class base_configuration (
$hostname = undef,
$username = "immae",
$userid = 1000,
$code_path = undef,
$device = undef,
) {
unless empty($device) {
class { 'grub_install':
device => $device,
}
}
class { 'locales': }
unless empty($code_path) {
class { 'cron_puppet':
code_path => $code_path,
}
}
service { "sshd":
#ensure => "running",
enable => true,
}
service { "systemd-networkd":
#ensure => "running",
enable => true,
}
service { "systemd-resolved":
#ensure => "running",
enable => true,
}
file { "/etc/localtime":
ensure => "link",
target => "../usr/share/zoneinfo/Europe/Paris"
}
exec { "set_locale":
command => "/usr/bin/systemd-firstboot --locale=fr_FR.UTF-8",
creates => "/etc/locale.conf",
}
unless empty($hostname) {
exec { "set_hostname":
command => "/usr/bin/systemd-firstboot --hostname=$hostname",
creates => "/etc/hostname",
}
}
file { "/etc/vconsole.conf":
ensure => "link",
target => "/dev/null",
}
user { "${username}:${userid}":
name => $username,
uid => $userid,
ensure => "present",
groups => "wheel",
managehome => true,
notify => Exec["remove_password"]
}
exec { "remove_password":
command => "/usr/bin/chage -d 0 $username && /usr/bin/passwd -d $username",
refreshonly => true
}
ssh_authorized_key { $username:
name => "immae@immae.eu",
user => $username,
type => "ssh-rsa",
key => "AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5PgLBwMRyRwzJPnSgUyRAuB9AAxMijsw1pR/t/wmxQne1O5fIPOleHx+D8dyZbwm+XkzlcJpgT0Qy3qC9J8BPhshJvO/tA/8CI/oS/FE0uWsyACH1DMO2dk4gRRZGSE9IuzDMRPlnfZ3n0tdsPzzv3GH4It/oPIgsvkTowKztGLQ7Xmjr5BxzAhXcIQymqA0U3XWHSdWvnSRDaOFG0PDoVMS85IdwlviVKLnV5Sstb4NC/P28LFfgvW8DO/XrOqujgDomqTmR41dK/AyrGGOb2cQUMO4l8Oa+74aOyKaB61rr/rJkr+wCbEttkTvgFa6zZygSk3edfiWE2rgn4+v"
}
class { 'sudo':
config_file_replace => false,
# Missing in the sudo package, should no be mandatory
package_ldap => false
}
sudo::conf { 'wheel':
priority => 10,
content => "%wheel ALL=(ALL) ALL"
}
class { 'ssh::server':
storeconfigs_enabled => false,
options => {
'AcceptEnv' => undef,
'X11Forwarding' => 'yes',
'PrintMotd' => 'no',
'ChallengeResponseAuthentication' => 'no',
'Subsystem' => 'sftp /usr/lib/openssh/sftp-server',
}
}
ensure_packages('ruby-shadow')
user { 'root':
password => '!'
}
file { '/etc/modprobe.d/pcspkr_no_autoload.conf':
ensure => "present",
path => "/etc/modprobe.d/pcspkr_no_autoload.conf",
source => 'puppet:///modules/base_configuration/pcspkr_no_autoload.conf',
mode => "0644",
owner => "root",
group => "root"
}
file { '/etc/systemd/system/getty@tty1.service.d/':
ensure => "directory",
path => "/etc/systemd/system/getty@tty1.service.d/",
mode => "0755",
owner => "root",
group => "root"
}
file { '/etc/systemd/system/getty@tty1.service.d/noclear.conf':
ensure => "present",
path => "/etc/systemd/system/getty@tty1.service.d/noclear.conf",
source => 'puppet:///modules/base_configuration/getty_conf_override.conf',
recurse => true,
mode => "0644",
owner => "root",
group => "root"
}
file { '/etc/systemd/network/en-dhcp.network':
ensure => "present",
path => "/etc/systemd/network/en-dhcp.network",
source => 'puppet:///modules/base_configuration/en-dhcp.network',
mode => "0644",
owner => "root",
group => "root"
}
file { '/etc/pacman.d/mirrorlist':
ensure => "present",
path => "/etc/pacman.d/mirrorlist",
source => 'puppet:///modules/base_configuration/mirrorlist',
mode => "0644",
owner => "root",
group => "root"
}
class { 'pacman':
color => true,
usesyslog => true,
}
pacman::repo { 'multilib':
order => 15,
include => '/etc/pacman.d/mirrorlist'
}
class { '::logrotate':
manage_cron_daily => false,
config => {
rotate_every => 'week',
rotate => 4,
create => true,
compress => true,
olddir => '/var/log/old',
tabooext => "+ .pacorig .pacnew .pacsave",
}
}
logrotate::rule { 'wtmp':
path => '/var/log/wtmp',
rotate_every => 'month',
create => true,
create_mode => '0664',
create_owner => 'root',
create_group => 'utmp',
rotate => 1,
minsize => '1M',
}
logrotate::rule { 'btmp':
path => '/var/log/btmp',
missingok => true,
rotate_every => 'month',
create => true,
create_mode => '0600',
create_owner => 'root',
create_group => 'utmp',
rotate => 1,
}
ensure_packages(["whois"], { 'install_options' => '--asdeps' })
class { 'fail2ban':
logtarget => 'SYSLOG',
backend => 'systemd'
}
fail2ban::jail { 'sshd':
backend => 'systemd',
port => 'ssh',
filter => 'sshd',
maxretry => 10,
bantime => 86400,
logpath => '',
order => 10
}
class { 'aur': }
}