modules/common/manifests/init.pp

   1 class common {
   2
   3   # define admin contact mail address
   4
   5   # aschiermeier@asl:~$ sudo cat /home/apt-dater/.ssh/authorized_keys
   6   # ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp+P0huFZ8h5GjZhtN2ZzM78pc30u2ZVrbmjLoGq9vYXBk2/jCIEWqg+L63EWg2EZcDsbxuKaf4/CYYnB213FYjhlhi8kvt/Gt3GTOxpf1/vEx+VZWpafeTDiTlKzqDHuFMHe+pEMe/OwIuK561ubttUAk6raixgkjxk0WYQX8HWLrO+jyyXstPmqs6lvQ7TYQajC8HmHb5vQWWSNWdcoeybMY+iD7H6e+4oAINs3yVMJN7Lfso7CySN1eYlFfsKExWJ59U1CrUbOgGfz5K6ommtSUqtxl+DOfmXVO40lpQ8iuTZ3YFZPuVunkw5Ce185DfZhKCSQqr+k+gKy2UFnVw== noc.cash-zone.de
   7   # aschiermeier@asl:~$ sudo cat /root/.ssh/authorized_keys
   8   # no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from="5.231.239.2,::ffff:5.231.239.2" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAygsqWq5lKygdAqO+GZGRB3t2P5FeQO8a3FZHKCOTpiI8CTycDZpiQnc6a/IsTHP4YvqhX9Swofu9jFDlVQXAExvuKmOlg5HZWAlCPxwMRarwN4QJvOowx+zoK0GVh3X/uNzMwKaNtk4GWek64KaLNx3TmO/UNBJhz9MxsUYvzCTTwi7361Nytko3v9BoJOGYLBYwbnseHsu3oLOYThL+KK8gNFuEMuCTIYK5wipbMbtIcCAIlnNrZTFJz0/6fbEj2A59oCeV98JWWYjmoIDqGTR5RflkuTS1LQnd/NlD+vCJdzf81hIBCbYXsy7+wc1bWj9SJuc2Lt91Qaf1DbT9Lw== backuppc@backup01
   9
  10 # apt-dater ALL=NOPASSWD: /usr/bin/apt-get
  11
  12   $packages = [ 'git-core',
  13                 'puppet',
  14                 'sudo',
  15                 'screen',
  16                 'rsync',
  17                 'vim',
  18                 'lsof',
  19                 'pv',
  20                 'tcpdump',
  21                ]
  22
  23   package { $packages:
  24     ensure => installed,
  25   }
  26
  27   package { 'sudo':
  28     ensure => installed,
  29   }
  30
  31   augeas { 'enable NOPASSWD for %sudo':
  32     context => '/files/etc/sudoers/spec[2]/host_group/command/',
  33     changes => [ 'set tag NOPASSWD' ],
  34   }
  35
  36   # Zeitabgleich
  37   package { 'chrony':
  38     ensure => installed,
  39   }
  40
  41   service { 'chrony':
  42     ensure => running,
  43     enable => true,
  44     hasstatus  => false,
  45     hasrestart => true,
  46   }
  47
  48   # E-Mail via Smart Host
  49   package { 'nullmailer':
  50     ensure => installed,
  51   }
  52
  53   file { '/etc/nullmailer/adminaddr':
  54     ensure => present,
  55     content => "infra@ccc-ffm.de\n",
  56     require => Package['nullmailer'],
  57     notify => Service['nullmailer'],
  58   }
  59
  60   file { '/etc/nullmailer/defaultdomain':
  61     ensure => present,
  62     content => "ccc-ffm.de\n",
  63     require => Package['nullmailer'],
  64     notify => Service['nullmailer'],
  65   }
  66
  67   file { '/etc/nullmailer/remotes':
  68     ensure => present,
  69     content => "mx01.ccc-ffm.de\n",
  70     require => Package['nullmailer'],
  71     notify => Service['nullmailer'],
  72   }
  73
  74   service { 'nullmailer':
  75     ensure => running,
  76     enable => true,
  77     hasstatus  => true,
  78     hasrestart => true,
  79   }
  80
  81   # Software Updates
  82   package { 'apt-dater':
  83     ensure => installed,
  84   }
  85
  86   file { '/etc/sudoers.d/apt-dater-host':
  87     ensure => present,
  88     content => "# apt-dater may run aptitude as root\napt-dater ALL=NOPASSWD: /usr/bin/apt-get\n",
  89     require => [ Package['nullmailer'], Package['sudo'] ],
  90   }
  91
  92   user { 'apt-dater':
  93     ensure => $ensure,
  94     comment => $comment,
  95     gid => 'nogroup',
  96     membership => inclusive,
  97     home => "/home/apt-dater",
  98     managehome => true,
  99     shell => '/bin/bash',
 100     system => true,
 101     require => Package['nullmailer'],
 102   }
 103
 104   ssh_authorized_key { 'apt-dater noc.cash-zone.de':
 105     ensure => present,
 106     user => 'apt-dater',
 107     type => 'ssh-rsa',
 108     key => 'AAAAB3NzaC1yc2EAAAABIwAAAQEAp+P0huFZ8h5GjZhtN2ZzM78pc30u2ZVrbmjLoGq9vYXBk2/jCIEWqg+L63EWg2EZcDsbxuKaf4/CYYnB213FYjhlhi8kvt/Gt3GTOxpf1/vEx+VZWpafeTDiTlKzqDHuFMHe+pEMe/OwIuK561ubttUAk6raixgkjxk0WYQX8HWLrO+jyyXstPmqs6lvQ7TYQajC8HmHb5vQWWSNWdcoeybMY+iD7H6e+4oAINs3yVMJN7Lfso7CySN1eYlFfsKExWJ59U1CrUbOgGfz5K6ommtSUqtxl+DOfmXVO40lpQ8iuTZ3YFZPuVunkw5Ce185DfZhKCSQqr+k+gKy2UFnVw==',
 109   }
 110
 111   ssh_authorized_key { 'backuppc systemgemisch':
 112     ensure => present,
 113     user => 'root',
 114     type => 'ssh-rsa',
 115     options => [ 'no-port-forwarding',
 116                  'no-X11-forwarding',
 117                  'no-agent-forwarding',
 118                  'from="5.231.239.2,::ffff:5.231.239.2"'
 119                ],
 120     key => 'AAAAB3NzaC1yc2EAAAABIwAAAQEAygsqWq5lKygdAqO+GZGRB3t2P5FeQO8a3FZHKCOTpiI8CTycDZpiQnc6a/IsTHP4YvqhX9Swofu9jFDlVQXAExvuKmOlg5HZWAlCPxwMRarwN4QJvOowx+zoK0GVh3X/uNzMwKaNtk4GWek64KaLNx3TmO/UNBJhz9MxsUYvzCTTwi7361Nytko3v9BoJOGYLBYwbnseHsu3oLOYThL+KK8gNFuEMuCTIYK5wipbMbtIcCAIlnNrZTFJz0/6fbEj2A59oCeV98JWWYjmoIDqGTR5RflkuTS1LQnd/NlD+vCJdzf81hIBCbYXsy7+wc1bWj9SJuc2Lt91Qaf1DbT9Lw==',
 121   }
 122
 123 #   user { 'install':
 124 #     ensure => absent,
 125 #   }
 126 #
 127 #   group { 'install':
 128 #     ensure => absent,
 129 #   }
 130
 131   include common::users
 132
 133 }