Revert "move the tozt module around to allow for more host types"

This reverts commit 89c0cc84be250ba8fe5722baa35293c70c98f2a0. thinking about it more, the mail server configuration is going to be different enough (in particular, running debian rather than arch) that i don't think sharing puppet modules is going to be worthwhile
author: Jesse Luehrs <doy@tozt.net> 2018-10-19 22:59:10 -0400
committer: Jesse Luehrs <doy@tozt.net> 2018-10-19 22:59:10 -0400
commit: 026d8c3eb1757a1841aa91249573c668f981de65 (patch)
tree: 4725e79897709a2c7f7400aefd7d6a7fea8d883c /modules/tozt/manifests
parent: e4416660bccbf109cd35965510bc8153bd172be9 (diff)
download: puppet-tozt-026d8c3eb1757a1841aa91249573c668f981de65.tar.gz
puppet-tozt-026d8c3eb1757a1841aa91249573c668f981de65.zip
14 files changed, 449 insertions, 0 deletions
diff --git a/modules/tozt/manifests/backups.pp b/modules/tozt/manifests/backups.pp
new file mode 100644
index 0000000..2036777
--- /dev/null
+++ b/modules/tozt/manifests/backups.pp
@@ -0,0 +1,4 @@
+class tozt::backups {
+  include duplicati
+  include tarsnap
+}
diff --git a/modules/tozt/manifests/bootstrap.pp b/modules/tozt/manifests/bootstrap.pp
new file mode 100644
index 0000000..7d18444
--- /dev/null
+++ b/modules/tozt/manifests/bootstrap.pp
@@ -0,0 +1,14 @@
+class tozt::bootstrap {
+  package {
+    [
+      "puppet",
+      "rsync",
+    ]:
+    ensure => installed,
+  }
+
+  file { '/usr/local/bin/puppet-tozt':
+    source => 'puppet:///modules/tozt/puppet-tozt',
+    mode => '0755';
+  }
+}
diff --git a/modules/tozt/manifests/certbot.pp b/modules/tozt/manifests/certbot.pp
new file mode 100644
index 0000000..cad7d1a
--- /dev/null
+++ b/modules/tozt/manifests/certbot.pp
@@ -0,0 +1,8 @@
+class tozt::certbot {
+  include tozt::persistent
+
+  class { "certbot":
+    config_dir => "/media/persistent/certbot",
+    require => Class["tozt::persistent"],
+  }
+}
diff --git a/modules/tozt/manifests/git.pp b/modules/tozt/manifests/git.pp
new file mode 100644
index 0000000..03204dc
--- /dev/null
+++ b/modules/tozt/manifests/git.pp
@@ -0,0 +1,64 @@
+class tozt::git {
+  include git::server
+  include tozt::certbot
+  include tozt::persistent
+
+  package { "perl-io-socket-ssl":
+    ensure => installed,
+  }
+
+  file {
+    "/media/persistent/git/doy":
+      ensure => directory,
+      owner => 'doy',
+      group => 'doy',
+      require => [
+        Class['tozt::persistent'],
+        User['doy'],
+        Group['doy'],
+      ];
+    "/home/doy/git":
+      ensure => link,
+      target => "/media/persistent/git/doy",
+      owner => 'doy',
+      group => 'doy',
+      require => [
+        User['doy'],
+        Group['doy'],
+        File["/home/doy"],
+      ];
+    "/etc/cgitrc":
+      source => "puppet:///modules/tozt/cgitrc";
+    "/usr/local/share/git":
+      ensure => directory;
+    "/usr/local/share/git/post-receive":
+      source => "puppet:///modules/tozt/post-receive",
+      require => File['/usr/local/share/git'];
+    "/usr/local/bin/new-git-repo":
+      source => "puppet:///modules/tozt/new-git-repo",
+      mode => '0755',
+      require => [
+        Package['perl-io-socket-ssl'],
+        File['/usr/local/share/git/post-receive'],
+      ];
+  }
+
+  secret { "/home/doy/.github":
+    source => 'github',
+    owner => 'doy',
+    group => 'doy',
+    require => [
+      User['doy'],
+      Group['doy'],
+      File["/home/doy"],
+    ];
+  }
+
+  nginx::site {
+    "git-tls":
+      source => 'puppet:///modules/tozt/nginx/git-tls.conf',
+      require => Class['certbot'];
+    "git":
+      source => 'puppet:///modules/tozt/nginx/git.conf';
+  }
+}
diff --git a/modules/tozt/manifests/init.pp b/modules/tozt/manifests/init.pp
new file mode 100644
index 0000000..b13c4cd
--- /dev/null
+++ b/modules/tozt/manifests/init.pp
@@ -0,0 +1,18 @@
+class tozt {
+  include tozt::users
+
+  Package::Makepkg {
+    build_user => 'doy',
+  }
+
+  Tozt::User['doy'] -> Package::Makepkg<| build_user == 'doy' |>
+
+  include tozt::bootstrap
+  include tozt::backups
+  include tozt::git
+  include tozt::pass
+  include tozt::site
+  include tozt::services
+  include tozt::tools
+  include tozt::vpn
+}
diff --git a/modules/tozt/manifests/pass.pp b/modules/tozt/manifests/pass.pp
new file mode 100644
index 0000000..b1241c1
--- /dev/null
+++ b/modules/tozt/manifests/pass.pp
@@ -0,0 +1,36 @@
+class tozt::pass {
+  include tozt::persistent
+
+  file {
+    "/media/persistent/pass":
+      ensure => directory,
+      owner => 'doy',
+      group => 'doy',
+      require => [
+        Class['tozt::persistent'],
+        User['doy'],
+        Group['doy'],
+      ];
+    "/home/doy/pass":
+      ensure => link,
+      target => "/media/persistent/pass",
+      owner => 'doy',
+      group => 'doy',
+      require => [
+        File['/home/doy'],
+        User['doy'],
+        Group['doy'],
+      ];
+  }
+
+  exec { "pass git init":
+    command => "/usr/bin/git init --bare",
+    user => "doy",
+    cwd => "/media/persistent/pass",
+    creates => "/media/persistent/pass/HEAD",
+    require => [
+      Class["git"],
+      File["/media/persistent/pass"],
+    ],
+  }
+}
diff --git a/modules/tozt/manifests/paste.pp b/modules/tozt/manifests/paste.pp
new file mode 100644
index 0000000..93d7939
--- /dev/null
+++ b/modules/tozt/manifests/paste.pp
@@ -0,0 +1,34 @@
+class tozt::paste {
+  include tozt::certbot
+  include tozt::persistent
+
+  file {
+    "/media/persistent/paste/doy":
+      ensure => directory,
+      owner => 'doy',
+      group => 'doy',
+      require => [
+        Class['tozt::persistent'],
+        User['doy'],
+        Group['doy'],
+      ];
+    "/home/doy/paste":
+      ensure => link,
+      target => "/media/persistent/paste/doy",
+      owner => 'doy',
+      group => 'doy',
+      require => [
+        User['doy'],
+        Group['doy'],
+        File["/home/doy"],
+      ];
+  }
+
+  nginx::site {
+    "paste-tls":
+      source => 'puppet:///modules/tozt/nginx/paste-tls.conf',
+      require => Class['certbot'];
+    "paste":
+      source => 'puppet:///modules/tozt/nginx/paste.conf';
+  }
+}
diff --git a/modules/tozt/manifests/persistent.pp b/modules/tozt/manifests/persistent.pp
new file mode 100644
index 0000000..0726455
--- /dev/null
+++ b/modules/tozt/manifests/persistent.pp
@@ -0,0 +1,40 @@
+class tozt::persistent {
+  file {
+    "/media":
+      ensure => directory;
+    "/media/persistent":
+      ensure => directory,
+      require => File["/media"],
+  }
+
+  $fstab_line = "/dev/disk/by-id/scsi-0DO_Volume_tozt-persistent /media/persistent ext4 rw,relatime 0 2"
+  exec { "populate fstab":
+    provider => shell,
+    command => "echo '${fstab_line}' >> /etc/fstab",
+    unless => "/usr/bin/grep -qF '${fstab_line}' /etc/fstab",
+    require => File["/media/persistent"],
+  }
+
+  exec { "mount /media/persistent":
+    provider => shell,
+    command => "/usr/bin/mount /media/persistent",
+    unless => "grep ' /media/persistent ' /proc/mounts",
+    require => [
+      File["/media/persistent"],
+      Exec["populate fstab"],
+    ]
+  }
+
+  file {
+    [
+      "/media/persistent/public_html",
+      "/media/persistent/paste",
+      "/media/persistent/git",
+      "/media/persistent/certbot",
+      "/media/persistent/cargo",
+      "/media/persistent/rustup",
+    ]:
+      ensure => directory,
+      require => Exec["mount /media/persistent"];
+  }
+}
diff --git a/modules/tozt/manifests/services.pp b/modules/tozt/manifests/services.pp
new file mode 100644
index 0000000..8dfbe5b
--- /dev/null
+++ b/modules/tozt/manifests/services.pp
@@ -0,0 +1,4 @@
+class tozt::services {
+  include locate
+  include ntp
+}
diff --git a/modules/tozt/manifests/site.pp b/modules/tozt/manifests/site.pp
new file mode 100644
index 0000000..f28619a
--- /dev/null
+++ b/modules/tozt/manifests/site.pp
@@ -0,0 +1,80 @@
+class tozt::site {
+  include git
+  include tozt::certbot
+  include tozt::persistent
+
+  package { "hugo":
+    ensure => installed,
+  }
+
+  exec { "clone tozt.net":
+    command => "/usr/bin/git clone git://github.com/doy/tozt-hugo",
+    user => "doy",
+    cwd => "/home/doy/coding",
+    creates => "/home/doy/coding/tozt-hugo",
+    require => [
+      Class["git"],
+      File["/home/doy/coding"],
+    ],
+  }
+
+  exec { "generate tozt.net":
+    provider => shell,
+    command => "
+      rm -rf public
+      hugo
+      mv public /home/doy/site
+    ",
+    user => "doy",
+    cwd => "/home/doy/coding/tozt-hugo",
+    creates => "/home/doy/site",
+    require => [
+      Exec["clone tozt.net"],
+      User['doy'],
+      File['/home/doy'],
+      Package["hugo"],
+      Class["git"],
+    ],
+  }
+
+  file {
+    "/media/persistent/public_html/doy":
+      ensure => directory,
+      owner => 'doy',
+      group => 'doy',
+      require => [
+        Class['tozt::persistent'],
+        User['doy'],
+        Group['doy'],
+      ];
+    "/home/doy/public_html":
+      ensure => link,
+      target => "/media/persistent/public_html/doy",
+      owner => 'doy',
+      group => 'doy',
+      require => [
+        User['doy'],
+        Group['doy'],
+        File["/home/doy"],
+      ];
+  }
+
+  nginx::site {
+    "doy-tls":
+      source => 'puppet:///modules/tozt/nginx/doy-tls.conf',
+      require => Class['certbot'];
+    "doy":
+      source => 'puppet:///modules/tozt/nginx/doy.conf';
+    "blog-tls":
+      source => 'puppet:///modules/tozt/nginx/blog-tls.conf',
+      require => Class['certbot'];
+    "blog":
+      source => 'puppet:///modules/tozt/nginx/blog.conf';
+  }
+
+  file {
+    '/usr/local/bin/hugo-tozt':
+      source => 'puppet:///modules/tozt/hugo-tozt',
+      mode => '0755';
+  }
+}
diff --git a/modules/tozt/manifests/tools.pp b/modules/tozt/manifests/tools.pp
new file mode 100644
index 0000000..5531460
--- /dev/null
+++ b/modules/tozt/manifests/tools.pp
@@ -0,0 +1,20 @@
+class tozt::tools {
+  include mail::sender
+  include yaourt
+
+  package {
+    [
+      "bc",
+      "exa",
+      "fzf",
+      "htop",
+      "lsof",
+      "mutt",
+      "ncdu",
+      "strace",
+      "the_silver_searcher",
+      "tmux",
+    ]:
+    ensure => 'installed';
+  }
+}
diff --git a/modules/tozt/manifests/user.pp b/modules/tozt/manifests/user.pp
new file mode 100644
index 0000000..99c52ed
--- /dev/null
+++ b/modules/tozt/manifests/user.pp
@@ -0,0 +1,113 @@
+define tozt::user(
+  $pwhash,
+  $user=$name,
+  $group=$user,
+  $home=undef,
+  $extra_groups=[],
+  $homedir_mode='0700',
+  $shell='/usr/bin/zsh',
+) {
+  $_home = $home ? {
+    undef => $user ? {
+      'root' => '/root',
+      default => "/home/$user",
+    },
+    default => $home,
+  }
+
+  include tozt::persistent
+
+  group { $group:
+    ensure => present;
+  }
+
+  user { $user:
+    ensure => 'present',
+    gid => $group,
+    groups => $extra_groups,
+    home => $_home,
+    shell => $shell,
+    password => $pwhash,
+    require => Group[$group];
+  }
+
+  file {
+    $_home:
+      ensure => 'directory',
+      owner => $user,
+      group => $group,
+      mode => $homedir_mode,
+      require => [
+        User[$user],
+        Group[$group],
+      ];
+    "${_home}/coding":
+      ensure => 'directory',
+      owner => $user,
+      group => $group,
+      mode => $homedir_mode,
+      require => [
+        User[$user],
+        Group[$group],
+        File[$_home],
+      ];
+    "/media/persistent/cargo/${user}":
+      ensure => 'directory',
+      owner => $user,
+      group => $group,
+      mode => $homedir_mode,
+      require => [
+        User[$user],
+        Group[$group],
+        Class["tozt::persistent"],
+      ];
+    "/media/persistent/rustup/${user}":
+      ensure => 'directory',
+      owner => $user,
+      group => $group,
+      mode => $homedir_mode,
+      require => [
+        User[$user],
+        Group[$group],
+        Class["tozt::persistent"],
+      ];
+    "${_home}/.cargo":
+      ensure => link,
+      target => "/media/persistent/cargo/${user}",
+      owner => $user,
+      group => $group,
+      require => [
+        User[$user],
+        Group[$group],
+        File["${_home}"],
+      ];
+    "${_home}/.rustup":
+      ensure => link,
+      target => "/media/persistent/rustup/${user}",
+      owner => $user,
+      group => $group,
+      require => [
+        User[$user],
+        Group[$group],
+        File["${_home}"],
+      ];
+  }
+
+  rust::user { $user:
+  }
+  conf::user { $user:
+  }
+  ssh::user { $user:
+    group => $group,
+  }
+
+  if $user != 'root' {
+    sudo::user { $user:
+    }
+  }
+
+  if $shell == '/usr/bin/zsh' {
+    include zsh
+    Class['zsh'] -> User[$user]
+  }
+}
diff --git a/modules/tozt/manifests/users.pp b/modules/tozt/manifests/users.pp
new file mode 100644
index 0000000..b07373b
--- /dev/null
+++ b/modules/tozt/manifests/users.pp
@@ -0,0 +1,11 @@
+class tozt::users {
+  tozt::user { 'root':
+    pwhash => '$6$cqlzoze/Mq3$bHGFqjPF6wBRLcI0VWuQa9cg8c1DfGWL21QdA9KUuDqhtnCfjyaKryu.ACxP9umzuYsWpikegZN6wbTU2JX6V1';
+  }
+
+  tozt::user { 'doy':
+    pwhash => '$6$Q6Y/nmt/QZbU$6D692oUPiFvnQEwoPtL7l83l/KaY/czy9/KI9.GnEEOslQumU39qteDDp.0i9E7nSDodWGOmPgfAsoYJBYrta1',
+    extra_groups => ['wheel'],
+    homedir_mode => '0701';
+  }
+}
diff --git a/modules/tozt/manifests/vpn.pp b/modules/tozt/manifests/vpn.pp
new file mode 100644
index 0000000..aa84f53
--- /dev/null
+++ b/modules/tozt/manifests/vpn.pp
@@ -0,0 +1,3 @@
+class tozt::vpn {
+  include wireguard
+}
author	Jesse Luehrs <doy@tozt.net>	2018-10-19 22:59:10 -0400
committer	Jesse Luehrs <doy@tozt.net>	2018-10-19 22:59:10 -0400
commit	026d8c3eb1757a1841aa91249573c668f981de65 (patch)
tree	4725e79897709a2c7f7400aefd7d6a7fea8d883c /modules/tozt/manifests
parent	e4416660bccbf109cd35965510bc8153bd172be9 (diff)
download	puppet-tozt-026d8c3eb1757a1841aa91249573c668f981de65.tar.gz puppet-tozt-026d8c3eb1757a1841aa91249573c668f981de65.zip