From 0a21fb6c2c52ca5cc2dfdfc41ca0a51c0d81296c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Tue, 13 Mar 2018 13:23:17 +0100 Subject: Start to cleanup the files --- modules/profile/manifests/apache.pp | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'modules/profile') diff --git a/modules/profile/manifests/apache.pp b/modules/profile/manifests/apache.pp index 8db58da..382633b 100644 --- a/modules/profile/manifests/apache.pp +++ b/modules/profile/manifests/apache.pp @@ -67,13 +67,12 @@ class profile::apache { install_method => "package", package_name => "certbot", package_command => "certbot", - # FIXME - email => 'sites+letsencrypt@mail.immae.eu', + email => lookup('letsencrypt::email'), } - $real_hostname = lookup("base_installation::real_hostname") |$key| { {} } + $real_hostname = lookup("base_installation::real_hostname", { "default_value" => undef }) unless empty($real_hostname) { - if (lookup("ssl::try_letsencrypt_for_real_hostname") |$key| { true }) { + if (lookup("letsencrypt::try_for_real_hostname", { "default_value" => true })) { letsencrypt::certonly { $real_hostname: before => Apache::Vhost["default_ssl"]; default: * => $::profile::apache::letsencrypt_certonly_default; @@ -110,6 +109,14 @@ class profile::apache { } } + lookup("letsencrypt::hosts", { "default_value" => [] }).each |$host| { + if ($host != $real_hostname) { # Done above already + letsencrypt::certonly { $host: ; + default: * => $letsencrypt_certonly_default; + } + } + } + apache::vhost { "redirect_no_ssl": port => '80', error_log => false, -- cgit v1.2.3 From a045b9dc12f71c286d4afcb196705f430b6731f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Tue, 13 Mar 2018 14:31:07 +0100 Subject: Cleanup xmr_stak profile --- modules/profile/manifests/postgresql.pp | 2 +- modules/profile/manifests/xmr_stak.pp | 11 ++++++----- 2 files changed, 7 insertions(+), 6 deletions(-) (limited to 'modules/profile') diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp index 1024c66..9d875c9 100644 --- a/modules/profile/manifests/postgresql.pp +++ b/modules/profile/manifests/postgresql.pp @@ -1,5 +1,5 @@ class profile::postgresql { - $password_seed = lookup("base_installation::puppet_pass_seed") |$key| { {} } + $password_seed = lookup("base_installation::puppet_pass_seed") class { '::postgresql::globals': encoding => 'UTF-8', diff --git a/modules/profile/manifests/xmr_stak.pp b/modules/profile/manifests/xmr_stak.pp index e5582eb..c8bbcdd 100644 --- a/modules/profile/manifests/xmr_stak.pp +++ b/modules/profile/manifests/xmr_stak.pp @@ -1,4 +1,8 @@ -class profile::xmr_stak { +class profile::xmr_stak ( + String $mining_pool, + String $wallet, + Optional[String] $password = "x", +) { ensure_resource('exec', 'systemctl daemon-reload', { command => '/usr/bin/systemctl daemon-reload', refreshonly => true @@ -26,10 +30,7 @@ class profile::xmr_stak { notify => Exec["systemctl daemon-reload"] } - $mining_pool = lookup("xmr_stak::mining_pool") |$key| { {} } - $wallet = lookup("xmr_stak::wallet") |$key| { {} } - $password = lookup("xmr_stak::password") |$key| { "x" } - $instance = regsubst($facts["ec2_metadata"]["hostname"], '\.', "_", "G") + $instance = regsubst(lookup("base_installation::ldap_cn"), '\.', "_", "G") file { "/var/lib/xmr_stak/xmr-stak.conf": mode => "0644", -- cgit v1.2.3 From a386ce060c4c49d772bd4d03d6586012a266317e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Tue, 13 Mar 2018 15:00:26 +0100 Subject: Reorder pg_hba rules --- modules/profile/manifests/postgresql.pp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'modules/profile') diff --git a/modules/profile/manifests/postgresql.pp b/modules/profile/manifests/postgresql.pp index 9d875c9..2cd1bcc 100644 --- a/modules/profile/manifests/postgresql.pp +++ b/modules/profile/manifests/postgresql.pp @@ -32,7 +32,7 @@ class profile::postgresql { database => 'all', user => $pg_user, auth_method => 'ident', - order => "a1", + order => "00-01", } postgresql::server::pg_hba_rule { 'localhost access as postgres user': description => 'Allow localhost access to postgres user', @@ -41,7 +41,7 @@ class profile::postgresql { user => $pg_user, address => "127.0.0.1/32", auth_method => 'md5', - order => "a2", + order => "00-02", } postgresql::server::pg_hba_rule { 'localhost ip6 access as postgres user': description => 'Allow localhost access to postgres user', @@ -50,7 +50,7 @@ class profile::postgresql { user => $pg_user, address => "::1/128", auth_method => 'md5', - order => "a3", + order => "00-03", } postgresql::server::pg_hba_rule { 'deny access to postgresql user': description => 'Deny remote access to postgres user', @@ -59,7 +59,7 @@ class profile::postgresql { user => $pg_user, address => "0.0.0.0/0", auth_method => 'reject', - order => "a4", + order => "00-04", } postgresql::server::pg_hba_rule { 'local access': @@ -68,7 +68,7 @@ class profile::postgresql { database => 'all', user => 'all', auth_method => 'md5', - order => "b1", + order => "10-01", } postgresql::server::pg_hba_rule { 'local access with same name': @@ -77,7 +77,7 @@ class profile::postgresql { database => 'all', user => 'all', auth_method => 'ident', - order => "b2", + order => "10-02", } } -- cgit v1.2.3 From 62fe8998b5497864d51ed0fe909a0ff60cc1520b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Fri, 16 Mar 2018 20:37:40 +0100 Subject: Make cpu limit for xmr stak parameter --- modules/profile/files/xmr_stak/xmr-stak.service | 15 --------------- modules/profile/manifests/xmr_stak.pp | 3 ++- modules/profile/templates/xmr_stak/xmr-stak.service.erb | 16 ++++++++++++++++ 3 files changed, 18 insertions(+), 16 deletions(-) delete mode 100644 modules/profile/files/xmr_stak/xmr-stak.service create mode 100644 modules/profile/templates/xmr_stak/xmr-stak.service.erb (limited to 'modules/profile') diff --git a/modules/profile/files/xmr_stak/xmr-stak.service b/modules/profile/files/xmr_stak/xmr-stak.service deleted file mode 100644 index 93ee383..0000000 --- a/modules/profile/files/xmr_stak/xmr-stak.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=XMR Miner -After=network.target - -[Service] -WorkingDirectory=/var/lib/xmr_stak - -Type=simple -User=xmr_stak -Group=xmr_stak -ExecStart=/usr/bin/cpulimit --limit 90 /usr/bin/xmr-stak -c /var/lib/xmr_stak/xmr-stak.conf -Nice=19 - -[Install] -WantedBy=multi-user.target diff --git a/modules/profile/manifests/xmr_stak.pp b/modules/profile/manifests/xmr_stak.pp index c8bbcdd..ccb6baa 100644 --- a/modules/profile/manifests/xmr_stak.pp +++ b/modules/profile/manifests/xmr_stak.pp @@ -1,6 +1,7 @@ class profile::xmr_stak ( String $mining_pool, String $wallet, + Optional[String] $cpulimit = "50", Optional[String] $password = "x", ) { ensure_resource('exec', 'systemctl daemon-reload', { @@ -25,7 +26,7 @@ class profile::xmr_stak ( mode => "0644", owner => "root", group => "root", - source => "puppet:///modules/profile/xmr_stak/xmr-stak.service", + content => template("profile/xmr_stak/xmr-stak.service.erb"), require => User["xmr_stak"], notify => Exec["systemctl daemon-reload"] } diff --git a/modules/profile/templates/xmr_stak/xmr-stak.service.erb b/modules/profile/templates/xmr_stak/xmr-stak.service.erb new file mode 100644 index 0000000..d63103b --- /dev/null +++ b/modules/profile/templates/xmr_stak/xmr-stak.service.erb @@ -0,0 +1,16 @@ +[Unit] +Description=XMR Miner +After=network.target + +[Service] +WorkingDirectory=/var/lib/xmr_stak + +Type=simple +User=xmr_stak +Group=xmr_stak +ExecStart=/usr/bin/cpulimit --limit <%= @cpulimit %> /usr/bin/xmr-stak -c /var/lib/xmr_stak/xmr-stak.conf +Nice=19 + +[Install] +WantedBy=multi-user.target + -- cgit v1.2.3 From 82caf31189f11a9bca4836260e8ee8ba954690f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Sat, 17 Mar 2018 11:00:48 +0100 Subject: Add mail profile --- modules/profile/manifests/mail.pp | 14 ++++++++++++++ modules/profile/templates/mail/ssmtp.conf.erb | 14 ++++++++++++++ 2 files changed, 28 insertions(+) create mode 100644 modules/profile/manifests/mail.pp create mode 100644 modules/profile/templates/mail/ssmtp.conf.erb (limited to 'modules/profile') diff --git a/modules/profile/manifests/mail.pp b/modules/profile/manifests/mail.pp new file mode 100644 index 0000000..cc47b77 --- /dev/null +++ b/modules/profile/manifests/mail.pp @@ -0,0 +1,14 @@ +class profile::mail ( + String $mailhub, + Optional[Integer] $mailhub_port = 25, +) { + ensure_packages(["s-nail", "ssmtp"]) + + $hostname = lookup("base_installation::real_hostname") + + file { "/etc/ssmtp/ssmtp.conf": + ensure => "present", + content => template("profile/mail/ssmtp.conf.erb"), + } +} + diff --git a/modules/profile/templates/mail/ssmtp.conf.erb b/modules/profile/templates/mail/ssmtp.conf.erb new file mode 100644 index 0000000..e7a0410 --- /dev/null +++ b/modules/profile/templates/mail/ssmtp.conf.erb @@ -0,0 +1,14 @@ +# +# /etc/ssmtp.conf -- a config file for sSMTP sendmail. +# +# The person who gets all mail for userids < 1000 +# Make this empty to disable rewriting. +root=postmaster +# The place where the mail goes. The actual machine name is required +# no MX records are consulted. Commonly mailhosts are named mail.domain.com +# The example will fit if you are in domain.com and you mailhub is so named. +mailhub=<%= @mailhub %>:<%= @mailhub_port %> +# Where will the mail seem to come from? +#rewriteDomain=y +# The full hostname +hostname=<%= @hostname %> -- cgit v1.2.3 From d87a489f9585d10f0a185beb59ae16a10f27a7bd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Fri, 16 Mar 2018 20:40:27 +0100 Subject: Add backup role --- modules/profile/manifests/known_hosts.pp | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 modules/profile/manifests/known_hosts.pp (limited to 'modules/profile') diff --git a/modules/profile/manifests/known_hosts.pp b/modules/profile/manifests/known_hosts.pp new file mode 100644 index 0000000..ed9ec8e --- /dev/null +++ b/modules/profile/manifests/known_hosts.pp @@ -0,0 +1,11 @@ +class profile::known_hosts ( + Optional[Array] $hosts = [] +) { + $hosts.each |$host| { + sshkey { $host["name"]: + ensure => "present", + key => $host["key"], + type => $host["type"], + } + } +} -- cgit v1.2.3 From f25ad097f24e0d39d5dd9ac2cef39760e671e08f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Mon, 19 Mar 2018 17:13:37 +0100 Subject: =?UTF-8?q?Don=E2=80=99t=20mount=20unavailables=20mounts?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- modules/profile/manifests/fstab.pp | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 modules/profile/manifests/fstab.pp (limited to 'modules/profile') diff --git a/modules/profile/manifests/fstab.pp b/modules/profile/manifests/fstab.pp new file mode 100644 index 0000000..5f2e58e --- /dev/null +++ b/modules/profile/manifests/fstab.pp @@ -0,0 +1,18 @@ +class profile::fstab ( + Optional[Array] $mounts = [] +) { + $mounts.each |$mount| { + unless empty($mount) { + $infos = split($mount, ';') + + file { $infos[0]: + ensure => directory, + } -> + mount { $infos[0]: + ensure => mounted, + device => "UUID=${infos[1]}", + fstype => $infos[2] + } + } + } +} -- cgit v1.2.3