2014-03-31 23:18:29 +02:00
|
|
|
# kitchen sink class for various small settings
|
2014-05-18 20:59:41 +02:00
|
|
|
class ff_gw::sysadmin($zabbixserver = '127.0.0.1', $muninserver = '127.0.0.1', $sethostname = false, $setip = false, $accounts = {}) {
|
2014-05-19 20:08:15 +02:00
|
|
|
# first of all: fix my hostname
|
2014-05-18 20:59:41 +02:00
|
|
|
if $sethostname and $setip {
|
|
|
|
# set system hostname
|
|
|
|
class { 'ff_gw::sysadmin::hostname':
|
|
|
|
newname => $sethostname,
|
|
|
|
newip => $setip,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-05-19 20:08:15 +02:00
|
|
|
# next important thing: set up apt repositories
|
2014-07-01 18:33:46 +02:00
|
|
|
class { 'ff_gw::sysadmin::software': }
|
2014-03-31 23:18:29 +02:00
|
|
|
|
2014-06-05 21:37:50 +02:00
|
|
|
cron {
|
|
|
|
'ntpdate-debian':
|
|
|
|
command => '/usr/sbin/ntpdate-debian',
|
|
|
|
user => root,
|
|
|
|
minute => '0';
|
|
|
|
}
|
|
|
|
|
2014-05-04 23:38:58 +02:00
|
|
|
# user accounts
|
|
|
|
create_resources('account', $accounts)
|
2014-03-31 23:18:29 +02:00
|
|
|
# Sudo
|
|
|
|
include sudo
|
|
|
|
sudo::conf { 'admins':
|
|
|
|
priority => 10,
|
|
|
|
content => '%sudo ALL=(ALL) NOPASSWD: ALL',
|
|
|
|
}
|
|
|
|
|
|
|
|
# sshd
|
|
|
|
augeas { 'harden_sshd':
|
|
|
|
context => '/files/etc/ssh/sshd_config',
|
|
|
|
changes => [
|
|
|
|
'set PermitRootLogin no',
|
|
|
|
'set PasswordAuthentication no',
|
|
|
|
'set PubkeyAuthentication yes'
|
|
|
|
],
|
|
|
|
}
|
|
|
|
~>
|
|
|
|
service { 'ssh':
|
|
|
|
ensure => running,
|
|
|
|
enable => true,
|
|
|
|
}
|
|
|
|
|
2014-07-01 18:33:46 +02:00
|
|
|
class { 'ff_gw::sysadmin::zabbix':
|
|
|
|
zabbixserver => $zabbixserver,
|
2014-03-31 23:18:29 +02:00
|
|
|
}
|
2014-07-01 18:33:46 +02:00
|
|
|
class { 'ff_gw::sysadmin::munin':
|
|
|
|
muninserver => $muninserver,
|
2014-03-31 23:18:29 +02:00
|
|
|
}
|
|
|
|
}
|
2014-05-18 20:59:41 +02:00
|
|
|
|
|
|
|
class ff_gw::sysadmin::hostname($newname, $newip) {
|
|
|
|
# short name
|
|
|
|
$alias = regsubst($newname, '^([^.]*).*$', '\1')
|
|
|
|
|
|
|
|
# clean old names
|
2014-06-01 21:47:08 +02:00
|
|
|
if $::hostname != $alias {
|
|
|
|
host { $::hostname: ensure => absent }
|
2014-05-18 20:59:41 +02:00
|
|
|
}
|
2014-06-01 21:47:08 +02:00
|
|
|
if $::fqdn != $newname {
|
|
|
|
host { $::fqdn: ensure => absent }
|
2014-05-18 20:59:41 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
# rewrite config files:
|
2014-06-01 21:47:08 +02:00
|
|
|
host { $newname:
|
2014-05-18 20:59:41 +02:00
|
|
|
ensure => present,
|
|
|
|
ip => $newip,
|
|
|
|
alias => $alias ? {
|
2014-06-01 21:47:08 +02:00
|
|
|
$::hostname => undef,
|
2014-05-18 20:59:41 +02:00
|
|
|
default => $alias
|
|
|
|
},
|
|
|
|
before => Exec['hostname.sh'],
|
|
|
|
}
|
|
|
|
|
|
|
|
file { '/etc/mailname':
|
|
|
|
ensure => present,
|
|
|
|
owner => 'root',
|
|
|
|
group => 'root',
|
2014-06-01 21:47:08 +02:00
|
|
|
mode => '0644',
|
2014-05-18 20:59:41 +02:00
|
|
|
content => "${newname}\n",
|
|
|
|
}
|
|
|
|
|
|
|
|
file { '/etc/hostname':
|
|
|
|
ensure => present,
|
|
|
|
owner => 'root',
|
|
|
|
group => 'root',
|
2014-06-01 21:47:08 +02:00
|
|
|
mode => '0644',
|
2014-05-18 20:59:41 +02:00
|
|
|
content => "${newname}\n",
|
|
|
|
notify => Exec['hostname.sh'],
|
|
|
|
}
|
|
|
|
|
|
|
|
exec { 'hostname.sh':
|
|
|
|
command => '/etc/init.d/hostname.sh start',
|
|
|
|
refreshonly => true,
|
|
|
|
}
|
|
|
|
}
|
2014-07-01 18:33:46 +02:00
|
|
|
|
|
|
|
# everything related to apt-repos and default tools
|
|
|
|
class ff_gw::sysadmin::software() {
|
|
|
|
class { '::apt':
|
|
|
|
always_apt_update => true
|
|
|
|
}
|
|
|
|
# use backports repo
|
|
|
|
apt::source { 'wheezy-backports':
|
|
|
|
location => 'http://ftp.de.debian.org/debian/',
|
|
|
|
release => 'wheezy-backports',
|
|
|
|
repos => 'main',
|
|
|
|
}
|
|
|
|
# batman repo
|
|
|
|
apt::source { 'universe-factory':
|
|
|
|
location => 'http://repo.universe-factory.net/debian/',
|
|
|
|
release => 'sid',
|
|
|
|
repos => 'main',
|
|
|
|
key => '16EF3F64CB201D9C',
|
|
|
|
key_server => 'pool.sks-keyservers.net',
|
|
|
|
}
|
|
|
|
# bird repo // TODO: no PGP key
|
|
|
|
apt::source { 'bird-network':
|
|
|
|
location => 'http://bird.network.cz/debian/',
|
|
|
|
release => 'wheezy',
|
|
|
|
repos => 'main',
|
|
|
|
}
|
|
|
|
|
|
|
|
# then install some basic packages
|
|
|
|
package {
|
|
|
|
['vim-nox', 'git', 'etckeeper', 'pv', 'curl', 'atop',
|
|
|
|
'screen', 'tcpdump', 'rsync', 'file', 'psmisc', 'ntpdate']:
|
|
|
|
ensure => installed,
|
|
|
|
}
|
|
|
|
->
|
|
|
|
# remove atop cronjob
|
|
|
|
file { '/etc/cron.d/atop':
|
|
|
|
ensure => absent,
|
|
|
|
}
|
|
|
|
->
|
|
|
|
# stop atop daemon (cf. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506191)
|
|
|
|
service { 'atop':
|
|
|
|
ensure => stopped,
|
|
|
|
enable => false,
|
|
|
|
}
|
|
|
|
}
|