modules/common/manifests/init.pp

   1 class common {
   2
   3   # define admin contact mail address
   4
   5   # aschiermeier@asl:~$ sudo cat /home/apt-dater/.ssh/authorized_keys
   6   # ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp+P0huFZ8h5GjZhtN2ZzM78pc30u2ZVrbmjLoGq9vYXBk2/jCIEWqg+L63EWg2EZcDsbxuKaf4/CYYnB213FYjhlhi8kvt/Gt3GTOxpf1/vEx+VZWpafeTDiTlKzqDHuFMHe+pEMe/OwIuK561ubttUAk6raixgkjxk0WYQX8HWLrO+jyyXstPmqs6lvQ7TYQajC8HmHb5vQWWSNWdcoeybMY+iD7H6e+4oAINs3yVMJN7Lfso7CySN1eYlFfsKExWJ59U1CrUbOgGfz5K6ommtSUqtxl+DOfmXVO40lpQ8iuTZ3YFZPuVunkw5Ce185DfZhKCSQqr+k+gKy2UFnVw== noc.cash-zone.de
   7   # aschiermeier@asl:~$ sudo cat /root/.ssh/authorized_keys
   8   # no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from="5.231.239.2,::ffff:5.231.239.2" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAygsqWq5lKygdAqO+GZGRB3t2P5FeQO8a3FZHKCOTpiI8CTycDZpiQnc6a/IsTHP4YvqhX9Swofu9jFDlVQXAExvuKmOlg5HZWAlCPxwMRarwN4QJvOowx+zoK0GVh3X/uNzMwKaNtk4GWek64KaLNx3TmO/UNBJhz9MxsUYvzCTTwi7361Nytko3v9BoJOGYLBYwbnseHsu3oLOYThL+KK8gNFuEMuCTIYK5wipbMbtIcCAIlnNrZTFJz0/6fbEj2A59oCeV98JWWYjmoIDqGTR5RflkuTS1LQnd/NlD+vCJdzf81hIBCbYXsy7+wc1bWj9SJuc2Lt91Qaf1DbT9Lw== backuppc@backup01
   9
  10 # apt-dater ALL=NOPASSWD: /usr/bin/apt-get
  11
  12   define set_mountpoint_option($mount, $option) {
  13     augeas{ "fstab-$mount-$option":
  14       context => "/files/etc/fstab/*[file = '$mount'][count(opt[. = '$option']) = 0]",
  15       changes => [
  16         "ins opt after opt[last()]",
  17         "set opt[last()] $option",
  18         ],
  19       onlyif => "match /files/etc/fstab/*[file = '$mount'][count(opt[. = '$option']) = 0] size > 0",
  20     }
  21   }
  22
  23   set_mountpoint_option { '/usr-nodev':
  24     mount => '/usr',
  25     option => 'nodev',
  26   }
  27
  28   set_mountpoint_option { '/var-nodev':
  29     mount => '/var',
  30     option => 'nosuid',
  31   }
  32
  33   $packages = [ 'git-core',
  34                 'puppet',
  35                 'sudo',
  36                 'screen',
  37                 'rsync',
  38                 'vim',
  39                 'lsof',
  40                 'pv',
  41                 'tcpdump',
  42                ]
  43
  44   package { $packages:
  45     ensure => installed,
  46   }
  47
  48   package { 'sudo':
  49     ensure => installed,
  50   }
  51
  52   augeas { 'enable NOPASSWD for %sudo':
  53     context => '/files/etc/sudoers/spec[2]/host_group/command/',
  54     changes => [ 'set tag NOPASSWD' ],
  55   }
  56
  57   # Zeitabgleich
  58   package { 'chrony':
  59     ensure => installed,
  60   }
  61
  62   service { 'chrony':
  63     ensure => running,
  64     enable => true,
  65     hasstatus  => false,
  66     hasrestart => true,
  67   }
  68
  69   # E-Mail via Smart Host
  70   package { 'nullmailer':
  71     ensure => installed,
  72   }
  73
  74   file { '/etc/nullmailer/adminaddr':
  75     ensure => present,
  76     content => "infra@ccc-ffm.de\n",
  77     require => Package['nullmailer'],
  78     notify => Service['nullmailer'],
  79   }
  80
  81   file { '/etc/nullmailer/defaultdomain':
  82     ensure => present,
  83     content => "ccc-ffm.de\n",
  84     require => Package['nullmailer'],
  85     notify => Service['nullmailer'],
  86   }
  87
  88   file { '/etc/nullmailer/remotes':
  89     ensure => present,
  90     content => "mx01.ccc-ffm.de\n",
  91     require => Package['nullmailer'],
  92     notify => Service['nullmailer'],
  93   }
  94
  95   service { 'nullmailer':
  96     ensure => running,
  97     enable => true,
  98     hasstatus  => true,
  99     hasrestart => true,
 100   }
 101
 102   # Software Updates
 103   package { 'apt-dater':
 104     ensure => installed,
 105   }
 106
 107   file { '/etc/sudoers.d/apt-dater-host':
 108     ensure => present,
 109     mode => 'ug=r,o=',
 110     owner => 'root',
 111     group => 'root',
 112     content => "# apt-dater may run aptitude as root\napt-dater ALL=NOPASSWD: /usr/bin/apt-get\n",
 113     require => [ Package['nullmailer'], Package['sudo'] ],
 114   }
 115
 116   user { 'apt-dater':
 117     ensure => $ensure,
 118     comment => $comment,
 119     gid => 'nogroup',
 120     membership => inclusive,
 121     home => '/home/apt-dater',
 122     managehome => true,
 123     shell => '/bin/bash',
 124     system => true,
 125     require => Package['nullmailer'],
 126   }
 127
 128   ssh_authorized_key { 'apt-dater noc.cash-zone.de':
 129     ensure => present,
 130     user => 'apt-dater',
 131     type => 'ssh-rsa',
 132     key => 'AAAAB3NzaC1yc2EAAAABIwAAAQEAp+P0huFZ8h5GjZhtN2ZzM78pc30u2ZVrbmjLoGq9vYXBk2/jCIEWqg+L63EWg2EZcDsbxuKaf4/CYYnB213FYjhlhi8kvt/Gt3GTOxpf1/vEx+VZWpafeTDiTlKzqDHuFMHe+pEMe/OwIuK561ubttUAk6raixgkjxk0WYQX8HWLrO+jyyXstPmqs6lvQ7TYQajC8HmHb5vQWWSNWdcoeybMY+iD7H6e+4oAINs3yVMJN7Lfso7CySN1eYlFfsKExWJ59U1CrUbOgGfz5K6ommtSUqtxl+DOfmXVO40lpQ8iuTZ3YFZPuVunkw5Ce185DfZhKCSQqr+k+gKy2UFnVw==',
 133   }
 134
 135   ssh_authorized_key { 'backuppc systemgemisch':
 136     ensure => present,
 137     user => 'root',
 138     type => 'ssh-rsa',
 139     options => [ 'no-port-forwarding',
 140                  'no-X11-forwarding',
 141                  'no-agent-forwarding',
 142                  'from="5.231.239.2,::ffff:5.231.239.2"'
 143                ],
 144     key => 'AAAAB3NzaC1yc2EAAAABIwAAAQEAygsqWq5lKygdAqO+GZGRB3t2P5FeQO8a3FZHKCOTpiI8CTycDZpiQnc6a/IsTHP4YvqhX9Swofu9jFDlVQXAExvuKmOlg5HZWAlCPxwMRarwN4QJvOowx+zoK0GVh3X/uNzMwKaNtk4GWek64KaLNx3TmO/UNBJhz9MxsUYvzCTTwi7361Nytko3v9BoJOGYLBYwbnseHsu3oLOYThL+KK8gNFuEMuCTIYK5wipbMbtIcCAIlnNrZTFJz0/6fbEj2A59oCeV98JWWYjmoIDqGTR5RflkuTS1LQnd/NlD+vCJdzf81hIBCbYXsy7+wc1bWj9SJuc2Lt91Qaf1DbT9Lw==',
 145   }
 146
 147   include common::accountsetup
 148   include common::users
 149
 150 }