diff options
author | Jesse Luehrs <doy@tozt.net> | 2018-10-19 22:59:10 -0400 |
---|---|---|
committer | Jesse Luehrs <doy@tozt.net> | 2018-10-19 22:59:10 -0400 |
commit | 026d8c3eb1757a1841aa91249573c668f981de65 (patch) | |
tree | 4725e79897709a2c7f7400aefd7d6a7fea8d883c /modules/tozt/manifests | |
parent | e4416660bccbf109cd35965510bc8153bd172be9 (diff) | |
download | puppet-tozt-026d8c3eb1757a1841aa91249573c668f981de65.tar.gz puppet-tozt-026d8c3eb1757a1841aa91249573c668f981de65.zip |
Revert "move the tozt module around to allow for more host types"
This reverts commit 89c0cc84be250ba8fe5722baa35293c70c98f2a0.
thinking about it more, the mail server configuration is going to be
different enough (in particular, running debian rather than arch) that i
don't think sharing puppet modules is going to be worthwhile
Diffstat (limited to 'modules/tozt/manifests')
-rw-r--r-- | modules/tozt/manifests/backups.pp | 4 | ||||
-rw-r--r-- | modules/tozt/manifests/bootstrap.pp | 14 | ||||
-rw-r--r-- | modules/tozt/manifests/certbot.pp | 8 | ||||
-rw-r--r-- | modules/tozt/manifests/git.pp | 64 | ||||
-rw-r--r-- | modules/tozt/manifests/init.pp | 18 | ||||
-rw-r--r-- | modules/tozt/manifests/pass.pp | 36 | ||||
-rw-r--r-- | modules/tozt/manifests/paste.pp | 34 | ||||
-rw-r--r-- | modules/tozt/manifests/persistent.pp | 40 | ||||
-rw-r--r-- | modules/tozt/manifests/services.pp | 4 | ||||
-rw-r--r-- | modules/tozt/manifests/site.pp | 80 | ||||
-rw-r--r-- | modules/tozt/manifests/tools.pp | 20 | ||||
-rw-r--r-- | modules/tozt/manifests/user.pp | 113 | ||||
-rw-r--r-- | modules/tozt/manifests/users.pp | 11 | ||||
-rw-r--r-- | modules/tozt/manifests/vpn.pp | 3 |
14 files changed, 449 insertions, 0 deletions
diff --git a/modules/tozt/manifests/backups.pp b/modules/tozt/manifests/backups.pp new file mode 100644 index 0000000..2036777 --- /dev/null +++ b/modules/tozt/manifests/backups.pp @@ -0,0 +1,4 @@ +class tozt::backups { + include duplicati + include tarsnap +} diff --git a/modules/tozt/manifests/bootstrap.pp b/modules/tozt/manifests/bootstrap.pp new file mode 100644 index 0000000..7d18444 --- /dev/null +++ b/modules/tozt/manifests/bootstrap.pp @@ -0,0 +1,14 @@ +class tozt::bootstrap { + package { + [ + "puppet", + "rsync", + ]: + ensure => installed, + } + + file { '/usr/local/bin/puppet-tozt': + source => 'puppet:///modules/tozt/puppet-tozt', + mode => '0755'; + } +} diff --git a/modules/tozt/manifests/certbot.pp b/modules/tozt/manifests/certbot.pp new file mode 100644 index 0000000..cad7d1a --- /dev/null +++ b/modules/tozt/manifests/certbot.pp @@ -0,0 +1,8 @@ +class tozt::certbot { + include tozt::persistent + + class { "certbot": + config_dir => "/media/persistent/certbot", + require => Class["tozt::persistent"], + } +} diff --git a/modules/tozt/manifests/git.pp b/modules/tozt/manifests/git.pp new file mode 100644 index 0000000..03204dc --- /dev/null +++ b/modules/tozt/manifests/git.pp @@ -0,0 +1,64 @@ +class tozt::git { + include git::server + include tozt::certbot + include tozt::persistent + + package { "perl-io-socket-ssl": + ensure => installed, + } + + file { + "/media/persistent/git/doy": + ensure => directory, + owner => 'doy', + group => 'doy', + require => [ + Class['tozt::persistent'], + User['doy'], + Group['doy'], + ]; + "/home/doy/git": + ensure => link, + target => "/media/persistent/git/doy", + owner => 'doy', + group => 'doy', + require => [ + User['doy'], + Group['doy'], + File["/home/doy"], + ]; + "/etc/cgitrc": + source => "puppet:///modules/tozt/cgitrc"; + "/usr/local/share/git": + ensure => directory; + "/usr/local/share/git/post-receive": + source => "puppet:///modules/tozt/post-receive", + require => File['/usr/local/share/git']; + "/usr/local/bin/new-git-repo": + source => "puppet:///modules/tozt/new-git-repo", + mode => '0755', + require => [ + Package['perl-io-socket-ssl'], + File['/usr/local/share/git/post-receive'], + ]; + } + + secret { "/home/doy/.github": + source => 'github', + owner => 'doy', + group => 'doy', + require => [ + User['doy'], + Group['doy'], + File["/home/doy"], + ]; + } + + nginx::site { + "git-tls": + source => 'puppet:///modules/tozt/nginx/git-tls.conf', + require => Class['certbot']; + "git": + source => 'puppet:///modules/tozt/nginx/git.conf'; + } +} diff --git a/modules/tozt/manifests/init.pp b/modules/tozt/manifests/init.pp new file mode 100644 index 0000000..b13c4cd --- /dev/null +++ b/modules/tozt/manifests/init.pp @@ -0,0 +1,18 @@ +class tozt { + include tozt::users + + Package::Makepkg { + build_user => 'doy', + } + + Tozt::User['doy'] -> Package::Makepkg<| build_user == 'doy' |> + + include tozt::bootstrap + include tozt::backups + include tozt::git + include tozt::pass + include tozt::site + include tozt::services + include tozt::tools + include tozt::vpn +} diff --git a/modules/tozt/manifests/pass.pp b/modules/tozt/manifests/pass.pp new file mode 100644 index 0000000..b1241c1 --- /dev/null +++ b/modules/tozt/manifests/pass.pp @@ -0,0 +1,36 @@ +class tozt::pass { + include tozt::persistent + + file { + "/media/persistent/pass": + ensure => directory, + owner => 'doy', + group => 'doy', + require => [ + Class['tozt::persistent'], + User['doy'], + Group['doy'], + ]; + "/home/doy/pass": + ensure => link, + target => "/media/persistent/pass", + owner => 'doy', + group => 'doy', + require => [ + File['/home/doy'], + User['doy'], + Group['doy'], + ]; + } + + exec { "pass git init": + command => "/usr/bin/git init --bare", + user => "doy", + cwd => "/media/persistent/pass", + creates => "/media/persistent/pass/HEAD", + require => [ + Class["git"], + File["/media/persistent/pass"], + ], + } +} diff --git a/modules/tozt/manifests/paste.pp b/modules/tozt/manifests/paste.pp new file mode 100644 index 0000000..93d7939 --- /dev/null +++ b/modules/tozt/manifests/paste.pp @@ -0,0 +1,34 @@ +class tozt::paste { + include tozt::certbot + include tozt::persistent + + file { + "/media/persistent/paste/doy": + ensure => directory, + owner => 'doy', + group => 'doy', + require => [ + Class['tozt::persistent'], + User['doy'], + Group['doy'], + ]; + "/home/doy/paste": + ensure => link, + target => "/media/persistent/paste/doy", + owner => 'doy', + group => 'doy', + require => [ + User['doy'], + Group['doy'], + File["/home/doy"], + ]; + } + + nginx::site { + "paste-tls": + source => 'puppet:///modules/tozt/nginx/paste-tls.conf', + require => Class['certbot']; + "paste": + source => 'puppet:///modules/tozt/nginx/paste.conf'; + } +} diff --git a/modules/tozt/manifests/persistent.pp b/modules/tozt/manifests/persistent.pp new file mode 100644 index 0000000..0726455 --- /dev/null +++ b/modules/tozt/manifests/persistent.pp @@ -0,0 +1,40 @@ +class tozt::persistent { + file { + "/media": + ensure => directory; + "/media/persistent": + ensure => directory, + require => File["/media"], + } + + $fstab_line = "/dev/disk/by-id/scsi-0DO_Volume_tozt-persistent /media/persistent ext4 rw,relatime 0 2" + exec { "populate fstab": + provider => shell, + command => "echo '${fstab_line}' >> /etc/fstab", + unless => "/usr/bin/grep -qF '${fstab_line}' /etc/fstab", + require => File["/media/persistent"], + } + + exec { "mount /media/persistent": + provider => shell, + command => "/usr/bin/mount /media/persistent", + unless => "grep ' /media/persistent ' /proc/mounts", + require => [ + File["/media/persistent"], + Exec["populate fstab"], + ] + } + + file { + [ + "/media/persistent/public_html", + "/media/persistent/paste", + "/media/persistent/git", + "/media/persistent/certbot", + "/media/persistent/cargo", + "/media/persistent/rustup", + ]: + ensure => directory, + require => Exec["mount /media/persistent"]; + } +} diff --git a/modules/tozt/manifests/services.pp b/modules/tozt/manifests/services.pp new file mode 100644 index 0000000..8dfbe5b --- /dev/null +++ b/modules/tozt/manifests/services.pp @@ -0,0 +1,4 @@ +class tozt::services { + include locate + include ntp +} diff --git a/modules/tozt/manifests/site.pp b/modules/tozt/manifests/site.pp new file mode 100644 index 0000000..f28619a --- /dev/null +++ b/modules/tozt/manifests/site.pp @@ -0,0 +1,80 @@ +class tozt::site { + include git + include tozt::certbot + include tozt::persistent + + package { "hugo": + ensure => installed, + } + + exec { "clone tozt.net": + command => "/usr/bin/git clone git://github.com/doy/tozt-hugo", + user => "doy", + cwd => "/home/doy/coding", + creates => "/home/doy/coding/tozt-hugo", + require => [ + Class["git"], + File["/home/doy/coding"], + ], + } + + exec { "generate tozt.net": + provider => shell, + command => " + rm -rf public + hugo + mv public /home/doy/site + ", + user => "doy", + cwd => "/home/doy/coding/tozt-hugo", + creates => "/home/doy/site", + require => [ + Exec["clone tozt.net"], + User['doy'], + File['/home/doy'], + Package["hugo"], + Class["git"], + ], + } + + file { + "/media/persistent/public_html/doy": + ensure => directory, + owner => 'doy', + group => 'doy', + require => [ + Class['tozt::persistent'], + User['doy'], + Group['doy'], + ]; + "/home/doy/public_html": + ensure => link, + target => "/media/persistent/public_html/doy", + owner => 'doy', + group => 'doy', + require => [ + User['doy'], + Group['doy'], + File["/home/doy"], + ]; + } + + nginx::site { + "doy-tls": + source => 'puppet:///modules/tozt/nginx/doy-tls.conf', + require => Class['certbot']; + "doy": + source => 'puppet:///modules/tozt/nginx/doy.conf'; + "blog-tls": + source => 'puppet:///modules/tozt/nginx/blog-tls.conf', + require => Class['certbot']; + "blog": + source => 'puppet:///modules/tozt/nginx/blog.conf'; + } + + file { + '/usr/local/bin/hugo-tozt': + source => 'puppet:///modules/tozt/hugo-tozt', + mode => '0755'; + } +} diff --git a/modules/tozt/manifests/tools.pp b/modules/tozt/manifests/tools.pp new file mode 100644 index 0000000..5531460 --- /dev/null +++ b/modules/tozt/manifests/tools.pp @@ -0,0 +1,20 @@ +class tozt::tools { + include mail::sender + include yaourt + + package { + [ + "bc", + "exa", + "fzf", + "htop", + "lsof", + "mutt", + "ncdu", + "strace", + "the_silver_searcher", + "tmux", + ]: + ensure => 'installed'; + } +} diff --git a/modules/tozt/manifests/user.pp b/modules/tozt/manifests/user.pp new file mode 100644 index 0000000..99c52ed --- /dev/null +++ b/modules/tozt/manifests/user.pp @@ -0,0 +1,113 @@ +define tozt::user( + $pwhash, + $user=$name, + $group=$user, + $home=undef, + $extra_groups=[], + $homedir_mode='0700', + $shell='/usr/bin/zsh', +) { + $_home = $home ? { + undef => $user ? { + 'root' => '/root', + default => "/home/$user", + }, + default => $home, + } + + include tozt::persistent + + group { $group: + ensure => present; + } + + user { $user: + ensure => 'present', + gid => $group, + groups => $extra_groups, + home => $_home, + shell => $shell, + password => $pwhash, + require => Group[$group]; + } + + file { + $_home: + ensure => 'directory', + owner => $user, + group => $group, + mode => $homedir_mode, + require => [ + User[$user], + Group[$group], + ]; + "${_home}/coding": + ensure => 'directory', + owner => $user, + group => $group, + mode => $homedir_mode, + require => [ + User[$user], + Group[$group], + File[$_home], + ]; + "/media/persistent/cargo/${user}": + ensure => 'directory', + owner => $user, + group => $group, + mode => $homedir_mode, + require => [ + User[$user], + Group[$group], + Class["tozt::persistent"], + ]; + "/media/persistent/rustup/${user}": + ensure => 'directory', + owner => $user, + group => $group, + mode => $homedir_mode, + require => [ + User[$user], + Group[$group], + Class["tozt::persistent"], + ]; + "${_home}/.cargo": + ensure => link, + target => "/media/persistent/cargo/${user}", + owner => $user, + group => $group, + require => [ + User[$user], + Group[$group], + File["${_home}"], + ]; + "${_home}/.rustup": + ensure => link, + target => "/media/persistent/rustup/${user}", + owner => $user, + group => $group, + require => [ + User[$user], + Group[$group], + File["${_home}"], + ]; + } + + rust::user { $user: + } + conf::user { $user: + } + ssh::user { $user: + group => $group, + } + + if $user != 'root' { + sudo::user { $user: + } + } + + if $shell == '/usr/bin/zsh' { + include zsh + Class['zsh'] -> User[$user] + } +} diff --git a/modules/tozt/manifests/users.pp b/modules/tozt/manifests/users.pp new file mode 100644 index 0000000..b07373b --- /dev/null +++ b/modules/tozt/manifests/users.pp @@ -0,0 +1,11 @@ +class tozt::users { + tozt::user { 'root': + pwhash => '$6$cqlzoze/Mq3$bHGFqjPF6wBRLcI0VWuQa9cg8c1DfGWL21QdA9KUuDqhtnCfjyaKryu.ACxP9umzuYsWpikegZN6wbTU2JX6V1'; + } + + tozt::user { 'doy': + pwhash => '$6$Q6Y/nmt/QZbU$6D692oUPiFvnQEwoPtL7l83l/KaY/czy9/KI9.GnEEOslQumU39qteDDp.0i9E7nSDodWGOmPgfAsoYJBYrta1', + extra_groups => ['wheel'], + homedir_mode => '0701'; + } +} diff --git a/modules/tozt/manifests/vpn.pp b/modules/tozt/manifests/vpn.pp new file mode 100644 index 0000000..aa84f53 --- /dev/null +++ b/modules/tozt/manifests/vpn.pp @@ -0,0 +1,3 @@ +class tozt::vpn { + include wireguard +} |