Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F3766736
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
11 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/GIDs b/GIDs
index 0101963..c2891c9 100644
--- a/GIDs
+++ b/GIDs
@@ -1,10 +1,11 @@
827 chaton-dev
828 deployment
829 nasqueron-irc
+990 quassel
3001 ops
#3002 is intentionally left unassigned
3003 deployment
3004 mediawiki
9001 salt
9002 deploy
9003 web
diff --git a/UIDs b/UIDs
index f6f670f..dfc76b6 100644
--- a/UIDs
+++ b/UIDs
@@ -1,9 +1,10 @@
830 odderon
831 builder
832 chaton
833 viper
834 tc2
+990 quassel
3004 mediawiki
9001 salt
9002 deploy
8900 zr
diff --git a/map.jinja b/map.jinja
index 1b46bd9..5173d13 100644
--- a/map.jinja
+++ b/map.jinja
@@ -1,196 +1,205 @@
{% set dirs = salt['grains.filter_by']({
'Debian': {
'etc': '/etc',
'bin': '/usr/bin',
'include': '/usr/include',
'lib': '/usr/lib',
'man': '/usr/share/man',
'sbin': '/usr/sbin',
'share': '/usr/share',
},
'FreeBSD' : {
'etc': '/usr/local/etc',
'bin': '/usr/local/bin',
'include': '/usr/local/include',
'lib': '/usr/local/lib',
'man': '/usr/local/man',
'sbin': '/usr/local/sbin',
'share': '/usr/local/share',
},
}, default='Debian') %}
{% set services = salt['grains.filter_by']({
'Debian': {
'manager': 'systemd',
},
'FreeBSD' : {
'manager': 'rc',
},
}, default='Debian') %}
{% set shells = salt['grains.filter_by']({
'Debian': {
'bash': '/bin/bash',
'fish': '/usr/bin/fish',
+ 'nologin': '/usr/sbin/nologin',
'tcsh': '/usr/bin/tcsh',
'zsh': '/bin/zsh',
},
'FreeBSD' : {
'bash': '/usr/local/bin/bash',
'fish': '/usr/local/bin/fish',
+ 'nologin': '/sbin/nologin',
'tcsh': '/bin/tcsh',
'zsh': '/usr/local/bin/zsh',
},
+ 'Arch': {
+ 'bash': '/bin/bash',
+ 'fish': '/usr/bin/fish',
+ 'nologin': '/sbin/nologin',
+ 'tcsh': '/usr/bin/tcsh',
+ 'zsh': '/bin/zsh',
+ },
}, default='Debian') %}
{% set paths = salt['grains.filter_by']({
'FreeBSD': {
'sshd': '/usr/sbin/sshd',
'sftp': '/usr/libexec/sftp-server',
},
'Debian': {
'sshd': '/usr/sbin/sshd',
'sftp': '/usr/lib/openssh/sftp-server',
},
'RedHat': {
'sshd': '/sbin/sshd',
'sftp': '/usr/libexec/openssh/sftp-server',
},
'Arch': {
'sshd': '/usr/sbin/sshd',
'sftp': '/usr/lib/ssh/sftp-server',
},
}, default='FreeBSD') %}
{% set packages_prefixes = salt['grains.filter_by']({
'Debian': {
'php': 'php7.2-',
'python2': '',
'python3': 'python3-',
},
'RedHat': {
'python2': 'python-',
'python3': 'python3-',
},
'FreeBSD' : {
'php': 'php72-',
'python2': 'py27-',
'python3': 'py36-',
'rubygem': 'rubygem-',
},
}, default='Debian') %}
{% set packages = salt['grains.filter_by']({
'Debian' : {
'ag': 'silversearcher-ag',
'aspell-fr': 'aspell-fr',
'aspell-en': 'aspell-en',
'certbot': 'certbot',
'composer': 'composer',
'cppunit': 'libcppunit-dev',
'emacs': 'emacs-nox',
'exiftool': 'libimage-exiftool-perl',
'gpg': 'gpg',
'imagemagick': 'imagemagick',
'jpeg-turbo' : 'libjpeg-turbo',
'librabbitmq': 'librabbitmq-dev',
'lua': 'lua5.1',
'mariadb': 'mariadb-server',
'node': 'nodejs',
'pear': 'php-pear',
'phpcs': 'php-codesniffer',
'phpunit': 'phpunit',
'postgresql': 'postgresql-10',
'sphinx': 'python3-sphinx',
'tcl': 'tcl8.6-dev',
'tcltls': 'tcl-tls',
'tdom': 'tdom',
'varnish': 'varnish',
'verbiste': 'verbiste',
'youtube-dl': 'youtube-dl',
'yubico-pam': 'libpam-yubico',
},
'RedHat': {
'ag': 'the_silver_searcher',
'aspell-fr': 'aspell-fr',
'certbot': 'python2-certbot',
'cppunit': 'cppunit-devel',
'emacs': 'emacs-nox',
'exiftool': 'perl-Image-ExifTool',
'jpeg-turbo' : 'libjpeg-turbo',
'librabbitmq': 'librabbitmq',
'lua': 'lua',
'mariadb': 'mariadb-server',
'node': 'nodejs',
'pear': 'php-pear',
'phpcs': 'php-pear-PHP-CodeSniffer',
'sphinx': 'python3-sphinx',
'tcl': 'tcl',
'tcltls': 'tcltls',
'varnish': 'varnish',
'youtube-dl': 'youtube-dl',
'yubico-pam': 'pam_yubico',
},
'Arch': {
'ag': 'the_silver_searcher',
'aspell-fr': 'aspell-fr',
'certbot': 'certbot',
'cppunit': 'cppunit',
'emacs': 'emacs-nox',
'mariadb': 'mariadb',
'sphinx': 'python-sphinx',
'tcltls': 'tcltls',
'varnish': 'varnish',
'youtube-dl': 'youtube-dl',
'yubico-pam': 'yubico-pam',
},
'FreeBSD' : {
'ag': 'the_silver_searcher',
'aspell-fr': 'fr-aspell',
'aspell-en': 'en-aspell',
'boost': 'boost-all',
'certbot': 'py27-certbot',
'composer': 'php-composer',
'cppunit': 'cppunit',
'emacs': 'emacs-nox11',
'exiftool': 'p5-Image-ExifTool-devel',
'gpg': 'gnupg',
'imagemagick': 'ImageMagick',
'jpeg-turbo' : 'jpeg-turbo',
'librabbitmq': 'rabbitmq-c-devel',
'lua': 'lua51',
'mariadb': 'mariadb102-server',
'node': 'node',
'pear': 'pear',
'phpcs': 'pear-PHP_CodeSniffer',
'phpunit': 'phpunit6',
'postgresql': 'postgresql10-server',
'sphinx': 'py36-sphinx',
'tcl': 'tcl86',
'tcltls': 'tcltls',
'tdom': 'tDOM',
'varnish': 'varnish5',
'verbiste': 'fr-verbiste',
'youtube-dl': 'youtube_dl',
'yubico-pam': 'pam_yubico',
},
}, default='Debian') %}
{# -------------------------------------------------------------
Capabilities of OS and distributions
:: MOTD-printed-at-login
Login mechanism, through PAM or dotfiles,
prints the MOTD when a session is opened.
When at False, OpenSSH will take care of it.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - #}
{% set capabilities = salt['grains.filter_by']({
'Debian': {
'MOTD-printed-at-login': True,
},
'FreeBSD' : {
'MOTD-printed-at-login': False,
},
}, default='Debian') %}
diff --git a/roles/shellserver/init.sls b/roles/shellserver/init.sls
index 3f872f3..91fa735 100644
--- a/roles/shellserver/init.sls
+++ b/roles/shellserver/init.sls
@@ -1,17 +1,18 @@
# -------------------------------------------------------------
# Salt — Shell server's units
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
include:
# System features
- .userland-software
- .vhosts
- .web-hosting
- .database
+ - .quassel-core
# Services hosted
- .odderon
- .bonjour-chaton
diff --git a/roles/shellserver/quassel-core/account.sls b/roles/shellserver/quassel-core/account.sls
new file mode 100644
index 0000000..c661ddc
--- /dev/null
+++ b/roles/shellserver/quassel-core/account.sls
@@ -0,0 +1,26 @@
+# -------------------------------------------------------------
+# Salt — Provision Quassel core
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Eglide
+# Created: 2018-03-28
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% from "map.jinja" import shells with context %}
+
+# -------------------------------------------------------------
+# Account
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+quassel_account:
+ group.present:
+ - name: quassel
+ - gid: 990
+ - system: True
+ user.present:
+ - name: quassel
+ - fullname: Quassel core
+ - uid: 990
+ - gid: 990
+ - home: /var/lib/quassel
+ - shell: {{ shells.nologin }}
diff --git a/roles/shellserver/quassel-core/certificate.sls b/roles/shellserver/quassel-core/certificate.sls
new file mode 100644
index 0000000..c746e44
--- /dev/null
+++ b/roles/shellserver/quassel-core/certificate.sls
@@ -0,0 +1,30 @@
+# -------------------------------------------------------------
+# Salt — Provision Quassel core
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Eglide
+# Created: 2018-03-28
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# Certificate
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/var/lib/quassel:
+ file.directory:
+ - user: quassel
+ - group: quassel
+
+quassel_certificate:
+ cmd.run:
+ - name: cat privkey.pem cert.pem > /var/lib/quassel/quasselCert.pem
+ - cwd: /etc/letsencrypt/live/quassel.eglide.org
+ - creates: /var/lib/quassel/quasselCert.pem
+
+quassel_certificate_rights:
+ file.managed:
+ - name: /var/lib/quassel/quasselCert.pem
+ - replace: False
+ - user: quassel
+ - group: quassel
+ - mode: 400
diff --git a/roles/shellserver/init.sls b/roles/shellserver/quassel-core/init.sls
similarity index 56%
copy from roles/shellserver/init.sls
copy to roles/shellserver/quassel-core/init.sls
index 3f872f3..df8e1bc 100644
--- a/roles/shellserver/init.sls
+++ b/roles/shellserver/quassel-core/init.sls
@@ -1,17 +1,12 @@
# -------------------------------------------------------------
-# Salt — Shell server's units
+# Salt — Provision Quassel core
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-# Project: Nasqueron
+# Project: Eglide
+# Created: 2018-03-28
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
include:
- # System features
- - .userland-software
- - .vhosts
- - .web-hosting
- - .database
-
- # Services hosted
- - .odderon
- - .bonjour-chaton
+ - .account
+ - .certificate
+ - .software
diff --git a/roles/shellserver/quassel-core/software.sls b/roles/shellserver/quassel-core/software.sls
new file mode 100644
index 0000000..8f03ba7
--- /dev/null
+++ b/roles/shellserver/quassel-core/software.sls
@@ -0,0 +1,23 @@
+# -------------------------------------------------------------
+# Salt — Provision Quassel core
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Eglide
+# Created: 2018-03-28
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# Software
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+quassel-core:
+ pkg.installed
+
+# -------------------------------------------------------------
+# Dependencies
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{% if grains['os_family'] == 'Debian' %}
+libqt5sql5-psql:
+ pkg.installed
+{% endif %}
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Sun, Nov 24, 19:42 (3 h, 43 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2258812
Default Alt Text
(11 KB)
Attached To
Mode
rOPS Nasqueron Operations
Attached
Detach File
Event Timeline
Log In to Comment