diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2017-08-24 02:22:17 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2017-08-29 22:46:14 +0200 |
commit | 7fed35a408b9ec37454169425823785b5fc8978b (patch) | |
tree | 28371d43ac304f99fb0a5305124858db69ef2137 /modules/base_configuration | |
parent | ba2cf1b5d938810077b0fd73844faf432e8e8f9d (diff) | |
download | Puppet-7fed35a408b9ec37454169425823785b5fc8978b.tar.gz Puppet-7fed35a408b9ec37454169425823785b5fc8978b.tar.zst Puppet-7fed35a408b9ec37454169425823785b5fc8978b.zip |
Refactor base installation module
Diffstat (limited to 'modules/base_configuration')
5 files changed, 0 insertions, 222 deletions
diff --git a/modules/base_configuration/files/en-dhcp.network b/modules/base_configuration/files/en-dhcp.network deleted file mode 100644 index 6eef0e9..0000000 --- a/modules/base_configuration/files/en-dhcp.network +++ /dev/null | |||
@@ -1,8 +0,0 @@ | |||
1 | [Match] | ||
2 | Name=en* | ||
3 | |||
4 | [Network] | ||
5 | DHCP=yes | ||
6 | |||
7 | [DHCP] | ||
8 | UseMTU=true | ||
diff --git a/modules/base_configuration/files/getty_conf_override.conf b/modules/base_configuration/files/getty_conf_override.conf deleted file mode 100644 index 52671c7..0000000 --- a/modules/base_configuration/files/getty_conf_override.conf +++ /dev/null | |||
@@ -1,2 +0,0 @@ | |||
1 | [Service] | ||
2 | TTYVTDisallocate=no | ||
diff --git a/modules/base_configuration/files/mirrorlist b/modules/base_configuration/files/mirrorlist deleted file mode 100644 index 2ffca7c..0000000 --- a/modules/base_configuration/files/mirrorlist +++ /dev/null | |||
@@ -1,2 +0,0 @@ | |||
1 | Server = http://archlinux.mirrors.ovh.net/archlinux/$repo/os/$arch | ||
2 | Server = http://mir.archlinux.fr/$repo/os/$arch | ||
diff --git a/modules/base_configuration/files/pcspkr_no_autoload.conf b/modules/base_configuration/files/pcspkr_no_autoload.conf deleted file mode 100644 index b46792e..0000000 --- a/modules/base_configuration/files/pcspkr_no_autoload.conf +++ /dev/null | |||
@@ -1 +0,0 @@ | |||
1 | blacklist pcspkr | ||
diff --git a/modules/base_configuration/manifests/init.pp b/modules/base_configuration/manifests/init.pp deleted file mode 100644 index 8b2ce4c..0000000 --- a/modules/base_configuration/manifests/init.pp +++ /dev/null | |||
@@ -1,209 +0,0 @@ | |||
1 | class base_configuration ( | ||
2 | $hostname = undef, | ||
3 | $username = "immae", | ||
4 | $userid = 1000, | ||
5 | $code_path = undef, | ||
6 | $device = undef, | ||
7 | ) { | ||
8 | unless empty($device) { | ||
9 | class { 'grub_install': | ||
10 | device => $device, | ||
11 | } | ||
12 | } | ||
13 | |||
14 | class { 'locales': } | ||
15 | |||
16 | unless empty($code_path) { | ||
17 | class { 'cron_puppet': | ||
18 | code_path => $code_path, | ||
19 | } | ||
20 | } | ||
21 | |||
22 | service { "sshd": | ||
23 | #ensure => "running", | ||
24 | enable => true, | ||
25 | } | ||
26 | service { "systemd-networkd": | ||
27 | #ensure => "running", | ||
28 | enable => true, | ||
29 | } | ||
30 | service { "systemd-resolved": | ||
31 | #ensure => "running", | ||
32 | enable => true, | ||
33 | } | ||
34 | |||
35 | file { "/etc/localtime": | ||
36 | ensure => "link", | ||
37 | target => "../usr/share/zoneinfo/Europe/Paris" | ||
38 | } | ||
39 | |||
40 | exec { "set_locale": | ||
41 | command => "/usr/bin/systemd-firstboot --locale=fr_FR.UTF-8", | ||
42 | creates => "/etc/locale.conf", | ||
43 | } | ||
44 | |||
45 | unless empty($hostname) { | ||
46 | exec { "set_hostname": | ||
47 | command => "/usr/bin/systemd-firstboot --hostname=$hostname", | ||
48 | creates => "/etc/hostname", | ||
49 | } | ||
50 | } | ||
51 | |||
52 | file { "/etc/vconsole.conf": | ||
53 | ensure => "link", | ||
54 | target => "/dev/null", | ||
55 | } | ||
56 | |||
57 | user { "${username}:${userid}": | ||
58 | name => $username, | ||
59 | uid => $userid, | ||
60 | ensure => "present", | ||
61 | groups => "wheel", | ||
62 | managehome => true, | ||
63 | notify => Exec["remove_password"] | ||
64 | } | ||
65 | |||
66 | exec { "remove_password": | ||
67 | command => "/usr/bin/chage -d 0 $username && /usr/bin/passwd -d $username", | ||
68 | refreshonly => true | ||
69 | } | ||
70 | |||
71 | ssh_authorized_key { $username: | ||
72 | name => "immae@immae.eu", | ||
73 | user => $username, | ||
74 | type => "ssh-rsa", | ||
75 | key => "AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5PgLBwMRyRwzJPnSgUyRAuB9AAxMijsw1pR/t/wmxQne1O5fIPOleHx+D8dyZbwm+XkzlcJpgT0Qy3qC9J8BPhshJvO/tA/8CI/oS/FE0uWsyACH1DMO2dk4gRRZGSE9IuzDMRPlnfZ3n0tdsPzzv3GH4It/oPIgsvkTowKztGLQ7Xmjr5BxzAhXcIQymqA0U3XWHSdWvnSRDaOFG0PDoVMS85IdwlviVKLnV5Sstb4NC/P28LFfgvW8DO/XrOqujgDomqTmR41dK/AyrGGOb2cQUMO4l8Oa+74aOyKaB61rr/rJkr+wCbEttkTvgFa6zZygSk3edfiWE2rgn4+v" | ||
76 | } | ||
77 | |||
78 | class { 'sudo': | ||
79 | config_file_replace => false, | ||
80 | # Missing in the sudo package, should no be mandatory | ||
81 | package_ldap => false | ||
82 | } | ||
83 | |||
84 | sudo::conf { 'wheel': | ||
85 | priority => 10, | ||
86 | content => "%wheel ALL=(ALL) ALL" | ||
87 | } | ||
88 | |||
89 | class { 'ssh::server': | ||
90 | storeconfigs_enabled => false, | ||
91 | options => { | ||
92 | 'AcceptEnv' => undef, | ||
93 | 'X11Forwarding' => 'yes', | ||
94 | 'PrintMotd' => 'no', | ||
95 | 'ChallengeResponseAuthentication' => 'no', | ||
96 | 'Subsystem' => 'sftp /usr/lib/openssh/sftp-server', | ||
97 | } | ||
98 | } | ||
99 | |||
100 | ensure_packages('ruby-shadow') | ||
101 | user { 'root': | ||
102 | password => '!' | ||
103 | } | ||
104 | |||
105 | file { '/etc/modprobe.d/pcspkr_no_autoload.conf': | ||
106 | ensure => "present", | ||
107 | path => "/etc/modprobe.d/pcspkr_no_autoload.conf", | ||
108 | source => 'puppet:///modules/base_configuration/pcspkr_no_autoload.conf', | ||
109 | mode => "0644", | ||
110 | owner => "root", | ||
111 | group => "root" | ||
112 | } | ||
113 | |||
114 | file { '/etc/systemd/system/getty@tty1.service.d/': | ||
115 | ensure => "directory", | ||
116 | path => "/etc/systemd/system/getty@tty1.service.d/", | ||
117 | mode => "0755", | ||
118 | owner => "root", | ||
119 | group => "root" | ||
120 | } | ||
121 | |||
122 | file { '/etc/systemd/system/getty@tty1.service.d/noclear.conf': | ||
123 | ensure => "present", | ||
124 | path => "/etc/systemd/system/getty@tty1.service.d/noclear.conf", | ||
125 | source => 'puppet:///modules/base_configuration/getty_conf_override.conf', | ||
126 | recurse => true, | ||
127 | mode => "0644", | ||
128 | owner => "root", | ||
129 | group => "root" | ||
130 | } | ||
131 | |||
132 | file { '/etc/systemd/network/en-dhcp.network': | ||
133 | ensure => "present", | ||
134 | path => "/etc/systemd/network/en-dhcp.network", | ||
135 | source => 'puppet:///modules/base_configuration/en-dhcp.network', | ||
136 | mode => "0644", | ||
137 | owner => "root", | ||
138 | group => "root" | ||
139 | } | ||
140 | |||
141 | file { '/etc/pacman.d/mirrorlist': | ||
142 | ensure => "present", | ||
143 | path => "/etc/pacman.d/mirrorlist", | ||
144 | source => 'puppet:///modules/base_configuration/mirrorlist', | ||
145 | mode => "0644", | ||
146 | owner => "root", | ||
147 | group => "root" | ||
148 | } | ||
149 | |||
150 | class { 'pacman': | ||
151 | color => true, | ||
152 | usesyslog => true, | ||
153 | } | ||
154 | |||
155 | pacman::repo { 'multilib': | ||
156 | order => 15, | ||
157 | include => '/etc/pacman.d/mirrorlist' | ||
158 | } | ||
159 | |||
160 | class { '::logrotate': | ||
161 | manage_cron_daily => false, | ||
162 | config => { | ||
163 | rotate_every => 'week', | ||
164 | rotate => 4, | ||
165 | create => true, | ||
166 | compress => true, | ||
167 | olddir => '/var/log/old', | ||
168 | tabooext => "+ .pacorig .pacnew .pacsave", | ||
169 | } | ||
170 | } | ||
171 | |||
172 | logrotate::rule { 'wtmp': | ||
173 | path => '/var/log/wtmp', | ||
174 | rotate_every => 'month', | ||
175 | create => true, | ||
176 | create_mode => '0664', | ||
177 | create_owner => 'root', | ||
178 | create_group => 'utmp', | ||
179 | rotate => 1, | ||
180 | minsize => '1M', | ||
181 | } | ||
182 | logrotate::rule { 'btmp': | ||
183 | path => '/var/log/btmp', | ||
184 | missingok => true, | ||
185 | rotate_every => 'month', | ||
186 | create => true, | ||
187 | create_mode => '0600', | ||
188 | create_owner => 'root', | ||
189 | create_group => 'utmp', | ||
190 | rotate => 1, | ||
191 | } | ||
192 | |||
193 | ensure_packages(["whois"], { 'install_options' => '--asdeps' }) | ||
194 | class { 'fail2ban': | ||
195 | logtarget => 'SYSLOG', | ||
196 | backend => 'systemd' | ||
197 | } | ||
198 | fail2ban::jail { 'sshd': | ||
199 | backend => 'systemd', | ||
200 | port => 'ssh', | ||
201 | filter => 'sshd', | ||
202 | maxretry => 10, | ||
203 | bantime => 86400, | ||
204 | logpath => '', | ||
205 | order => 10 | ||
206 | } | ||
207 | |||
208 | class { 'aur': } | ||
209 | } | ||