail { 'sshd':
- backend => 'systemd',
- port => 'ssh',
- filter => 'sshd',
- maxretry => 10,
- bantime => 86400,
- logpath => '',
- order => 10
- }
-
- class { 'aur': }
-}