Fixed file modes.
[chaosvm.git] / modules / common / manifests / init.pp
index 93ef72c..945652f 100644 (file)
@@ -1,17 +1,29 @@
 class common {
-
-  # define admin contact mail address
   
-  # aschiermeier@asl:~$ sudo cat /home/apt-dater/.ssh/authorized_keys
-  # ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAp+P0huFZ8h5GjZhtN2ZzM78pc30u2ZVrbmjLoGq9vYXBk2/jCIEWqg+L63EWg2EZcDsbxuKaf4/CYYnB213FYjhlhi8kvt/Gt3GTOxpf1/vEx+VZWpafeTDiTlKzqDHuFMHe+pEMe/OwIuK561ubttUAk6raixgkjxk0WYQX8HWLrO+jyyXstPmqs6lvQ7TYQajC8HmHb5vQWWSNWdcoeybMY+iD7H6e+4oAINs3yVMJN7Lfso7CySN1eYlFfsKExWJ59U1CrUbOgGfz5K6ommtSUqtxl+DOfmXVO40lpQ8iuTZ3YFZPuVunkw5Ce185DfZhKCSQqr+k+gKy2UFnVw== noc.cash-zone.de
-  # aschiermeier@asl:~$ sudo cat /root/.ssh/authorized_keys
-  # no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from="5.231.239.2,::ffff:5.231.239.2" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAygsqWq5lKygdAqO+GZGRB3t2P5FeQO8a3FZHKCOTpiI8CTycDZpiQnc6a/IsTHP4YvqhX9Swofu9jFDlVQXAExvuKmOlg5HZWAlCPxwMRarwN4QJvOowx+zoK0GVh3X/uNzMwKaNtk4GWek64KaLNx3TmO/UNBJhz9MxsUYvzCTTwi7361Nytko3v9BoJOGYLBYwbnseHsu3oLOYThL+KK8gNFuEMuCTIYK5wipbMbtIcCAIlnNrZTFJz0/6fbEj2A59oCeV98JWWYjmoIDqGTR5RflkuTS1LQnd/NlD+vCJdzf81hIBCbYXsy7+wc1bWj9SJuc2Lt91Qaf1DbT9Lw== backuppc@backup01
+  define set_mountpoint_option($mount, $option) {
+    augeas{ "fstab-$mount-$option":
+      context => "/files/etc/fstab/*[file = '$mount'][count(opt[. = '$option']) = 0]",
+      changes => [
+        "ins opt after opt[last()]",
+        "set opt[last()] $option",
+        ],
+      onlyif => "match /files/etc/fstab/*[file = '$mount'][count(opt[. = '$option']) = 0] size > 0",
+    }
+  }
   
-# apt-dater ALL=NOPASSWD: /usr/bin/apt-get
+  set_mountpoint_option { '/usr-nodev':
+    mount => '/usr',
+    option => 'nodev',
+  }
 
+  set_mountpoint_option { '/var-nodev':
+    mount => '/var',
+    option => 'nosuid',
+  }
+  
+  # packages without configuration
   $packages = [ 'git-core',
                 'puppet',
-                'sudo',
                 'screen',
                 'rsync',
                 'vim',
@@ -24,6 +36,16 @@ class common {
     ensure => installed,
   }
   
+  package { 'sudo':
+    ensure => installed,
+  }
+  
+  augeas { 'enable NOPASSWD for %sudo':
+    context => '/files/etc/sudoers/spec[2]/host_group/command/',
+    changes => [ 'set tag NOPASSWD' ],
+    require => Package['sudo'],
+  }
+  
   # Zeitabgleich
   package { 'chrony':
     ensure => installed,
@@ -34,6 +56,7 @@ class common {
     enable => true,
     hasstatus  => false,
     hasrestart => true,
+    require => Package['chrony'],
   }
 
   # E-Mail via Smart Host
@@ -76,6 +99,9 @@ class common {
   
   file { '/etc/sudoers.d/apt-dater-host':
     ensure => present,
+    mode => '0440',
+    owner => 'root',
+    group => 'root',
     content => "# apt-dater may run aptitude as root\napt-dater ALL=NOPASSWD: /usr/bin/apt-get\n",
     require => [ Package['nullmailer'], Package['sudo'] ],
   }
@@ -85,7 +111,7 @@ class common {
     comment => $comment,
     gid => 'nogroup',
     membership => inclusive,
-    home => "/home/apt-dater",
+    home => '/home/apt-dater',
     managehome => true,
     shell => '/bin/bash',
     system => true,
@@ -111,6 +137,7 @@ class common {
     key => 'AAAAB3NzaC1yc2EAAAABIwAAAQEAygsqWq5lKygdAqO+GZGRB3t2P5FeQO8a3FZHKCOTpiI8CTycDZpiQnc6a/IsTHP4YvqhX9Swofu9jFDlVQXAExvuKmOlg5HZWAlCPxwMRarwN4QJvOowx+zoK0GVh3X/uNzMwKaNtk4GWek64KaLNx3TmO/UNBJhz9MxsUYvzCTTwi7361Nytko3v9BoJOGYLBYwbnseHsu3oLOYThL+KK8gNFuEMuCTIYK5wipbMbtIcCAIlnNrZTFJz0/6fbEj2A59oCeV98JWWYjmoIDqGTR5RflkuTS1LQnd/NlD+vCJdzf81hIBCbYXsy7+wc1bWj9SJuc2Lt91Qaf1DbT9Lw==',
   }
   
+  include common::accountsetup
   include common::users
   
 }
\ No newline at end of file