From 7fed35a408b9ec37454169425823785b5fc8978b Mon Sep 17 00:00:00 2001 From: =?utf8?q?Isma=C3=ABl=20Bouya?= Date: Thu, 24 Aug 2017 02:22:17 +0200 Subject: [PATCH] Refactor base installation module --- manifests/install_ovh.pp | 54 ----- manifests/install_ovh_from_scratch.pp | 18 +- modules/aur/manifests/aura.pp | 16 +- modules/aur/manifests/init.pp | 2 +- .../aur/manifests/{install.pp => package.pp} | 6 +- modules/base_configuration/manifests/init.pp | 209 ------------------ .../files/cronie/puppet-post-merge} | 0 .../kernel_modules}/pcspkr_no_autoload.conf | 0 .../files/package_managers}/mirrorlist | 0 .../files/services}/en-dhcp.network | 0 .../files/services}/getty_conf_override.conf | 0 modules/base_installation/manifests/cronie.pp | 21 ++ .../base_installation/manifests/firewall.pp | 20 ++ .../manifests/grub.pp} | 17 +- modules/base_installation/manifests/init.pp | 21 ++ .../manifests/kernel_modules.pp | 11 + .../base_installation/manifests/locales.pp | 37 ++++ modules/base_installation/manifests/logs.pp | 36 +++ .../manifests/package_managers.pp | 25 +++ .../base_installation/manifests/packages.pp | 10 + modules/base_installation/manifests/params.pp | 21 ++ .../base_installation/manifests/services.pp | 50 +++++ modules/base_installation/manifests/ssh.pp | 14 ++ .../manifests/system_config.pp | 21 ++ modules/base_installation/manifests/users.pp | 49 ++++ modules/base_packages/manifests/init.pp | 11 - modules/cron_puppet/manifests/init.pp | 26 --- modules/grub_install/files/config | 47 ---- modules/locales/manifests/init.pp | 12 - modules/locales/manifests/locale.pp | 7 - modules/ovh_cleanup/manifests/init.pp | 75 ------- 31 files changed, 354 insertions(+), 482 deletions(-) delete mode 100644 manifests/install_ovh.pp rename modules/aur/manifests/{install.pp => package.pp} (81%) delete mode 100644 modules/base_configuration/manifests/init.pp rename modules/{cron_puppet/files/post-merge => base_installation/files/cronie/puppet-post-merge} (100%) rename modules/{base_configuration/files => base_installation/files/kernel_modules}/pcspkr_no_autoload.conf (100%) rename modules/{base_configuration/files => base_installation/files/package_managers}/mirrorlist (100%) rename modules/{base_configuration/files => base_installation/files/services}/en-dhcp.network (100%) rename modules/{base_configuration/files => base_installation/files/services}/getty_conf_override.conf (100%) create mode 100644 modules/base_installation/manifests/cronie.pp create mode 100644 modules/base_installation/manifests/firewall.pp rename modules/{grub_install/manifests/init.pp => base_installation/manifests/grub.pp} (50%) create mode 100644 modules/base_installation/manifests/init.pp create mode 100644 modules/base_installation/manifests/kernel_modules.pp create mode 100644 modules/base_installation/manifests/locales.pp create mode 100644 modules/base_installation/manifests/logs.pp create mode 100644 modules/base_installation/manifests/package_managers.pp create mode 100644 modules/base_installation/manifests/packages.pp create mode 100644 modules/base_installation/manifests/params.pp create mode 100644 modules/base_installation/manifests/services.pp create mode 100644 modules/base_installation/manifests/ssh.pp create mode 100644 modules/base_installation/manifests/system_config.pp create mode 100644 modules/base_installation/manifests/users.pp delete mode 100644 modules/base_packages/manifests/init.pp delete mode 100644 modules/cron_puppet/manifests/init.pp delete mode 100644 modules/grub_install/files/config delete mode 100644 modules/locales/manifests/init.pp delete mode 100644 modules/locales/manifests/locale.pp delete mode 100644 modules/ovh_cleanup/manifests/init.pp diff --git a/manifests/install_ovh.pp b/manifests/install_ovh.pp deleted file mode 100644 index a5adf44..0000000 --- a/manifests/install_ovh.pp +++ /dev/null @@ -1,54 +0,0 @@ -node default { - include stdlib - - stage { 'base_configuration': - before => Stage['main'] - } - stage { 'base_installation': - before => Stage['base_configuration'] - } - stage { 'preparation': - before => Stage['base_installation'] - } - - class { 'etckeeper': - stage => 'preparation' - } - class { 'ovh_cleanup': - stage => 'preparation' - } - etckeeper::run { 'post_preparation_stage': - reason => "Post puppet preparation stage", - stages => [Stage['preparation']] - } - - class { 'base_packages': - stage => "base_installation" - } - etckeeper::run { 'post_base_installation_stage': - reason => "Post puppet base installation stage", - stages => [Stage['base_installation']] - } - - class { 'locales': - stage => "base_configuration" - } - class { 'cron_puppet': - stage => "base_configuration" - } - class { 'base_configuration': - stage => "base_configuration", - hostname => 'new.immae.eu' - } - etckeeper::run { 'post_base_configuration_stage': - reason => "Post puppet base configuration stage", - stages => [Stage['base_configuration']] - } - - class { 'aur': } - - reboot { 'after_run': - apply => 'finished', - timeout => 0 - } -} diff --git a/manifests/install_ovh_from_scratch.pp b/manifests/install_ovh_from_scratch.pp index 4888cfc..f5224fa 100644 --- a/manifests/install_ovh_from_scratch.pp +++ b/manifests/install_ovh_from_scratch.pp @@ -1,20 +1,8 @@ node default { include stdlib - stage { 'base_configuration': } - stage { 'base_packages': } - Stage["setup"] - -> Stage['base_packages'] - -> Stage['base_configuration'] - -> Stage['main'] - - class { 'base_packages': - stage => "base_packages" - } - class { 'base_configuration': - stage => "base_configuration", - code_path => "/etc/puppetlabs/code", - device => "/dev/sdb", - hostname => 'new.immae.eu', + class { 'base_installation': + stage => "setup", + grub_device => "/dev/sdb", } } diff --git a/modules/aur/manifests/aura.pp b/modules/aur/manifests/aura.pp index 2dbcf39..1683cf8 100644 --- a/modules/aur/manifests/aura.pp +++ b/modules/aur/manifests/aura.pp @@ -6,12 +6,7 @@ class aur::aura( ensure => "present" } - exec { 'pacman-base-devel': - command => '/usr/bin/pacman -Sy base-devel --needed --noconfirm', - unless => '/usr/bin/pacman -Qo aura', - logoutput => 'on_failure', - } - + ensure_packages(['base-devel'], { 'install_options' => '--needed' }) ensure_packages(['gmp', 'pcre'], { 'install_options' => '--asdeps' }) exec { 'aur::aura': @@ -20,14 +15,15 @@ class aur::aura( command => 'curl -o /tmp/aur.sh aur.sh && chmod +x /tmp/aur.sh && /tmp/aur.sh aura-bin && mv /tmp/aura-bin/aura-bin-*-x86_64.pkg.tar.xz /tmp/aura-bin-x86_64.pkg.tar.xz && rm /tmp/aur.sh && rm -rf /tmp/aura-bin', user => "aur-builder", unless => '/usr/bin/pacman -Qo aura', - require => Exec['pacman-base-devel'], + require => Package['base-devel'], logoutput => 'on_failure', } package { 'aura-bin': - ensure => "present", - source => "/tmp/aura-bin-x86_64.pkg.tar.xz", - notify => Exec['aur::aura::cleanup'] + ensure => "present", + source => "/tmp/aura-bin-x86_64.pkg.tar.xz", + require => Exec['aur::aura'], + notify => Exec['aur::aura::cleanup'] } exec { 'aur::aura::cleanup': diff --git a/modules/aur/manifests/init.pp b/modules/aur/manifests/init.pp index cdf9929..8c3faa1 100644 --- a/modules/aur/manifests/init.pp +++ b/modules/aur/manifests/init.pp @@ -1,4 +1,4 @@ class aur { - class { 'aur::aura': } + contain 'aur::aura' } diff --git a/modules/aur/manifests/install.pp b/modules/aur/manifests/package.pp similarity index 81% rename from modules/aur/manifests/install.pp rename to modules/aur/manifests/package.pp index 074088e..2fd346e 100644 --- a/modules/aur/manifests/install.pp +++ b/modules/aur/manifests/package.pp @@ -1,12 +1,14 @@ -define aur::install ( +define aur::package ( $ensure = 'present', ) { case $ensure { 'present': { exec { "pacman::aur::install::${name}": + cwd => "/tmp", require => Class[aur::aura], command => "/usr/bin/aura -A ${name}", + user => "aur-builder", unless => "/usr/bin/aura -Qk ${name}", logoutput => 'on_failure', timeout => 1800, @@ -14,8 +16,10 @@ define aur::install ( } 'absent': { exec { "pacman::aur::remove::${name}": + cwd => "/tmp", require => Class[aur::aura], command => "/usr/bin/aura -Rs ${name}", + user => "aur-builder", onlyif => "/usr/bin/aura -Qi ${name}", logoutput => 'on_failure', } diff --git a/modules/base_configuration/manifests/init.pp b/modules/base_configuration/manifests/init.pp deleted file mode 100644 index 8b2ce4c..0000000 --- a/modules/base_configuration/manifests/init.pp +++ /dev/null @@ -1,209 +0,0 @@ -class base_configuration ( - $hostname = undef, - $username = "immae", - $userid = 1000, - $code_path = undef, - $device = undef, -) { - unless empty($device) { - class { 'grub_install': - device => $device, - } - } - - class { 'locales': } - - unless empty($code_path) { - class { 'cron_puppet': - code_path => $code_path, - } - } - - service { "sshd": - #ensure => "running", - enable => true, - } - service { "systemd-networkd": - #ensure => "running", - enable => true, - } - service { "systemd-resolved": - #ensure => "running", - enable => true, - } - - file { "/etc/localtime": - ensure => "link", - target => "../usr/share/zoneinfo/Europe/Paris" - } - - exec { "set_locale": - command => "/usr/bin/systemd-firstboot --locale=fr_FR.UTF-8", - creates => "/etc/locale.conf", - } - - unless empty($hostname) { - exec { "set_hostname": - command => "/usr/bin/systemd-firstboot --hostname=$hostname", - creates => "/etc/hostname", - } - } - - file { "/etc/vconsole.conf": - ensure => "link", - target => "/dev/null", - } - - user { "${username}:${userid}": - name => $username, - uid => $userid, - ensure => "present", - groups => "wheel", - managehome => true, - notify => Exec["remove_password"] - } - - exec { "remove_password": - command => "/usr/bin/chage -d 0 $username && /usr/bin/passwd -d $username", - refreshonly => true - } - - ssh_authorized_key { $username: - name => "immae@immae.eu", - user => $username, - type => "ssh-rsa", - key => "AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5PgLBwMRyRwzJPnSgUyRAuB9AAxMijsw1pR/t/wmxQne1O5fIPOleHx+D8dyZbwm+XkzlcJpgT0Qy3qC9J8BPhshJvO/tA/8CI/oS/FE0uWsyACH1DMO2dk4gRRZGSE9IuzDMRPlnfZ3n0tdsPzzv3GH4It/oPIgsvkTowKztGLQ7Xmjr5BxzAhXcIQymqA0U3XWHSdWvnSRDaOFG0PDoVMS85IdwlviVKLnV5Sstb4NC/P28LFfgvW8DO/XrOqujgDomqTmR41dK/AyrGGOb2cQUMO4l8Oa+74aOyKaB61rr/rJkr+wCbEttkTvgFa6zZygSk3edfiWE2rgn4+v" - } - - class { 'sudo': - config_file_replace => false, - # Missing in the sudo package, should no be mandatory - package_ldap => false - } - - sudo::conf { 'wheel': - priority => 10, - content => "%wheel ALL=(ALL) ALL" - } - - class { 'ssh::server': - storeconfigs_enabled => false, - options => { - 'AcceptEnv' => undef, - 'X11Forwarding' => 'yes', - 'PrintMotd' => 'no', - 'ChallengeResponseAuthentication' => 'no', - 'Subsystem' => 'sftp /usr/lib/openssh/sftp-server', - } - } - - ensure_packages('ruby-shadow') - user { 'root': - password => '!' - } - - file { '/etc/modprobe.d/pcspkr_no_autoload.conf': - ensure => "present", - path => "/etc/modprobe.d/pcspkr_no_autoload.conf", - source => 'puppet:///modules/base_configuration/pcspkr_no_autoload.conf', - mode => "0644", - owner => "root", - group => "root" - } - - file { '/etc/systemd/system/getty@tty1.service.d/': - ensure => "directory", - path => "/etc/systemd/system/getty@tty1.service.d/", - mode => "0755", - owner => "root", - group => "root" - } - - file { '/etc/systemd/system/getty@tty1.service.d/noclear.conf': - ensure => "present", - path => "/etc/systemd/system/getty@tty1.service.d/noclear.conf", - source => 'puppet:///modules/base_configuration/getty_conf_override.conf', - recurse => true, - mode => "0644", - owner => "root", - group => "root" - } - - file { '/etc/systemd/network/en-dhcp.network': - ensure => "present", - path => "/etc/systemd/network/en-dhcp.network", - source => 'puppet:///modules/base_configuration/en-dhcp.network', - mode => "0644", - owner => "root", - group => "root" - } - - file { '/etc/pacman.d/mirrorlist': - ensure => "present", - path => "/etc/pacman.d/mirrorlist", - source => 'puppet:///modules/base_configuration/mirrorlist', - mode => "0644", - owner => "root", - group => "root" - } - - class { 'pacman': - color => true, - usesyslog => true, - } - - pacman::repo { 'multilib': - order => 15, - include => '/etc/pacman.d/mirrorlist' - } - - class { '::logrotate': - manage_cron_daily => false, - config => { - rotate_every => 'week', - rotate => 4, - create => true, - compress => true, - olddir => '/var/log/old', - tabooext => "+ .pacorig .pacnew .pacsave", - } - } - - logrotate::rule { 'wtmp': - path => '/var/log/wtmp', - rotate_every => 'month', - create => true, - create_mode => '0664', - create_owner => 'root', - create_group => 'utmp', - rotate => 1, - minsize => '1M', - } - logrotate::rule { 'btmp': - path => '/var/log/btmp', - missingok => true, - rotate_every => 'month', - create => true, - create_mode => '0600', - create_owner => 'root', - create_group => 'utmp', - rotate => 1, - } - - ensure_packages(["whois"], { 'install_options' => '--asdeps' }) - class { 'fail2ban': - logtarget => 'SYSLOG', - backend => 'systemd' - } - fail2ban::jail { 'sshd': - backend => 'systemd', - port => 'ssh', - filter => 'sshd', - maxretry => 10, - bantime => 86400, - logpath => '', - order => 10 - } - - class { 'aur': } -} diff --git a/modules/cron_puppet/files/post-merge b/modules/base_installation/files/cronie/puppet-post-merge similarity index 100% rename from modules/cron_puppet/files/post-merge rename to modules/base_installation/files/cronie/puppet-post-merge diff --git a/modules/base_configuration/files/pcspkr_no_autoload.conf b/modules/base_installation/files/kernel_modules/pcspkr_no_autoload.conf similarity index 100% rename from modules/base_configuration/files/pcspkr_no_autoload.conf rename to modules/base_installation/files/kernel_modules/pcspkr_no_autoload.conf diff --git a/modules/base_configuration/files/mirrorlist b/modules/base_installation/files/package_managers/mirrorlist similarity index 100% rename from modules/base_configuration/files/mirrorlist rename to modules/base_installation/files/package_managers/mirrorlist diff --git a/modules/base_configuration/files/en-dhcp.network b/modules/base_installation/files/services/en-dhcp.network similarity index 100% rename from modules/base_configuration/files/en-dhcp.network rename to modules/base_installation/files/services/en-dhcp.network diff --git a/modules/base_configuration/files/getty_conf_override.conf b/modules/base_installation/files/services/getty_conf_override.conf similarity index 100% rename from modules/base_configuration/files/getty_conf_override.conf rename to modules/base_installation/files/services/getty_conf_override.conf diff --git a/modules/base_installation/manifests/cronie.pp b/modules/base_installation/manifests/cronie.pp new file mode 100644 index 0000000..bcdd9a7 --- /dev/null +++ b/modules/base_installation/manifests/cronie.pp @@ -0,0 +1,21 @@ +class base_installation::cronie inherits base_installation { + ensure_packages(['cronie']) + + unless empty($base_installation::puppet_code_path) { + file { 'post-hook': + ensure => file, + path => "$base_installation::puppet_code_path/.git/hooks/post-merge", + source => 'puppet:///modules/base_installation/cronie/puppet-post-merge', + mode => '0755', + owner => root, + group => root, + } + cron { 'puppet-apply': + ensure => present, + command => "cd $base_installation::puppet_code_path ; /usr/bin/git pull", + user => root, + minute => '*/30', + require => File['post-hook'], + } + } +} diff --git a/modules/base_installation/manifests/firewall.pp b/modules/base_installation/manifests/firewall.pp new file mode 100644 index 0000000..12eeac2 --- /dev/null +++ b/modules/base_installation/manifests/firewall.pp @@ -0,0 +1,20 @@ +class base_installation::firewall inherits base_installation { + ensure_packages(["whois"], { 'install_options' => '--asdeps' }) + + class { 'fail2ban': + logtarget => 'SYSLOG', + backend => 'systemd' + } + + fail2ban::jail { 'sshd': + backend => 'systemd', + port => 'ssh', + filter => 'sshd', + maxretry => 10, + bantime => 86400, + logpath => '', + order => 10 + } + + contain "fail2ban" +} diff --git a/modules/grub_install/manifests/init.pp b/modules/base_installation/manifests/grub.pp similarity index 50% rename from modules/grub_install/manifests/init.pp rename to modules/base_installation/manifests/grub.pp index 172cf4b..0a96aa7 100644 --- a/modules/grub_install/manifests/init.pp +++ b/modules/base_installation/manifests/grub.pp @@ -1,11 +1,9 @@ -class grub_install ( - $device = undef -) { +class base_installation::grub inherits base_installation { ensure_packages(['grub']) - # unless empty($device) { + # unless empty($base_installation::grub_device) { # exec { 'install GRUB': - # command => "/usr/bin/grub-install --target=i386-pc $device", + # command => "/usr/bin/grub-install --target=i386-pc $base_installation::device", # subscribe => Package["grub"], # } # } @@ -15,15 +13,6 @@ class grub_install ( line => 'GRUB_CMDLINE_LINUX=" console=tty0 console=ttyS0,115200"', match => '^GRUB_CMDLINE_LINUX=' } - # file { "/etc/default/grub": - # ensure => "present", - # path => "/etc/default/grub", - # source => 'puppet:///modules/grub_install/config', - # mode => "0644", - # owner => "root", - # group => "root", - # # notify => [Exec["install GRUB"], Exec["update GRUB config"]] - # } # exec { 'update GRUB config': # command => "/usr/bin/grub-mkconfig -o /boot/grub/grub.cfg", diff --git a/modules/base_installation/manifests/init.pp b/modules/base_installation/manifests/init.pp new file mode 100644 index 0000000..65c5178 --- /dev/null +++ b/modules/base_installation/manifests/init.pp @@ -0,0 +1,21 @@ +class base_installation ( + Optional[String] $grub_device = $base_installation::params::grub_device, + Optional[String] $puppet_code_path = $base_installation::params::puppet_code_path, + Optional[String] $system_hostname = $base_installation::params::system_hostname, + Optional[Array[String]] $system_locales = $base_installation::params::system_locales, + Optional[String] $system_timezone = $base_installation::params::system_timezone, + Optional[Array[Hash]] $system_users = $base_installation::params::system_users, +) inherits base_installation::params { + contain ::base_installation::packages + contain ::base_installation::locales + contain ::base_installation::system_config + contain ::base_installation::kernel_modules + contain ::base_installation::grub + contain ::base_installation::firewall + contain ::base_installation::logs + contain ::base_installation::cronie + contain ::base_installation::ssh + contain ::base_installation::services + contain ::base_installation::users + contain ::base_installation::package_managers +} diff --git a/modules/base_installation/manifests/kernel_modules.pp b/modules/base_installation/manifests/kernel_modules.pp new file mode 100644 index 0000000..afeb30c --- /dev/null +++ b/modules/base_installation/manifests/kernel_modules.pp @@ -0,0 +1,11 @@ +class base_installation::kernel_modules inherits base_installation { + file { '/etc/modprobe.d/pcspkr_no_autoload.conf': + ensure => "present", + path => "/etc/modprobe.d/pcspkr_no_autoload.conf", + source => 'puppet:///modules/base_installation/kernel_modules/pcspkr_no_autoload.conf', + mode => "0644", + owner => "root", + group => "root" + } + +} diff --git a/modules/base_installation/manifests/locales.pp b/modules/base_installation/manifests/locales.pp new file mode 100644 index 0000000..0f31e0b --- /dev/null +++ b/modules/base_installation/manifests/locales.pp @@ -0,0 +1,37 @@ +class base_installation::locales inherits base_installation { + # Note: we don't care about other lines, they are not handled in + # Puppet + define locale_line ($locale, $charmap = 'UTF-8') { + file_line { "/etc/locale.gen#$locale": + path => '/etc/locale.gen', + line => "$locale $charmap ", + match => "#?$locale $charmap +$", + notify => Exec["/usr/bin/locale-gen"], + } + } + + unless empty($base_installation::system_locales) { + $base_installation::system_locales.each |$locale| { + base_installation::locales::locale_line { "/etc/locale.gen#$locale": + locale => $locale + } + } + + $main_locale = $base_installation::system_locales[0] + exec { "set_main_locale": + command => "/usr/bin/systemd-firstboot --locale=$main_locale", + creates => "/etc/locale.conf", + } + } + + exec { '/usr/bin/locale-gen': + refreshonly => true, + } + + + file { "/etc/vconsole.conf": + ensure => "link", + target => "/dev/null", + } + +} diff --git a/modules/base_installation/manifests/logs.pp b/modules/base_installation/manifests/logs.pp new file mode 100644 index 0000000..558182f --- /dev/null +++ b/modules/base_installation/manifests/logs.pp @@ -0,0 +1,36 @@ +class base_installation::logs inherits base_installation { + class { '::logrotate': + manage_cron_daily => false, + config => { + rotate_every => 'week', + rotate => 4, + create => true, + compress => true, + olddir => '/var/log/old', + tabooext => "+ .pacorig .pacnew .pacsave", + } + } + + logrotate::rule { 'wtmp': + path => '/var/log/wtmp', + rotate_every => 'month', + create => true, + create_mode => '0664', + create_owner => 'root', + create_group => 'utmp', + rotate => 1, + minsize => '1M', + } + logrotate::rule { 'btmp': + path => '/var/log/btmp', + missingok => true, + rotate_every => 'month', + create => true, + create_mode => '0600', + create_owner => 'root', + create_group => 'utmp', + rotate => 1, + } + + contain "::logrotate" +} diff --git a/modules/base_installation/manifests/package_managers.pp b/modules/base_installation/manifests/package_managers.pp new file mode 100644 index 0000000..c5c8485 --- /dev/null +++ b/modules/base_installation/manifests/package_managers.pp @@ -0,0 +1,25 @@ +class base_installation::package_managers inherits base_installation { + file { '/etc/pacman.d/mirrorlist': + ensure => "present", + path => "/etc/pacman.d/mirrorlist", + source => 'puppet:///modules/base_installation/package_managers/mirrorlist', + mode => "0644", + owner => "root", + group => "root" + } + + class { 'pacman': + color => true, + usesyslog => true, + } + + pacman::repo { 'multilib': + order => 15, + include => '/etc/pacman.d/mirrorlist' + } + + class { 'aur': } + + contain "pacman" + contain "aur" +} diff --git a/modules/base_installation/manifests/packages.pp b/modules/base_installation/manifests/packages.pp new file mode 100644 index 0000000..b0824ad --- /dev/null +++ b/modules/base_installation/manifests/packages.pp @@ -0,0 +1,10 @@ +class base_installation::packages inherits base_installation { + # Preinstalled + ensure_packages(['base']) + + # Critical packages + ensure_packages(['openssh', 'grub', 'sudo']) + + # Puppet dependencies + ensure_packages(['git', 'puppet']) +} diff --git a/modules/base_installation/manifests/params.pp b/modules/base_installation/manifests/params.pp new file mode 100644 index 0000000..5f2e298 --- /dev/null +++ b/modules/base_installation/manifests/params.pp @@ -0,0 +1,21 @@ +class base_installation::params { + $puppet_code_path = "/etc/puppetlabs/code" + $grub_device = "/dev/sda" + $system_hostname = "new.immae.eu" + $system_locales = ["fr_FR.UTF-8", "en_US.UTF-8"] + $system_timezone = "Europe/Paris" + $system_users = [ + { + userid => 1000, + username => "immae", + groups => ["wheel"], + keys => [ + { + host => "immae.eu", + key => "AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5PgLBwMRyRwzJPnSgUyRAuB9AAxMijsw1pR/t/wmxQne1O5fIPOleHx+D8dyZbwm+XkzlcJpgT0Qy3qC9J8BPhshJvO/tA/8CI/oS/FE0uWsyACH1DMO2dk4gRRZGSE9IuzDMRPlnfZ3n0tdsPzzv3GH4It/oPIgsvkTowKztGLQ7Xmjr5BxzAhXcIQymqA0U3XWHSdWvnSRDaOFG0PDoVMS85IdwlviVKLnV5Sstb4NC/P28LFfgvW8DO/XrOqujgDomqTmR41dK/AyrGGOb2cQUMO4l8Oa+74aOyKaB61rr/rJkr+wCbEttkTvgFa6zZygSk3edfiWE2rgn4+v", + key_type => "ssh-rsa" + } + ] + } + ] +} diff --git a/modules/base_installation/manifests/services.pp b/modules/base_installation/manifests/services.pp new file mode 100644 index 0000000..b48c3b5 --- /dev/null +++ b/modules/base_installation/manifests/services.pp @@ -0,0 +1,50 @@ +class base_installation::services inherits base_installation { + + service { "sshd": + #ensure => "running", + enable => true, + } + + service { "systemd-networkd": + #ensure => "running", + enable => true, + } + + service { "systemd-resolved": + #ensure => "running", + enable => true, + } + + service { "cronie": + #ensure => "running", + enable => true, + } + + file { '/etc/systemd/system/getty@tty1.service.d/': + ensure => "directory", + path => "/etc/systemd/system/getty@tty1.service.d/", + mode => "0755", + owner => "root", + group => "root" + } + + file { '/etc/systemd/system/getty@tty1.service.d/noclear.conf': + ensure => "present", + path => "/etc/systemd/system/getty@tty1.service.d/noclear.conf", + source => 'puppet:///modules/base_installation/services/getty_conf_override.conf', + recurse => true, + mode => "0644", + owner => "root", + group => "root" + } + + file { '/etc/systemd/network/en-dhcp.network': + ensure => "present", + path => "/etc/systemd/network/en-dhcp.network", + source => 'puppet:///modules/base_installation/services/en-dhcp.network', + mode => "0644", + owner => "root", + group => "root" + } + +} diff --git a/modules/base_installation/manifests/ssh.pp b/modules/base_installation/manifests/ssh.pp new file mode 100644 index 0000000..43769e9 --- /dev/null +++ b/modules/base_installation/manifests/ssh.pp @@ -0,0 +1,14 @@ +class base_installation::ssh inherits base_installation { + class { 'ssh::server': + storeconfigs_enabled => false, + options => { + 'AcceptEnv' => undef, + 'X11Forwarding' => 'yes', + 'PrintMotd' => 'no', + 'ChallengeResponseAuthentication' => 'no', + 'Subsystem' => 'sftp /usr/lib/openssh/sftp-server', + } + } + + contain "ssh::server" +} diff --git a/modules/base_installation/manifests/system_config.pp b/modules/base_installation/manifests/system_config.pp new file mode 100644 index 0000000..f3325f4 --- /dev/null +++ b/modules/base_installation/manifests/system_config.pp @@ -0,0 +1,21 @@ +class base_installation::system_config inherits base_installation { + unless empty($base_installation::system_timezone) { + file { "/etc/localtime": + ensure => "link", + target => "../usr/share/zoneinfo/$base_installation::system_timezone" + } + } + + unless empty($base_installation::system_hostname) { + file { '/etc/hostname': + content => "$base_installation::system_hostname\n", + } + + # TODO: find a way to ensure that /etc/hostname doesn't change + # exec { "set_hostname": + # command => "/usr/bin/systemd-firstboot --hostname=$base_installation::system_hostname", + # creates => "/etc/hostname", + # } + } + +} diff --git a/modules/base_installation/manifests/users.pp b/modules/base_installation/manifests/users.pp new file mode 100644 index 0000000..766c0f0 --- /dev/null +++ b/modules/base_installation/manifests/users.pp @@ -0,0 +1,49 @@ +class base_installation::users ( + $users = $base_installation::system_users, +) inherits base_installation { + ensure_packages('ruby-shadow') + user { 'root': + password => '!' + } + + class { 'sudo': + config_file_replace => false, + # Missing in the sudo package, should no be mandatory + package_ldap => false + } + + sudo::conf { 'wheel': + priority => 10, + content => "%wheel ALL=(ALL) ALL" + } + + contain "sudo" + + $users.each |$user| { + user { "${user[username]}:${user[userid]}": + name => $user[username], + uid => $user[userid], + ensure => "present", + groups => $user[groups], + managehome => true, + home => "/home/${user[username]}", + notify => Exec["remove_password"], + purge_ssh_keys => true + } + + exec { "remove_password": + command => "/usr/bin/chage -d 0 ${user[username]} && /usr/bin/passwd -d ${user[username]}", + refreshonly => true + } + + $user[keys].each |$key| { + ssh_authorized_key { "${user[username]}@${key[host]}": + name => "${user[username]}@${key[host]}", + user => $user[username], + type => $key[key_type], + key => $key[key], + } + } + } + +} diff --git a/modules/base_packages/manifests/init.pp b/modules/base_packages/manifests/init.pp deleted file mode 100644 index c4bbec9..0000000 --- a/modules/base_packages/manifests/init.pp +++ /dev/null @@ -1,11 +0,0 @@ -class base_packages { - # Preinstalled - ensure_packages(['base']) - - # Critical packages - ensure_packages(['openssh', 'grub', 'sudo']) - - # Puppet dependencies - ensure_packages(['git', 'puppet']) -} - diff --git a/modules/cron_puppet/manifests/init.pp b/modules/cron_puppet/manifests/init.pp deleted file mode 100644 index c9d5a51..0000000 --- a/modules/cron_puppet/manifests/init.pp +++ /dev/null @@ -1,26 +0,0 @@ -class cron_puppet ( - $code_path = "/etc/puppetlabs/code" -) { - file { 'post-hook': - ensure => file, - path => "$code_path/.git/hooks/post-merge", - source => 'puppet:///modules/cron_puppet/post-merge', - mode => '0755', - owner => root, - group => root, - } - package { 'cronie': - ensure => 'present', - } - cron { 'puppet-apply': - ensure => present, - command => "cd $code_path ; /usr/bin/git pull", - user => root, - minute => '*/30', - require => File['post-hook'], - } - service { 'cronie': - ensure => 'running', - enable => true - } -} diff --git a/modules/grub_install/files/config b/modules/grub_install/files/config deleted file mode 100644 index 0a2ef57..0000000 --- a/modules/grub_install/files/config +++ /dev/null @@ -1,47 +0,0 @@ -GRUB_DEFAULT=0 -GRUB_TIMEOUT=5 -GRUB_DISTRIBUTOR="Arch" -GRUB_CMDLINE_LINUX_DEFAULT="quiet" -GRUB_CMDLINE_LINUX=" console=tty0 console=ttyS0,115200" - -# Preload both GPT and MBR modules so that they are not missed -GRUB_PRELOAD_MODULES="part_gpt part_msdos" - -# Uncomment to enable Hidden Menu, and optionally hide the timeout count -#GRUB_HIDDEN_TIMEOUT=5 -#GRUB_HIDDEN_TIMEOUT_QUIET=true - -# Uncomment to use basic console -GRUB_TERMINAL_INPUT=console - -# Uncomment to disable graphical terminal -#GRUB_TERMINAL_OUTPUT=console - -# The resolution used on graphical terminal -# note that you can use only modes which your graphic card supports via VBE -# you can see them in real GRUB with the command `vbeinfo' -GRUB_GFXMODE=auto - -# Uncomment to allow the kernel use the same resolution used by grub -GRUB_GFXPAYLOAD_LINUX=keep - -# Uncomment if you want GRUB to pass to the Linux kernel the old parameter -# format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx" -#GRUB_DISABLE_LINUX_UUID=true - -# Uncomment to disable generation of recovery mode menu entries -GRUB_DISABLE_RECOVERY=true - -# Uncomment and set to the desired menu colors. Used by normal and wallpaper -# modes only. Entries specified as foreground/background. -#GRUB_COLOR_NORMAL="light-blue/black" -#GRUB_COLOR_HIGHLIGHT="light-cyan/blue" - -# Uncomment one of them for the gfx desired, a image background or a gfxtheme -#GRUB_BACKGROUND="/path/to/wallpaper" -#GRUB_THEME="/path/to/gfxtheme" - -# Uncomment to get a beep at GRUB start -#GRUB_INIT_TUNE="480 440 1" - -#GRUB_SAVEDEFAULT="true" diff --git a/modules/locales/manifests/init.pp b/modules/locales/manifests/init.pp deleted file mode 100644 index 1923f26..0000000 --- a/modules/locales/manifests/init.pp +++ /dev/null @@ -1,12 +0,0 @@ -class locales { - locales::locale { '/etc/locale.gen#fr_FR.UTF-8': - locale => 'fr_FR.UTF-8' - } - locales::locale { '/etc/locale.gen#en_US.UTF-8': - locale => 'en_US.UTF-8' - } - exec { '/usr/bin/locale-gen': - subscribe => File_line['/etc/locale.gen#fr_FR.UTF-8', '/etc/locale.gen#en_US.UTF-8'], - refreshonly => true, - } -} diff --git a/modules/locales/manifests/locale.pp b/modules/locales/manifests/locale.pp deleted file mode 100644 index 1eb14be..0000000 --- a/modules/locales/manifests/locale.pp +++ /dev/null @@ -1,7 +0,0 @@ -define locales::locale ($locale, $charmap = 'UTF-8') { - file_line { "/etc/locale.gen#$locale": - path => '/etc/locale.gen', - line => "$locale $charmap ", - match => "#?$locale $charmap +$", - } -} diff --git a/modules/ovh_cleanup/manifests/init.pp b/modules/ovh_cleanup/manifests/init.pp deleted file mode 100644 index fc1b84b..0000000 --- a/modules/ovh_cleanup/manifests/init.pp +++ /dev/null @@ -1,75 +0,0 @@ -class ovh_cleanup { - exec { 'bash -c "comm -23 <(find /etc /opt /usr | sort) <(pacman -Qlq | sed \"s|/$||\" | sort) > /root/disowned_files_before_cleanup.txt"': - path => '/usr/bin', - creates => '/root/disowned_files_before_cleanup.txt' - } - exec { 'bash -c "comm -23 <(pacman -Qq | sort) <(pacman -Qgq base | while read i; do pactree -u \$i; done | sort | uniq) > /root/packages_not_in_base_group.txt"': - path => '/usr/bin', - creates => '/root/packages_not_in_base_group.txt' - } - file { '/etc/apt': - ensure => 'absent', - force => true, - } - file { '/etc/default/keyboard': - ensure => 'absent', - } - file { '/etc/default/locale': - ensure => 'absent', - } - file { '/etc/timezone': - ensure => 'absent', - } - file { '/etc/pacman.d/mirrorlist.pacnew': - ensure => 'absent', - } - exec { '/usr/bin/reanimate-pacman': - creates => '/etc/pacman.d/gnupg', - } - file { '/etc/pacman.d/gnupg': - ensure => 'present', - } - file { '/usr/bin/growpart': - ensure => 'absent', - } - file { '/usr/bin/reanimate-pacman': - ensure => 'absent', - require => File['/etc/pacman.d/gnupg'], - } - file { '/etc/systemd/system/pacman-reanimation.service': - ensure => 'absent', - require => File['/etc/pacman.d/gnupg'], - } - file { '/etc/systemd/system/multi-user.target.wants/pacman-reanimation.service': - ensure => 'absent', - require => File['/etc/pacman.d/gnupg'], - } - exec { '/usr/bin/mv /etc/lvm/lvmlocal.conf.pacnew /etc/lvm/lvmlocal.conf': - onlyif => '/usr/bin/test -f /etc/lvm/lvmlocal.conf.pacnew' - } - file { '/etc/resolv.conf.pacorig': - ensure => 'absent' - } - package { 'haveged': - ensure => 'absent', - uninstall_options => [ '-s', '-c'] - } - package { 'parted': - ensure => 'absent', - uninstall_options => [ '-s', '-c'] - } - - - file { '/etc/udev/rules.d/80-net-setup-link.rules': - ensure => 'absent', - } - exec { '/usr/bin/sed -i -e "s/Name=eth0/Name=en*/" /etc/systemd/network/eth0-dhcp.network': - subscribe => File['/etc/udev/rules.d/80-net-setup-link.rules'], - refreshonly => true - } - exec { '/usr/bin/mv /etc/systemd/network/eth0-dhcp.network /etc/systemd/network/en-dhcp.network': - subscribe => Exec['/usr/bin/sed -i -e "s/Name=eth0/Name=en*/" /etc/systemd/network/eth0-dhcp.network'], - notify => Reboot['after_run'], - refreshonly => true, - } -} -- 2.41.0