config-mgmt/salt-states
0
0
Fork 0
Code Releases Activity

Compare commits

base: config-mgmt:896e005a984335ec45e2955ec0e5a62e5634a4c5
Branches Tags
config-mgmt:master
..
compare: config-mgmt:master
Branches Tags
config-mgmt:master

9 Commits
896e005a98 ... master

Author SHA1 Message Date
Keiran Snowden
b36d658ba1 fix missing "then" 2025-12-28 20:03:18 -05:00
Terry Derks
5e1555e87f TODO 2025-12-27 18:59:14 -05:00
Terry Derks
39d43cfe03 TODO 2025-12-27 18:46:42 -05:00
Terry Derks
7247d0e25f update from current 2025-12-27 18:46:18 -05:00
Terry Derks
1f59077a7f ed25519 2025-05-05 01:09:27 -04:00
Terry Derks
151e56e2cf screenrc moved to users formula 2025-05-05 01:09:12 -04:00
Terry Derks
e2b71b8ae0 pdbedit.managed is broken 2025-05-05 01:08:19 -04:00
Terry Derks
1726c412ce icinga wip 2025-05-05 01:07:57 -04:00
Terry Derks
393d52595f updated salt setup 2025-05-05 01:07:28 -04:00
14 changed files with 81 additions and 39 deletions
Expand all files Collapse all files

4
TODO Normal file
View File

@@ -0,0 +1,4 @@
screenrc
apt remove triggerhappy
restic pulls x86 on the pi
install python3-dev for manual pip setup

6
_grains/lsusb.py
View File

@@ -1,6 +1,6 @@
import re import re
import logging import logging
from subprocess import check_output from subprocess import check_output, CalledProcessError
log = logging.getLogger(__name__) log = logging.getLogger(__name__)
@@ -8,8 +8,8 @@ def main():
dev_re = re.compile(r"Bus\s+(\d+)\s+Device\s+(\d+):\s+ID\s(\w+:\w+)\s(.+)$") dev_re = re.compile(r"Bus\s+(\d+)\s+Device\s+(\d+):\s+ID\s(\w+:\w+)\s(.+)$")
try: try:
lsusb = check_output("lsusb", encoding='UTF-8') lsusb = check_output("lsusb", encoding='UTF-8')
except OSError as exc: except (CalledProcessError, OSError) as exc:
log.error(exc) log.debug(exc)
return {} return {}
devices = [] devices = []
corsair_aio = None corsair_aio = None

3
gitea/cpapache.sls
View File

@@ -6,6 +6,7 @@
- user: root - user: root
- group: root - group: root
- mode: 644 - mode: 644
- makedirs: true
verify_vhost_includes: verify_vhost_includes:
cmd.wait: cmd.wait:
@@ -25,7 +26,7 @@ queue_httpd_graceful:
- watch: - watch:
- cmd: rebuildhttpdconf - cmd: rebuildhttpdconf
/home/{{ salt.pillar.get('gitea:user') }}/public_html/.htaccess: {{ salt.pillar.get('gitea:docroot') }}/.htaccess:
file.managed: file.managed:
- source: 'salt://gitea/files/htaccess.jinja' - source: 'salt://gitea/files/htaccess.jinja'
- template: jinja - template: jinja

28
icinga2/plugins.sls
View File

@@ -1,35 +1,39 @@
# A deploy key must be added for this to work! # A deploy key must be added for this to work!
/usr/local/lib/nagios:
{% set git_dir = '/usr/local/lib/icinga' %}
{% set venv_dir = '%s/venv' | format(git_dir) %}
{{ git_dir }}:
git.cloned: git.cloned:
- name: {{ salt.pillar.get("icinga2:monitoring_plugins_git_url") | yaml_encode }} - name: {{ salt.pillar.get("icinga2:monitoring_plugins_git_url") | yaml_encode }}
- target: /usr/local/lib/nagios - target: {{ git_dir }}
- branch: master - branch: master
- user: root - user: root
/usr/local/lib/nagios/venv: {{ venv_dir }}:
cmd.run: cmd.run:
{% if 'inmotionhosting' in grains.fqdn %} {% if 'inmotionhosting' in grains.fqdn %}
- name: imh-python3 -m venv /usr/local/lib/nagios/venv - name: imh-python3 -m venv {{ venv_dir }}
{% else %} {% else %}
- name: python3 -m venv /usr/local/lib/nagios/venv - name: python3 -m venv {{ venv_dir }}
{% endif %} {% endif %}
- creates: /usr/local/lib/nagios/venv - creates: {{ venv_dir }}
- require: - require:
- git: /usr/local/lib/nagios - git: {{ git_dir }}
- pkg: monitoring_packages - pkg: monitoring_packages
venv-ensurepip: venv-ensurepip:
cmd.run: cmd.run:
- name: /usr/local/lib/nagios/venv/bin/python3 -m ensurepip - name: {{ venv_dir }}/bin/python3 -m ensurepip
- creates: /usr/local/lib/nagios/venv/bin/pip3 - creates: {{ venv_dir }}/bin/pip3
- require: - require:
- cmd: /usr/local/lib/nagios/venv - cmd: {{ venv_dir }}
{# {#
venv-psutil: venv-psutil:
cmd.run: cmd.run:
- name: /usr/local/lib/nagios/venv/bin/pip3 install psutil - name: {{ venv_dir }}/bin/pip3 install psutil
- unless: /usr/local/lib/nagios/venv/bin/pip3 freeze | grep -q '^psutil=' - unless: {{ venv_dir }}/bin/pip3 freeze | grep -q '^psutil='
- require: - require:
- cmd: venv-ensurepip - cmd: venv-ensurepip
#} #}

2
icinga2/server.sls
View File

@@ -18,7 +18,7 @@ icingaweb2_vhost:
- group: root - group: root
- mode: 644 - mode: 644
- source: https://packages.icinga.com/icinga.key - source: https://packages.icinga.com/icinga.key
- source_hash: be677e07972ed57b99ffc2fd211379ac11b9c6a7c8d9460086b447b96b0a82bb - source_hash: e2b9301181fcc3cd555323cafbecfcd8764f47e06e14e0128f172c544bbb619f
icingacmd: icingacmd:
group.present: [] group.present: []

23
salt/deb_install/init.sls
View File

@@ -1,23 +1,36 @@
{% from "salt/map.jinja" import salt_daemons with context %} {% from "salt/map.jinja" import salt_daemons with context %}
{% from "salt/deb_install/map.jinja" import osrelease, oscodename with context %} {% from "salt/deb_install/map.jinja" import osrelease, oscodename with context %}
/etc/apt/keyrings/salt-archive-keyring-2023.gpg: /etc/apt/keyrings/salt-archive-keyring-2023.pgp:
file.managed: file.managed:
- source: https://repo.saltproject.io/salt/py3/{{ grains['os'].lower() }}/{{ osrelease }}/amd64/SALT-PROJECT-GPG-PUBKEY-2023.gpg - source: https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public
- source_hash: c6f6cbcd96fdb130b1dde8dcfc05d46a3a3f322ff0514f98e2e6473896243472 - source_hash: 36decef986477acb8ba2a1fc4041bcf9f22229ef6c939d0317c9e36a9d142b34
/etc/apt/sources.list.d/salt.list: /etc/apt/sources.list.d/salt.list:
file.managed: file.managed:
- contents: "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg arch=amd64] https://repo.saltproject.io/salt/py3/{{ grains['os'].lower() }}/{{ osrelease }}/amd64/minor/{{ salt.pillar.get("salt:version") }} {{ oscodename }} main" - contents: deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.pgp arch=amd64] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main
salt-common: salt-common:
pkg.installed: pkg.installed:
- version: '{{ salt.pillar.get("salt:version") }}' - version: '{{ salt.pillar.get("salt:version") }}'
- refresh: true - refresh: true
- require: - require:
- file: /etc/apt/keyrings/salt-archive-keyring-2023.gpg - file: /etc/apt/keyrings/salt-archive-keyring-2023.pgp
- file: /etc/apt/sources.list.d/salt.list - file: /etc/apt/sources.list.d/salt.list
salt {{ salt.pillar.get("salt:version") }}:
pkg.held:
- pkgs:
- salt-common
{% for daemon in salt_daemons %}
- salt-{{ daemon }}
{% endfor %}
- require:
- pkg: salt-common
{% for daemon in salt_daemons %}
- pkg: salt-{{ daemon }}
{% endfor %}
{% for daemon in salt_daemons %} {% for daemon in salt_daemons %}
salt-{{ daemon }}: salt-{{ daemon }}:
pkg.installed: pkg.installed:

2
salt/files/minion.jinja
View File

@@ -12,4 +12,4 @@ mysql.default_file: '/root/.my.cnf'
mine_functions: mine_functions:
root_id_rsa_pub: root_id_rsa_pub:
- mine_function: file.read - mine_function: file.read
- /root/.ssh/id_rsa.pub - /root/.ssh/id_ed25519.pub

4
salt/rhel_install.sls
View File

@@ -1,6 +1,6 @@
{% from "salt/map.jinja" import salt_daemons with context %} {% from "salt/map.jinja" import salt_daemons with context %}
{% if grains['os'] != 'CentOS' %} {% if grains['os'] not in ('CentOS', 'AlmaLinux') %}
{{ raise("Unsupported distro") }} {{ raise("Unsupported distro") }}
{% endif %} {% endif %}
@@ -10,7 +10,7 @@
salt: salt:
pkgrepo.managed: pkgrepo.managed:
- baseurl: "https://repo.saltproject.io/salt/py3/redhat/{{ grains['osmajorrelease'] }}/x86_64/minor/{{ salt.pillar.get("salt:version") }}" - baseurl: "https://repo.saltproject.io/salt/py3/redhat/{{ grains['osmajorrelease'] }}/x86_64/minor/{{ salt.pillar.get("salt:version") }}"
- humanname: Salt repo for RHEL/CentOS {{ grains['osmajorrelease'] }} PY3 - humanname: Salt repo for RHEL/CentOS/AlmaLinux {{ grains['osmajorrelease'] }} PY3
- gpgkey: file:///etc/pki/rpm-gpg/SALT-PROJECT-GPG-PUBKEY-2023 - gpgkey: file:///etc/pki/rpm-gpg/SALT-PROJECT-GPG-PUBKEY-2023
- skip_if_unavailable: true - skip_if_unavailable: true
- failovermethod: priority - failovermethod: priority

16
samba/smbd.sls
View File

@@ -17,11 +17,11 @@ smbd:
- template: jinja - template: jinja
- check_cmd: /usr/bin/testparm -d 0 -s - check_cmd: /usr/bin/testparm -d 0 -s
{# generate these with print(hashlib.new('md4', "password".encode('utf-16le')).hexdigest()) #} #{# generate these with print(hashlib.new('md4', "password".encode('utf-16le')).hexdigest()) #}
{% for user, passw in salt.pillar.get('samba:users', {}).items() %} #{% for user, passw in salt.pillar.get('samba:users', {}).items() %}
samba_{{user}}: #samba_{{user}}:
pdbedit.managed: # pdbedit.managed:
- name: {{user}} # - name: {{user}}
- password: {{passw}} # - password: {{passw}}
- password_hashed: True # - password_hashed: True
{% endfor %} #{% endfor %}

1
screen/init.sls
View File

@@ -1 +0,0 @@
# TODO

8
setup.sh
View File

@@ -2,7 +2,7 @@
set -e set -e
SALT_VERSION='3006.4' SALT_VERSION='3007.1'
CYAN='\033[1;36m' CYAN='\033[1;36m'
RED='\033[0;31m' RED='\033[0;31m'
@@ -45,6 +45,7 @@ read
if ! [ -e /usr/bin/salt-call ]; then if ! [ -e /usr/bin/salt-call ]; then
if [[ "$DISTRO" == "fedora" ]]; then if [[ "$DISTRO" == "fedora" ]]; then
mkdir -p /etc/salt/pki/minion
echo -e "${CYAN}Fedora detected - installing Python3.10 if not present, then using a venv${NC}" echo -e "${CYAN}Fedora detected - installing Python3.10 if not present, then using a venv${NC}"
if ! which python3.10 &>/dev/null; then if ! which python3.10 &>/dev/null; then
wget -O /usr/local/bin/python3.10 https://github.com/niess/python-appimage/releases/download/python3.10/python3.10.13-cp310-cp310-manylinux_2_28_x86_64.AppImage wget -O /usr/local/bin/python3.10 https://github.com/niess/python-appimage/releases/download/python3.10/python3.10.13-cp310-cp310-manylinux_2_28_x86_64.AppImage
@@ -62,7 +63,10 @@ if ! [ -e /usr/bin/salt-call ]; then
/opt/saltstack/salt/bin/pip3 freeze | grep -q ^salt== || /opt/saltstack/salt/bin/pip3 freeze | grep -q ^salt== ||
/opt/saltstack/salt/bin/pip3 install "salt==$SALT_VERSION" /opt/saltstack/salt/bin/pip3 install "salt==$SALT_VERSION"
ln -sfT /opt/saltstack/salt/bin/salt-call /usr/bin/salt-call ln -sfT /opt/saltstack/salt/bin/salt-call /usr/bin/salt-call
elif [[ "$DISTRO" == "centos" ]]; then elif [[ "$DISTRO" == "centos" ]] || [[ "$DISTRO" == "almalinux" ]]; then
if [[ "$DISTRO" == "almalinux" ]]; then
OS_VERSION="$(python3 -m distro --json | jq -r .version_parts.major)"
fi
rpm --import https://repo.saltproject.io/salt/py3/redhat/$OS_VERSION/x86_64/SALT-PROJECT-GPG-PUBKEY-2023.pub rpm --import https://repo.saltproject.io/salt/py3/redhat/$OS_VERSION/x86_64/SALT-PROJECT-GPG-PUBKEY-2023.pub
[ -f /etc/yum.repos.d/salt.repo ] || [ -f /etc/yum.repos.d/salt.repo ] ||
curl -fsSL -o /etc/yum.repos.d/salt.repo https://repo.saltproject.io/salt/py3/redhat/$OS_VERSION/x86_64/minor/$SALT_VERSION.repo curl -fsSL -o /etc/yum.repos.d/salt.repo https://repo.saltproject.io/salt/py3/redhat/$OS_VERSION/x86_64/minor/$SALT_VERSION.repo

2
ssh/map.jinja
View File

@@ -8,7 +8,7 @@
'HostName': 'kpi.keiran.us', 'HostName': 'kpi.keiran.us',
'User': restic_repo.split(':')[1], 'User': restic_repo.split(':')[1],
'Port': 9022, 'Port': 9022,
'IdentityFile': '/root/.ssh/id_rsa', 'IdentityFile': '/root/.ssh/id_ed25519',
} }
} }
} }

0
screen/files/screenrc → users/files/screenrc
View File

21
users/init.sls
View File

@@ -1,3 +1,12 @@
screen:
pkg.installed: []
/root/.screenrc:
file.managed:
- source: salt://users/files/screenrc
- user: root
- group: root
- mode: 640
{% if salt.pillar.get('manage_root_bashrc', False) %} {% if salt.pillar.get('manage_root_bashrc', False) %}
/root/.bashrc: /root/.bashrc:
@@ -6,7 +15,7 @@
- template: jinja - template: jinja
- user: root - user: root
- group: root - group: root
- mode: 0640 - mode: 640
- context: - context:
bashrc_user: root bashrc_user: root
{% endif %} {% endif %}
@@ -41,7 +50,15 @@
bashrc_user: {{ user }} bashrc_user: {{ user }}
- require: - require:
- user: {{ user }}_user - user: {{ user }}_user
{% endif %}
{{ homedir }}/.screenrc:
file.managed:
- source: salt://users/files/screenrc
- user: {{ user }}
- group: {{ user }}
- mode: 640
{% endif %}
{% endif %} {% endif %}
{% endfor %} {% endfor %}