Page MenuHomeDevCentral
Files F24927211

No OneTemporary
Actions

View Options

diff --git a/roles/core/motd/init.sls b/roles/core/motd/init.sls
index e9e5c12..4767e50 100644
--- a/roles/core/motd/init.sls
+++ b/roles/core/motd/init.sls
@@ -1,32 +1,32 @@
# -------------------------------------------------------------
# Salt — MOTD
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2016-04-10
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set network = salt['node.get']('network') %}
motd:
file.managed:
{% if grains['os_family'] == 'Debian' %}
- name: /etc/motd.tail
{% else %}
- name: /etc/motd
{% endif %}
- source: salt://roles/core/motd/files/{{ grains['id'] }}
- template: jinja
- context:
ipv4_address: {{ network['ipv4_address'] }}
ipv4_gateway: {{ network['ipv4_gateway'] }}
-# Fixes T858
+# Fixes T858
get_rid_of_scaleway_motd:
file.absent:
- name: /etc/update-motd.d/50-scw
/usr/local/bin/motd:
file.managed:
- source: salt://roles/core/motd/files/motd.sh
- mode: 755
diff --git a/roles/core/users/init.sls b/roles/core/users/init.sls
index 28ab5e1..52403cd 100644
--- a/roles/core/users/init.sls
+++ b/roles/core/users/init.sls
@@ -1,127 +1,127 @@
# -------------------------------------------------------------
# Salt — Provision users accounts
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-11-09
# Description: Adds and revokes user accounts, in the relevant
# groups and with their stable SSH keys.
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
# -------------------------------------------------------------
# Table of contents
# -------------------------------------------------------------
#
# :: Disabled accounts
# :: ZFS (before user account creation)
-#  :: Active accounts
+# :: Active accounts
# :: ZFS (after user account creation)
-#  :: Groups
+# :: Groups
# :: SSH keys
#
# -------------------------------------------------------------
{% from "map.jinja" import dirs, shells with context %}
{% set users = salt['forest.get_users']() %}
{% set zfs_tank = salt['node.get']("zfs:pool") %}
# -------------------------------------------------------------
# Disabled accounts
# -------------------------------------------------------------
{% for username in pillar.get('revokedusers') %}
{{ username }}:
user.absent
{% endfor %}
# -------------------------------------------------------------
# ZFS datasets
#
# Where ZFS is available, home directories are created as separate
# datasets. That has several benefits, like allowing users to create
# snapshots or manage backups.
# -------------------------------------------------------------
{% if zfs_tank %}
zfs_home_permissions_sets:
cmd.run:
- name: |
zfs allow -s @local allow,clone,create,diff,hold,mount,promote,receive,release,rollback,snapshot,send {{ zfs_tank }}{{ dirs.home }}
zfs allow -s @descendent allow,clone,create,diff,destroy,hold,mount,promote,receive,release,rename,rollback,snapshot,send {{ zfs_tank }}{{ dirs.home }}
touch {{ dirs.home }}/.zfs-permissions-set
- creates: {{ dirs.home }}/.zfs-permissions-set
{% for username in users %}
{% set home_directory = zfs_tank + dirs['home'] + '/' + username %}
{{ home_directory }}:
zfs.filesystem_present
zfs_permissions_home_local_{{ username }}:
cmd.run:
- name: zfs allow -lu {{ username }} @local {{ home_directory }}
- require:
- user: {{ username }}
- onchanges:
- zfs: {{ home_directory }}
zfs_permissions_home_descendant_{{ username }}:
cmd.run:
- name: zfs allow -du {{ username }} @descendent {{ home_directory }}
- require:
- user: {{ username }}
- onchanges:
- zfs: {{ home_directory }}
{% endfor %}
{% endif %}
# -------------------------------------------------------------
# Active accounts
# -------------------------------------------------------------
{% for username, user in users.items() %}
{{ username }}:
user.present:
- fullname: {{ user['fullname'] }}
- shell: {{ shells[user['shell']|default('bash')] }}
- uid: {{ user['uid'] }}
- loginclass: {{ user['class']|default('english') }}
{% endfor %}
# -------------------------------------------------------------
# Groups
# -------------------------------------------------------------
{% for groupname, group in salt['forest.get_groups']().items() %}
group_{{ groupname }}:
group.present:
- name: {{ groupname }}
- gid: {{ group['gid'] }}
- members: {{ group['members'] }}
{% endfor %}
# -------------------------------------------------------------
# SSH keys
# -------------------------------------------------------------
{% for username, user in users.items() %}
/home/{{ username }}/.ssh:
file.directory:
- user: {{ username }}
- group: {{ username }}
- dir_mode: 700
/home/{{ username}}/.ssh/authorized_keys:
file.managed:
- source: salt://roles/core/users/files/authorized_keys
- user: {{ username }}
- group: {{ username }}
- mode: 600
- template: jinja
- context:
keys: {{ user['ssh_keys']|default([]) }}
{% endfor %}
diff --git a/roles/paas-docker/containers/notifications.sls b/roles/paas-docker/containers/notifications.sls
index d191293..6995e22 100644
--- a/roles/paas-docker/containers/notifications.sls
+++ b/roles/paas-docker/containers/notifications.sls
@@ -1,46 +1,46 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2016-01-23
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% set containers = pillar['docker_containers'][grains['id']] %}
{% for instance, container in containers['notifications'].items() %}
# -------------------------------------------------------------
# Container
#
# Image: nasqueron/notifications
# Description: Listen to webhooks, fire notifications to
-#  the broker. Used for CI / IRC notifications.
+# the broker. Used for CI / IRC notifications.
# Services used: RabbitMQ broker (white-rabbit)
# Docker volume (/data/notifications/storage)
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{{ instance }}:
docker_container.running:
- detach: True
- interactive: True
- image: nasqueron/notifications
- binds: /srv/notifications/storage:/var/wwwroot/default/storage
- links:
- {{ container['broker_link'] }}:mq
- environment:
- BROKER_HOST: mq
- BROKER_USERNAME: {{ salt['zr.get_username'](container['credentials']['broker']) }}
- BROKER_PASSWORD: {{ salt['zr.get_password'](container['credentials']['broker']) }}
- BROKER_VHOST: dev
- MAILGUN_DOMAIN: {{ salt['zr.get_username'](container['credentials']['mailgun']) }}
- MAILGUN_APIKEY: {{ salt['zr.get_password'](container['credentials']['mailgun']) }}
- SENTRY_DSN: {{ salt['zr.get_sentry_dsn'](container['sentry']) }}
- ports:
- 80
- port_bindings:
- {{ container['app_port'] }}:80
{% endfor %}
diff --git a/roles/shellserver/user-session/files/whom-diff.sh b/roles/shellserver/user-session/files/whom-diff.sh
index 39a7437..7493604 100755
--- a/roles/shellserver/user-session/files/whom-diff.sh
+++ b/roles/shellserver/user-session/files/whom-diff.sh
@@ -1,77 +1,77 @@
#!/bin/sh
# -------------------------------------------------------------
# whom-diff
#
# Computes the diff between two `whom` invoke.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Author: Sébastien Santoro aka Dereckson
# Created: 2015-12-30
# Licence: BSD-2-Clause
# Source file: roles/shellserver/user-session/files/whom-diff.sh
# -------------------------------------------------------------
#
# <auto-generated>
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
# </auto-generated>
# -------------------------------------------------------------
# Determines session identifier and directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
if [ "$SESSION_ID" = "" ]; then
SESSION_ID=`who am I | md5 | cut -c1-8`
fi
DIR=/var/tmp/whom/$USER/$SESSION_ID
# -------------------------------------------------------------
# -s / --session
# Prints the session identifier
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
if [ "$1" = "--session" ] || [ "$1" = "-s" ]; then
echo $SESSION_ID
exit 0
fi
# -------------------------------------------------------------
# Default mode
-#  Prints the diff between current `whom` and previous output
+# Prints the diff between current `whom` and previous output
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
if [ $# -eq 0 ]; then
# Creates working directory if needed
if [ ! -d $DIR ]; then
mkdir -p $DIR
touch $DIR/old
fi
# Let's diff
cd $DIR
whom > current
diff old current | tail -n +2
mv current old
exit 0
fi
# -------------------------------------------------------------
# -c / --clean
# Cleans directory
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
if [ "$1" = "--clean" ] || [ "$1" = "-c" ]; then
rm -rf $DIR
exit $?
fi
# -------------------------------------------------------------
# Usage
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>&2 echo "Usage: $0 [--setup|--clean|-s|-c]"
exit 1

File Metadata

Mime Type
text/x-diff
Expires
Sat, Mar 21, 03:04 (8 h, 48 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3546301
Default Alt Text
(10 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator