From d1927d0acef5353ef7f14c8de90c4f94f74b962b Mon Sep 17 00:00:00 2001 From: Beth Parker Date: Sat, 7 Oct 2017 17:10:16 -0500 Subject: [PATCH] Added freeipa-server state, added freeipa client configurations, renamed all servers and added bashrc --- merge.sh | 2 +- pillars/roles/firewalld/freeipa-server.sls | 13 +++ pillars/roles/mount/sync.sls | 7 ++ pillars/roles/nginx/freeipa_server.sls | 6 ++ pillars/servers/env/server/archportal.sls | 1 - pillars/servers/env/server/archradarr.sls | 1 - pillars/servers/env/server/archsalt.sls | 1 - pillars/servers/env/server/archsonarr.sls | 1 - pillars/servers/env/server/archsql.sls | 1 - pillars/servers/env/server/archssh.sls | 1 - pillars/servers/env/server/archsync.sls | 1 - pillars/servers/env/server/archtest.sls | 1 - pillars/servers/env/server/archtt.sls | 1 - pillars/servers/env/server/archvpn.sls | 1 - .../env/server/{archbaikal.sls => baikal.sls} | 0 .../servers/env/server/{archca.sls => ca.sls} | 0 pillars/servers/env/server/debiangitlab.sls | 1 - .../servers/env/server/debiangitlab.sls~HEAD | 1 - .../env/server/debiangitlab.sls~HEAD_0 | 1 - .../env/server/debiangitlab.sls~history | 1 - .../env/server/debiangitlab.sls~history_0 | 1 - pillars/servers/env/server/debiantest.sls | 1 - .../env/server/{archdeluge.sls => deluge.sls} | 0 .../env/server/{archgit.sls => git.sls} | 0 .../env/server/{archgitlab.sls => host.sls} | 0 .../{archgitlab.sls~HEAD => icinga.sls} | 0 .../server/{archgitlab.sls~HEAD_0 => ipa.sls} | 0 .../{archgitlab.sls~history => ipatest.sls} | 0 .../{archgitlab.sls~history_0 => jackett.sls} | 0 .../server/{archheadphones.sls => ombi.sls} | 0 .../env/server/{archhost1.sls => pass.sls} | 0 .../server/{archhost1.sls~HEAD => pkg.sls} | 0 .../server/{archhost1.sls~HEAD_0 => plex.sls} | 0 .../{archhost1.sls~history => portal.sls} | 0 .../{archhost1.sls~history_0 => radarr.sls} | 0 .../env/server/{archicinga.sls => salt.sls} | 0 .../server/{archjackett.sls => sonarr.sls} | 0 .../env/server/{archlam.sls => sql.sls} | 0 .../env/server/{archombi.sls => ssh.sls} | 0 .../env/server/{archpass.sls => sync.sls} | 0 .../env/server/{archpkg.sls => tt.sls} | 0 .../env/server/{archplex.sls => vpn.sls} | 0 .../servers/maintainer/server/archportal.sls | 3 - .../servers/maintainer/server/archradarr.sls | 3 - .../servers/maintainer/server/archsalt.sls | 3 - .../servers/maintainer/server/archsonarr.sls | 3 - pillars/servers/maintainer/server/archsql.sls | 3 - pillars/servers/maintainer/server/archssh.sls | 3 - .../servers/maintainer/server/archsync.sls | 3 - .../servers/maintainer/server/archtest.sls | 3 - pillars/servers/maintainer/server/archtt.sls | 3 - pillars/servers/maintainer/server/archvpn.sls | 3 - .../server/{archbaikal.sls => baikal.sls} | 0 .../maintainer/server/{archca.sls => ca.sls} | 0 .../maintainer/server/debiangitlab.sls | 3 - .../maintainer/server/debiangitlab.sls~HEAD | 3 - .../maintainer/server/debiangitlab.sls~HEAD_0 | 3 - .../server/debiangitlab.sls~history | 3 - .../server/debiangitlab.sls~history_0 | 3 - .../servers/maintainer/server/debiantest.sls | 3 - .../server/{archdeluge.sls => deluge.sls} | 0 .../server/{archgit.sls => git.sls} | 0 .../server/{archgitlab.sls => host.sls} | 0 .../{archgitlab.sls~HEAD => icinga.sls} | 0 .../server/{archgitlab.sls~HEAD_0 => ipa.sls} | 0 .../{archgitlab.sls~history => ipatest.sls} | 0 .../{archgitlab.sls~history_0 => jackett.sls} | 0 .../server/{archheadphones.sls => ombi.sls} | 0 .../server/{archhost1.sls => pass.sls} | 0 .../server/{archhost1.sls~HEAD => pkg.sls} | 0 .../server/{archhost1.sls~HEAD_0 => plex.sls} | 0 .../{archhost1.sls~history => portal.sls} | 0 .../{archhost1.sls~history_0 => radarr.sls} | 0 .../server/{archicinga.sls => salt.sls} | 0 .../server/{archjackett.sls => sonarr.sls} | 0 .../server/{archlam.sls => sql.sls} | 0 .../server/{archombi.sls => ssh.sls} | 0 .../server/{archpass.sls => sync.sls} | 0 .../maintainer/server/{archpkg.sls => tt.sls} | 0 .../server/{archplex.sls => vpn.sls} | 0 pillars/servers/roles/server/archgitlab.sls | 7 -- .../servers/roles/server/archheadphones.sls | 8 -- pillars/servers/roles/server/archlam.sls | 8 -- pillars/servers/roles/server/archtest.sls | 1 - .../server/{archbaikal.sls => baikal.sls} | 0 .../roles/server/{archca.sls => ca.sls} | 0 .../server/{archdeluge.sls => deluge.sls} | 0 .../roles/server/{archgit.sls => git.sls} | 0 .../roles/server/{archhost1.sls => host.sls} | 0 .../server/{archicinga.sls => icinga.sls} | 0 .../roles/server/{debiantest.sls => ipa.sls} | 1 + .../server/{debiangitlab.sls => ipatest.sls} | 0 .../server/{archjackett.sls => jackett.sls} | 0 .../roles/server/{archombi.sls => ombi.sls} | 0 .../roles/server/{archpass.sls => pass.sls} | 0 .../roles/server/{archpkg.sls => pkg.sls} | 0 .../roles/server/{archplex.sls => plex.sls} | 0 .../server/{archportal.sls => portal.sls} | 0 .../server/{archradarr.sls => radarr.sls} | 0 .../roles/server/{archsalt.sls => salt.sls} | 0 .../server/{archsonarr.sls => sonarr.sls} | 0 .../roles/server/{archsql.sls => sql.sls} | 0 .../roles/server/{archssh.sls => ssh.sls} | 0 .../roles/server/{archsync.sls => sync.sls} | 0 .../roles/server/{archtt.sls => tt.sls} | 0 .../roles/server/{archvpn.sls => vpn.sls} | 0 states/basepkgs/init.sls | 64 ++++++------- states/bashrc/bashrc | 27 ++++++ states/bashrc/init.sls | 28 ++++++ states/productionize/freeipa/auto/init.sls | 18 ++++ states/productionize/freeipa/manual/init.sls | 93 +++++++++++++++++++ states/productionize/freeipa/manual/krb5.conf | 26 ++++++ states/productionize/freeipa/manual/nscd.conf | 88 ++++++++++++++++++ .../freeipa/manual/nsswitch.conf | 20 ++++ .../productionize/freeipa/manual/pam.d/passwd | 1 + states/productionize/freeipa/manual/pam.d/sss | 16 ++++ states/productionize/freeipa/manual/pam.d/su | 4 + .../productionize/freeipa/manual/pam.d/su-l | 4 + .../productionize/freeipa/manual/pam.d/sudo | 3 + .../freeipa/manual/pam.d/system-auth | 14 +++ states/productionize/freeipa/manual/sssd.conf | 15 +++ states/roles/build/freeipa-server/init.sls | 29 ++++++ .../maintain/freeipa-server/DSTRootCAX3.pem | 20 ++++ .../freeipa-server/LetsEncryptAuthorityX3.pem | 27 ++++++ states/roles/maintain/freeipa-server/init.sls | 61 ++++++++++++ states/systems/core/mount/init.sls | 1 + states/top.sls | 5 +- states/update/init.sls | 11 ++- 128 files changed, 565 insertions(+), 127 deletions(-) create mode 100644 pillars/roles/firewalld/freeipa-server.sls create mode 100644 pillars/roles/mount/sync.sls create mode 100644 pillars/roles/nginx/freeipa_server.sls delete mode 100644 pillars/servers/env/server/archportal.sls delete mode 100644 pillars/servers/env/server/archradarr.sls delete mode 100644 pillars/servers/env/server/archsalt.sls delete mode 100644 pillars/servers/env/server/archsonarr.sls delete mode 100644 pillars/servers/env/server/archsql.sls delete mode 100644 pillars/servers/env/server/archssh.sls delete mode 100644 pillars/servers/env/server/archsync.sls delete mode 100644 pillars/servers/env/server/archtest.sls delete mode 100644 pillars/servers/env/server/archtt.sls delete mode 100644 pillars/servers/env/server/archvpn.sls rename pillars/servers/env/server/{archbaikal.sls => baikal.sls} (100%) rename pillars/servers/env/server/{archca.sls => ca.sls} (100%) delete mode 100644 pillars/servers/env/server/debiangitlab.sls delete mode 100644 pillars/servers/env/server/debiangitlab.sls~HEAD delete mode 100644 pillars/servers/env/server/debiangitlab.sls~HEAD_0 delete mode 100644 pillars/servers/env/server/debiangitlab.sls~history delete mode 100644 pillars/servers/env/server/debiangitlab.sls~history_0 delete mode 100644 pillars/servers/env/server/debiantest.sls rename pillars/servers/env/server/{archdeluge.sls => deluge.sls} (100%) rename pillars/servers/env/server/{archgit.sls => git.sls} (100%) rename pillars/servers/env/server/{archgitlab.sls => host.sls} (100%) rename pillars/servers/env/server/{archgitlab.sls~HEAD => icinga.sls} (100%) rename pillars/servers/env/server/{archgitlab.sls~HEAD_0 => ipa.sls} (100%) rename pillars/servers/env/server/{archgitlab.sls~history => ipatest.sls} (100%) rename pillars/servers/env/server/{archgitlab.sls~history_0 => jackett.sls} (100%) rename pillars/servers/env/server/{archheadphones.sls => ombi.sls} (100%) rename pillars/servers/env/server/{archhost1.sls => pass.sls} (100%) rename pillars/servers/env/server/{archhost1.sls~HEAD => pkg.sls} (100%) rename pillars/servers/env/server/{archhost1.sls~HEAD_0 => plex.sls} (100%) rename pillars/servers/env/server/{archhost1.sls~history => portal.sls} (100%) rename pillars/servers/env/server/{archhost1.sls~history_0 => radarr.sls} (100%) rename pillars/servers/env/server/{archicinga.sls => salt.sls} (100%) rename pillars/servers/env/server/{archjackett.sls => sonarr.sls} (100%) rename pillars/servers/env/server/{archlam.sls => sql.sls} (100%) rename pillars/servers/env/server/{archombi.sls => ssh.sls} (100%) rename pillars/servers/env/server/{archpass.sls => sync.sls} (100%) rename pillars/servers/env/server/{archpkg.sls => tt.sls} (100%) rename pillars/servers/env/server/{archplex.sls => vpn.sls} (100%) delete mode 100644 pillars/servers/maintainer/server/archportal.sls delete mode 100644 pillars/servers/maintainer/server/archradarr.sls delete mode 100644 pillars/servers/maintainer/server/archsalt.sls delete mode 100644 pillars/servers/maintainer/server/archsonarr.sls delete mode 100644 pillars/servers/maintainer/server/archsql.sls delete mode 100644 pillars/servers/maintainer/server/archssh.sls delete mode 100644 pillars/servers/maintainer/server/archsync.sls delete mode 100644 pillars/servers/maintainer/server/archtest.sls delete mode 100644 pillars/servers/maintainer/server/archtt.sls delete mode 100644 pillars/servers/maintainer/server/archvpn.sls rename pillars/servers/maintainer/server/{archbaikal.sls => baikal.sls} (100%) rename pillars/servers/maintainer/server/{archca.sls => ca.sls} (100%) delete mode 100644 pillars/servers/maintainer/server/debiangitlab.sls delete mode 100644 pillars/servers/maintainer/server/debiangitlab.sls~HEAD delete mode 100644 pillars/servers/maintainer/server/debiangitlab.sls~HEAD_0 delete mode 100644 pillars/servers/maintainer/server/debiangitlab.sls~history delete mode 100644 pillars/servers/maintainer/server/debiangitlab.sls~history_0 delete mode 100644 pillars/servers/maintainer/server/debiantest.sls rename pillars/servers/maintainer/server/{archdeluge.sls => deluge.sls} (100%) rename pillars/servers/maintainer/server/{archgit.sls => git.sls} (100%) rename pillars/servers/maintainer/server/{archgitlab.sls => host.sls} (100%) rename pillars/servers/maintainer/server/{archgitlab.sls~HEAD => icinga.sls} (100%) rename pillars/servers/maintainer/server/{archgitlab.sls~HEAD_0 => ipa.sls} (100%) rename pillars/servers/maintainer/server/{archgitlab.sls~history => ipatest.sls} (100%) rename pillars/servers/maintainer/server/{archgitlab.sls~history_0 => jackett.sls} (100%) rename pillars/servers/maintainer/server/{archheadphones.sls => ombi.sls} (100%) rename pillars/servers/maintainer/server/{archhost1.sls => pass.sls} (100%) rename pillars/servers/maintainer/server/{archhost1.sls~HEAD => pkg.sls} (100%) rename pillars/servers/maintainer/server/{archhost1.sls~HEAD_0 => plex.sls} (100%) rename pillars/servers/maintainer/server/{archhost1.sls~history => portal.sls} (100%) rename pillars/servers/maintainer/server/{archhost1.sls~history_0 => radarr.sls} (100%) rename pillars/servers/maintainer/server/{archicinga.sls => salt.sls} (100%) rename pillars/servers/maintainer/server/{archjackett.sls => sonarr.sls} (100%) rename pillars/servers/maintainer/server/{archlam.sls => sql.sls} (100%) rename pillars/servers/maintainer/server/{archombi.sls => ssh.sls} (100%) rename pillars/servers/maintainer/server/{archpass.sls => sync.sls} (100%) rename pillars/servers/maintainer/server/{archpkg.sls => tt.sls} (100%) rename pillars/servers/maintainer/server/{archplex.sls => vpn.sls} (100%) delete mode 100644 pillars/servers/roles/server/archgitlab.sls delete mode 100644 pillars/servers/roles/server/archheadphones.sls delete mode 100644 pillars/servers/roles/server/archlam.sls rename pillars/servers/roles/server/{archbaikal.sls => baikal.sls} (100%) rename pillars/servers/roles/server/{archca.sls => ca.sls} (100%) rename pillars/servers/roles/server/{archdeluge.sls => deluge.sls} (100%) rename pillars/servers/roles/server/{archgit.sls => git.sls} (100%) rename pillars/servers/roles/server/{archhost1.sls => host.sls} (100%) rename pillars/servers/roles/server/{archicinga.sls => icinga.sls} (100%) rename pillars/servers/roles/server/{debiantest.sls => ipa.sls} (73%) rename pillars/servers/roles/server/{debiangitlab.sls => ipatest.sls} (100%) rename pillars/servers/roles/server/{archjackett.sls => jackett.sls} (100%) rename pillars/servers/roles/server/{archombi.sls => ombi.sls} (100%) rename pillars/servers/roles/server/{archpass.sls => pass.sls} (100%) rename pillars/servers/roles/server/{archpkg.sls => pkg.sls} (100%) rename pillars/servers/roles/server/{archplex.sls => plex.sls} (100%) rename pillars/servers/roles/server/{archportal.sls => portal.sls} (100%) rename pillars/servers/roles/server/{archradarr.sls => radarr.sls} (100%) rename pillars/servers/roles/server/{archsalt.sls => salt.sls} (100%) rename pillars/servers/roles/server/{archsonarr.sls => sonarr.sls} (100%) rename pillars/servers/roles/server/{archsql.sls => sql.sls} (100%) rename pillars/servers/roles/server/{archssh.sls => ssh.sls} (100%) rename pillars/servers/roles/server/{archsync.sls => sync.sls} (100%) rename pillars/servers/roles/server/{archtt.sls => tt.sls} (100%) rename pillars/servers/roles/server/{archvpn.sls => vpn.sls} (100%) create mode 100644 states/bashrc/bashrc create mode 100644 states/bashrc/init.sls create mode 100644 states/productionize/freeipa/auto/init.sls create mode 100644 states/productionize/freeipa/manual/init.sls create mode 100644 states/productionize/freeipa/manual/krb5.conf create mode 100644 states/productionize/freeipa/manual/nscd.conf create mode 100644 states/productionize/freeipa/manual/nsswitch.conf create mode 100644 states/productionize/freeipa/manual/pam.d/passwd create mode 100644 states/productionize/freeipa/manual/pam.d/sss create mode 100644 states/productionize/freeipa/manual/pam.d/su create mode 100644 states/productionize/freeipa/manual/pam.d/su-l create mode 100644 states/productionize/freeipa/manual/pam.d/sudo create mode 100644 states/productionize/freeipa/manual/pam.d/system-auth create mode 100644 states/productionize/freeipa/manual/sssd.conf create mode 100644 states/roles/build/freeipa-server/init.sls create mode 100644 states/roles/maintain/freeipa-server/DSTRootCAX3.pem create mode 100644 states/roles/maintain/freeipa-server/LetsEncryptAuthorityX3.pem create mode 100644 states/roles/maintain/freeipa-server/init.sls diff --git a/merge.sh b/merge.sh index 574a29e..62b3b5a 100644 --- a/merge.sh +++ b/merge.sh @@ -16,4 +16,4 @@ git push; git checkout dev; git reset --hard master; git push --force; -git reset --hard origin/dev +git reset --hard origin/dev; diff --git a/pillars/roles/firewalld/freeipa-server.sls b/pillars/roles/firewalld/freeipa-server.sls new file mode 100644 index 0000000..01be019 --- /dev/null +++ b/pillars/roles/firewalld/freeipa-server.sls @@ -0,0 +1,13 @@ +firewalld: + 70_internal: + service: + http: [] + https: [] + port: + 389/tcp: [] + 636/tcp: [] + 88/tcp: [] + 464/tcp: [] + 88/udp: [] + 464/udp: [] + 123/udp: [] diff --git a/pillars/roles/mount/sync.sls b/pillars/roles/mount/sync.sls new file mode 100644 index 0000000..1f9d410 --- /dev/null +++ b/pillars/roles/mount/sync.sls @@ -0,0 +1,7 @@ +mount: + sshfs: + /mnt/sync: + name: sync + host: host.actcur.com + directory: /mnt/butter/sync + user: mount diff --git a/pillars/roles/nginx/freeipa_server.sls b/pillars/roles/nginx/freeipa_server.sls new file mode 100644 index 0000000..c1cb027 --- /dev/null +++ b/pillars/roles/nginx/freeipa_server.sls @@ -0,0 +1,6 @@ +nginx: + ipa: + auth: blocked + https: + port: 8443 + prot: https diff --git a/pillars/servers/env/server/archportal.sls b/pillars/servers/env/server/archportal.sls deleted file mode 100644 index 2fdef9a..0000000 --- a/pillars/servers/env/server/archportal.sls +++ /dev/null @@ -1 +0,0 @@ -env: prod diff --git a/pillars/servers/env/server/archradarr.sls b/pillars/servers/env/server/archradarr.sls deleted file mode 100644 index 2fdef9a..0000000 --- a/pillars/servers/env/server/archradarr.sls +++ /dev/null @@ -1 +0,0 @@ -env: prod diff --git a/pillars/servers/env/server/archsalt.sls b/pillars/servers/env/server/archsalt.sls deleted file mode 100644 index 2fdef9a..0000000 --- a/pillars/servers/env/server/archsalt.sls +++ /dev/null @@ -1 +0,0 @@ -env: prod diff --git a/pillars/servers/env/server/archsonarr.sls b/pillars/servers/env/server/archsonarr.sls deleted file mode 100644 index 2fdef9a..0000000 --- a/pillars/servers/env/server/archsonarr.sls +++ /dev/null @@ -1 +0,0 @@ -env: prod diff --git a/pillars/servers/env/server/archsql.sls b/pillars/servers/env/server/archsql.sls deleted file mode 100644 index 2fdef9a..0000000 --- a/pillars/servers/env/server/archsql.sls +++ /dev/null @@ -1 +0,0 @@ -env: prod diff --git a/pillars/servers/env/server/archssh.sls b/pillars/servers/env/server/archssh.sls deleted file mode 100644 index 2fdef9a..0000000 --- a/pillars/servers/env/server/archssh.sls +++ /dev/null @@ -1 +0,0 @@ -env: prod diff --git a/pillars/servers/env/server/archsync.sls b/pillars/servers/env/server/archsync.sls deleted file mode 100644 index 2fdef9a..0000000 --- a/pillars/servers/env/server/archsync.sls +++ /dev/null @@ -1 +0,0 @@ -env: prod diff --git a/pillars/servers/env/server/archtest.sls b/pillars/servers/env/server/archtest.sls deleted file mode 100644 index 2fdef9a..0000000 --- a/pillars/servers/env/server/archtest.sls +++ /dev/null @@ -1 +0,0 @@ -env: prod diff --git a/pillars/servers/env/server/archtt.sls b/pillars/servers/env/server/archtt.sls deleted file mode 100644 index 2fdef9a..0000000 --- a/pillars/servers/env/server/archtt.sls +++ /dev/null @@ -1 +0,0 @@ -env: prod diff --git a/pillars/servers/env/server/archvpn.sls b/pillars/servers/env/server/archvpn.sls deleted file mode 100644 index 2fdef9a..0000000 --- a/pillars/servers/env/server/archvpn.sls +++ /dev/null @@ -1 +0,0 @@ -env: prod diff --git a/pillars/servers/env/server/archbaikal.sls b/pillars/servers/env/server/baikal.sls similarity index 100% rename from pillars/servers/env/server/archbaikal.sls rename to pillars/servers/env/server/baikal.sls diff --git a/pillars/servers/env/server/archca.sls b/pillars/servers/env/server/ca.sls similarity index 100% rename from pillars/servers/env/server/archca.sls rename to pillars/servers/env/server/ca.sls diff --git a/pillars/servers/env/server/debiangitlab.sls b/pillars/servers/env/server/debiangitlab.sls deleted file mode 100644 index 2fdef9a..0000000 --- a/pillars/servers/env/server/debiangitlab.sls +++ /dev/null @@ -1 +0,0 @@ -env: prod diff --git a/pillars/servers/env/server/debiangitlab.sls~HEAD b/pillars/servers/env/server/debiangitlab.sls~HEAD deleted file mode 100644 index 2fdef9a..0000000 --- a/pillars/servers/env/server/debiangitlab.sls~HEAD +++ /dev/null @@ -1 +0,0 @@ -env: prod diff --git a/pillars/servers/env/server/debiangitlab.sls~HEAD_0 b/pillars/servers/env/server/debiangitlab.sls~HEAD_0 deleted file mode 100644 index 2fdef9a..0000000 --- a/pillars/servers/env/server/debiangitlab.sls~HEAD_0 +++ /dev/null @@ -1 +0,0 @@ -env: prod diff --git a/pillars/servers/env/server/debiangitlab.sls~history b/pillars/servers/env/server/debiangitlab.sls~history deleted file mode 100644 index 2fdef9a..0000000 --- a/pillars/servers/env/server/debiangitlab.sls~history +++ /dev/null @@ -1 +0,0 @@ -env: prod diff --git a/pillars/servers/env/server/debiangitlab.sls~history_0 b/pillars/servers/env/server/debiangitlab.sls~history_0 deleted file mode 100644 index 2fdef9a..0000000 --- a/pillars/servers/env/server/debiangitlab.sls~history_0 +++ /dev/null @@ -1 +0,0 @@ -env: prod diff --git a/pillars/servers/env/server/debiantest.sls b/pillars/servers/env/server/debiantest.sls deleted file mode 100644 index 2fdef9a..0000000 --- a/pillars/servers/env/server/debiantest.sls +++ /dev/null @@ -1 +0,0 @@ -env: prod diff --git a/pillars/servers/env/server/archdeluge.sls b/pillars/servers/env/server/deluge.sls similarity index 100% rename from pillars/servers/env/server/archdeluge.sls rename to pillars/servers/env/server/deluge.sls diff --git a/pillars/servers/env/server/archgit.sls b/pillars/servers/env/server/git.sls similarity index 100% rename from pillars/servers/env/server/archgit.sls rename to pillars/servers/env/server/git.sls diff --git a/pillars/servers/env/server/archgitlab.sls b/pillars/servers/env/server/host.sls similarity index 100% rename from pillars/servers/env/server/archgitlab.sls rename to pillars/servers/env/server/host.sls diff --git a/pillars/servers/env/server/archgitlab.sls~HEAD b/pillars/servers/env/server/icinga.sls similarity index 100% rename from pillars/servers/env/server/archgitlab.sls~HEAD rename to pillars/servers/env/server/icinga.sls diff --git a/pillars/servers/env/server/archgitlab.sls~HEAD_0 b/pillars/servers/env/server/ipa.sls similarity index 100% rename from pillars/servers/env/server/archgitlab.sls~HEAD_0 rename to pillars/servers/env/server/ipa.sls diff --git a/pillars/servers/env/server/archgitlab.sls~history b/pillars/servers/env/server/ipatest.sls similarity index 100% rename from pillars/servers/env/server/archgitlab.sls~history rename to pillars/servers/env/server/ipatest.sls diff --git a/pillars/servers/env/server/archgitlab.sls~history_0 b/pillars/servers/env/server/jackett.sls similarity index 100% rename from pillars/servers/env/server/archgitlab.sls~history_0 rename to pillars/servers/env/server/jackett.sls diff --git a/pillars/servers/env/server/archheadphones.sls b/pillars/servers/env/server/ombi.sls similarity index 100% rename from pillars/servers/env/server/archheadphones.sls rename to pillars/servers/env/server/ombi.sls diff --git a/pillars/servers/env/server/archhost1.sls b/pillars/servers/env/server/pass.sls similarity index 100% rename from pillars/servers/env/server/archhost1.sls rename to pillars/servers/env/server/pass.sls diff --git a/pillars/servers/env/server/archhost1.sls~HEAD b/pillars/servers/env/server/pkg.sls similarity index 100% rename from pillars/servers/env/server/archhost1.sls~HEAD rename to pillars/servers/env/server/pkg.sls diff --git a/pillars/servers/env/server/archhost1.sls~HEAD_0 b/pillars/servers/env/server/plex.sls similarity index 100% rename from pillars/servers/env/server/archhost1.sls~HEAD_0 rename to pillars/servers/env/server/plex.sls diff --git a/pillars/servers/env/server/archhost1.sls~history b/pillars/servers/env/server/portal.sls similarity index 100% rename from pillars/servers/env/server/archhost1.sls~history rename to pillars/servers/env/server/portal.sls diff --git a/pillars/servers/env/server/archhost1.sls~history_0 b/pillars/servers/env/server/radarr.sls similarity index 100% rename from pillars/servers/env/server/archhost1.sls~history_0 rename to pillars/servers/env/server/radarr.sls diff --git a/pillars/servers/env/server/archicinga.sls b/pillars/servers/env/server/salt.sls similarity index 100% rename from pillars/servers/env/server/archicinga.sls rename to pillars/servers/env/server/salt.sls diff --git a/pillars/servers/env/server/archjackett.sls b/pillars/servers/env/server/sonarr.sls similarity index 100% rename from pillars/servers/env/server/archjackett.sls rename to pillars/servers/env/server/sonarr.sls diff --git a/pillars/servers/env/server/archlam.sls b/pillars/servers/env/server/sql.sls similarity index 100% rename from pillars/servers/env/server/archlam.sls rename to pillars/servers/env/server/sql.sls diff --git a/pillars/servers/env/server/archombi.sls b/pillars/servers/env/server/ssh.sls similarity index 100% rename from pillars/servers/env/server/archombi.sls rename to pillars/servers/env/server/ssh.sls diff --git a/pillars/servers/env/server/archpass.sls b/pillars/servers/env/server/sync.sls similarity index 100% rename from pillars/servers/env/server/archpass.sls rename to pillars/servers/env/server/sync.sls diff --git a/pillars/servers/env/server/archpkg.sls b/pillars/servers/env/server/tt.sls similarity index 100% rename from pillars/servers/env/server/archpkg.sls rename to pillars/servers/env/server/tt.sls diff --git a/pillars/servers/env/server/archplex.sls b/pillars/servers/env/server/vpn.sls similarity index 100% rename from pillars/servers/env/server/archplex.sls rename to pillars/servers/env/server/vpn.sls diff --git a/pillars/servers/maintainer/server/archportal.sls b/pillars/servers/maintainer/server/archportal.sls deleted file mode 100644 index c0b416d..0000000 --- a/pillars/servers/maintainer/server/archportal.sls +++ /dev/null @@ -1,3 +0,0 @@ -maintainer: - - masaufuku - diff --git a/pillars/servers/maintainer/server/archradarr.sls b/pillars/servers/maintainer/server/archradarr.sls deleted file mode 100644 index c0b416d..0000000 --- a/pillars/servers/maintainer/server/archradarr.sls +++ /dev/null @@ -1,3 +0,0 @@ -maintainer: - - masaufuku - diff --git a/pillars/servers/maintainer/server/archsalt.sls b/pillars/servers/maintainer/server/archsalt.sls deleted file mode 100644 index c0b416d..0000000 --- a/pillars/servers/maintainer/server/archsalt.sls +++ /dev/null @@ -1,3 +0,0 @@ -maintainer: - - masaufuku - diff --git a/pillars/servers/maintainer/server/archsonarr.sls b/pillars/servers/maintainer/server/archsonarr.sls deleted file mode 100644 index c0b416d..0000000 --- a/pillars/servers/maintainer/server/archsonarr.sls +++ /dev/null @@ -1,3 +0,0 @@ -maintainer: - - masaufuku - diff --git a/pillars/servers/maintainer/server/archsql.sls b/pillars/servers/maintainer/server/archsql.sls deleted file mode 100644 index c0b416d..0000000 --- a/pillars/servers/maintainer/server/archsql.sls +++ /dev/null @@ -1,3 +0,0 @@ -maintainer: - - masaufuku - diff --git a/pillars/servers/maintainer/server/archssh.sls b/pillars/servers/maintainer/server/archssh.sls deleted file mode 100644 index c0b416d..0000000 --- a/pillars/servers/maintainer/server/archssh.sls +++ /dev/null @@ -1,3 +0,0 @@ -maintainer: - - masaufuku - diff --git a/pillars/servers/maintainer/server/archsync.sls b/pillars/servers/maintainer/server/archsync.sls deleted file mode 100644 index c0b416d..0000000 --- a/pillars/servers/maintainer/server/archsync.sls +++ /dev/null @@ -1,3 +0,0 @@ -maintainer: - - masaufuku - diff --git a/pillars/servers/maintainer/server/archtest.sls b/pillars/servers/maintainer/server/archtest.sls deleted file mode 100644 index c0b416d..0000000 --- a/pillars/servers/maintainer/server/archtest.sls +++ /dev/null @@ -1,3 +0,0 @@ -maintainer: - - masaufuku - diff --git a/pillars/servers/maintainer/server/archtt.sls b/pillars/servers/maintainer/server/archtt.sls deleted file mode 100644 index c0b416d..0000000 --- a/pillars/servers/maintainer/server/archtt.sls +++ /dev/null @@ -1,3 +0,0 @@ -maintainer: - - masaufuku - diff --git a/pillars/servers/maintainer/server/archvpn.sls b/pillars/servers/maintainer/server/archvpn.sls deleted file mode 100644 index c0b416d..0000000 --- a/pillars/servers/maintainer/server/archvpn.sls +++ /dev/null @@ -1,3 +0,0 @@ -maintainer: - - masaufuku - diff --git a/pillars/servers/maintainer/server/archbaikal.sls b/pillars/servers/maintainer/server/baikal.sls similarity index 100% rename from pillars/servers/maintainer/server/archbaikal.sls rename to pillars/servers/maintainer/server/baikal.sls diff --git a/pillars/servers/maintainer/server/archca.sls b/pillars/servers/maintainer/server/ca.sls similarity index 100% rename from pillars/servers/maintainer/server/archca.sls rename to pillars/servers/maintainer/server/ca.sls diff --git a/pillars/servers/maintainer/server/debiangitlab.sls b/pillars/servers/maintainer/server/debiangitlab.sls deleted file mode 100644 index c0b416d..0000000 --- a/pillars/servers/maintainer/server/debiangitlab.sls +++ /dev/null @@ -1,3 +0,0 @@ -maintainer: - - masaufuku - diff --git a/pillars/servers/maintainer/server/debiangitlab.sls~HEAD b/pillars/servers/maintainer/server/debiangitlab.sls~HEAD deleted file mode 100644 index c0b416d..0000000 --- a/pillars/servers/maintainer/server/debiangitlab.sls~HEAD +++ /dev/null @@ -1,3 +0,0 @@ -maintainer: - - masaufuku - diff --git a/pillars/servers/maintainer/server/debiangitlab.sls~HEAD_0 b/pillars/servers/maintainer/server/debiangitlab.sls~HEAD_0 deleted file mode 100644 index c0b416d..0000000 --- a/pillars/servers/maintainer/server/debiangitlab.sls~HEAD_0 +++ /dev/null @@ -1,3 +0,0 @@ -maintainer: - - masaufuku - diff --git a/pillars/servers/maintainer/server/debiangitlab.sls~history b/pillars/servers/maintainer/server/debiangitlab.sls~history deleted file mode 100644 index c0b416d..0000000 --- a/pillars/servers/maintainer/server/debiangitlab.sls~history +++ /dev/null @@ -1,3 +0,0 @@ -maintainer: - - masaufuku - diff --git a/pillars/servers/maintainer/server/debiangitlab.sls~history_0 b/pillars/servers/maintainer/server/debiangitlab.sls~history_0 deleted file mode 100644 index c0b416d..0000000 --- a/pillars/servers/maintainer/server/debiangitlab.sls~history_0 +++ /dev/null @@ -1,3 +0,0 @@ -maintainer: - - masaufuku - diff --git a/pillars/servers/maintainer/server/debiantest.sls b/pillars/servers/maintainer/server/debiantest.sls deleted file mode 100644 index c0b416d..0000000 --- a/pillars/servers/maintainer/server/debiantest.sls +++ /dev/null @@ -1,3 +0,0 @@ -maintainer: - - masaufuku - diff --git a/pillars/servers/maintainer/server/archdeluge.sls b/pillars/servers/maintainer/server/deluge.sls similarity index 100% rename from pillars/servers/maintainer/server/archdeluge.sls rename to pillars/servers/maintainer/server/deluge.sls diff --git a/pillars/servers/maintainer/server/archgit.sls b/pillars/servers/maintainer/server/git.sls similarity index 100% rename from pillars/servers/maintainer/server/archgit.sls rename to pillars/servers/maintainer/server/git.sls diff --git a/pillars/servers/maintainer/server/archgitlab.sls b/pillars/servers/maintainer/server/host.sls similarity index 100% rename from pillars/servers/maintainer/server/archgitlab.sls rename to pillars/servers/maintainer/server/host.sls diff --git a/pillars/servers/maintainer/server/archgitlab.sls~HEAD b/pillars/servers/maintainer/server/icinga.sls similarity index 100% rename from pillars/servers/maintainer/server/archgitlab.sls~HEAD rename to pillars/servers/maintainer/server/icinga.sls diff --git a/pillars/servers/maintainer/server/archgitlab.sls~HEAD_0 b/pillars/servers/maintainer/server/ipa.sls similarity index 100% rename from pillars/servers/maintainer/server/archgitlab.sls~HEAD_0 rename to pillars/servers/maintainer/server/ipa.sls diff --git a/pillars/servers/maintainer/server/archgitlab.sls~history b/pillars/servers/maintainer/server/ipatest.sls similarity index 100% rename from pillars/servers/maintainer/server/archgitlab.sls~history rename to pillars/servers/maintainer/server/ipatest.sls diff --git a/pillars/servers/maintainer/server/archgitlab.sls~history_0 b/pillars/servers/maintainer/server/jackett.sls similarity index 100% rename from pillars/servers/maintainer/server/archgitlab.sls~history_0 rename to pillars/servers/maintainer/server/jackett.sls diff --git a/pillars/servers/maintainer/server/archheadphones.sls b/pillars/servers/maintainer/server/ombi.sls similarity index 100% rename from pillars/servers/maintainer/server/archheadphones.sls rename to pillars/servers/maintainer/server/ombi.sls diff --git a/pillars/servers/maintainer/server/archhost1.sls b/pillars/servers/maintainer/server/pass.sls similarity index 100% rename from pillars/servers/maintainer/server/archhost1.sls rename to pillars/servers/maintainer/server/pass.sls diff --git a/pillars/servers/maintainer/server/archhost1.sls~HEAD b/pillars/servers/maintainer/server/pkg.sls similarity index 100% rename from pillars/servers/maintainer/server/archhost1.sls~HEAD rename to pillars/servers/maintainer/server/pkg.sls diff --git a/pillars/servers/maintainer/server/archhost1.sls~HEAD_0 b/pillars/servers/maintainer/server/plex.sls similarity index 100% rename from pillars/servers/maintainer/server/archhost1.sls~HEAD_0 rename to pillars/servers/maintainer/server/plex.sls diff --git a/pillars/servers/maintainer/server/archhost1.sls~history b/pillars/servers/maintainer/server/portal.sls similarity index 100% rename from pillars/servers/maintainer/server/archhost1.sls~history rename to pillars/servers/maintainer/server/portal.sls diff --git a/pillars/servers/maintainer/server/archhost1.sls~history_0 b/pillars/servers/maintainer/server/radarr.sls similarity index 100% rename from pillars/servers/maintainer/server/archhost1.sls~history_0 rename to pillars/servers/maintainer/server/radarr.sls diff --git a/pillars/servers/maintainer/server/archicinga.sls b/pillars/servers/maintainer/server/salt.sls similarity index 100% rename from pillars/servers/maintainer/server/archicinga.sls rename to pillars/servers/maintainer/server/salt.sls diff --git a/pillars/servers/maintainer/server/archjackett.sls b/pillars/servers/maintainer/server/sonarr.sls similarity index 100% rename from pillars/servers/maintainer/server/archjackett.sls rename to pillars/servers/maintainer/server/sonarr.sls diff --git a/pillars/servers/maintainer/server/archlam.sls b/pillars/servers/maintainer/server/sql.sls similarity index 100% rename from pillars/servers/maintainer/server/archlam.sls rename to pillars/servers/maintainer/server/sql.sls diff --git a/pillars/servers/maintainer/server/archombi.sls b/pillars/servers/maintainer/server/ssh.sls similarity index 100% rename from pillars/servers/maintainer/server/archombi.sls rename to pillars/servers/maintainer/server/ssh.sls diff --git a/pillars/servers/maintainer/server/archpass.sls b/pillars/servers/maintainer/server/sync.sls similarity index 100% rename from pillars/servers/maintainer/server/archpass.sls rename to pillars/servers/maintainer/server/sync.sls diff --git a/pillars/servers/maintainer/server/archpkg.sls b/pillars/servers/maintainer/server/tt.sls similarity index 100% rename from pillars/servers/maintainer/server/archpkg.sls rename to pillars/servers/maintainer/server/tt.sls diff --git a/pillars/servers/maintainer/server/archplex.sls b/pillars/servers/maintainer/server/vpn.sls similarity index 100% rename from pillars/servers/maintainer/server/archplex.sls rename to pillars/servers/maintainer/server/vpn.sls diff --git a/pillars/servers/roles/server/archgitlab.sls b/pillars/servers/roles/server/archgitlab.sls deleted file mode 100644 index 8839bc7..0000000 --- a/pillars/servers/roles/server/archgitlab.sls +++ /dev/null @@ -1,7 +0,0 @@ -grains: - roles: - - server - - ssh - - saltminion - - gitlab - - nginx-proxy diff --git a/pillars/servers/roles/server/archheadphones.sls b/pillars/servers/roles/server/archheadphones.sls deleted file mode 100644 index 474b62b..0000000 --- a/pillars/servers/roles/server/archheadphones.sls +++ /dev/null @@ -1,8 +0,0 @@ -grains: - roles: - - server - - ssh - - saltminion - - nginx-proxy - - headphones - - nfs diff --git a/pillars/servers/roles/server/archlam.sls b/pillars/servers/roles/server/archlam.sls deleted file mode 100644 index 8529094..0000000 --- a/pillars/servers/roles/server/archlam.sls +++ /dev/null @@ -1,8 +0,0 @@ -grains: - roles: - - server - - ssh - - saltminion - - lam - - nginx-proxy - diff --git a/pillars/servers/roles/server/archtest.sls b/pillars/servers/roles/server/archtest.sls index 3d1df9a..07c13df 100644 --- a/pillars/servers/roles/server/archtest.sls +++ b/pillars/servers/roles/server/archtest.sls @@ -3,4 +3,3 @@ grains: - server - ssh - saltminion - - mysql diff --git a/pillars/servers/roles/server/archbaikal.sls b/pillars/servers/roles/server/baikal.sls similarity index 100% rename from pillars/servers/roles/server/archbaikal.sls rename to pillars/servers/roles/server/baikal.sls diff --git a/pillars/servers/roles/server/archca.sls b/pillars/servers/roles/server/ca.sls similarity index 100% rename from pillars/servers/roles/server/archca.sls rename to pillars/servers/roles/server/ca.sls diff --git a/pillars/servers/roles/server/archdeluge.sls b/pillars/servers/roles/server/deluge.sls similarity index 100% rename from pillars/servers/roles/server/archdeluge.sls rename to pillars/servers/roles/server/deluge.sls diff --git a/pillars/servers/roles/server/archgit.sls b/pillars/servers/roles/server/git.sls similarity index 100% rename from pillars/servers/roles/server/archgit.sls rename to pillars/servers/roles/server/git.sls diff --git a/pillars/servers/roles/server/archhost1.sls b/pillars/servers/roles/server/host.sls similarity index 100% rename from pillars/servers/roles/server/archhost1.sls rename to pillars/servers/roles/server/host.sls diff --git a/pillars/servers/roles/server/archicinga.sls b/pillars/servers/roles/server/icinga.sls similarity index 100% rename from pillars/servers/roles/server/archicinga.sls rename to pillars/servers/roles/server/icinga.sls diff --git a/pillars/servers/roles/server/debiantest.sls b/pillars/servers/roles/server/ipa.sls similarity index 73% rename from pillars/servers/roles/server/debiantest.sls rename to pillars/servers/roles/server/ipa.sls index 07c13df..6eed884 100644 --- a/pillars/servers/roles/server/debiantest.sls +++ b/pillars/servers/roles/server/ipa.sls @@ -3,3 +3,4 @@ grains: - server - ssh - saltminion + - freeipa-server diff --git a/pillars/servers/roles/server/debiangitlab.sls b/pillars/servers/roles/server/ipatest.sls similarity index 100% rename from pillars/servers/roles/server/debiangitlab.sls rename to pillars/servers/roles/server/ipatest.sls diff --git a/pillars/servers/roles/server/archjackett.sls b/pillars/servers/roles/server/jackett.sls similarity index 100% rename from pillars/servers/roles/server/archjackett.sls rename to pillars/servers/roles/server/jackett.sls diff --git a/pillars/servers/roles/server/archombi.sls b/pillars/servers/roles/server/ombi.sls similarity index 100% rename from pillars/servers/roles/server/archombi.sls rename to pillars/servers/roles/server/ombi.sls diff --git a/pillars/servers/roles/server/archpass.sls b/pillars/servers/roles/server/pass.sls similarity index 100% rename from pillars/servers/roles/server/archpass.sls rename to pillars/servers/roles/server/pass.sls diff --git a/pillars/servers/roles/server/archpkg.sls b/pillars/servers/roles/server/pkg.sls similarity index 100% rename from pillars/servers/roles/server/archpkg.sls rename to pillars/servers/roles/server/pkg.sls diff --git a/pillars/servers/roles/server/archplex.sls b/pillars/servers/roles/server/plex.sls similarity index 100% rename from pillars/servers/roles/server/archplex.sls rename to pillars/servers/roles/server/plex.sls diff --git a/pillars/servers/roles/server/archportal.sls b/pillars/servers/roles/server/portal.sls similarity index 100% rename from pillars/servers/roles/server/archportal.sls rename to pillars/servers/roles/server/portal.sls diff --git a/pillars/servers/roles/server/archradarr.sls b/pillars/servers/roles/server/radarr.sls similarity index 100% rename from pillars/servers/roles/server/archradarr.sls rename to pillars/servers/roles/server/radarr.sls diff --git a/pillars/servers/roles/server/archsalt.sls b/pillars/servers/roles/server/salt.sls similarity index 100% rename from pillars/servers/roles/server/archsalt.sls rename to pillars/servers/roles/server/salt.sls diff --git a/pillars/servers/roles/server/archsonarr.sls b/pillars/servers/roles/server/sonarr.sls similarity index 100% rename from pillars/servers/roles/server/archsonarr.sls rename to pillars/servers/roles/server/sonarr.sls diff --git a/pillars/servers/roles/server/archsql.sls b/pillars/servers/roles/server/sql.sls similarity index 100% rename from pillars/servers/roles/server/archsql.sls rename to pillars/servers/roles/server/sql.sls diff --git a/pillars/servers/roles/server/archssh.sls b/pillars/servers/roles/server/ssh.sls similarity index 100% rename from pillars/servers/roles/server/archssh.sls rename to pillars/servers/roles/server/ssh.sls diff --git a/pillars/servers/roles/server/archsync.sls b/pillars/servers/roles/server/sync.sls similarity index 100% rename from pillars/servers/roles/server/archsync.sls rename to pillars/servers/roles/server/sync.sls diff --git a/pillars/servers/roles/server/archtt.sls b/pillars/servers/roles/server/tt.sls similarity index 100% rename from pillars/servers/roles/server/archtt.sls rename to pillars/servers/roles/server/tt.sls diff --git a/pillars/servers/roles/server/archvpn.sls b/pillars/servers/roles/server/vpn.sls similarity index 100% rename from pillars/servers/roles/server/archvpn.sls rename to pillars/servers/roles/server/vpn.sls diff --git a/states/basepkgs/init.sls b/states/basepkgs/init.sls index 710003f..a4780f0 100644 --- a/states/basepkgs/init.sls +++ b/states/basepkgs/init.sls @@ -1,45 +1,39 @@ {% if grains['os_family'] == 'Arch' %} -nano: - pkg.installed -wget: - pkg.installed -openssh: - pkg.installed -htop: - pkg.installed -git: - pkg.installed -net-tools: - pkg.installed -bind-tools: - pkg.installed +basepkgs: + pkg.installed: + - pkgs: + - nano + - wget + - openssh + - htop + - git + - net-tools + - bind-tools {% elif grains['os_family'] == 'Debian' %} -nano: - pkg.installed -wget: - pkg.installed -openssh-server: - pkg.installed -htop: - pkg.installed -git: - pkg.installed +basepkgs: + pkg.installed: + - pkgs: + - nano + - wget + - openssh-server + - htop + - git + - net-tools +{% elif grains['os_family'] == 'RedHat' %} +basepkgs: + pkg.installed: + - pkgs: + - nano + - wget + - openssh-server + - htop + - git + - net-tools {% else %} blarg: pkg.installed {% endif %} -#note: bug in current version of saltstack breaks multi-package installs w/ yum. It'll be fixed in next version -#https://github.com/saltstack/salt/issues/28356 -#basepkgs: -# pkg.installed: -# - pkgs: -# - nano -# - wget -# - openssh -# - htop -# - git - sshd: service.running: - enable: True diff --git a/states/bashrc/bashrc b/states/bashrc/bashrc new file mode 100644 index 0000000..bd6c71c --- /dev/null +++ b/states/bashrc/bashrc @@ -0,0 +1,27 @@ +# .bashrc + +# User exports +DISTRO=`cat /etc/os-release | grep "^NAME" | grep -oP '(?<=").*(?= )'` + +# User specific aliases and functions + +alias ls='ls --color=auto' +alias grep='grep --color=auto' + +# Source global definitions +if [ -f /etc/bashrc ]; then + . /etc/bashrc +fi + +# Colors +BLACK="\[$(tput setaf 0)\]" +RED="\[$(tput setaf 1)\]" +GREEN="\[$(tput setaf 2)\]" +BROWN="\[$(tput setaf 3)\]" +BLUE="\[$(tput setaf 4)\]" +PURPLE="\[$(tput setaf 5)\]" +TEAL="\[$(tput setaf 6)\]" +GREY="\[$(tput setaf 7)\]" +RESET="\[$(tput sgr0)\]" + +export PS1="${GREEN}\u${RESET}@${GREEN}\h ($DISTRO) ${TEAL}\W${RESET}\$ " diff --git a/states/bashrc/init.sls b/states/bashrc/init.sls new file mode 100644 index 0000000..62af1e8 --- /dev/null +++ b/states/bashrc/init.sls @@ -0,0 +1,28 @@ +#replace /etc/skel/.bashrc and /root/.bashrc with a symlink to /etc/saltbashrc +/etc/saltbashrc: + file.managed: + - source: salt://bashrc/bashrc + - user: root + - group: root + - mode: 444 + +/etc/skel/.bashrc: + file.symlink: + - target: /etc/saltbashrc + - force: true + - makedirs: true + +/root/.bashrc: + file.symlink: + - target: /etc/saltbashrc + - force: true + - makedirs: true + +#change to local admin user and remove constraint when that's properly set up +{% if grains['os_family'] == 'Debian' %} +/home/masau/.bashrc: + file.symlink: + - target: /etc/saltbashrc + - force: true + - makedirs: true +{% endif %} diff --git a/states/productionize/freeipa/auto/init.sls b/states/productionize/freeipa/auto/init.sls new file mode 100644 index 0000000..364c377 --- /dev/null +++ b/states/productionize/freeipa/auto/init.sls @@ -0,0 +1,18 @@ +freeipa-client-pkg: + pkg.installed: + - name: freeipa-client + +set_salt_ipa_password: + environ.setenv: + - name: SALT_PASSWORD + - value: "{%- include 'secure/passwords/ipa_salt_password.txt' -%}" + +install_cert: + cmd.run: + - name: 'ipa-client-install -U -p salt -w $SALT_PASSWORD --server=ipa.actcur.com --domain actcur.com --mkhomedir' + +unset_salt_ipa_password: + environ.setenv: + - name: SALT_PASSWORD + - value: "False" + - false_unsets: true diff --git a/states/productionize/freeipa/manual/init.sls b/states/productionize/freeipa/manual/init.sls new file mode 100644 index 0000000..be52a03 --- /dev/null +++ b/states/productionize/freeipa/manual/init.sls @@ -0,0 +1,93 @@ +{% set hostname=grains['host'] %} +{% set ip=grains['fqdn_ip4'][0] %} +install_sssd: + pkg.installed: + - name: sssd + +/etc/sssd/sssd.conf: + file.managed: + - source: salt://productionize/freeipa/manual/sssd.conf + - user: root + - group: root + - mode: 600 + - template: jinja + - context: + hostname: {{hostname}} + +/etc/nsswitch.conf: + file.managed: + - source: salt://productionize/freeipa/manual/nsswitch.conf + - user: root + - group: root + - mode: 644 + +/etc/nscd.conf: + file.managed: + - source: salt://productionize/freeipa/manual/nscd.conf + - user: root + - group: root + - mode: 644 + +/etc/krb5.conf: + file.managed: + - source: salt://productionize/freeipa/manual/krb5.conf + - user: root + - group: root + - mode: 644 + +/etc/pam.d: + file.recurse: + - source: salt://productionize/freeipa/manual/pam.d/ + - user: root + - group: root + - dir_mode: 755 + - file_mode: 644 + +freeipa_sshpass: + pkg.installed: + - name: sshpass + +set_salt_ipa_password: + environ.setenv: + - name: SALT_PASSWORD + - value: "{%- include 'secure/passwords/ipa_salt_password.txt' -%}" + +create_host: + cmd.run: + - name: 'sshpass -p $SALT_PASSWORD ssh salt@ipa.actcur.com -oStrictHostKeyChecking=no "rm {{hostname}}.keytab;echo $SALT_PASSWORD | kinit salt;ipa host-add --force --ip-address={{ip}} {{hostname}}.actcur.com; ipa host-allow-create-keytab {{hostname}}.actcur.com --groups enroller;/usr/sbin/ipa-getkeytab -s ipa.actcur.com -p host/{{hostname}}.actcur.com -k ./{{hostname}}.keytab"' + +grab_keytab: + cmd.run: + - name: 'sshpass -p $SALT_PASSWORD scp -oStrictHostKeyChecking=no salt@ipa.actcur.com:./{{hostname}}.keytab /etc/krb5.keytab' + +delete_keytab: + cmd.run: + - name: 'sshpass -p $SALT_PASSWORD ssh salt@ipa.actcur.com -oStrictHostKeyChecking=no "rm {{hostname}}.keytab;"' + +unset_salt_ipa_password: + environ.setenv: + - name: SALT_PASSWORD + - value: "False" + - false_unsets: true + +freeipa_sssd_service: + service.running: + - name: sssd + - enable: true + - watch: + - file: /etc/sssd/sssd.conf + - file: /etc/nsswitch.conf + - file: /etc/nscd.conf + - file: /etc/krb5.conf + - file: /etc/pam.d + +freeipa_nscd_service: + service.running: + - name: nscd + - enable: true + - watch: + - file: /etc/sssd/sssd.conf + - file: /etc/nsswitch.conf + - file: /etc/nscd.conf + - file: /etc/krb5.conf + - file: /etc/pam.d diff --git a/states/productionize/freeipa/manual/krb5.conf b/states/productionize/freeipa/manual/krb5.conf new file mode 100644 index 0000000..0e31e8c --- /dev/null +++ b/states/productionize/freeipa/manual/krb5.conf @@ -0,0 +1,26 @@ +[libdefaults] + default_realm = ACTCUR.COM + dns_lookup_realm = false + dns_lookup_kdc = false + rdns = false + ticket_lifetime = 24h + fowardable = yes + allow_weak_crypto = yes + +[realms] + ACTCUR.COM = { + admin_server = ipa.actcur.com:749 + kdc = ipa.actcur.com:88 + master_kdc = ipa.actcur.com:88 + default_admin = actcur.com + } + +[domain_realm] + actcur.com = ACTCUR.COM + .actcur.com = ACTCUR.COM + + +[logging] + default = FILE:/var/log/krb5libs.log + kdc = FILE:/var/log/krb5kdc.log + admin_server = FILE:/var/log/kadmin.log diff --git a/states/productionize/freeipa/manual/nscd.conf b/states/productionize/freeipa/manual/nscd.conf new file mode 100644 index 0000000..65d44e1 --- /dev/null +++ b/states/productionize/freeipa/manual/nscd.conf @@ -0,0 +1,88 @@ +# +# /etc/nscd.conf +# +# An example Name Service Cache config file. This file is needed by nscd. +# +# Legal entries are: +# +# logfile +# debug-level +# threads +# max-threads +# server-user +# server-user is ignored if nscd is started with -S parameters +# stat-user +# reload-count unlimited| +# paranoia +# restart-interval