aboutsummaryrefslogtreecommitdiff
path: root/modules/base_configuration
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2017-08-24 02:22:17 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2017-08-29 22:46:14 +0200
commit7fed35a408b9ec37454169425823785b5fc8978b (patch)
tree28371d43ac304f99fb0a5305124858db69ef2137 /modules/base_configuration
parentba2cf1b5d938810077b0fd73844faf432e8e8f9d (diff)
downloadPuppet-7fed35a408b9ec37454169425823785b5fc8978b.tar.gz
Puppet-7fed35a408b9ec37454169425823785b5fc8978b.tar.zst
Puppet-7fed35a408b9ec37454169425823785b5fc8978b.zip
Refactor base installation module
Diffstat (limited to 'modules/base_configuration')
-rw-r--r--modules/base_configuration/files/en-dhcp.network8
-rw-r--r--modules/base_configuration/files/getty_conf_override.conf2
-rw-r--r--modules/base_configuration/files/mirrorlist2
-rw-r--r--modules/base_configuration/files/pcspkr_no_autoload.conf1
-rw-r--r--modules/base_configuration/manifests/init.pp209
5 files changed, 0 insertions, 222 deletions
diff --git a/modules/base_configuration/files/en-dhcp.network b/modules/base_configuration/files/en-dhcp.network
deleted file mode 100644
index 6eef0e9..0000000
--- a/modules/base_configuration/files/en-dhcp.network
+++ /dev/null
@@ -1,8 +0,0 @@
1[Match]
2Name=en*
3
4[Network]
5DHCP=yes
6
7[DHCP]
8UseMTU=true
diff --git a/modules/base_configuration/files/getty_conf_override.conf b/modules/base_configuration/files/getty_conf_override.conf
deleted file mode 100644
index 52671c7..0000000
--- a/modules/base_configuration/files/getty_conf_override.conf
+++ /dev/null
@@ -1,2 +0,0 @@
1[Service]
2TTYVTDisallocate=no
diff --git a/modules/base_configuration/files/mirrorlist b/modules/base_configuration/files/mirrorlist
deleted file mode 100644
index 2ffca7c..0000000
--- a/modules/base_configuration/files/mirrorlist
+++ /dev/null
@@ -1,2 +0,0 @@
1Server = http://archlinux.mirrors.ovh.net/archlinux/$repo/os/$arch
2Server = http://mir.archlinux.fr/$repo/os/$arch
diff --git a/modules/base_configuration/files/pcspkr_no_autoload.conf b/modules/base_configuration/files/pcspkr_no_autoload.conf
deleted file mode 100644
index b46792e..0000000
--- a/modules/base_configuration/files/pcspkr_no_autoload.conf
+++ /dev/null
@@ -1 +0,0 @@
1blacklist pcspkr
diff --git a/modules/base_configuration/manifests/init.pp b/modules/base_configuration/manifests/init.pp
deleted file mode 100644
index 8b2ce4c..0000000
--- a/modules/base_configuration/manifests/init.pp
+++ /dev/null
@@ -1,209 +0,0 @@
1class base_configuration (
2 $hostname = undef,
3 $username = "immae",
4 $userid = 1000,
5 $code_path = undef,
6 $device = undef,
7) {
8 unless empty($device) {
9 class { 'grub_install':
10 device => $device,
11 }
12 }
13
14 class { 'locales': }
15
16 unless empty($code_path) {
17 class { 'cron_puppet':
18 code_path => $code_path,
19 }
20 }
21
22 service { "sshd":
23 #ensure => "running",
24 enable => true,
25 }
26 service { "systemd-networkd":
27 #ensure => "running",
28 enable => true,
29 }
30 service { "systemd-resolved":
31 #ensure => "running",
32 enable => true,
33 }
34
35 file { "/etc/localtime":
36 ensure => "link",
37 target => "../usr/share/zoneinfo/Europe/Paris"
38 }
39
40 exec { "set_locale":
41 command => "/usr/bin/systemd-firstboot --locale=fr_FR.UTF-8",
42 creates => "/etc/locale.conf",
43 }
44
45 unless empty($hostname) {
46 exec { "set_hostname":
47 command => "/usr/bin/systemd-firstboot --hostname=$hostname",
48 creates => "/etc/hostname",
49 }
50 }
51
52 file { "/etc/vconsole.conf":
53 ensure => "link",
54 target => "/dev/null",
55 }
56
57 user { "${username}:${userid}":
58 name => $username,
59 uid => $userid,
60 ensure => "present",
61 groups => "wheel",
62 managehome => true,
63 notify => Exec["remove_password"]
64 }
65
66 exec { "remove_password":
67 command => "/usr/bin/chage -d 0 $username && /usr/bin/passwd -d $username",
68 refreshonly => true
69 }
70
71 ssh_authorized_key { $username:
72 name => "immae@immae.eu",
73 user => $username,
74 type => "ssh-rsa",
75 key => "AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5PgLBwMRyRwzJPnSgUyRAuB9AAxMijsw1pR/t/wmxQne1O5fIPOleHx+D8dyZbwm+XkzlcJpgT0Qy3qC9J8BPhshJvO/tA/8CI/oS/FE0uWsyACH1DMO2dk4gRRZGSE9IuzDMRPlnfZ3n0tdsPzzv3GH4It/oPIgsvkTowKztGLQ7Xmjr5BxzAhXcIQymqA0U3XWHSdWvnSRDaOFG0PDoVMS85IdwlviVKLnV5Sstb4NC/P28LFfgvW8DO/XrOqujgDomqTmR41dK/AyrGGOb2cQUMO4l8Oa+74aOyKaB61rr/rJkr+wCbEttkTvgFa6zZygSk3edfiWE2rgn4+v"
76 }
77
78 class { 'sudo':
79 config_file_replace => false,
80 # Missing in the sudo package, should no be mandatory
81 package_ldap => false
82 }
83
84 sudo::conf { 'wheel':
85 priority => 10,
86 content => "%wheel ALL=(ALL) ALL"
87 }
88
89 class { 'ssh::server':
90 storeconfigs_enabled => false,
91 options => {
92 'AcceptEnv' => undef,
93 'X11Forwarding' => 'yes',
94 'PrintMotd' => 'no',
95 'ChallengeResponseAuthentication' => 'no',
96 'Subsystem' => 'sftp /usr/lib/openssh/sftp-server',
97 }
98 }
99
100 ensure_packages('ruby-shadow')
101 user { 'root':
102 password => '!'
103 }
104
105 file { '/etc/modprobe.d/pcspkr_no_autoload.conf':
106 ensure => "present",
107 path => "/etc/modprobe.d/pcspkr_no_autoload.conf",
108 source => 'puppet:///modules/base_configuration/pcspkr_no_autoload.conf',
109 mode => "0644",
110 owner => "root",
111 group => "root"
112 }
113
114 file { '/etc/systemd/system/getty@tty1.service.d/':
115 ensure => "directory",
116 path => "/etc/systemd/system/getty@tty1.service.d/",
117 mode => "0755",
118 owner => "root",
119 group => "root"
120 }
121
122 file { '/etc/systemd/system/getty@tty1.service.d/noclear.conf':
123 ensure => "present",
124 path => "/etc/systemd/system/getty@tty1.service.d/noclear.conf",
125 source => 'puppet:///modules/base_configuration/getty_conf_override.conf',
126 recurse => true,
127 mode => "0644",
128 owner => "root",
129 group => "root"
130 }
131
132 file { '/etc/systemd/network/en-dhcp.network':
133 ensure => "present",
134 path => "/etc/systemd/network/en-dhcp.network",
135 source => 'puppet:///modules/base_configuration/en-dhcp.network',
136 mode => "0644",
137 owner => "root",
138 group => "root"
139 }
140
141 file { '/etc/pacman.d/mirrorlist':
142 ensure => "present",
143 path => "/etc/pacman.d/mirrorlist",
144 source => 'puppet:///modules/base_configuration/mirrorlist',
145 mode => "0644",
146 owner => "root",
147 group => "root"
148 }
149
150 class { 'pacman':
151 color => true,
152 usesyslog => true,
153 }
154
155 pacman::repo { 'multilib':
156 order => 15,
157 include => '/etc/pacman.d/mirrorlist'
158 }
159
160 class { '::logrotate':
161 manage_cron_daily => false,
162 config => {
163 rotate_every => 'week',
164 rotate => 4,
165 create => true,
166 compress => true,
167 olddir => '/var/log/old',
168 tabooext => "+ .pacorig .pacnew .pacsave",
169 }
170 }
171
172 logrotate::rule { 'wtmp':
173 path => '/var/log/wtmp',
174 rotate_every => 'month',
175 create => true,
176 create_mode => '0664',
177 create_owner => 'root',
178 create_group => 'utmp',
179 rotate => 1,
180 minsize => '1M',
181 }
182 logrotate::rule { 'btmp':
183 path => '/var/log/btmp',
184 missingok => true,
185 rotate_every => 'month',
186 create => true,
187 create_mode => '0600',
188 create_owner => 'root',
189 create_group => 'utmp',
190 rotate => 1,
191 }
192
193 ensure_packages(["whois"], { 'install_options' => '--asdeps' })
194 class { 'fail2ban':
195 logtarget => 'SYSLOG',
196 backend => 'systemd'
197 }
198 fail2ban::jail { 'sshd':
199 backend => 'systemd',
200 port => 'ssh',
201 filter => 'sshd',
202 maxretry => 10,
203 bantime => 86400,
204 logpath => '',
205 order => 10
206 }
207
208 class { 'aur': }
209}