Compare commits
9 Commits
896e005a98
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
| b36d658ba1 | |||
| 5e1555e87f | |||
| 39d43cfe03 | |||
| 7247d0e25f | |||
| 1f59077a7f | |||
| 151e56e2cf | |||
| e2b71b8ae0 | |||
| 1726c412ce | |||
| 393d52595f |
4
TODO
Normal file
4
TODO
Normal file
@@ -0,0 +1,4 @@
|
||||
screenrc
|
||||
apt remove triggerhappy
|
||||
restic pulls x86 on the pi
|
||||
install python3-dev for manual pip setup
|
||||
@@ -1,6 +1,6 @@
|
||||
import re
|
||||
import logging
|
||||
from subprocess import check_output
|
||||
from subprocess import check_output, CalledProcessError
|
||||
|
||||
log = logging.getLogger(__name__)
|
||||
|
||||
@@ -8,8 +8,8 @@ def main():
|
||||
dev_re = re.compile(r"Bus\s+(\d+)\s+Device\s+(\d+):\s+ID\s(\w+:\w+)\s(.+)$")
|
||||
try:
|
||||
lsusb = check_output("lsusb", encoding='UTF-8')
|
||||
except OSError as exc:
|
||||
log.error(exc)
|
||||
except (CalledProcessError, OSError) as exc:
|
||||
log.debug(exc)
|
||||
return {}
|
||||
devices = []
|
||||
corsair_aio = None
|
||||
|
||||
@@ -6,6 +6,7 @@
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 644
|
||||
- makedirs: true
|
||||
|
||||
verify_vhost_includes:
|
||||
cmd.wait:
|
||||
@@ -25,7 +26,7 @@ queue_httpd_graceful:
|
||||
- watch:
|
||||
- cmd: rebuildhttpdconf
|
||||
|
||||
/home/{{ salt.pillar.get('gitea:user') }}/public_html/.htaccess:
|
||||
{{ salt.pillar.get('gitea:docroot') }}/.htaccess:
|
||||
file.managed:
|
||||
- source: 'salt://gitea/files/htaccess.jinja'
|
||||
- template: jinja
|
||||
|
||||
@@ -1,35 +1,39 @@
|
||||
# A deploy key must be added for this to work!
|
||||
/usr/local/lib/nagios:
|
||||
|
||||
{% set git_dir = '/usr/local/lib/icinga' %}
|
||||
{% set venv_dir = '%s/venv' | format(git_dir) %}
|
||||
|
||||
{{ git_dir }}:
|
||||
git.cloned:
|
||||
- name: {{ salt.pillar.get("icinga2:monitoring_plugins_git_url") | yaml_encode }}
|
||||
- target: /usr/local/lib/nagios
|
||||
- target: {{ git_dir }}
|
||||
- branch: master
|
||||
- user: root
|
||||
|
||||
/usr/local/lib/nagios/venv:
|
||||
{{ venv_dir }}:
|
||||
cmd.run:
|
||||
{% if 'inmotionhosting' in grains.fqdn %}
|
||||
- name: imh-python3 -m venv /usr/local/lib/nagios/venv
|
||||
- name: imh-python3 -m venv {{ venv_dir }}
|
||||
{% else %}
|
||||
- name: python3 -m venv /usr/local/lib/nagios/venv
|
||||
- name: python3 -m venv {{ venv_dir }}
|
||||
{% endif %}
|
||||
- creates: /usr/local/lib/nagios/venv
|
||||
- creates: {{ venv_dir }}
|
||||
- require:
|
||||
- git: /usr/local/lib/nagios
|
||||
- git: {{ git_dir }}
|
||||
- pkg: monitoring_packages
|
||||
|
||||
venv-ensurepip:
|
||||
cmd.run:
|
||||
- name: /usr/local/lib/nagios/venv/bin/python3 -m ensurepip
|
||||
- creates: /usr/local/lib/nagios/venv/bin/pip3
|
||||
- name: {{ venv_dir }}/bin/python3 -m ensurepip
|
||||
- creates: {{ venv_dir }}/bin/pip3
|
||||
- require:
|
||||
- cmd: /usr/local/lib/nagios/venv
|
||||
- cmd: {{ venv_dir }}
|
||||
|
||||
{#
|
||||
venv-psutil:
|
||||
cmd.run:
|
||||
- name: /usr/local/lib/nagios/venv/bin/pip3 install psutil
|
||||
- unless: /usr/local/lib/nagios/venv/bin/pip3 freeze | grep -q '^psutil='
|
||||
- name: {{ venv_dir }}/bin/pip3 install psutil
|
||||
- unless: {{ venv_dir }}/bin/pip3 freeze | grep -q '^psutil='
|
||||
- require:
|
||||
- cmd: venv-ensurepip
|
||||
#}
|
||||
|
||||
@@ -18,7 +18,7 @@ icingaweb2_vhost:
|
||||
- group: root
|
||||
- mode: 644
|
||||
- source: https://packages.icinga.com/icinga.key
|
||||
- source_hash: be677e07972ed57b99ffc2fd211379ac11b9c6a7c8d9460086b447b96b0a82bb
|
||||
- source_hash: e2b9301181fcc3cd555323cafbecfcd8764f47e06e14e0128f172c544bbb619f
|
||||
|
||||
icingacmd:
|
||||
group.present: []
|
||||
|
||||
@@ -1,23 +1,36 @@
|
||||
{% from "salt/map.jinja" import salt_daemons with context %}
|
||||
{% from "salt/deb_install/map.jinja" import osrelease, oscodename with context %}
|
||||
|
||||
/etc/apt/keyrings/salt-archive-keyring-2023.gpg:
|
||||
/etc/apt/keyrings/salt-archive-keyring-2023.pgp:
|
||||
file.managed:
|
||||
- source: https://repo.saltproject.io/salt/py3/{{ grains['os'].lower() }}/{{ osrelease }}/amd64/SALT-PROJECT-GPG-PUBKEY-2023.gpg
|
||||
- source_hash: c6f6cbcd96fdb130b1dde8dcfc05d46a3a3f322ff0514f98e2e6473896243472
|
||||
- source: https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public
|
||||
- source_hash: 36decef986477acb8ba2a1fc4041bcf9f22229ef6c939d0317c9e36a9d142b34
|
||||
|
||||
/etc/apt/sources.list.d/salt.list:
|
||||
file.managed:
|
||||
- contents: "deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.gpg arch=amd64] https://repo.saltproject.io/salt/py3/{{ grains['os'].lower() }}/{{ osrelease }}/amd64/minor/{{ salt.pillar.get("salt:version") }} {{ oscodename }} main"
|
||||
- contents: deb [signed-by=/etc/apt/keyrings/salt-archive-keyring-2023.pgp arch=amd64] https://packages.broadcom.com/artifactory/saltproject-deb/ stable main
|
||||
|
||||
salt-common:
|
||||
pkg.installed:
|
||||
- version: '{{ salt.pillar.get("salt:version") }}'
|
||||
- refresh: true
|
||||
- require:
|
||||
- file: /etc/apt/keyrings/salt-archive-keyring-2023.gpg
|
||||
- file: /etc/apt/keyrings/salt-archive-keyring-2023.pgp
|
||||
- file: /etc/apt/sources.list.d/salt.list
|
||||
|
||||
salt {{ salt.pillar.get("salt:version") }}:
|
||||
pkg.held:
|
||||
- pkgs:
|
||||
- salt-common
|
||||
{% for daemon in salt_daemons %}
|
||||
- salt-{{ daemon }}
|
||||
{% endfor %}
|
||||
- require:
|
||||
- pkg: salt-common
|
||||
{% for daemon in salt_daemons %}
|
||||
- pkg: salt-{{ daemon }}
|
||||
{% endfor %}
|
||||
|
||||
{% for daemon in salt_daemons %}
|
||||
salt-{{ daemon }}:
|
||||
pkg.installed:
|
||||
|
||||
@@ -12,4 +12,4 @@ mysql.default_file: '/root/.my.cnf'
|
||||
mine_functions:
|
||||
root_id_rsa_pub:
|
||||
- mine_function: file.read
|
||||
- /root/.ssh/id_rsa.pub
|
||||
- /root/.ssh/id_ed25519.pub
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{% from "salt/map.jinja" import salt_daemons with context %}
|
||||
|
||||
{% if grains['os'] != 'CentOS' %}
|
||||
{% if grains['os'] not in ('CentOS', 'AlmaLinux') %}
|
||||
{{ raise("Unsupported distro") }}
|
||||
{% endif %}
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
salt:
|
||||
pkgrepo.managed:
|
||||
- baseurl: "https://repo.saltproject.io/salt/py3/redhat/{{ grains['osmajorrelease'] }}/x86_64/minor/{{ salt.pillar.get("salt:version") }}"
|
||||
- humanname: Salt repo for RHEL/CentOS {{ grains['osmajorrelease'] }} PY3
|
||||
- humanname: Salt repo for RHEL/CentOS/AlmaLinux {{ grains['osmajorrelease'] }} PY3
|
||||
- gpgkey: file:///etc/pki/rpm-gpg/SALT-PROJECT-GPG-PUBKEY-2023
|
||||
- skip_if_unavailable: true
|
||||
- failovermethod: priority
|
||||
|
||||
@@ -17,11 +17,11 @@ smbd:
|
||||
- template: jinja
|
||||
- check_cmd: /usr/bin/testparm -d 0 -s
|
||||
|
||||
{# generate these with print(hashlib.new('md4', "password".encode('utf-16le')).hexdigest()) #}
|
||||
{% for user, passw in salt.pillar.get('samba:users', {}).items() %}
|
||||
samba_{{user}}:
|
||||
pdbedit.managed:
|
||||
- name: {{user}}
|
||||
- password: {{passw}}
|
||||
- password_hashed: True
|
||||
{% endfor %}
|
||||
#{# generate these with print(hashlib.new('md4', "password".encode('utf-16le')).hexdigest()) #}
|
||||
#{% for user, passw in salt.pillar.get('samba:users', {}).items() %}
|
||||
#samba_{{user}}:
|
||||
# pdbedit.managed:
|
||||
# - name: {{user}}
|
||||
# - password: {{passw}}
|
||||
# - password_hashed: True
|
||||
#{% endfor %}
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
# TODO
|
||||
8
setup.sh
8
setup.sh
@@ -2,7 +2,7 @@
|
||||
|
||||
set -e
|
||||
|
||||
SALT_VERSION='3006.4'
|
||||
SALT_VERSION='3007.1'
|
||||
|
||||
CYAN='\033[1;36m'
|
||||
RED='\033[0;31m'
|
||||
@@ -45,6 +45,7 @@ read
|
||||
|
||||
if ! [ -e /usr/bin/salt-call ]; then
|
||||
if [[ "$DISTRO" == "fedora" ]]; then
|
||||
mkdir -p /etc/salt/pki/minion
|
||||
echo -e "${CYAN}Fedora detected - installing Python3.10 if not present, then using a venv${NC}"
|
||||
if ! which python3.10 &>/dev/null; then
|
||||
wget -O /usr/local/bin/python3.10 https://github.com/niess/python-appimage/releases/download/python3.10/python3.10.13-cp310-cp310-manylinux_2_28_x86_64.AppImage
|
||||
@@ -62,7 +63,10 @@ if ! [ -e /usr/bin/salt-call ]; then
|
||||
/opt/saltstack/salt/bin/pip3 freeze | grep -q ^salt== ||
|
||||
/opt/saltstack/salt/bin/pip3 install "salt==$SALT_VERSION"
|
||||
ln -sfT /opt/saltstack/salt/bin/salt-call /usr/bin/salt-call
|
||||
elif [[ "$DISTRO" == "centos" ]]; then
|
||||
elif [[ "$DISTRO" == "centos" ]] || [[ "$DISTRO" == "almalinux" ]]; then
|
||||
if [[ "$DISTRO" == "almalinux" ]]; then
|
||||
OS_VERSION="$(python3 -m distro --json | jq -r .version_parts.major)"
|
||||
fi
|
||||
rpm --import https://repo.saltproject.io/salt/py3/redhat/$OS_VERSION/x86_64/SALT-PROJECT-GPG-PUBKEY-2023.pub
|
||||
[ -f /etc/yum.repos.d/salt.repo ] ||
|
||||
curl -fsSL -o /etc/yum.repos.d/salt.repo https://repo.saltproject.io/salt/py3/redhat/$OS_VERSION/x86_64/minor/$SALT_VERSION.repo
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
'HostName': 'kpi.keiran.us',
|
||||
'User': restic_repo.split(':')[1],
|
||||
'Port': 9022,
|
||||
'IdentityFile': '/root/.ssh/id_rsa',
|
||||
'IdentityFile': '/root/.ssh/id_ed25519',
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,3 +1,12 @@
|
||||
screen:
|
||||
pkg.installed: []
|
||||
|
||||
/root/.screenrc:
|
||||
file.managed:
|
||||
- source: salt://users/files/screenrc
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 640
|
||||
|
||||
{% if salt.pillar.get('manage_root_bashrc', False) %}
|
||||
/root/.bashrc:
|
||||
@@ -6,7 +15,7 @@
|
||||
- template: jinja
|
||||
- user: root
|
||||
- group: root
|
||||
- mode: 0640
|
||||
- mode: 640
|
||||
- context:
|
||||
bashrc_user: root
|
||||
{% endif %}
|
||||
@@ -41,6 +50,14 @@
|
||||
bashrc_user: {{ user }}
|
||||
- require:
|
||||
- user: {{ user }}_user
|
||||
|
||||
{{ homedir }}/.screenrc:
|
||||
file.managed:
|
||||
- source: salt://users/files/screenrc
|
||||
- user: {{ user }}
|
||||
- group: {{ user }}
|
||||
- mode: 640
|
||||
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
||||
Reference in New Issue
Block a user