591a5db4f2a8f5b621b6fb2c7bc42b0767339e52
[chaosvm.git] / modules / common / manifests / init.pp
1 class common {
2
3   # define admin contact mail address
4   
5   # aschiermeier@asl:~$ sudo cat /home/apt-dater/.ssh/authorized_keys
6   # ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp+P0huFZ8h5GjZhtN2ZzM78pc30u2ZVrbmjLoGq9vYXBk2/jCIEWqg+L63EWg2EZcDsbxuKaf4/CYYnB213FYjhlhi8kvt/Gt3GTOxpf1/vEx+VZWpafeTDiTlKzqDHuFMHe+pEMe/OwIuK561ubttUAk6raixgkjxk0WYQX8HWLrO+jyyXstPmqs6lvQ7TYQajC8HmHb5vQWWSNWdcoeybMY+iD7H6e+4oAINs3yVMJN7Lfso7CySN1eYlFfsKExWJ59U1CrUbOgGfz5K6ommtSUqtxl+DOfmXVO40lpQ8iuTZ3YFZPuVunkw5Ce185DfZhKCSQqr+k+gKy2UFnVw== noc.cash-zone.de
7   # aschiermeier@asl:~$ sudo cat /root/.ssh/authorized_keys
8   # no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from="5.231.239.2,::ffff:5.231.239.2" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAygsqWq5lKygdAqO+GZGRB3t2P5FeQO8a3FZHKCOTpiI8CTycDZpiQnc6a/IsTHP4YvqhX9Swofu9jFDlVQXAExvuKmOlg5HZWAlCPxwMRarwN4QJvOowx+zoK0GVh3X/uNzMwKaNtk4GWek64KaLNx3TmO/UNBJhz9MxsUYvzCTTwi7361Nytko3v9BoJOGYLBYwbnseHsu3oLOYThL+KK8gNFuEMuCTIYK5wipbMbtIcCAIlnNrZTFJz0/6fbEj2A59oCeV98JWWYjmoIDqGTR5RflkuTS1LQnd/NlD+vCJdzf81hIBCbYXsy7+wc1bWj9SJuc2Lt91Qaf1DbT9Lw== backuppc@backup01
9   
10 # apt-dater ALL=NOPASSWD: /usr/bin/apt-get
11
12   define set_mountpoint_option($mount, $option) {
13     augeas{ "fstab-$mount-$option":
14       context => "/files/etc/fstab/*[file = '$mount'][count(opt[. = '$option']) = 0]",
15       changes => [
16         "ins opt after opt[last()]",
17         "set opt[last()] $option",
18         ],
19       onlyif => "match /files/etc/fstab/*[file = '$mount'][count(opt[. = '$option']) = 0] size > 0",
20     }
21   }
22   
23   set_mountpoint_option { '/usr-nodev':
24     mount => '/usr',
25     option => 'nodev',
26   }
27
28   set_mountpoint_option { '/var-nodev':
29     mount => '/var',
30     option => 'nosuid',
31   }
32   
33   $packages = [ 'git-core',
34                 'puppet',
35                 'sudo',
36                 'screen',
37                 'rsync',
38                 'vim',
39                 'lsof',
40                 'pv',
41                 'tcpdump',
42                ]
43   
44   package { $packages:
45     ensure => installed,
46   }
47   
48   package { 'sudo':
49     ensure => installed,
50   }
51   
52   augeas { 'enable NOPASSWD for %sudo':
53     context => '/files/etc/sudoers/spec[2]/host_group/command/',
54     changes => [ 'set tag NOPASSWD' ],
55   }
56   
57   # Zeitabgleich
58   package { 'chrony':
59     ensure => installed,
60   }
61   
62   service { 'chrony':
63     ensure => running,
64     enable => true,
65     hasstatus  => false,
66     hasrestart => true,
67   }
68
69   # E-Mail via Smart Host
70   package { 'nullmailer':
71     ensure => installed,
72   }
73   
74   file { '/etc/nullmailer/adminaddr':
75     ensure => present,
76     content => "infra@ccc-ffm.de\n",
77     require => Package['nullmailer'],
78     notify => Service['nullmailer'],
79   }
80
81   file { '/etc/nullmailer/defaultdomain':
82     ensure => present,
83     content => "ccc-ffm.de\n",
84     require => Package['nullmailer'],
85     notify => Service['nullmailer'],
86   }
87
88   file { '/etc/nullmailer/remotes':
89     ensure => present,
90     content => "mx01.ccc-ffm.de\n",
91     require => Package['nullmailer'],
92     notify => Service['nullmailer'],
93   }
94
95   service { 'nullmailer':
96     ensure => running,
97     enable => true,
98     hasstatus  => true,
99     hasrestart => true,
100   }
101
102   # Software Updates
103   package { 'apt-dater':
104     ensure => installed,
105   }
106   
107   file { '/etc/sudoers.d/apt-dater-host':
108     ensure => present,
109     mode => 'ug=r,o=',
110     owner => 'root',
111     group => 'root',
112     content => "# apt-dater may run aptitude as root\napt-dater ALL=NOPASSWD: /usr/bin/apt-get\n",
113     require => [ Package['nullmailer'], Package['sudo'] ],
114   }
115   
116   user { 'apt-dater':
117     ensure => $ensure,
118     comment => $comment,
119     gid => 'nogroup',
120     membership => inclusive,
121     home => '/home/apt-dater',
122     managehome => true,
123     shell => '/bin/bash',
124     system => true,
125     require => Package['nullmailer'],
126   }
127   
128   ssh_authorized_key { 'apt-dater noc.cash-zone.de':
129     ensure => present,
130     user => 'apt-dater',
131     type => 'ssh-rsa',
132     key => 'AAAAB3NzaC1yc2EAAAABIwAAAQEAp+P0huFZ8h5GjZhtN2ZzM78pc30u2ZVrbmjLoGq9vYXBk2/jCIEWqg+L63EWg2EZcDsbxuKaf4/CYYnB213FYjhlhi8kvt/Gt3GTOxpf1/vEx+VZWpafeTDiTlKzqDHuFMHe+pEMe/OwIuK561ubttUAk6raixgkjxk0WYQX8HWLrO+jyyXstPmqs6lvQ7TYQajC8HmHb5vQWWSNWdcoeybMY+iD7H6e+4oAINs3yVMJN7Lfso7CySN1eYlFfsKExWJ59U1CrUbOgGfz5K6ommtSUqtxl+DOfmXVO40lpQ8iuTZ3YFZPuVunkw5Ce185DfZhKCSQqr+k+gKy2UFnVw==',
133   }
134   
135   ssh_authorized_key { 'backuppc systemgemisch':
136     ensure => present,
137     user => 'root',
138     type => 'ssh-rsa',
139     options => [ 'no-port-forwarding',
140                  'no-X11-forwarding',
141                  'no-agent-forwarding',
142                  'from="5.231.239.2,::ffff:5.231.239.2"'
143                ],
144     key => 'AAAAB3NzaC1yc2EAAAABIwAAAQEAygsqWq5lKygdAqO+GZGRB3t2P5FeQO8a3FZHKCOTpiI8CTycDZpiQnc6a/IsTHP4YvqhX9Swofu9jFDlVQXAExvuKmOlg5HZWAlCPxwMRarwN4QJvOowx+zoK0GVh3X/uNzMwKaNtk4GWek64KaLNx3TmO/UNBJhz9MxsUYvzCTTwi7361Nytko3v9BoJOGYLBYwbnseHsu3oLOYThL+KK8gNFuEMuCTIYK5wipbMbtIcCAIlnNrZTFJz0/6fbEj2A59oCeV98JWWYjmoIDqGTR5RflkuTS1LQnd/NlD+vCJdzf81hIBCbYXsy7+wc1bWj9SJuc2Lt91Qaf1DbT9Lw==',
145   }
146   
147   include common::accountsetup
148   include common::users
149   
150 }