diff options
| author | Jesse Luehrs <doy@tozt.net> | 2018-11-13 00:19:06 -0500 |
|---|---|---|
| committer | Jesse Luehrs <doy@tozt.net> | 2018-11-13 00:19:06 -0500 |
| commit | bf33ac997636c4b6c199cfff1e171ffaff437c91 (patch) | |
| tree | 2f3d94f0ad3fddde69fec83c4d65356d60dea479 /tozt | |
| parent | b5fe67cdda8f05ffe814a923b1a69f7169b9db5c (diff) | |
| download | puppet-tozt-bf33ac997636c4b6c199cfff1e171ffaff437c91.tar.gz puppet-tozt-bf33ac997636c4b6c199cfff1e171ffaff437c91.zip | |
actually, let's make this shared again
Diffstat (limited to 'tozt')
78 files changed, 0 insertions, 1858 deletions
diff --git a/tozt/c_toolchain/manifests/init.pp b/tozt/c_toolchain/manifests/init.pp deleted file mode 100644 index 2f9a364..0000000 --- a/tozt/c_toolchain/manifests/init.pp +++ /dev/null @@ -1,12 +0,0 @@ -class c_toolchain { - package { - [ - "autoconf", - "automake", - "gcc", - "make", - "pkgconf", - ]: - ensure => installed, - } -} diff --git a/tozt/certbot/files/bootstrap-certbot b/tozt/certbot/files/bootstrap-certbot deleted file mode 100755 index 5a563b2..0000000 --- a/tozt/certbot/files/bootstrap-certbot +++ /dev/null @@ -1,76 +0,0 @@ -#!/usr/bin/env bash -set -eu -set -o pipefail - -config_dir="$1" -if systemctl is-active -q nginx; then - is_running=1 -else - is_running= -fi - -cleanup() { - if [ -z "$is_running" ]; then - systemctl stop nginx - fi - - if [ -e /etc/nginx/nginx.conf.backup ]; then - mv /etc/nginx/nginx.conf.backup /etc/nginx.conf - fi -} -trap cleanup EXIT - -mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup -cat > /etc/nginx/nginx.conf <<EOF -worker_processes 1; -events { - worker_connections 1024; -} -http { - server { - listen 80 default; - server_name tozt.net; - location / { - root /tmp; - } - } - server { - listen 80; - server_name blog.tozt.net; - location / { - root /tmp; - } - } - server { - listen 80; - server_name paste.tozt.net; - location / { - root /tmp; - } - } - server { - listen 80; - server_name git.tozt.net; - location / { - root /tmp; - } - } - server { - listen 80; - server_name rss.tozt.net; - location / { - root /tmp; - } - } -} -EOF - -if [ -z "$is_running" ]; then - systemctl start nginx -fi - -if [ -z "$config_dir" ]; then - /usr/bin/certbot -n --agree-tos -m doy@tozt.net --nginx -d tozt.net -d blog.tozt.net -d paste.tozt.net -d git.tozt.net -d rss.tozt.net -else - /usr/bin/certbot -n --agree-tos -m doy@tozt.net --nginx -d tozt.net -d blog.tozt.net -d paste.tozt.net -d git.tozt.net -d rss.tozt.net --config-dir "$config_dir" -fi diff --git a/tozt/certbot/files/reload-cert b/tozt/certbot/files/reload-cert deleted file mode 100644 index 9ca23e5..0000000 --- a/tozt/certbot/files/reload-cert +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/env bash -set -eu -set -o pipefail - -systemctl restart nginx diff --git a/tozt/certbot/manifests/init.pp b/tozt/certbot/manifests/init.pp deleted file mode 100644 index 27d59a6..0000000 --- a/tozt/certbot/manifests/init.pp +++ /dev/null @@ -1,54 +0,0 @@ -class certbot($config_dir=undef) { - if $config_dir { - $_config_dir = $config_dir - } - else { - $_config_dir = "/etc/letsencrypt" - } - - include cron - include nginx - - package { - [ - 'certbot', - 'certbot-nginx', - ]: - ensure => installed; - } - - file { - '/etc/cron.daily/certbot': - content => template('certbot/certbot'), - mode => '0755', - require => [ - Package['certbot'], - Class['cron'], - ]; - "${_config_dir}/renewal-hooks": - ensure => directory, - require => Package['certbot']; - "${_config_dir}/renewal-hooks/deploy": - ensure => directory, - require => File["${_config_dir}/renewal-hooks"]; - "${_config_dir}/renewal-hooks/deploy/reload-cert": - source => 'puppet:///modules/certbot/reload-cert', - require => File["${_config_dir}/renewal-hooks/deploy"]; - "/usr/local/bin/bootstrap-certbot": - source => 'puppet:///modules/certbot/bootstrap-certbot', - mode => '0755'; - } - - exec { "initial certbot run": - provider => shell, - command => "/usr/local/bin/bootstrap-certbot ${config_dir}", - creates => "${_config_dir}/live", - require => [ - Package["certbot"], - # not Class["nginx"], because of circular dependencies with nginx::site - Package["nginx"], - Package["certbot-nginx"], - File['/usr/local/bin/bootstrap-certbot'], - ], - } -} diff --git a/tozt/certbot/templates/certbot b/tozt/certbot/templates/certbot deleted file mode 100644 index 9568fe1..0000000 --- a/tozt/certbot/templates/certbot +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -certbot renew -q<%= @config_dir_opts %> diff --git a/tozt/conf/manifests/init.pp b/tozt/conf/manifests/init.pp deleted file mode 100644 index 36e5f22..0000000 --- a/tozt/conf/manifests/init.pp +++ /dev/null @@ -1,15 +0,0 @@ -class conf { - include c_toolchain - include cron - include git - - package { - [ - "cmake", - "fortune-mod", - "less", - "vim", - ]: - ensure => installed, - } -} diff --git a/tozt/conf/manifests/user.pp b/tozt/conf/manifests/user.pp deleted file mode 100644 index b5af5b2..0000000 --- a/tozt/conf/manifests/user.pp +++ /dev/null @@ -1,53 +0,0 @@ -define conf::user($user=$name, $home=undef) { - $_home = $home ? { - undef => $user ? { - 'root' => '/root', - default => "/home/$user", - }, - default => $home, - } - - include conf - - package::cargo { "fancy-prompt for $user": - package => 'fancy-prompt', - user => $user, - ensure => installed, - require => Package["cmake"], - } - - exec { "git clone doy/conf for $user": - command => "/usr/bin/git clone git://github.com/doy/conf", - user => $user, - cwd => $_home, - creates => "$_home/conf", - require => [ - User[$user], - File[$_home], - Class['git'], - ]; - } - - exec { "conf make install for $user": - command => "/usr/bin/make install", - user => $user, - cwd => "$_home/conf", - environment => [ - "HOME=$_home", - "PWD=$_home/conf", - ], - creates => "$_home/.vimrc", - require => [ - Class['cron'], - Class['c_toolchain'], - User[$user], - Exec["git clone doy/conf for $user"], - Package["vim"], - Package["fortune-mod"], - Package["less"], - Package::Cargo["fancy-prompt for $user"], - ]; - } - - # XXX use the right branch -} diff --git a/tozt/cron/manifests/init.pp b/tozt/cron/manifests/init.pp deleted file mode 100644 index 9181c40..0000000 --- a/tozt/cron/manifests/init.pp +++ /dev/null @@ -1,11 +0,0 @@ -class cron { - package { "cronie": - ensure => installed, - } - - service { 'cronie': - ensure => running, - enable => true, - require => Package['cronie']; - } -} diff --git a/tozt/duplicati/manifests/init.pp b/tozt/duplicati/manifests/init.pp deleted file mode 100644 index 643dd43..0000000 --- a/tozt/duplicati/manifests/init.pp +++ /dev/null @@ -1,26 +0,0 @@ -class duplicati { - package { - [ - "gtk-sharp-2", - "mono", - ]: - ensure => installed, - install_options => ["--asdeps"]; - } - - package::makepkg { 'duplicati-latest': - ensure => installed, - require => [ - Package['gtk-sharp-2'], - Package['mono'], - ] - } - - service { 'duplicati': - ensure => running, - enable => true, - require => Package::Makepkg['duplicati-latest']; - } - - # XXX configure backups -} diff --git a/tozt/fail2ban/files/jail.local b/tozt/fail2ban/files/jail.local deleted file mode 100644 index 00329d7..0000000 --- a/tozt/fail2ban/files/jail.local +++ /dev/null @@ -1,10 +0,0 @@ -[DEFAULT] -bantime = 1d - -[sshd] -enabled = true -ignoreip = 10.19.49.0/24 - -[nginx-botsearch] -enabled = true -logpath = /var/log/nginx/*.log diff --git a/tozt/fail2ban/manifests/init.pp b/tozt/fail2ban/manifests/init.pp deleted file mode 100644 index 5ca6483..0000000 --- a/tozt/fail2ban/manifests/init.pp +++ /dev/null @@ -1,21 +0,0 @@ -class fail2ban { - package { "fail2ban": - ensure => installed; - } - - file { - "/etc/fail2ban/jail.local": - source => "puppet:///modules/fail2ban/jail.local", - notify => Service["fail2ban"], - require => Package["fail2ban"]; - } - - service { "fail2ban": - ensure => running, - enable => true, - require => [ - File["/etc/fail2ban/jail.local"], - Package["fail2ban"], - ]; - } -} diff --git a/tozt/git/manifests/init.pp b/tozt/git/manifests/init.pp deleted file mode 100644 index bfb60ad..0000000 --- a/tozt/git/manifests/init.pp +++ /dev/null @@ -1,5 +0,0 @@ -class git { - package { "git": - ensure => installed, - } -} diff --git a/tozt/git/manifests/server.pp b/tozt/git/manifests/server.pp deleted file mode 100644 index 76b02b6..0000000 --- a/tozt/git/manifests/server.pp +++ /dev/null @@ -1,16 +0,0 @@ -class git::server { - package { - [ - "cgit", - "fcgiwrap", - "python-markdown", - "python-pygments", - ]: - ensure => installed, - } - - service { "fcgiwrap.socket": - ensure => running, - enable => true; - } -} diff --git a/tozt/haveged/manifests/init.pp b/tozt/haveged/manifests/init.pp deleted file mode 100644 index 05ae5f8..0000000 --- a/tozt/haveged/manifests/init.pp +++ /dev/null @@ -1,11 +0,0 @@ -class haveged { - package { "haveged": - ensure => installed, - } - - service { 'haveged': - ensure => running, - enable => true, - require => Package['haveged'], - } -} diff --git a/tozt/locate/files/updatedb b/tozt/locate/files/updatedb deleted file mode 100644 index 21f2681..0000000 --- a/tozt/locate/files/updatedb +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/env bash -set -eu -set -o pipefail - -updatedb diff --git a/tozt/locate/manifests/init.pp b/tozt/locate/manifests/init.pp deleted file mode 100644 index 182e3b4..0000000 --- a/tozt/locate/manifests/init.pp +++ /dev/null @@ -1,26 +0,0 @@ -class locate { - include cron - - package { "mlocate": - ensure => installed, - } - - file { - '/etc/cron.daily/updatedb': - source => 'puppet:///modules/locate/updatedb', - mode => '0755', - require => [ - Package['mlocate'], - Class['cron'], - ]; - } - - exec { "initial updatedb run": - command => "/etc/cron.daily/updatedb", - creates => "/var/lib/mlocate/mlocate.db", - require => [ - File["/etc/cron.daily/updatedb"], - Package['mlocate'], - ] - } -} diff --git a/tozt/mail/manifests/sender.pp b/tozt/mail/manifests/sender.pp deleted file mode 100644 index ef30b2a..0000000 --- a/tozt/mail/manifests/sender.pp +++ /dev/null @@ -1,5 +0,0 @@ -class mail::sender { - package { "msmtp-mta": - ensure => installed, - } -} diff --git a/tozt/nginx/files/dhparam.pem b/tozt/nginx/files/dhparam.pem deleted file mode 100644 index 4aa2270..0000000 --- a/tozt/nginx/files/dhparam.pem +++ /dev/null @@ -1,13 +0,0 @@ ------BEGIN DH PARAMETERS----- -MIICCAKCAgEA2Ch/tJWN/Hm/Go2T9Ok542zBAJJxmrIn8ghj/etM1uVQ8viqqDy/ -2RRswFeVJE8S5tf7W7+rPWVp1NzK7Fbxn1eb0r/MdnwgCkzBK2YcbQ6skZZz7lyd -SXXac4YrdkaG60Bm2WtmHs73pptbxBTkt55yAdTyhm8fvVZewAn2a8GRgn/X9Nb6 -YcpbLa6yh0TA1YP/CckMN5yxI761IXpKXuDMMz/PjI9xK2NSXRCgknrHa71w7E9U -x86EyeA8VB2baZ2ct0KlaK5MaFPLSSCPBQYxigCvH6apH+U9pho4YSdZL3wLjtzO -mN7Z8FdhPr2P/Dk0HI4Y2LzJiAQoU2t7zMrGb4y/27zFrApUed6q1lbvJW46g+o0 -zy3fe1nwZ9Ibq0TA6FH0S+FRrSYrJEN1vqosoGJjLJteyddqLV8d6XRhrZaCJmWq -itlqbYlnbK+rlxlJyuDC6wLMTxa/zYMvYSM0Ez8KKDLh3GNMqiEbccCuS77gvPKP -hj4Gy0jslUSYSjJebot+wIQsGmAnL5CozEXdGMVahoqZWcqRRGsoVM/3vZ53uLgL -Cs027wnvkeAnX1sxV/KnrovpVPISkQvG0awCZkjroKMRq33fgymvvvcHo7pGcef+ -7S0XsFBit8LrBT1XGx3VknC8XZ6hAACY1FDMth2J4dx8kqVnd2PH1dMCAQI= ------END DH PARAMETERS----- diff --git a/tozt/nginx/files/mime.types.paste b/tozt/nginx/files/mime.types.paste deleted file mode 100644 index a32e153..0000000 --- a/tozt/nginx/files/mime.types.paste +++ /dev/null @@ -1,57 +0,0 @@ -types { - image/gif gif; - image/jpeg jpeg jpg; - - image/png png; - image/tiff tif tiff; - image/x-icon ico; - image/x-jng jng; - image/x-ms-bmp bmp; - - application/java-archive jar war ear; - application/mac-binhex40 hqx; - application/msword doc; - application/pdf pdf; - application/postscript ps eps ai; - application/rtf rtf; - application/vnd.ms-excel xls; - application/vnd.ms-powerpoint ppt; - application/vnd.wap.wmlc wmlc; - application/x-cocoa cco; - application/x-java-archive-diff jardiff; - application/x-java-jnlp-file jnlp; - application/x-makeself run; - application/x-pilot prc pdb; - application/x-rar-compressed rar; - application/x-redhat-package-manager rpm; - application/x-sea sea; - application/x-shockwave-flash swf; - application/x-stuffit sit; - application/x-xpinstall xpi; - application/zip zip; - - application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; - application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; - application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; - - application/octet-stream bin exe dll; - application/octet-stream deb; - application/octet-stream dmg; - application/octet-stream eot; - application/octet-stream iso img; - application/octet-stream msi msp msm; - - audio/midi mid midi kar; - audio/mpeg mp3; - audio/x-realaudio ra; - - video/3gpp 3gpp 3gp; - video/mpeg mpeg mpg; - video/quicktime mov; - video/x-flv flv; - video/x-mng mng; - video/x-ms-asf asx asf; - video/x-ms-wmv wmv; - video/x-msvideo avi; -} -# vim:ft=nginx diff --git a/tozt/nginx/files/nginx.conf b/tozt/nginx/files/nginx.conf deleted file mode 100644 index 895330e..0000000 --- a/tozt/nginx/files/nginx.conf +++ /dev/null @@ -1,16 +0,0 @@ -worker_processes 1; - -events { - worker_connections 1024; -} - -http { - include mime.types; - default_type application/octet-stream; - - sendfile on; - gzip on; - keepalive_timeout 65; - - include /etc/nginx/sites-enabled/*; -} diff --git a/tozt/nginx/files/ssl b/tozt/nginx/files/ssl deleted file mode 100644 index 6248ac8..0000000 --- a/tozt/nginx/files/ssl +++ /dev/null @@ -1,12 +0,0 @@ -ssl on; -ssl_certificate /media/persistent/certbot/live/tozt.net/fullchain.pem; -ssl_certificate_key /media/persistent/certbot/live/tozt.net/privkey.pem; -ssl_protocols TLSv1.1 TLSv1.2; -ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; -ssl_dhparam /etc/nginx/dhparam.pem; -ssl_prefer_server_ciphers on; -ssl_session_cache shared:SSL:10m; -ssl_stapling on; -ssl_stapling_verify on; - -# vim:ft=nginx diff --git a/tozt/nginx/manifests/config.pp b/tozt/nginx/manifests/config.pp deleted file mode 100644 index 8a95edd..0000000 --- a/tozt/nginx/manifests/config.pp +++ /dev/null @@ -1,18 +0,0 @@ -class nginx::config { - include haveged - - file { - "/etc/nginx/sites-available": - ensure => directory; - "/etc/nginx/sites-enabled": - ensure => directory; - "/etc/nginx/ssl": - source => 'puppet:///modules/nginx/ssl'; - "/etc/nginx/mime.types.paste": - source => 'puppet:///modules/nginx/mime.types.paste'; - "/etc/nginx/nginx.conf": - source => 'puppet:///modules/nginx/nginx.conf'; - "/etc/nginx/dhparam.pem": - source => 'puppet:///modules/nginx/dhparam.pem'; - } -} diff --git a/tozt/nginx/manifests/init.pp b/tozt/nginx/manifests/init.pp deleted file mode 100644 index 611be52..0000000 --- a/tozt/nginx/manifests/init.pp +++ /dev/null @@ -1,11 +0,0 @@ -class nginx { - contain nginx::install - contain nginx::config - contain nginx::service - - Class['nginx::install'] -> Class['nginx::config'] - - Class['nginx::config'] ~> Class['nginx::service'] - Class['nginx::install'] ~> Class['nginx::service'] - Nginx::Site<| |> ~> Class['nginx::service'] -} diff --git a/tozt/nginx/manifests/install.pp b/tozt/nginx/manifests/install.pp deleted file mode 100644 index 680b0ab..0000000 --- a/tozt/nginx/manifests/install.pp +++ /dev/null @@ -1,5 +0,0 @@ -class nginx::install { - package { ['nginx', 'openssl']: - ensure => installed; - } -} diff --git a/tozt/nginx/manifests/service.pp b/tozt/nginx/manifests/service.pp deleted file mode 100644 index f03364f..0000000 --- a/tozt/nginx/manifests/service.pp +++ /dev/null @@ -1,6 +0,0 @@ -class nginx::service { - service { 'nginx': - ensure => running, - enable => true; - } -} diff --git a/tozt/nginx/manifests/site.pp b/tozt/nginx/manifests/site.pp deleted file mode 100644 index 130a086..0000000 --- a/tozt/nginx/manifests/site.pp +++ /dev/null @@ -1,20 +0,0 @@ -define nginx::site($content=undef, $source=undef, $enabled=true) { - include nginx - - file { "/etc/nginx/sites-available/$name": - source => $source, - content => $content; - } - - if $enabled { - file { "/etc/nginx/sites-enabled/$name": - ensure => link, - target => "../sites-available/$name"; - } - } - else { - file { "/etc/nginx/sites-enabled/$name": - ensure => absent; - } - } -} diff --git a/tozt/ntp/manifests/init.pp b/tozt/ntp/manifests/init.pp deleted file mode 100644 index 89140c2..0000000 --- a/tozt/ntp/manifests/init.pp +++ /dev/null @@ -1,11 +0,0 @@ -class ntp { - package { "ntp": - ensure => installed, - } - - service { 'ntpd': - ensure => running, - enable => true, - require => Package['ntp'], - } -} diff --git a/tozt/package/manifests/cargo.pp b/tozt/package/manifests/cargo.pp deleted file mode 100644 index 2f599b9..0000000 --- a/tozt/package/manifests/cargo.pp +++ /dev/null @@ -1,39 +0,0 @@ -define package::cargo($package, $user, $ensure, $home=undef) { - $_home = $home ? { - undef => $user ? { - 'root' => '/root', - default => "/home/$user", - }, - default => $home, - } - - case $ensure { - 'installed': { - exec { "cargo install $package for $user": - provider => "shell", - command => "cargo install $package", - unless => "cargo install --list | grep -q '^$package'", - user => $user, - timeout => 3600, - require => [ - User[$user], - Rust::User[$user], - File["${_home}/.cargo"], - ]; - } - } - 'absent': { - exec { "cargo uninstall $package for $user": - provider => "shell", - command => "cargo uninstall $package", - onlyif => "cargo install --list | grep -q '^$package'", - user => $user, - require => [ - User[$user], - Rust::User[$user], - File["${_home}/.cargo"], - ]; - } - } - } -} diff --git a/tozt/package/manifests/makepkg.pp b/tozt/package/manifests/makepkg.pp deleted file mode 100644 index c9d0318..0000000 --- a/tozt/package/manifests/makepkg.pp +++ /dev/null @@ -1,41 +0,0 @@ -define package::makepkg($ensure, $build_user, $asdeps=false) { - if $asdeps { - $extra_cmdline = " --asdeps" - } - else { - $extra_cmdline = "" - } - - include c_toolchain - include git - - case $ensure { - 'installed': { - exec { "makepkg install $name": - provider => "shell", - command => " - cd /tmp - rm -rf 'makepkg-$name' - su $build_user -c 'git clone https://aur.archlinux.org/$name.git makepkg-$name' - cd 'makepkg-$name' - su $build_user -c makepkg - pacman -U --noconfirm --needed $extra_cmdline $name-*.pkg.tar.xz - ", - unless => "pacman -Q $name > /dev/null 2>&1", - path => "/usr/bin", - require => [ - Class["git"], - Class["c_toolchain"], - ]; - } - } - 'absent': { - exec { "makepkg uninstall $name": - provider => "shell", - command => "pacman --noconfirm -Rsn $name", - onlyif => "pacman -Q $name > /dev/null 2>&1", - path => "/usr/bin"; - } - } - } -} diff --git a/tozt/rust/manifests/init.pp b/tozt/rust/manifests/init.pp deleted file mode 100644 index 37f74ac..0000000 --- a/tozt/rust/manifests/init.pp +++ /dev/null @@ -1,5 +0,0 @@ -class rust { - package { "rustup": - ensure => installed, - } -} diff --git a/tozt/rust/manifests/user.pp b/tozt/rust/manifests/user.pp deleted file mode 100644 index 1b16eeb..0000000 --- a/tozt/rust/manifests/user.pp +++ /dev/null @@ -1,23 +0,0 @@ -define rust::user($user=$name, $home=undef) { - $_home = $home ? { - undef => $user ? { - 'root' => '/root', - default => "/home/$user", - }, - default => $home, - } - - include rust - - exec { "install and configure stable toolchain for $user": - provider => "shell", - command => "rustup default stable", - user => $user, - unless => "rustup show active-toolchain | grep -q stable", - require => [ - Package["rustup"], - User[$user], - File["${_home}/.rustup"], - ], - } -} diff --git a/tozt/secret/manifests/init.pp b/tozt/secret/manifests/init.pp deleted file mode 100644 index 054a71d..0000000 --- a/tozt/secret/manifests/init.pp +++ /dev/null @@ -1,9 +0,0 @@ -define secret($source, $path=$name, $owner=undef, $group=undef, $mode='0600') { - file { "$path": - source => "puppet:///modules/secret/$source", - owner => $owner, - group => $group, - mode => $mode, - show_diff => false, - } -} diff --git a/tozt/sudo/manifests/init.pp b/tozt/sudo/manifests/init.pp deleted file mode 100644 index 8a38060..0000000 --- a/tozt/sudo/manifests/init.pp +++ /dev/null @@ -1,10 +0,0 @@ -class sudo { - package { "sudo": - ensure => 'installed'; - } - - file { "/etc/sudoers.d/wheel": - ensure => present, - content => '%wheel ALL=(ALL) ALL'; - } -} diff --git a/tozt/sudo/manifests/user.pp b/tozt/sudo/manifests/user.pp deleted file mode 100644 index 81fde70..0000000 --- a/tozt/sudo/manifests/user.pp +++ /dev/null @@ -1,7 +0,0 @@ -define sudo::user($user=$name) { - include sudo - - file { "/var/db/sudo/lectured/$user": - ensure => 'present'; - } -} diff --git a/tozt/systemd/manifests/init.pp b/tozt/systemd/manifests/init.pp deleted file mode 100644 index f6b992a..0000000 --- a/tozt/systemd/manifests/init.pp +++ /dev/null @@ -1,5 +0,0 @@ -class systemd { - exec { "/usr/bin/systemctl daemon-reload": - refreshonly => true; - } -} diff --git a/tozt/tarsnap/files/acts b/tozt/tarsnap/files/acts deleted file mode 100644 index 7c2c3bd..0000000 --- a/tozt/tarsnap/files/acts +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/env bash -set -eu -set -o pipefail - -acts diff --git a/tozt/tarsnap/files/acts.conf b/tozt/tarsnap/files/acts.conf deleted file mode 100644 index 5228f54..0000000 --- a/tozt/tarsnap/files/acts.conf +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -backuptargets="home/doy/pass home/doy/paste home/doy/public_html home/doy/irclogs" diff --git a/tozt/tarsnap/files/tarsnap.conf b/tozt/tarsnap/files/tarsnap.conf deleted file mode 100644 index 42e2fb9..0000000 --- a/tozt/tarsnap/files/tarsnap.conf +++ /dev/null @@ -1,5 +0,0 @@ -cachedir /var/lib/tarsnap/cache -keyfile /etc/tarsnap/machine-key -nodump -print-stats -checkpoint-bytes 1G diff --git a/tozt/tarsnap/manifests/init.pp b/tozt/tarsnap/manifests/init.pp deleted file mode 100644 index c397164..0000000 --- a/tozt/tarsnap/manifests/init.pp +++ /dev/null @@ -1,31 +0,0 @@ -class tarsnap { - include cron - - package { 'tarsnap': - ensure => installed; - } - - package::makepkg { 'acts': - ensure => installed, - require => Package['tarsnap']; - } - - file { - '/etc/tarsnap/tarsnap.conf': - source => 'puppet:///modules/tarsnap/tarsnap.conf'; - '/etc/acts.conf': - source => 'puppet:///modules/tarsnap/acts.conf'; - '/etc/cron.daily/acts': - source => 'puppet:///modules/tarsnap/acts', - mode => '0755', - require => [ - File['/etc/acts.conf'], - Package::Makepkg['acts'], - Class['cron'], - ]; - } - - secret { "/etc/tarsnap/machine-key": - source => 'tarsnap', - } -} diff --git a/tozt/tozt/files/cgitrc b/tozt/tozt/files/cgitrc deleted file mode 100644 index e52e13b..0000000 --- a/tozt/tozt/files/cgitrc +++ /dev/null @@ -1,32 +0,0 @@ -root-title=git.tozt.net -root-desc= -logo=https://tozt.net/sphtkr.jpg - -enable-index-owner=0 -enable-index-links=1 -enable-blame=1 -enable-commit-graph=1 -enable-log-filecount=1 -enable-log-linecount=1 -branch-sort=age -repository-sort=age -max-stats=year -max-repo-count=500 - -clone-url=doy@tozt.net:git/$CGIT_REPO_URL git://git.tozt.net/$CGIT_REPO_URL git@github.com:doy/$CGIT_REPO_URL git://github.com/doy/$CGIT_REPO_URL https://github.com/doy/$CGIT_REPO_URL -snapshots=tar.gz zip - -readme=:README.md -readme=:README.txt -readme=:README - -about-filter=/usr/lib/cgit/filters/about-formatting.sh -source-filter=/usr/lib/cgit/filters/syntax-highlighting.py -module-link=/%s/tree/?id=%s - -mimetype-file=/etc/mime.types - -virtual-root=/ - -remove-suffix=1 -scan-path=/media/persistent/git/doy/ diff --git a/tozt/tozt/files/hosts b/tozt/tozt/files/hosts deleted file mode 100644 index 40a877c..0000000 --- a/tozt/tozt/files/hosts +++ /dev/null @@ -1,6 +0,0 @@ -127.0.0.1 localhost -127.0.1.1 tozt.localdomain tozt - -10.19.49.101 hush.algo -10.19.49.103 phone.algo -10.19.49.104 tozt.algo diff --git a/tozt/tozt/files/hugo-tozt b/tozt/tozt/files/hugo-tozt deleted file mode 100755 index 859656b..0000000 --- a/tozt/tozt/files/hugo-tozt +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/env bash -set -eu -set -o pipefail - -cd ~/coding/tozt-hugo -git pull -git clean -dffx -hugo -rsync -av public/. ~/site diff --git a/tozt/tozt/files/new-git-repo b/tozt/tozt/files/new-git-repo deleted file mode 100755 index 138fadb..0000000 --- a/tozt/tozt/files/new-git-repo +++ /dev/null @@ -1,221 +0,0 @@ -#!/usr/bin/env perl -use strict; -use warnings; -no warnings "experimental::signatures"; -use 5.020; -use feature 'signatures'; - -use Getopt::Long; - -package NewGitRepo { - use Cwd; - use HTTP::Tiny; - use JSON::PP; - - sub new($class, %opts) { - bless { - user => $opts{user}, - root => $opts{root}, - }, $class; - } - - sub init($self, %opts) { - my $new_dir = "${\$self->{root}}/$opts{name}"; - my $user = $self->{user}; - my $token = $self->github_token; - - local $ENV{GIT_DIR} = $new_dir; - - if ($opts{from_github}) { - git( - 'clone', - '--bare', - "git://github.com/$user/$opts{name}", - $new_dir - ); - git(qw(remote rm origin)); - - if (defined($opts{description})) { - $self->set_github_description($opts{name}, $opts{description}); - } - } - else { - mkdir($new_dir); - git(qw(init --bare)); - $self->create_github_repository($opts{name}, $opts{description}); - } - - git( - 'remote', - 'add', 'github', - "https://$user:$token\@github.com/$user/$opts{name}", - ); - - my $cgitrc = $self->generate_cgitrc(%opts); - spew("$new_dir/cgitrc", $cgitrc); - - my $hook_file = "$new_dir/hooks/post-receive"; - spew($hook_file, slurp("/usr/local/share/git/post-receive")); - chmod 0755, $hook_file or die "couldn't chmod $hook_file: $!"; - - if ($opts{from_github}) { - my $old_dir = getcwd; - chdir $new_dir || die "couldn't chdir to $new_dir: $!"; - eval { - system('./hooks/post-receive'); - }; - my $err = $@; - chdir $old_dir; - if ($err) { - $@ = $err; - die; - } - } - } - - sub generate_cgitrc($self, %opts) { - my $desc = defined($opts{description}) - ? $opts{description} - : $self->repo_metadata($opts{name})->{description}; - my %cgit_opts = ( - (defined($desc) - ? (desc => $desc) - : ()), - section => $opts{unmaintained} ? "unmaintained" : "maintained", - ); - join("\n", map { "$_=$cgit_opts{$_}" } sort keys %cgit_opts) . "\n"; - } - - sub repo_metadata($self, $name) { - my $query = <<EOF; - query { - repository(owner: "${\$self->{user}}", name: "$name") { - description - } - } -EOF - $self->github_v4($query)->{data}{repository}; - } - - sub set_github_description($self, $name, $description) { - $self->github_v3( - 'PATCH', - "/repos/${\$self->{user}}/$name", - { - description => $description, - } - ); - } - - sub create_github_repository($self, $name, $description) { - $self->github_v3( - 'POST', - '/user/repos', - { - name => $name, - (defined($description) - ? (description => $description) - : ()), - } - ); - } - - sub github_v3($self, $method, $path, $data=undef) { - my $res = $self->ua->request( - $method, - "https://api.github.com$path", - { - (defined($data) - ? (content => encode_json($data)) - : ()), - } - ); - if (!$res->{success}) { - die "query failed ($res->{status}): $res->{content}"; - } - decode_json($res->{content}) - } - - sub github_v4($self, $query) { - my $res = $self->ua->post( - "https://api.github.com/graphql", - { - content => encode_json({query => $query}), - } - ); - if (!$res->{success}) { - die "query failed ($res->{status}): $res->{content}"; - } - decode_json($res->{content}) - } - - sub ua($self) { - $self->{ua} ||= HTTP::Tiny->new( - default_headers => { - 'Authorization' => "bearer ${\$self->github_token}", - 'Content-Type' => "application/json", - 'Accept' => "application/json", - }, - verify_SSL => 1, - ); - } - - sub github_token($self) { - $self->{github_token} ||= do { - chomp(my $token = slurp("$ENV{HOME}/.github")); - $token - } - } - - sub git(@args) { - system('git', @args) and die "couldn't run git: $!"; - } - - sub slurp($filename) { - open my $fh, '<', $filename or die "couldn't open $filename: $!"; - do { local $/; <$fh> }; - } - - sub spew($filename, $contents) { - open my $fh, '>', $filename or die "couldn't open $filename: $!"; - print $fh $contents or die "couldn't write to $filename: $!"; - close $fh or die "couldn't close $filename: $!"; - } -} - - -sub main(@argv) { - my %opts = parse_args(\@argv); - my $user = delete $opts{user}; - my $root = delete $opts{root}; - NewGitRepo->new( - user => $user, - root => $root, - )->init(%opts); -} - -sub parse_args($argv) { - my %opts = ( - from_github => undef, - user => $ENV{USER}, - root => "$ENV{HOME}/git", - unmaintained => undef, - description => undef, - ); - - Getopt::Long::GetOptionsFromArray( - $argv, - 'from-github' => \$opts{from_github}, - 'user=s' => \$opts{user}, - 'root=s' => \$opts{root}, - 'unmaintained' => \$opts{unmaintained}, - 'description=s' => \$opts{description}, - ); - $opts{name} = shift @$argv; - - die "extra args found: " . join(' ', @$argv) if @$argv; - - %opts -} - -main(@ARGV); diff --git a/tozt/tozt/files/nginx/blog-tls.conf b/tozt/tozt/files/nginx/blog-tls.conf deleted file mode 100644 index 094d5b7..0000000 --- a/tozt/tozt/files/nginx/blog-tls.conf +++ /dev/null @@ -1,12 +0,0 @@ -server { - listen 443; - server_name blog.tozt.net; - - access_log /var/log/nginx/blog.access.log; - error_log /var/log/nginx/blog.error.log; - - include ssl; - - rewrite ^(.*) https://tozt.net/blog$1 permanent; -} -# vim:ft=nginx diff --git a/tozt/tozt/files/nginx/blog.conf b/tozt/tozt/files/nginx/blog.conf deleted file mode 100644 index cbb72df..0000000 --- a/tozt/tozt/files/nginx/blog.conf +++ /dev/null @@ -1,10 +0,0 @@ -server { - listen 80; - server_name blog.tozt.net; - - access_log /var/log/nginx/blog.access.log; - error_log /var/log/nginx/blog.error.log; - - rewrite ^(.*) https://tozt.net/blog$1 permanent; -} -# vim:ft=nginx diff --git a/tozt/tozt/files/nginx/doy-tls.conf b/tozt/tozt/files/nginx/doy-tls.conf deleted file mode 100644 index e869a5c..0000000 --- a/tozt/tozt/files/nginx/doy-tls.conf +++ /dev/null @@ -1,15 +0,0 @@ -server { - listen 443 default; - server_name tozt.net; - - access_log /var/log/nginx/doy.access.log; - error_log /var/log/nginx/doy.error.log; - - include ssl; - - location / { - root /home/doy; - try_files /site$uri /site$uri/index.html /public_html$uri =404; - } -} -# vim:ft=nginx diff --git a/tozt/tozt/files/nginx/doy.conf b/tozt/tozt/files/nginx/doy.conf deleted file mode 100644 index 15c3932..0000000 --- a/tozt/tozt/files/nginx/doy.conf +++ /dev/null @@ -1,10 +0,0 @@ -server { - listen 80 default; - server_name tozt.net; - - access_log /var/log/nginx/doy.access.log; - error_log /var/log/nginx/doy.error.log; - - rewrite ^(.*) https://$host$1 permanent; -} -# vim:ft=nginx diff --git a/tozt/tozt/files/nginx/git-tls.conf b/tozt/tozt/files/nginx/git-tls.conf deleted file mode 100644 index 6e0dfbb..0000000 --- a/tozt/tozt/files/nginx/git-tls.conf +++ /dev/null @@ -1,22 +0,0 @@ -server { - listen 443; - server_name git.tozt.net; - - access_log /var/log/nginx/git.access.log; - error_log /var/log/nginx/git.error.log; - - include ssl; - - root /usr/share/webapps/cgit; - try_files $uri @cgit; - - location @cgit { - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root/cgit.cgi; - fastcgi_param PATH_INFO $uri; - fastcgi_param QUERY_STRING $args; - fastcgi_param HTTP_HOST $server_name; - fastcgi_pass unix:/run/fcgiwrap.sock; - } -} -# vim:ft=nginx diff --git a/tozt/tozt/files/nginx/git.conf b/tozt/tozt/files/nginx/git.conf deleted file mode 100644 index cafdcc8..0000000 --- a/tozt/tozt/files/nginx/git.conf +++ /dev/null @@ -1,10 +0,0 @@ -server { - listen 80; - server_name git.tozt.net; - - access_log /var/log/nginx/git.access.log; - error_log /var/log/nginx/git.error.log; - - rewrite ^(.*) https://$host$1 permanent; -} -# vim:ft=nginx diff --git a/tozt/tozt/files/nginx/paste-tls.conf b/tozt/tozt/files/nginx/paste-tls.conf deleted file mode 100644 index b73d7a8..0000000 --- a/tozt/tozt/files/nginx/paste-tls.conf +++ /dev/null @@ -1,18 +0,0 @@ -server { - listen 443; - server_name paste.tozt.net; - - access_log /var/log/nginx/paste.access.log; - error_log /var/log/nginx/paste.error.log; - - include ssl; - - include /etc/nginx/mime.types.paste; - - root /home/doy/paste; - default_type text/plain; - gzip_types text/plain; - - location / { } -} -# vim:ft=nginx diff --git a/tozt/tozt/files/nginx/paste.conf b/tozt/tozt/files/nginx/paste.conf deleted file mode 100644 index 839fe78..0000000 --- a/tozt/tozt/files/nginx/paste.conf +++ /dev/null @@ -1,10 +0,0 @@ -server { - listen 80; - server_name paste.tozt.net; - - access_log /var/log/nginx/paste.access.log; - error_log /var/log/nginx/paste.error.log; - - rewrite ^(.*) https://$host$1 permanent; -} -# vim:ft=nginx diff --git a/tozt/tozt/files/nginx/ttrss-tls.conf b/tozt/tozt/files/nginx/ttrss-tls.conf deleted file mode 100644 index 10e4f3c..0000000 --- a/tozt/tozt/files/nginx/ttrss-tls.conf +++ /dev/null @@ -1,28 +0,0 @@ -server { - listen 443; - server_name rss.tozt.net; - - access_log /var/log/nginx/rss.access.log; - error_log /var/log/nginx/rss.error.log; - - include ssl; - - root /usr/share/webapps/tt-rss; - - location / { - index index.php; - auth_basic "ttrss"; - auth_basic_user_file "/media/persistent/ttrss.htpasswd"; - } - - location ~ \.php$ { - try_files $uri = 404; - fastcgi_pass unix:/run/php-fpm/php-fpm.sock; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include /etc/nginx/fastcgi_params; - auth_basic "ttrss"; - auth_basic_user_file "/media/persistent/ttrss.htpasswd"; - } -} -# vim:ft=nginx diff --git a/tozt/tozt/files/nginx/ttrss.conf b/tozt/tozt/files/nginx/ttrss.conf deleted file mode 100644 index 8680dcb..0000000 --- a/tozt/tozt/files/nginx/ttrss.conf +++ /dev/null @@ -1,10 +0,0 @@ -server { - listen 80; - server_name rss.tozt.net; - - access_log /var/log/nginx/rss.access.log; - error_log /var/log/nginx/rss.error.log; - - rewrite ^(.*) https://$host$1 permanent; -} -# vim:ft=nginx diff --git a/tozt/tozt/files/post-receive b/tozt/tozt/files/post-receive deleted file mode 100755 index 2f26f7c..0000000 --- a/tozt/tozt/files/post-receive +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -eu -set -o pipefail - -mkdir -p info/web -git for-each-ref --sort=committerdate --format='%(committerdate)' refs/heads | tail -n1 > info/web/last-modified - -git push --mirror github diff --git a/tozt/tozt/files/puppet-tozt b/tozt/tozt/files/puppet-tozt deleted file mode 100644 index 2ce71bd..0000000 --- a/tozt/tozt/files/puppet-tozt +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/bin/env bash -set -eu -set -o pipefail - -(cd /usr/local/share/puppet-tozt && sudo git pull) -sudo puppet apply --show_diff --modulepath=/usr/local/share/puppet-tozt/tozt -e 'include tozt' diff --git a/tozt/tozt/manifests/backups.pp b/tozt/tozt/manifests/backups.pp deleted file mode 100644 index 2036777..0000000 --- a/tozt/tozt/manifests/backups.pp +++ /dev/null @@ -1,4 +0,0 @@ -class tozt::backups { - include duplicati - include tarsnap -} diff --git a/tozt/tozt/manifests/bootstrap.pp b/tozt/tozt/manifests/bootstrap.pp deleted file mode 100644 index 7d18444..0000000 --- a/tozt/tozt/manifests/bootstrap.pp +++ /dev/null @@ -1,14 +0,0 @@ -class tozt::bootstrap { - package { - [ - "puppet", - "rsync", - ]: - ensure => installed, - } - - file { '/usr/local/bin/puppet-tozt': - source => 'puppet:///modules/tozt/puppet-tozt', - mode => '0755'; - } -} diff --git a/tozt/tozt/manifests/certbot.pp b/tozt/tozt/manifests/certbot.pp deleted file mode 100644 index cad7d1a..0000000 --- a/tozt/tozt/manifests/certbot.pp +++ /dev/null @@ -1,8 +0,0 @@ -class tozt::certbot { - include tozt::persistent - - class { "certbot": - config_dir => "/media/persistent/certbot", - require => Class["tozt::persistent"], - } -} diff --git a/tozt/tozt/manifests/git.pp b/tozt/tozt/manifests/git.pp deleted file mode 100644 index 03204dc..0000000 --- a/tozt/tozt/manifests/git.pp +++ /dev/null @@ -1,64 +0,0 @@ -class tozt::git { - include git::server - include tozt::certbot - include tozt::persistent - - package { "perl-io-socket-ssl": - ensure => installed, - } - - file { - "/media/persistent/git/doy": - ensure => directory, - owner => 'doy', - group => 'doy', - require => [ - Class['tozt::persistent'], - User['doy'], - Group['doy'], - ]; - "/home/doy/git": - ensure => link, - target => "/media/persistent/git/doy", - owner => 'doy', - group => 'doy', - require => [ - User['doy'], - Group['doy'], - File["/home/doy"], - ]; - "/etc/cgitrc": - source => "puppet:///modules/tozt/cgitrc"; - "/usr/local/share/git": - ensure => directory; - "/usr/local/share/git/post-receive": - source => "puppet:///modules/tozt/post-receive", - require => File['/usr/local/share/git']; - "/usr/local/bin/new-git-repo": - source => "puppet:///modules/tozt/new-git-repo", - mode => '0755', - require => [ - Package['perl-io-socket-ssl'], - File['/usr/local/share/git/post-receive'], - ]; - } - - secret { "/home/doy/.github": - source => 'github', - owner => 'doy', - group => 'doy', - require => [ - User['doy'], - Group['doy'], - File["/home/doy"], - ]; - } - - nginx::site { - "git-tls": - source => 'puppet:///modules/tozt/nginx/git-tls.conf', - require => Class['certbot']; - "git": - source => 'puppet:///modules/tozt/nginx/git.conf'; - } -} diff --git a/tozt/tozt/manifests/init.pp b/tozt/tozt/manifests/init.pp deleted file mode 100644 index f7997da..0000000 --- a/tozt/tozt/manifests/init.pp +++ /dev/null @@ -1,21 +0,0 @@ -class tozt { - include tozt::users - - Package::Makepkg { - build_user => 'doy', - } - - Tozt::User['doy'] -> Package::Makepkg<| build_user == 'doy' |> - - include tozt::bootstrap - include tozt::backups - include tozt::git - include tozt::misc - include tozt::pass - include tozt::paste - include tozt::site - include tozt::services - include tozt::tools - include tozt::ttrss - include tozt::vpn -} diff --git a/tozt/tozt/manifests/misc.pp b/tozt/tozt/manifests/misc.pp deleted file mode 100644 index a68bdd1..0000000 --- a/tozt/tozt/manifests/misc.pp +++ /dev/null @@ -1,20 +0,0 @@ -class tozt::misc { - file { - "/etc/locale.gen": - content => "en_US.UTF-8 UTF-8\n", - notify => Exec["regen locale data"]; - "/etc/locale.conf": - content => "LANG=en_US.UTF-8\n", - require => [ - File["/etc/locale.gen"], - Exec["regen locale data"], - ]; - "/etc/hosts": - source => "puppet:///modules/tozt/hosts"; - } - - exec { "regen locale data": - command => "/usr/bin/locale-gen", - refreshonly => true; - } -} diff --git a/tozt/tozt/manifests/pass.pp b/tozt/tozt/manifests/pass.pp deleted file mode 100644 index b1241c1..0000000 --- a/tozt/tozt/manifests/pass.pp +++ /dev/null @@ -1,36 +0,0 @@ -class tozt::pass { - include tozt::persistent - - file { - "/media/persistent/pass": - ensure => directory, - owner => 'doy', - group => 'doy', - require => [ - Class['tozt::persistent'], - User['doy'], - Group['doy'], - ]; - "/home/doy/pass": - ensure => link, - target => "/media/persistent/pass", - owner => 'doy', - group => 'doy', - require => [ - File['/home/doy'], - User['doy'], - Group['doy'], - ]; - } - - exec { "pass git init": - command => "/usr/bin/git init --bare", - user => "doy", - cwd => "/media/persistent/pass", - creates => "/media/persistent/pass/HEAD", - require => [ - Class["git"], - File["/media/persistent/pass"], - ], - } -} diff --git a/tozt/tozt/manifests/paste.pp b/tozt/tozt/manifests/paste.pp deleted file mode 100644 index 93d7939..0000000 --- a/tozt/tozt/manifests/paste.pp +++ /dev/null @@ -1,34 +0,0 @@ -class tozt::paste { - include tozt::certbot - include tozt::persistent - - file { - "/media/persistent/paste/doy": - ensure => directory, - owner => 'doy', - group => 'doy', - require => [ - Class['tozt::persistent'], - User['doy'], - Group['doy'], - ]; - "/home/doy/paste": - ensure => link, - target => "/media/persistent/paste/doy", - owner => 'doy', - group => 'doy', - require => [ - User['doy'], - Group['doy'], - File["/home/doy"], - ]; - } - - nginx::site { - "paste-tls": - source => 'puppet:///modules/tozt/nginx/paste-tls.conf', - require => Class['certbot']; - "paste": - source => 'puppet:///modules/tozt/nginx/paste.conf'; - } -} diff --git a/tozt/tozt/manifests/persistent.pp b/tozt/tozt/manifests/persistent.pp deleted file mode 100644 index 0726455..0000000 --- a/tozt/tozt/manifests/persistent.pp +++ /dev/null @@ -1,40 +0,0 @@ -class tozt::persistent { - file { - "/media": - ensure => directory; - "/media/persistent": - ensure => directory, - require => File["/media"], - } - - $fstab_line = "/dev/disk/by-id/scsi-0DO_Volume_tozt-persistent /media/persistent ext4 rw,relatime 0 2" - exec { "populate fstab": - provider => shell, - command => "echo '${fstab_line}' >> /etc/fstab", - unless => "/usr/bin/grep -qF '${fstab_line}' /etc/fstab", - require => File["/media/persistent"], - } - - exec { "mount /media/persistent": - provider => shell, - command => "/usr/bin/mount /media/persistent", - unless => "grep ' /media/persistent ' /proc/mounts", - require => [ - File["/media/persistent"], - Exec["populate fstab"], - ] - } - - file { - [ - "/media/persistent/public_html", - "/media/persistent/paste", - "/media/persistent/git", - "/media/persistent/certbot", - "/media/persistent/cargo", - "/media/persistent/rustup", - ]: - ensure => directory, - require => Exec["mount /media/persistent"]; - } -} diff --git a/tozt/tozt/manifests/services.pp b/tozt/tozt/manifests/services.pp deleted file mode 100644 index 1789715..0000000 --- a/tozt/tozt/manifests/services.pp +++ /dev/null @@ -1,5 +0,0 @@ -class tozt::services { - include fail2ban - include locate - include ntp -} diff --git a/tozt/tozt/manifests/site.pp b/tozt/tozt/manifests/site.pp deleted file mode 100644 index f28619a..0000000 --- a/tozt/tozt/manifests/site.pp +++ /dev/null @@ -1,80 +0,0 @@ -class tozt::site { - include git - include tozt::certbot - include tozt::persistent - - package { "hugo": - ensure => installed, - } - - exec { "clone tozt.net": - command => "/usr/bin/git clone git://github.com/doy/tozt-hugo", - user => "doy", - cwd => "/home/doy/coding", - creates => "/home/doy/coding/tozt-hugo", - require => [ - Class["git"], - File["/home/doy/coding"], - ], - } - - exec { "generate tozt.net": - provider => shell, - command => " - rm -rf public - hugo - mv public /home/doy/site - ", - user => "doy", - cwd => "/home/doy/coding/tozt-hugo", - creates => "/home/doy/site", - require => [ - Exec["clone tozt.net"], - User['doy'], - File['/home/doy'], - Package["hugo"], - Class["git"], - ], - } - - file { - "/media/persistent/public_html/doy": - ensure => directory, - owner => 'doy', - group => 'doy', - require => [ - Class['tozt::persistent'], - User['doy'], - Group['doy'], - ]; - "/home/doy/public_html": - ensure => link, - target => "/media/persistent/public_html/doy", - owner => 'doy', - group => 'doy', - require => [ - User['doy'], - Group['doy'], - File["/home/doy"], - ]; - } - - nginx::site { - "doy-tls": - source => 'puppet:///modules/tozt/nginx/doy-tls.conf', - require => Class['certbot']; - "doy": - source => 'puppet:///modules/tozt/nginx/doy.conf'; - "blog-tls": - source => 'puppet:///modules/tozt/nginx/blog-tls.conf', - require => Class['certbot']; - "blog": - source => 'puppet:///modules/tozt/nginx/blog.conf'; - } - - file { - '/usr/local/bin/hugo-tozt': - source => 'puppet:///modules/tozt/hugo-tozt', - mode => '0755'; - } -} diff --git a/tozt/tozt/manifests/tools.pp b/tozt/tozt/manifests/tools.pp deleted file mode 100644 index 5531460..0000000 --- a/tozt/tozt/manifests/tools.pp +++ /dev/null @@ -1,20 +0,0 @@ -class tozt::tools { - include mail::sender - include yaourt - - package { - [ - "bc", - "exa", - "fzf", - "htop", - "lsof", - "mutt", - "ncdu", - "strace", - "the_silver_searcher", - "tmux", - ]: - ensure => 'installed'; - } -} diff --git a/tozt/tozt/manifests/ttrss.pp b/tozt/tozt/manifests/ttrss.pp deleted file mode 100644 index 3b25ec3..0000000 --- a/tozt/tozt/manifests/ttrss.pp +++ /dev/null @@ -1,26 +0,0 @@ -class tozt::ttrss { - include tozt::certbot - include tozt::persistent - - class { "ttrss": - dbpath => "/media/persistent/ttrss", - require => Class["tozt::persistent"]; - } - - secret { "/media/persistent/ttrss.htpasswd": - source => "ttrss", - owner => 'http', - require => [ - Class["tozt::persistent"], - Package['nginx'], - ]; - } - - nginx::site { - "ttrss-tls": - source => 'puppet:///modules/tozt/nginx/ttrss-tls.conf', - require => Class['certbot']; - "ttrss": - source => 'puppet:///modules/tozt/nginx/ttrss.conf'; - } -} diff --git a/tozt/tozt/manifests/user.pp b/tozt/tozt/manifests/user.pp deleted file mode 100644 index f82d716..0000000 --- a/tozt/tozt/manifests/user.pp +++ /dev/null @@ -1,110 +0,0 @@ -define tozt::user( - $pwhash, - $user=$name, - $group=$user, - $home=undef, - $extra_groups=[], - $homedir_mode='0700', - $shell='/usr/bin/zsh', -) { - $_home = $home ? { - undef => $user ? { - 'root' => '/root', - default => "/home/$user", - }, - default => $home, - } - - include tozt::persistent - - group { $group: - ensure => present; - } - - user { $user: - ensure => 'present', - gid => $group, - groups => $extra_groups, - home => $_home, - shell => $shell, - password => $pwhash, - require => Group[$group]; - } - - file { - $_home: - ensure => 'directory', - owner => $user, - group => $group, - mode => $homedir_mode, - require => [ - User[$user], - Group[$group], - ]; - "${_home}/coding": - ensure => 'directory', - owner => $user, - group => $group, - mode => $homedir_mode, - require => [ - User[$user], - Group[$group], - File[$_home], - ]; - "/media/persistent/cargo/${user}": - ensure => 'directory', - owner => $user, - group => $group, - mode => $homedir_mode, - require => [ - User[$user], - Group[$group], - Class["tozt::persistent"], - ]; - "/media/persistent/rustup/${user}": - ensure => 'directory', - owner => $user, - group => $group, - mode => $homedir_mode, - require => [ - User[$user], - Group[$group], - Class["tozt::persistent"], - ]; - "${_home}/.cargo": - ensure => link, - target => "/media/persistent/cargo/${user}", - owner => $user, - group => $group, - require => [ - User[$user], - Group[$group], - File["${_home}"], - ]; - "${_home}/.rustup": - ensure => link, - target => "/media/persistent/rustup/${user}", - owner => $user, - group => $group, - require => [ - User[$user], - Group[$group], - File["${_home}"], - ]; - } - - rust::user { $user: - } - conf::user { $user: - } - - if $user != 'root' { - sudo::user { $user: - } - } - - if $shell == '/usr/bin/zsh' { - include zsh - Class['zsh'] -> User[$user] - } -} diff --git a/tozt/tozt/manifests/users.pp b/tozt/tozt/manifests/users.pp deleted file mode 100644 index b07373b..0000000 --- a/tozt/tozt/manifests/users.pp +++ /dev/null @@ -1,11 +0,0 @@ -class tozt::users { - tozt::user { 'root': - pwhash => '$6$cqlzoze/Mq3$bHGFqjPF6wBRLcI0VWuQa9cg8c1DfGWL21QdA9KUuDqhtnCfjyaKryu.ACxP9umzuYsWpikegZN6wbTU2JX6V1'; - } - - tozt::user { 'doy': - pwhash => '$6$Q6Y/nmt/QZbU$6D692oUPiFvnQEwoPtL7l83l/KaY/czy9/KI9.GnEEOslQumU39qteDDp.0i9E7nSDodWGOmPgfAsoYJBYrta1', - extra_groups => ['wheel'], - homedir_mode => '0701'; - } -} diff --git a/tozt/tozt/manifests/vpn.pp b/tozt/tozt/manifests/vpn.pp deleted file mode 100644 index aa84f53..0000000 --- a/tozt/tozt/manifests/vpn.pp +++ /dev/null @@ -1,3 +0,0 @@ -class tozt::vpn { - include wireguard -} diff --git a/tozt/ttrss/files/config.php b/tozt/ttrss/files/config.php deleted file mode 100644 index 5f1eb51..0000000 --- a/tozt/ttrss/files/config.php +++ /dev/null @@ -1,47 +0,0 @@ -<?php - -define('DB_TYPE', "pgsql"); -define('DB_HOST', "localhost"); -define('DB_USER', "ttrss"); -define('DB_NAME', "ttrss"); -define('DB_PASS', ""); -define('DB_PORT', '5432'); -define('MYSQL_CHARSET', 'UTF8'); - -define('SELF_URL_PATH', 'https://rss.tozt.net/'); -define('SINGLE_USER_MODE', false); -define('SIMPLE_UPDATE_MODE', false); - -define('PHP_EXECUTABLE', '/usr/bin/php'); -define('LOCK_DIRECTORY', 'lock'); -define('CACHE_DIR', 'cache'); -define('ICONS_DIR', 'feed-icons'); -define('ICONS_URL', 'feed-icons'); - -define('AUTH_AUTO_CREATE', true); -define('AUTH_AUTO_LOGIN', true); - -define('FORCE_ARTICLE_PURGE', 0); - -define('SPHINX_SERVER', 'localhost:9312'); -define('SPHINX_INDEX', 'ttrss, delta'); - -define('ENABLE_REGISTRATION', false); -define('REG_NOTIFY_ADDRESS', 'ttrss@tozt.net'); -define('REG_MAX_USERS', 2); - -define('SESSION_COOKIE_LIFETIME', 86400); - -define('SMTP_FROM_NAME', 'Tiny Tiny RSS'); -define('SMTP_FROM_ADDRESS', 'ttrss-noreply@tozt.net'); -define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours'); -define('SMTP_SERVER', ''); -define('SMTP_LOGIN', ''); -define('SMTP_PASSWORD', ''); -define('SMTP_SECURE', 'tls'); - -define('CHECK_FOR_UPDATES', false); -define('ENABLE_GZIP_OUTPUT', false); -define('PLUGINS', 'auth_internal, note'); -define('LOG_DESTINATION', 'sql'); -define('CONFIG_VERSION', 26); diff --git a/tozt/ttrss/files/pacman-hook b/tozt/ttrss/files/pacman-hook deleted file mode 100644 index f9cf938..0000000 --- a/tozt/ttrss/files/pacman-hook +++ /dev/null @@ -1,10 +0,0 @@ -[Trigger] -Operation = Install -Operation = Upgrade -Type = Package -Target = tt-rss - -[Action] -Description = Updating TT-RSS Database -When = PostTransaction -Exec = /usr/bin/runuser -u http -- /usr/bin/php /usr/share/webapps/tt-rss/update.php --update-schema diff --git a/tozt/ttrss/manifests/init.pp b/tozt/ttrss/manifests/init.pp deleted file mode 100644 index e7c9d2f..0000000 --- a/tozt/ttrss/manifests/init.pp +++ /dev/null @@ -1,126 +0,0 @@ -class ttrss($dbpath) { - include systemd - - package { - [ - "tt-rss", - "postgresql", - "php-pgsql", - "php-fpm", - ]: - ensure => installed; - } - - file { - $dbpath: - ensure => directory, - owner => 'postgres', - group => 'postgres', - require => Package["postgresql"]; - "$dbpath/data": - ensure => directory, - owner => 'postgres', - group => 'postgres', - require => [ - Package["postgresql"], - File[$dbpath], - ]; - "/etc/systemd/system/postgresql.service.d": - ensure => directory; - "/etc/systemd/system/postgresql.service.d/override.conf": - content => template('ttrss/postgres-service'), - notify => Exec["/usr/bin/systemctl daemon-reload"], - require => File["/etc/systemd/system/postgresql.service.d"]; - "/etc/webapps/tt-rss/config.php": - source => "puppet:///modules/ttrss/config.php", - require => Package["tt-rss"]; - "/etc/pacman.d/hooks": - ensure => directory; - "/etc/pacman.d/hooks/tt-rss.hook": - source => "puppet:///modules/ttrss/pacman-hook", - require => [ - File["/etc/pacman.d/hooks"], - Package["tt-rss"], - ] - } - - exec { "initialize db path": - command => "/usr/bin/initdb -D $dbpath/data", - user => 'postgres', - creates => "$dbpath/data/PG_VERSION", - require => [ - File["$dbpath/data"], - Package["postgresql"], - ]; - } - - service { "postgresql": - ensure => running, - enable => true, - require => [ - Package["postgresql"], - Exec["initialize db path"], - ]; - } - - exec { "create db user": - provider => shell, - command => "createuser -d ttrss", - user => 'postgres', - unless => "psql -Atc 'select usename from pg_catalog.pg_user' | grep -F ttrss", - require => [ - Package["postgresql"], - Service["postgresql"], - ]; - } - - exec { "create db": - provider => shell, - command => "createdb -U ttrss ttrss", - user => 'postgres', - unless => "psql -Atc 'select datname from pg_catalog.pg_database' | grep -F ttrss", - require => [ - Exec["create db user"], - Package["postgresql"], - Service["postgresql"], - ]; - } - - exec { "fixup php.ini": - provider => shell, - command => "sed -i 's/^;\\(extension=.*pgsql\\)$/\\1/' /etc/php/php.ini", - unless => "grep -q '^extension=pgsql$' /etc/php/php.ini && grep -q '^extension=pdo_pgsql$' /etc/php/php.ini", - require => Package["php-pgsql"]; - } - - exec { "initialize tt-rss db": - provider => shell, - command => "psql ttrss -U ttrss -f /usr/share/webapps/tt-rss/schema/ttrss_schema_pgsql.sql", - user => 'postgres', - unless => "psql -d ttrss -Atc 'select relname from pg_catalog.pg_class;' | grep -q '^ttrss'", - require => [ - Package["postgresql"], - Service["postgresql"], - Exec["create db"], - Package["tt-rss"], - File["/etc/webapps/tt-rss/config.php"], - ] - } - - service { "tt-rss": - ensure => running, - enable => true, - require => [ - Package["tt-rss"], - Exec["fixup php.ini"], - File["/etc/webapps/tt-rss/config.php"], - Exec["create db"], - ] - } - - service { "php-fpm": - ensure => running, - enable => true, - require => Package["php-fpm"]; - } -} diff --git a/tozt/ttrss/templates/postgres-service b/tozt/ttrss/templates/postgres-service deleted file mode 100644 index aa63550..0000000 --- a/tozt/ttrss/templates/postgres-service +++ /dev/null @@ -1,3 +0,0 @@ -[Service] -Environment=PGROOT=<%= @dbpath %> -PIDFile=<%= @dbpath %>/data/postmaster.pid diff --git a/tozt/wireguard/manifests/init.pp b/tozt/wireguard/manifests/init.pp deleted file mode 100644 index 236a269..0000000 --- a/tozt/wireguard/manifests/init.pp +++ /dev/null @@ -1,18 +0,0 @@ -class wireguard { - package { ["linux-headers", "wireguard-tools"]: - ensure => installed, - } - - secret { "/etc/wireguard/algo.conf": - source => "wireguard", - } - - service { "wg-quick@algo": - ensure => running, - enable => true, - require => [ - Package["wireguard-tools"], - Secret["/etc/wireguard/algo.conf"], - ], - } -} diff --git a/tozt/yaourt/manifests/init.pp b/tozt/yaourt/manifests/init.pp deleted file mode 100644 index 871cac8..0000000 --- a/tozt/yaourt/manifests/init.pp +++ /dev/null @@ -1,20 +0,0 @@ -class yaourt { - package { - [ - "yajl" - ]: - ensure => 'installed', - install_options => ["--asdeps"]; - } - - package::makepkg { 'package-query': - ensure => installed, - asdeps => true, - require => Package['yajl']; - } - - package::makepkg { 'yaourt': - ensure => installed, - require => Package::Makepkg['package-query']; - } -} diff --git a/tozt/zsh/manifests/init.pp b/tozt/zsh/manifests/init.pp deleted file mode 100644 index e6f97aa..0000000 --- a/tozt/zsh/manifests/init.pp +++ /dev/null @@ -1,5 +0,0 @@ -class zsh { - package { "zsh": - ensure => installed, - } -} |