From 7fed35a408b9ec37454169425823785b5fc8978b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Thu, 24 Aug 2017 02:22:17 +0200 Subject: Refactor base installation module --- modules/base_configuration/manifests/init.pp | 209 --------------------------- 1 file changed, 209 deletions(-) delete mode 100644 modules/base_configuration/manifests/init.pp (limited to 'modules/base_configuration/manifests/init.pp') diff --git a/modules/base_configuration/manifests/init.pp b/modules/base_configuration/manifests/init.pp deleted file mode 100644 index 8b2ce4c..0000000 --- a/modules/base_configuration/manifests/init.pp +++ /dev/null @@ -1,209 +0,0 @@ -class base_configuration ( - $hostname = undef, - $username = "immae", - $userid = 1000, - $code_path = undef, - $device = undef, -) { - unless empty($device) { - class { 'grub_install': - device => $device, - } - } - - class { 'locales': } - - unless empty($code_path) { - class { 'cron_puppet': - code_path => $code_path, - } - } - - service { "sshd": - #ensure => "running", - enable => true, - } - service { "systemd-networkd": - #ensure => "running", - enable => true, - } - service { "systemd-resolved": - #ensure => "running", - enable => true, - } - - file { "/etc/localtime": - ensure => "link", - target => "../usr/share/zoneinfo/Europe/Paris" - } - - exec { "set_locale": - command => "/usr/bin/systemd-firstboot --locale=fr_FR.UTF-8", - creates => "/etc/locale.conf", - } - - unless empty($hostname) { - exec { "set_hostname": - command => "/usr/bin/systemd-firstboot --hostname=$hostname", - creates => "/etc/hostname", - } - } - - file { "/etc/vconsole.conf": - ensure => "link", - target => "/dev/null", - } - - user { "${username}:${userid}": - name => $username, - uid => $userid, - ensure => "present", - groups => "wheel", - managehome => true, - notify => Exec["remove_password"] - } - - exec { "remove_password": - command => "/usr/bin/chage -d 0 $username && /usr/bin/passwd -d $username", - refreshonly => true - } - - ssh_authorized_key { $username: - name => "immae@immae.eu", - user => $username, - type => "ssh-rsa", - key => "AAAAB3NzaC1yc2EAAAADAQABAAABAQDi5PgLBwMRyRwzJPnSgUyRAuB9AAxMijsw1pR/t/wmxQne1O5fIPOleHx+D8dyZbwm+XkzlcJpgT0Qy3qC9J8BPhshJvO/tA/8CI/oS/FE0uWsyACH1DMO2dk4gRRZGSE9IuzDMRPlnfZ3n0tdsPzzv3GH4It/oPIgsvkTowKztGLQ7Xmjr5BxzAhXcIQymqA0U3XWHSdWvnSRDaOFG0PDoVMS85IdwlviVKLnV5Sstb4NC/P28LFfgvW8DO/XrOqujgDomqTmR41dK/AyrGGOb2cQUMO4l8Oa+74aOyKaB61rr/rJkr+wCbEttkTvgFa6zZygSk3edfiWE2rgn4+v" - } - - class { 'sudo': - config_file_replace => false, - # Missing in the sudo package, should no be mandatory - package_ldap => false - } - - sudo::conf { 'wheel': - priority => 10, - content => "%wheel ALL=(ALL) ALL" - } - - class { 'ssh::server': - storeconfigs_enabled => false, - options => { - 'AcceptEnv' => undef, - 'X11Forwarding' => 'yes', - 'PrintMotd' => 'no', - 'ChallengeResponseAuthentication' => 'no', - 'Subsystem' => 'sftp /usr/lib/openssh/sftp-server', - } - } - - ensure_packages('ruby-shadow') - user { 'root': - password => '!' - } - - file { '/etc/modprobe.d/pcspkr_no_autoload.conf': - ensure => "present", - path => "/etc/modprobe.d/pcspkr_no_autoload.conf", - source => 'puppet:///modules/base_configuration/pcspkr_no_autoload.conf', - mode => "0644", - owner => "root", - group => "root" - } - - file { '/etc/systemd/system/getty@tty1.service.d/': - ensure => "directory", - path => "/etc/systemd/system/getty@tty1.service.d/", - mode => "0755", - owner => "root", - group => "root" - } - - file { '/etc/systemd/system/getty@tty1.service.d/noclear.conf': - ensure => "present", - path => "/etc/systemd/system/getty@tty1.service.d/noclear.conf", - source => 'puppet:///modules/base_configuration/getty_conf_override.conf', - recurse => true, - mode => "0644", - owner => "root", - group => "root" - } - - file { '/etc/systemd/network/en-dhcp.network': - ensure => "present", - path => "/etc/systemd/network/en-dhcp.network", - source => 'puppet:///modules/base_configuration/en-dhcp.network', - mode => "0644", - owner => "root", - group => "root" - } - - file { '/etc/pacman.d/mirrorlist': - ensure => "present", - path => "/etc/pacman.d/mirrorlist", - source => 'puppet:///modules/base_configuration/mirrorlist', - mode => "0644", - owner => "root", - group => "root" - } - - class { 'pacman': - color => true, - usesyslog => true, - } - - pacman::repo { 'multilib': - order => 15, - include => '/etc/pacman.d/mirrorlist' - } - - class { '::logrotate': - manage_cron_daily => false, - config => { - rotate_every => 'week', - rotate => 4, - create => true, - compress => true, - olddir => '/var/log/old', - tabooext => "+ .pacorig .pacnew .pacsave", - } - } - - logrotate::rule { 'wtmp': - path => '/var/log/wtmp', - rotate_every => 'month', - create => true, - create_mode => '0664', - create_owner => 'root', - create_group => 'utmp', - rotate => 1, - minsize => '1M', - } - logrotate::rule { 'btmp': - path => '/var/log/btmp', - missingok => true, - rotate_every => 'month', - create => true, - create_mode => '0600', - create_owner => 'root', - create_group => 'utmp', - rotate => 1, - } - - ensure_packages(["whois"], { 'install_options' => '--asdeps' }) - class { 'fail2ban': - logtarget => 'SYSLOG', - backend => 'systemd' - } - fail2ban::jail { 'sshd': - backend => 'systemd', - port => 'ssh', - filter => 'sshd', - maxretry => 10, - bantime => 86400, - logpath => '', - order => 10 - } - - class { 'aur': } -} -- cgit v1.2.3