4f0c78971631da21ac43ff98858cb15cfa9481ac
[chaosvm.git] / modules / common / manifests / init.pp
1 class common {
2
3   # define admin contact mail address
4   
5   # aschiermeier@asl:~$ sudo cat /home/apt-dater/.ssh/authorized_keys
6   # ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp+P0huFZ8h5GjZhtN2ZzM78pc30u2ZVrbmjLoGq9vYXBk2/jCIEWqg+L63EWg2EZcDsbxuKaf4/CYYnB213FYjhlhi8kvt/Gt3GTOxpf1/vEx+VZWpafeTDiTlKzqDHuFMHe+pEMe/OwIuK561ubttUAk6raixgkjxk0WYQX8HWLrO+jyyXstPmqs6lvQ7TYQajC8HmHb5vQWWSNWdcoeybMY+iD7H6e+4oAINs3yVMJN7Lfso7CySN1eYlFfsKExWJ59U1CrUbOgGfz5K6ommtSUqtxl+DOfmXVO40lpQ8iuTZ3YFZPuVunkw5Ce185DfZhKCSQqr+k+gKy2UFnVw== noc.cash-zone.de
7   # aschiermeier@asl:~$ sudo cat /root/.ssh/authorized_keys
8   # no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from="5.231.239.2,::ffff:5.231.239.2" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAygsqWq5lKygdAqO+GZGRB3t2P5FeQO8a3FZHKCOTpiI8CTycDZpiQnc6a/IsTHP4YvqhX9Swofu9jFDlVQXAExvuKmOlg5HZWAlCPxwMRarwN4QJvOowx+zoK0GVh3X/uNzMwKaNtk4GWek64KaLNx3TmO/UNBJhz9MxsUYvzCTTwi7361Nytko3v9BoJOGYLBYwbnseHsu3oLOYThL+KK8gNFuEMuCTIYK5wipbMbtIcCAIlnNrZTFJz0/6fbEj2A59oCeV98JWWYjmoIDqGTR5RflkuTS1LQnd/NlD+vCJdzf81hIBCbYXsy7+wc1bWj9SJuc2Lt91Qaf1DbT9Lw== backuppc@backup01
9   
10 # apt-dater ALL=NOPASSWD: /usr/bin/apt-get
11
12   $packages = [ 'git-core',
13                 'puppet',
14                 'sudo',
15                 'screen',
16                 'rsync',
17                 'vim',
18                 'lsof',
19                 'pv',
20                 'tcpdump',
21                ]
22   
23   package { $packages:
24     ensure => installed,
25   }
26   
27   package { 'sudo':
28     ensure => installed,
29   }
30   
31   augeas { 'enable NOPASSWD for %sudo':
32     context => '/files/etc/sudoers/spec[2]/host_group/command/',
33     changes => [ 'set tag NOPASSWD' ],
34   }
35   
36   # Zeitabgleich
37   package { 'chrony':
38     ensure => installed,
39   }
40   
41   service { 'chrony':
42     ensure => running,
43     enable => true,
44     hasstatus  => false,
45     hasrestart => true,
46   }
47
48   # E-Mail via Smart Host
49   package { 'nullmailer':
50     ensure => installed,
51   }
52   
53   file { '/etc/nullmailer/adminaddr':
54     ensure => present,
55     content => "infra@ccc-ffm.de\n",
56     require => Package['nullmailer'],
57     notify => Service['nullmailer'],
58   }
59
60   file { '/etc/nullmailer/defaultdomain':
61     ensure => present,
62     content => "ccc-ffm.de\n",
63     require => Package['nullmailer'],
64     notify => Service['nullmailer'],
65   }
66
67   file { '/etc/nullmailer/remotes':
68     ensure => present,
69     content => "mx01.ccc-ffm.de\n",
70     require => Package['nullmailer'],
71     notify => Service['nullmailer'],
72   }
73
74   service { 'nullmailer':
75     ensure => running,
76     enable => true,
77     hasstatus  => true,
78     hasrestart => true,
79   }
80
81   # Software Updates
82   package { 'apt-dater':
83     ensure => installed,
84   }
85   
86   file { '/etc/sudoers.d/apt-dater-host':
87     ensure => present,
88     mode => 'ug=r,o=',
89     owner => 'root',
90     group => 'root',
91     content => "# apt-dater may run aptitude as root\napt-dater ALL=NOPASSWD: /usr/bin/apt-get\n",
92     require => [ Package['nullmailer'], Package['sudo'] ],
93   }
94   
95   user { 'apt-dater':
96     ensure => $ensure,
97     comment => $comment,
98     gid => 'nogroup',
99     membership => inclusive,
100     home => '/home/apt-dater',
101     managehome => true,
102     shell => '/bin/bash',
103     system => true,
104     require => Package['nullmailer'],
105   }
106   
107   ssh_authorized_key { 'apt-dater noc.cash-zone.de':
108     ensure => present,
109     user => 'apt-dater',
110     type => 'ssh-rsa',
111     key => 'AAAAB3NzaC1yc2EAAAABIwAAAQEAp+P0huFZ8h5GjZhtN2ZzM78pc30u2ZVrbmjLoGq9vYXBk2/jCIEWqg+L63EWg2EZcDsbxuKaf4/CYYnB213FYjhlhi8kvt/Gt3GTOxpf1/vEx+VZWpafeTDiTlKzqDHuFMHe+pEMe/OwIuK561ubttUAk6raixgkjxk0WYQX8HWLrO+jyyXstPmqs6lvQ7TYQajC8HmHb5vQWWSNWdcoeybMY+iD7H6e+4oAINs3yVMJN7Lfso7CySN1eYlFfsKExWJ59U1CrUbOgGfz5K6ommtSUqtxl+DOfmXVO40lpQ8iuTZ3YFZPuVunkw5Ce185DfZhKCSQqr+k+gKy2UFnVw==',
112   }
113   
114   ssh_authorized_key { 'backuppc systemgemisch':
115     ensure => present,
116     user => 'root',
117     type => 'ssh-rsa',
118     options => [ 'no-port-forwarding',
119                  'no-X11-forwarding',
120                  'no-agent-forwarding',
121                  'from="5.231.239.2,::ffff:5.231.239.2"'
122                ],
123     key => 'AAAAB3NzaC1yc2EAAAABIwAAAQEAygsqWq5lKygdAqO+GZGRB3t2P5FeQO8a3FZHKCOTpiI8CTycDZpiQnc6a/IsTHP4YvqhX9Swofu9jFDlVQXAExvuKmOlg5HZWAlCPxwMRarwN4QJvOowx+zoK0GVh3X/uNzMwKaNtk4GWek64KaLNx3TmO/UNBJhz9MxsUYvzCTTwi7361Nytko3v9BoJOGYLBYwbnseHsu3oLOYThL+KK8gNFuEMuCTIYK5wipbMbtIcCAIlnNrZTFJz0/6fbEj2A59oCeV98JWWYjmoIDqGTR5RflkuTS1LQnd/NlD+vCJdzf81hIBCbYXsy7+wc1bWj9SJuc2Lt91Qaf1DbT9Lw==',
124   }
125   
126   include common::accountsetup
127   include common::users
128   
129 }