Refactor base installation module

29 files changed, 351 insertions, 413 deletions

diff --git a/modules/aur/manifests/aura.pp b/modules/aur/manifests/aura.pp
index 2dbcf39..1683cf8 100644
--- a/modules/aur/manifests/aura.pp
+++ b/modules/aur/manifests/aura.pp
@@ -6,12 +6,7 @@ class aur::aura(
     ensure => "present"
   }
 
-  exec { 'pacman-base-devel':
-    command   => '/usr/bin/pacman -Sy base-devel --needed --noconfirm',
-    unless    => '/usr/bin/pacman -Qo aura',
-    logoutput => 'on_failure',
-  }
-
+  ensure_packages(['base-devel'], { 'install_options'  => '--needed' })
   ensure_packages(['gmp', 'pcre'], { 'install_options' => '--asdeps' })
 
   exec { 'aur::aura':
@@ -20,14 +15,15 @@ class aur::aura(
     command   => 'curl -o /tmp/aur.sh aur.sh && chmod +x /tmp/aur.sh && /tmp/aur.sh aura-bin && mv /tmp/aura-bin/aura-bin-*-x86_64.pkg.tar.xz /tmp/aura-bin-x86_64.pkg.tar.xz && rm /tmp/aur.sh && rm -rf /tmp/aura-bin',
     user      => "aur-builder",
     unless    => '/usr/bin/pacman -Qo aura',
-    require   => Exec['pacman-base-devel'],
+    require   => Package['base-devel'],
     logoutput => 'on_failure',
   }
 
   package { 'aura-bin':
-    ensure => "present",
-    source => "/tmp/aura-bin-x86_64.pkg.tar.xz",
-    notify => Exec['aur::aura::cleanup']
+    ensure  => "present",
+    source  => "/tmp/aura-bin-x86_64.pkg.tar.xz",
+    require => Exec['aur::aura'],
+    notify  => Exec['aur::aura::cleanup']
   }
 
   exec { 'aur::aura::cleanup':
diff --git a/modules/aur/manifests/init.pp b/modules/aur/manifests/init.pp
index cdf9929..8c3faa1 100644
--- a/modules/aur/manifests/init.pp
+++ b/modules/aur/manifests/init.pp
@@ -1,4 +1,4 @@
 class aur {
-  class { 'aur::aura': }
+  contain 'aur::aura'
 }
 
diff --git a/modules/aur/manifests/install.pp b/modules/aur/manifests/package.pp
index 074088e..2fd346e 100644
--- a/modules/aur/manifests/install.pp
+++ b/modules/aur/manifests/package.pp
@@ -1,12 +1,14 @@
-define aur::install (
+define aur::package (
   $ensure = 'present',
 ) {
 
   case $ensure {
     'present': {
       exec { "pacman::aur::install::${name}":
+        cwd       => "/tmp",
         require   => Class[aur::aura],
         command   => "/usr/bin/aura -A ${name}",
+        user      => "aur-builder",
         unless    => "/usr/bin/aura -Qk ${name}",
         logoutput => 'on_failure',
         timeout   => 1800,
@@ -14,8 +16,10 @@ define aur::install (
     }
     'absent': {
       exec { "pacman::aur::remove::${name}":
+        cwd       => "/tmp",
         require   => Class[aur::aura],
         command   => "/usr/bin/aura -Rs ${name}",
+        user      => "aur-builder",
         onlyif    => "/usr/bin/aura -Qi ${name}",
         logoutput => 'on_failure',
       }
diff --git a/modules/base_configuration/manifests/init.pp b/modules/base_configuration/manifests/init.pp
deleted file mode 100644
index 8b2ce4c..0000000
--- a/modules/base_configuration/manifests/init.pp
+++ /dev/null
@@ -1,209 +0,0 @@
-class base_configuration (
-  $hostname  = undef,
-  $username  = "immae",
-  $userid    = 1000,
-  $code_path = undef,
-  $device    = undef,
-) {
-  unless empty($device) {
-    class { 'grub_install':
-      device => $device,
-    }
-  }
-
-  class { 'locales': }
-
-  unless empty($code_path) {
-    class { 'cron_puppet':
-      code_path => $code_path,
-    }
-  }
-
-  service { "sshd":
-    #ensure => "running",
-    enable => true,
-  }
-  service { "systemd-networkd":
-    #ensure => "running",
-    enable => true,
-  }
-  service { "systemd-resolved":
-    #ensure => "running",
-    enable => true,
-  }
-
-  file { "/etc/localtime":
-    ensure => "link",
-    target => "../usr/share/zoneinfo/Europe/Paris"
-  }
-
-  exec { "set_locale":
-    command     => "/usr/bin/systemd-firstboot --locale=fr_FR.UTF-8",
-    creates     => "/etc/locale.conf",
-  }
-
-  unless empty($hostname) {
-    exec { "set_hostname":
-      command     => "/usr/bin/systemd-firstboot --hostname=$hostname",
-      creates     => "/etc/hostname",
-    }
-  }
-
-  file { "/etc/vconsole.conf":
-    ensure => "link",
-    target => "/dev/null",
-  }
-
-  user { "${username}:${userid}":
-    name       => $username,
-    uid        => $userid,
-    ensure     => "present",
-    groups     => "wheel",
-    managehome => true,
-    notify     => Exec["remove_password"]
-  }
-
-  exec { "remove_password":
-    command     => "/usr/bin/chage -d 0 $username && /usr/bin/passwd -d $username",
-    refreshonly => true
-  }
-
-  ssh_authorized_key { $username:
-    name => "immae@immae.eu",
-    user => $username,
-    type => "ssh-rsa",
-    key  => "AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5PgLBwMRyRwzJPnSgUyRAuB9AAxMijsw1pR/t/wmxQne1O5fIPOleHx+D8dyZbwm+XkzlcJpgT0Qy3qC9J8BPhshJvO/tA/8CI/oS/FE0uWsyACH1DMO2dk4gRRZGSE9IuzDMRPlnfZ3n0tdsPzzv3GH4It/oPIgsvkTowKztGLQ7Xmjr5BxzAhXcIQymqA0U3XWHSdWvnSRDaOFG0PDoVMS85IdwlviVKLnV5Sstb4NC/P28LFfgvW8DO/XrOqujgDomqTmR41dK/AyrGGOb2cQUMO4l8Oa+74aOyKaB61rr/rJkr+wCbEttkTvgFa6zZygSk3edfiWE2rgn4+v"
-  }
-
-  class { 'sudo':
-    config_file_replace => false,
-    # Missing in the sudo package, should no be mandatory
-    package_ldap        => false
-  }
-
-  sudo::conf { 'wheel':
-    priority => 10,
-    content  => "%wheel ALL=(ALL) ALL"
-  }
-
-  class { 'ssh::server':
-     storeconfigs_enabled => false,
-     options => {
-        'AcceptEnv'                       => undef,
-        'X11Forwarding'                   => 'yes',
-        'PrintMotd'                       => 'no',
-        'ChallengeResponseAuthentication' => 'no',
-        'Subsystem'                       => 'sftp /usr/lib/openssh/sftp-server',
-     }
-  }
-
-  ensure_packages('ruby-shadow')
-  user { 'root':
-    password => '!'
-  }
-
-  file { '/etc/modprobe.d/pcspkr_no_autoload.conf':
-     ensure => "present",
-     path   => "/etc/modprobe.d/pcspkr_no_autoload.conf",
-     source => 'puppet:///modules/base_configuration/pcspkr_no_autoload.conf',
-     mode   => "0644",
-     owner  => "root",
-     group  => "root"
-  }
-
-  file { '/etc/systemd/system/getty@tty1.service.d/':
-    ensure => "directory",
-    path   => "/etc/systemd/system/getty@tty1.service.d/",
-    mode   => "0755",
-    owner  => "root",
-    group  => "root"
-  }
-
-  file { '/etc/systemd/system/getty@tty1.service.d/noclear.conf':
-     ensure  => "present",
-     path    => "/etc/systemd/system/getty@tty1.service.d/noclear.conf",
-     source  => 'puppet:///modules/base_configuration/getty_conf_override.conf',
-     recurse =>  true,
-     mode    => "0644",
-     owner   => "root",
-     group   => "root"
-  }
-
-  file { '/etc/systemd/network/en-dhcp.network':
-     ensure => "present",
-     path   => "/etc/systemd/network/en-dhcp.network",
-     source => 'puppet:///modules/base_configuration/en-dhcp.network',
-     mode   => "0644",
-     owner  => "root",
-     group  => "root"
-  }
-
-  file { '/etc/pacman.d/mirrorlist':
-     ensure  => "present",
-     path    => "/etc/pacman.d/mirrorlist",
-     source  => 'puppet:///modules/base_configuration/mirrorlist',
-     mode    => "0644",
-     owner   => "root",
-     group   => "root"
-  }
-
-  class { 'pacman':
-    color     => true,
-    usesyslog => true,
-  }
-
-  pacman::repo { 'multilib':
-    order   => 15,
-    include => '/etc/pacman.d/mirrorlist'
-  }
-
-  class { '::logrotate':
-    manage_cron_daily => false,
-    config => {
-      rotate_every => 'week',
-      rotate       => 4,
-      create       => true,
-      compress     => true,
-      olddir       => '/var/log/old',
-      tabooext     => "+ .pacorig .pacnew .pacsave",
-    }
-  }
-
-  logrotate::rule { 'wtmp':
-    path         => '/var/log/wtmp',
-    rotate_every => 'month',
-    create       => true,
-    create_mode  => '0664',
-    create_owner => 'root',
-    create_group => 'utmp',
-    rotate       => 1,
-    minsize      => '1M',
-  }
-  logrotate::rule { 'btmp':
-    path         => '/var/log/btmp',
-    missingok    => true,
-    rotate_every => 'month',
-    create       => true,
-    create_mode  => '0600',
-    create_owner => 'root',
-    create_group => 'utmp',
-    rotate       => 1,
-  }
-
-  ensure_packages(["whois"], { 'install_options' => '--asdeps' })
-  class { 'fail2ban':
-    logtarget => 'SYSLOG',
-    backend   => 'systemd'
-  }
-  fail2ban::jail { 'sshd':
-    backend  => 'systemd',
-    port     => 'ssh',
-    filter   => 'sshd',
-    maxretry => 10,
-    bantime  => 86400,
-    logpath  => '',
-    order    => 10
-  }
-
-  class { 'aur': }
-}
diff --git a/modules/cron_puppet/files/post-merge b/modules/base_installation/files/cronie/puppet-post-merge
index ac5e3ff..ac5e3ff 100644
--- a/modules/cron_puppet/files/post-merge
+++ b/modules/base_installation/files/cronie/puppet-post-merge
diff --git a/modules/base_configuration/files/pcspkr_no_autoload.conf b/modules/base_installation/files/kernel_modules/pcspkr_no_autoload.conf
index b46792e..b46792e 100644
--- a/modules/base_configuration/files/pcspkr_no_autoload.conf
+++ b/modules/base_installation/files/kernel_modules/pcspkr_no_autoload.conf
diff --git a/modules/base_configuration/files/mirrorlist b/modules/base_installation/files/package_managers/mirrorlist
index 2ffca7c..2ffca7c 100644
--- a/modules/base_configuration/files/mirrorlist
+++ b/modules/base_installation/files/package_managers/mirrorlist
diff --git a/modules/base_configuration/files/en-dhcp.network b/modules/base_installation/files/services/en-dhcp.network
index 6eef0e9..6eef0e9 100644
--- a/modules/base_configuration/files/en-dhcp.network
+++ b/modules/base_installation/files/services/en-dhcp.network
diff --git a/modules/base_configuration/files/getty_conf_override.conf b/modules/base_installation/files/services/getty_conf_override.conf
index 52671c7..52671c7 100644
--- a/modules/base_configuration/files/getty_conf_override.conf
+++ b/modules/base_installation/files/services/getty_conf_override.conf
diff --git a/modules/base_installation/manifests/cronie.pp b/modules/base_installation/manifests/cronie.pp
new file mode 100644
index 0000000..bcdd9a7
--- /dev/null
+++ b/modules/base_installation/manifests/cronie.pp
@@ -0,0 +1,21 @@
+class base_installation::cronie inherits base_installation {
+  ensure_packages(['cronie'])
+
+  unless empty($base_installation::puppet_code_path) {
+    file { 'post-hook':
+      ensure  => file,
+      path    => "$base_installation::puppet_code_path/.git/hooks/post-merge",
+      source  => 'puppet:///modules/base_installation/cronie/puppet-post-merge',
+      mode    => '0755',
+      owner   => root,
+      group   => root,
+    }
+    cron { 'puppet-apply':
+      ensure  => present,
+      command => "cd $base_installation::puppet_code_path ; /usr/bin/git pull",
+      user    => root,
+      minute  => '*/30',
+      require => File['post-hook'],
+    }
+  }
+}
diff --git a/modules/base_installation/manifests/firewall.pp b/modules/base_installation/manifests/firewall.pp
new file mode 100644
index 0000000..12eeac2
--- /dev/null
+++ b/modules/base_installation/manifests/firewall.pp
@@ -0,0 +1,20 @@
+class base_installation::firewall inherits base_installation {
+  ensure_packages(["whois"], { 'install_options' => '--asdeps' })
+
+  class { 'fail2ban':
+    logtarget => 'SYSLOG',
+    backend   => 'systemd'
+  }
+
+  fail2ban::jail { 'sshd':
+    backend  => 'systemd',
+    port     => 'ssh',
+    filter   => 'sshd',
+    maxretry => 10,
+    bantime  => 86400,
+    logpath  => '',
+    order    => 10
+  }
+
+  contain "fail2ban"
+}
diff --git a/modules/grub_install/manifests/init.pp b/modules/base_installation/manifests/grub.pp
index 172cf4b..0a96aa7 100644
--- a/modules/grub_install/manifests/init.pp
+++ b/modules/base_installation/manifests/grub.pp
@@ -1,11 +1,9 @@
-class grub_install (
-  $device = undef
-) {
+class base_installation::grub inherits base_installation {
   ensure_packages(['grub'])
 
-  # unless empty($device) {
+  # unless empty($base_installation::grub_device) {
   #   exec { 'install GRUB':
-  #     command   => "/usr/bin/grub-install --target=i386-pc $device",
+  #     command   => "/usr/bin/grub-install --target=i386-pc $base_installation::device",
   #     subscribe => Package["grub"],
   #   }
   # }
@@ -15,15 +13,6 @@ class grub_install (
     line  => 'GRUB_CMDLINE_LINUX=" console=tty0 console=ttyS0,115200"',
     match => '^GRUB_CMDLINE_LINUX='
   }
-  # file { "/etc/default/grub":
-  #   ensure => "present",
-  #   path   => "/etc/default/grub",
-  #   source => 'puppet:///modules/grub_install/config',
-  #   mode   => "0644",
-  #   owner  => "root",
-  #   group  => "root",
-  #   #  notify => [Exec["install GRUB"], Exec["update GRUB config"]]
-  # }
 
   # exec { 'update GRUB config':
   #   command     => "/usr/bin/grub-mkconfig -o /boot/grub/grub.cfg",
diff --git a/modules/base_installation/manifests/init.pp b/modules/base_installation/manifests/init.pp
new file mode 100644
index 0000000..65c5178
--- /dev/null
+++ b/modules/base_installation/manifests/init.pp
@@ -0,0 +1,21 @@
+class base_installation (
+  Optional[String]        $grub_device      = $base_installation::params::grub_device,
+  Optional[String]        $puppet_code_path = $base_installation::params::puppet_code_path,
+  Optional[String]        $system_hostname  = $base_installation::params::system_hostname,
+  Optional[Array[String]] $system_locales   = $base_installation::params::system_locales,
+  Optional[String]        $system_timezone  = $base_installation::params::system_timezone,
+  Optional[Array[Hash]]   $system_users     = $base_installation::params::system_users,
+) inherits base_installation::params {
+  contain ::base_installation::packages
+  contain ::base_installation::locales
+  contain ::base_installation::system_config
+  contain ::base_installation::kernel_modules
+  contain ::base_installation::grub
+  contain ::base_installation::firewall
+  contain ::base_installation::logs
+  contain ::base_installation::cronie
+  contain ::base_installation::ssh
+  contain ::base_installation::services
+  contain ::base_installation::users
+  contain ::base_installation::package_managers
+}
diff --git a/modules/base_installation/manifests/kernel_modules.pp b/modules/base_installation/manifests/kernel_modules.pp
new file mode 100644
index 0000000..afeb30c
--- /dev/null
+++ b/modules/base_installation/manifests/kernel_modules.pp
@@ -0,0 +1,11 @@
+class base_installation::kernel_modules inherits base_installation {
+  file { '/etc/modprobe.d/pcspkr_no_autoload.conf':
+     ensure => "present",
+     path   => "/etc/modprobe.d/pcspkr_no_autoload.conf",
+     source => 'puppet:///modules/base_installation/kernel_modules/pcspkr_no_autoload.conf',
+     mode   => "0644",
+     owner  => "root",
+     group  => "root"
+  }
+
+}
diff --git a/modules/base_installation/manifests/locales.pp b/modules/base_installation/manifests/locales.pp
new file mode 100644
index 0000000..0f31e0b
--- /dev/null
+++ b/modules/base_installation/manifests/locales.pp
@@ -0,0 +1,37 @@
+class base_installation::locales inherits base_installation {
+  # Note: we don't care about other lines, they are not handled in
+  # Puppet
+  define locale_line ($locale, $charmap = 'UTF-8') {
+    file_line { "/etc/locale.gen#$locale":
+      path   => '/etc/locale.gen',
+      line   => "$locale $charmap  ",
+      match  => "#?$locale $charmap +$",
+      notify => Exec["/usr/bin/locale-gen"],
+    }
+  }
+
+  unless empty($base_installation::system_locales) {
+    $base_installation::system_locales.each |$locale| {
+      base_installation::locales::locale_line { "/etc/locale.gen#$locale":
+        locale => $locale
+      }
+    }
+
+    $main_locale = $base_installation::system_locales[0]
+    exec { "set_main_locale":
+      command => "/usr/bin/systemd-firstboot --locale=$main_locale",
+      creates => "/etc/locale.conf",
+    }
+  }
+
+  exec { '/usr/bin/locale-gen':
+    refreshonly => true,
+  }
+
+
+  file { "/etc/vconsole.conf":
+    ensure => "link",
+    target => "/dev/null",
+  }
+
+}
diff --git a/modules/base_installation/manifests/logs.pp b/modules/base_installation/manifests/logs.pp
new file mode 100644
index 0000000..558182f
--- /dev/null
+++ b/modules/base_installation/manifests/logs.pp
@@ -0,0 +1,36 @@
+class base_installation::logs inherits base_installation {
+  class { '::logrotate':
+    manage_cron_daily => false,
+    config => {
+      rotate_every => 'week',
+      rotate       => 4,
+      create       => true,
+      compress     => true,
+      olddir       => '/var/log/old',
+      tabooext     => "+ .pacorig .pacnew .pacsave",
+    }
+  }
+
+  logrotate::rule { 'wtmp':
+    path         => '/var/log/wtmp',
+    rotate_every => 'month',
+    create       => true,
+    create_mode  => '0664',
+    create_owner => 'root',
+    create_group => 'utmp',
+    rotate       => 1,
+    minsize      => '1M',
+  }
+  logrotate::rule { 'btmp':
+    path         => '/var/log/btmp',
+    missingok    => true,
+    rotate_every => 'month',
+    create       => true,
+    create_mode  => '0600',
+    create_owner => 'root',
+    create_group => 'utmp',
+    rotate       => 1,
+  }
+
+  contain "::logrotate"
+}
diff --git a/modules/base_installation/manifests/package_managers.pp b/modules/base_installation/manifests/package_managers.pp
new file mode 100644
index 0000000..c5c8485
--- /dev/null
+++ b/modules/base_installation/manifests/package_managers.pp
@@ -0,0 +1,25 @@
+class base_installation::package_managers inherits base_installation {
+  file { '/etc/pacman.d/mirrorlist':
+     ensure  => "present",
+     path    => "/etc/pacman.d/mirrorlist",
+     source  => 'puppet:///modules/base_installation/package_managers/mirrorlist',
+     mode    => "0644",
+     owner   => "root",
+     group   => "root"
+  }
+
+  class { 'pacman':
+    color     => true,
+    usesyslog => true,
+  }
+
+  pacman::repo { 'multilib':
+    order   => 15,
+    include => '/etc/pacman.d/mirrorlist'
+  }
+
+  class { 'aur': }
+
+  contain "pacman"
+  contain "aur"
+}
diff --git a/modules/base_installation/manifests/packages.pp b/modules/base_installation/manifests/packages.pp
new file mode 100644
index 0000000..b0824ad
--- /dev/null
+++ b/modules/base_installation/manifests/packages.pp
@@ -0,0 +1,10 @@
+class base_installation::packages inherits base_installation {
+  # Preinstalled
+  ensure_packages(['base'])
+
+  # Critical packages
+  ensure_packages(['openssh', 'grub', 'sudo'])
+
+  # Puppet dependencies
+  ensure_packages(['git', 'puppet'])
+}
diff --git a/modules/base_installation/manifests/params.pp b/modules/base_installation/manifests/params.pp
new file mode 100644
index 0000000..5f2e298
--- /dev/null
+++ b/modules/base_installation/manifests/params.pp
@@ -0,0 +1,21 @@
+class base_installation::params {
+  $puppet_code_path = "/etc/puppetlabs/code"
+  $grub_device      = "/dev/sda"
+  $system_hostname  = "new.immae.eu"
+  $system_locales   = ["fr_FR.UTF-8", "en_US.UTF-8"]
+  $system_timezone  = "Europe/Paris"
+  $system_users     = [
+    {
+      userid   => 1000,
+      username => "immae",
+      groups   => ["wheel"],
+      keys     => [
+        {
+          host     => "immae.eu",
+          key      => "AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5PgLBwMRyRwzJPnSgUyRAuB9AAxMijsw1pR/t/wmxQne1O5fIPOleHx+D8dyZbwm+XkzlcJpgT0Qy3qC9J8BPhshJvO/tA/8CI/oS/FE0uWsyACH1DMO2dk4gRRZGSE9IuzDMRPlnfZ3n0tdsPzzv3GH4It/oPIgsvkTowKztGLQ7Xmjr5BxzAhXcIQymqA0U3XWHSdWvnSRDaOFG0PDoVMS85IdwlviVKLnV5Sstb4NC/P28LFfgvW8DO/XrOqujgDomqTmR41dK/AyrGGOb2cQUMO4l8Oa+74aOyKaB61rr/rJkr+wCbEttkTvgFa6zZygSk3edfiWE2rgn4+v",
+          key_type => "ssh-rsa"
+        }
+      ]
+    }
+  ]
+}
diff --git a/modules/base_installation/manifests/services.pp b/modules/base_installation/manifests/services.pp
new file mode 100644
index 0000000..b48c3b5
--- /dev/null
+++ b/modules/base_installation/manifests/services.pp
@@ -0,0 +1,50 @@
+class base_installation::services inherits base_installation {
+
+  service { "sshd":
+    #ensure => "running",
+    enable => true,
+  }
+
+  service { "systemd-networkd":
+    #ensure => "running",
+    enable => true,
+  }
+
+  service { "systemd-resolved":
+    #ensure => "running",
+    enable => true,
+  }
+
+  service { "cronie":
+    #ensure => "running",
+    enable => true,
+  }
+
+  file { '/etc/systemd/system/getty@tty1.service.d/':
+    ensure => "directory",
+    path   => "/etc/systemd/system/getty@tty1.service.d/",
+    mode   => "0755",
+    owner  => "root",
+    group  => "root"
+  }
+
+  file { '/etc/systemd/system/getty@tty1.service.d/noclear.conf':
+     ensure  => "present",
+     path    => "/etc/systemd/system/getty@tty1.service.d/noclear.conf",
+     source  => 'puppet:///modules/base_installation/services/getty_conf_override.conf',
+     recurse =>  true,
+     mode    => "0644",
+     owner   => "root",
+     group   => "root"
+  }
+
+  file { '/etc/systemd/network/en-dhcp.network':
+     ensure => "present",
+     path   => "/etc/systemd/network/en-dhcp.network",
+     source => 'puppet:///modules/base_installation/services/en-dhcp.network',
+     mode   => "0644",
+     owner  => "root",
+     group  => "root"
+  }
+
+}
diff --git a/modules/base_installation/manifests/ssh.pp b/modules/base_installation/manifests/ssh.pp
new file mode 100644
index 0000000..43769e9
--- /dev/null
+++ b/modules/base_installation/manifests/ssh.pp
@@ -0,0 +1,14 @@
+class base_installation::ssh inherits base_installation {
+  class { 'ssh::server':
+     storeconfigs_enabled => false,
+     options => {
+        'AcceptEnv'                       => undef,
+        'X11Forwarding'                   => 'yes',
+        'PrintMotd'                       => 'no',
+        'ChallengeResponseAuthentication' => 'no',
+        'Subsystem'                       => 'sftp /usr/lib/openssh/sftp-server',
+     }
+  }
+
+  contain "ssh::server"
+}
diff --git a/modules/base_installation/manifests/system_config.pp b/modules/base_installation/manifests/system_config.pp
new file mode 100644
index 0000000..f3325f4
--- /dev/null
+++ b/modules/base_installation/manifests/system_config.pp
@@ -0,0 +1,21 @@
+class base_installation::system_config inherits base_installation {
+  unless empty($base_installation::system_timezone) {
+    file { "/etc/localtime":
+      ensure => "link",
+      target => "../usr/share/zoneinfo/$base_installation::system_timezone"
+    }
+  }
+
+  unless empty($base_installation::system_hostname) {
+    file { '/etc/hostname':
+      content => "$base_installation::system_hostname\n",
+    }
+
+    # TODO: find a way to ensure that /etc/hostname doesn't change
+    # exec { "set_hostname":
+    #   command     => "/usr/bin/systemd-firstboot --hostname=$base_installation::system_hostname",
+    #   creates     => "/etc/hostname",
+    # }
+  }
+
+}
diff --git a/modules/base_installation/manifests/users.pp b/modules/base_installation/manifests/users.pp
new file mode 100644
index 0000000..766c0f0
--- /dev/null
+++ b/modules/base_installation/manifests/users.pp
@@ -0,0 +1,49 @@
+class base_installation::users (
+  $users = $base_installation::system_users,
+) inherits base_installation {
+  ensure_packages('ruby-shadow')
+  user { 'root':
+    password => '!'
+  }
+
+  class { 'sudo':
+    config_file_replace => false,
+    # Missing in the sudo package, should no be mandatory
+    package_ldap        => false
+  }
+
+  sudo::conf { 'wheel':
+    priority => 10,
+    content  => "%wheel ALL=(ALL) ALL"
+  }
+
+  contain "sudo"
+
+  $users.each |$user| {
+    user { "${user[username]}:${user[userid]}":
+      name           => $user[username],
+      uid            => $user[userid],
+      ensure         => "present",
+      groups         => $user[groups],
+      managehome     => true,
+      home           => "/home/${user[username]}",
+      notify         => Exec["remove_password"],
+      purge_ssh_keys => true
+    }
+
+    exec { "remove_password":
+      command     => "/usr/bin/chage -d 0 ${user[username]} && /usr/bin/passwd -d ${user[username]}",
+      refreshonly => true
+    }
+
+    $user[keys].each |$key| {
+      ssh_authorized_key { "${user[username]}@${key[host]}":
+        name => "${user[username]}@${key[host]}",
+        user => $user[username],
+        type => $key[key_type],
+        key  => $key[key],
+      }
+    }
+  }
+
+}
diff --git a/modules/base_packages/manifests/init.pp b/modules/base_packages/manifests/init.pp
deleted file mode 100644
index c4bbec9..0000000
--- a/modules/base_packages/manifests/init.pp
+++ /dev/null
@@ -1,11 +0,0 @@
-class base_packages {
-    # Preinstalled
-    ensure_packages(['base'])
-
-    # Critical packages
-    ensure_packages(['openssh', 'grub', 'sudo'])
-
-    # Puppet dependencies
-    ensure_packages(['git', 'puppet'])
-}
-
diff --git a/modules/cron_puppet/manifests/init.pp b/modules/cron_puppet/manifests/init.pp
deleted file mode 100644
index c9d5a51..0000000
--- a/modules/cron_puppet/manifests/init.pp
+++ /dev/null
@@ -1,26 +0,0 @@
-class cron_puppet (
-  $code_path = "/etc/puppetlabs/code"
-) {
-    file { 'post-hook':
-        ensure  => file,
-        path    => "$code_path/.git/hooks/post-merge",
-        source  => 'puppet:///modules/cron_puppet/post-merge',
-        mode    => '0755',
-        owner   => root,
-        group   => root,
-    }
-    package { 'cronie':
-      ensure => 'present',
-    }
-    cron { 'puppet-apply':
-        ensure  => present,
-        command => "cd $code_path ; /usr/bin/git pull",
-        user    => root,
-        minute  => '*/30',
-        require => File['post-hook'],
-    }
-    service { 'cronie':
-      ensure => 'running',
-      enable => true
-    }
-}
diff --git a/modules/grub_install/files/config b/modules/grub_install/files/config
deleted file mode 100644
index 0a2ef57..0000000
--- a/modules/grub_install/files/config
+++ /dev/null
@@ -1,47 +0,0 @@
-GRUB_DEFAULT=0
-GRUB_TIMEOUT=5
-GRUB_DISTRIBUTOR="Arch"
-GRUB_CMDLINE_LINUX_DEFAULT="quiet"
-GRUB_CMDLINE_LINUX=" console=tty0 console=ttyS0,115200"
-
-# Preload both GPT and MBR modules so that they are not missed
-GRUB_PRELOAD_MODULES="part_gpt part_msdos"
-
-# Uncomment to enable Hidden Menu, and optionally hide the timeout count
-#GRUB_HIDDEN_TIMEOUT=5
-#GRUB_HIDDEN_TIMEOUT_QUIET=true
-
-# Uncomment to use basic console
-GRUB_TERMINAL_INPUT=console
-
-# Uncomment to disable graphical terminal
-#GRUB_TERMINAL_OUTPUT=console
-
-# The resolution used on graphical terminal
-# note that you can use only modes which your graphic card supports via VBE
-# you can see them in real GRUB with the command `vbeinfo'
-GRUB_GFXMODE=auto
-
-# Uncomment to allow the kernel use the same resolution used by grub
-GRUB_GFXPAYLOAD_LINUX=keep
-
-# Uncomment if you want GRUB to pass to the Linux kernel the old parameter 
-# format "root=/dev/xxx" instead of "root=/dev/disk/by-uuid/xxx" 
-#GRUB_DISABLE_LINUX_UUID=true
-
-# Uncomment to disable generation of recovery mode menu entries
-GRUB_DISABLE_RECOVERY=true
-
-# Uncomment and set to the desired menu colors.  Used by normal and wallpaper 
-# modes only.  Entries specified as foreground/background.
-#GRUB_COLOR_NORMAL="light-blue/black"
-#GRUB_COLOR_HIGHLIGHT="light-cyan/blue"
-
-# Uncomment one of them for the gfx desired, a image background or a gfxtheme
-#GRUB_BACKGROUND="/path/to/wallpaper"
-#GRUB_THEME="/path/to/gfxtheme"
-
-# Uncomment to get a beep at GRUB start
-#GRUB_INIT_TUNE="480 440 1"
-
-#GRUB_SAVEDEFAULT="true"
diff --git a/modules/locales/manifests/init.pp b/modules/locales/manifests/init.pp
deleted file mode 100644
index 1923f26..0000000
--- a/modules/locales/manifests/init.pp
+++ /dev/null
@@ -1,12 +0,0 @@
-class locales {
-  locales::locale { '/etc/locale.gen#fr_FR.UTF-8':
-    locale => 'fr_FR.UTF-8'
-  }
-  locales::locale { '/etc/locale.gen#en_US.UTF-8':
-    locale => 'en_US.UTF-8'
-  }
-  exec { '/usr/bin/locale-gen':
-    subscribe   => File_line['/etc/locale.gen#fr_FR.UTF-8', '/etc/locale.gen#en_US.UTF-8'],
-    refreshonly => true,
-  }
-}
diff --git a/modules/locales/manifests/locale.pp b/modules/locales/manifests/locale.pp
deleted file mode 100644
index 1eb14be..0000000
--- a/modules/locales/manifests/locale.pp
+++ /dev/null
@@ -1,7 +0,0 @@
-define locales::locale ($locale, $charmap = 'UTF-8') {
-  file_line { "/etc/locale.gen#$locale":
-    path  => '/etc/locale.gen',
-    line  => "$locale $charmap  ",
-    match => "#?$locale $charmap +$",
-  }
-}
diff --git a/modules/ovh_cleanup/manifests/init.pp b/modules/ovh_cleanup/manifests/init.pp
deleted file mode 100644
index fc1b84b..0000000
--- a/modules/ovh_cleanup/manifests/init.pp
+++ /dev/null
@@ -1,75 +0,0 @@
-class ovh_cleanup {
-    exec { 'bash -c "comm -23 <(find /etc /opt /usr | sort) <(pacman -Qlq | sed \"s|/$||\" | sort) > /root/disowned_files_before_cleanup.txt"':
-      path    => '/usr/bin',
-      creates => '/root/disowned_files_before_cleanup.txt'
-    }
-    exec { 'bash -c "comm -23 <(pacman -Qq | sort) <(pacman -Qgq base | while read i; do pactree -u \$i; done | sort | uniq) > /root/packages_not_in_base_group.txt"':
-      path    => '/usr/bin',
-      creates => '/root/packages_not_in_base_group.txt'
-    }
-    file { '/etc/apt':
-      ensure => 'absent',
-      force  => true,
-    }
-    file { '/etc/default/keyboard':
-      ensure => 'absent',
-    }
-    file { '/etc/default/locale':
-      ensure => 'absent',
-    }
-    file { '/etc/timezone':
-      ensure => 'absent',
-    }
-    file { '/etc/pacman.d/mirrorlist.pacnew':
-      ensure => 'absent',
-    }
-    exec { '/usr/bin/reanimate-pacman':
-      creates => '/etc/pacman.d/gnupg',
-    }
-    file { '/etc/pacman.d/gnupg':
-      ensure => 'present',
-    }
-    file { '/usr/bin/growpart':
-      ensure  => 'absent',
-    }
-    file { '/usr/bin/reanimate-pacman':
-      ensure  => 'absent',
-      require => File['/etc/pacman.d/gnupg'],
-    }
-    file { '/etc/systemd/system/pacman-reanimation.service':
-      ensure  => 'absent',
-      require => File['/etc/pacman.d/gnupg'],
-    }
-    file { '/etc/systemd/system/multi-user.target.wants/pacman-reanimation.service':
-      ensure  => 'absent',
-      require => File['/etc/pacman.d/gnupg'],
-    }
-    exec { '/usr/bin/mv /etc/lvm/lvmlocal.conf.pacnew /etc/lvm/lvmlocal.conf':
-      onlyif => '/usr/bin/test -f /etc/lvm/lvmlocal.conf.pacnew'
-    }
-    file { '/etc/resolv.conf.pacorig':
-      ensure => 'absent'
-    }
-    package { 'haveged':
-      ensure => 'absent',
-      uninstall_options => [ '-s', '-c']
-    }
-    package { 'parted':
-      ensure => 'absent',
-      uninstall_options => [ '-s', '-c']
-    }
-
-
-    file { '/etc/udev/rules.d/80-net-setup-link.rules':
-      ensure => 'absent',
-    }
-    exec { '/usr/bin/sed -i -e "s/Name=eth0/Name=en*/" /etc/systemd/network/eth0-dhcp.network':
-      subscribe   => File['/etc/udev/rules.d/80-net-setup-link.rules'],
-      refreshonly => true
-    }
-    exec { '/usr/bin/mv /etc/systemd/network/eth0-dhcp.network /etc/systemd/network/en-dhcp.network':
-      subscribe   => Exec['/usr/bin/sed -i -e "s/Name=eth0/Name=en*/" /etc/systemd/network/eth0-dhcp.network'],
-      notify      => Reboot['after_run'],
-      refreshonly => true,
-    }
-}