No OneTemporary
Actions

Size

9 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/README.md b/README.md
	index 9d1046c..bdfe01a 100644
	--- a/README.md
	+++ b/README.md
	@@ -1,88 +1,88 @@
	Nasqueron operations
	====================

	Welcome to [rOPS](https://devcentral.nasqueron.org/diffusion/OPS/),
	the Nasqueron operations repository.

	----------

	Introduction
	------------

	Nasqueron infrastructure servers support our budding community
	of creative people, writers, developers and thinkers.

	Nasqueron follows the principle of "Infrastructure as Code"
	to offer documentation, reproducibility, transparency and
	to allow external contributions.

	It contains:

	- server configuration
	- deployment information for our applications and services

	We mainly rely on [SaltStack](https://docs.saltstack.com/en/latest/contents.html)
	for deployment and automation.

	Scope
	-----

	New services on our Docker engine (currently Dwellers) should be
	deployed through this repository.

	The [Eglide](http://www.eglide.org/) service is fully managed
	through this repository.

	Legacy services are in migration.

	Structure
	---------

	Services are organized in roles and units.

	* Roles: a role is a goal a service accomplishes (e.g. mailserver, paas-docker)
	* Units: a unit is a component needed to achieve this goal
	(e.g. an userland software collection, a nginx server)

	Directories follow `roles/<role>/<unit>`.

	If configuration files for a unit should be stored,
	a subfolder `files` is created at unit level.

	The `pillar/ ` folder contains data about Eglide users,

	Contribute
	----------

	Contributions are welcome to this repository, especially if you wish to:

	1. improve our infrastructure
	2. install or configure something on a Nasqueron server
	3. install or configure something on a project we manage (like Eglide)
	4. help to migrate services to Salt

	You can follow this [contributor guide](https://agora.nasqueron.org/How%20to%20contribute%20code)
	to send a commit for review. This procedure is open to everyone.

	Issues can be reported on the [#Servers component](https://devcentral.nasqueron.org/tag/servers/)
	on DevCentral, the Nasqueron Phabricator instance.

	-Support for contributors is provided on Freenode #nasqueron-ops.
	+Support for contributors is provided on Libera #nasqueron-ops.

	Inclusive terminology
	---------------------

	The repository uses the following terminology:

	- Salt primary server: server that issues commands to other servers, including itself
	- Node: a server, baremetal or VM configured by Salt

	License
	-------

	A lot of configuration as code is trivial, and so ineligible for copyright per
	[threshold of originality](https://en.wikipedia.org/wiki/Threshold_of_originality)

	When this is not the case, the code is licensed under
	[BSD-2-Clause](https://opensource.org/licenses/BSD-2-Clause)
	if not otherwise specified.
	diff --git a/roles/core/motd/files/dwellers b/roles/core/motd/files/dwellers
	index fa8152a..8f156b7 100644
	--- a/roles/core/motd/files/dwellers
	+++ b/roles/core/motd/files/dwellers
	@@ -1,19 +1,19 @@
	_____________________________________________________________

	' \|\|'''\|. '\|\|` '\|\|`
	\|\| \|\| \|\| \|\|
	\|\| \|\| '\\ //` .\|''\|, \|\| \|\| .\|''\|, '\|\|''\| (''''
	\|\| \|\| \\/\// \|\|..\|\| \|\| \|\| \|\|..\|\| \|\| `'')
	.\|\|...\|' \/\/ `\|... .\|\|. .\|\|. `\|... .\|\|. `...'

	IP: {{ ipv4_address }}
	GW: {{ ipv4_gateway }}

	Containers for Nasqueron and associated projects.

	Docker / LXC
	Documentation: https://agora.nasqueron.org/Dwellers

	Please report any action done on this server
	- to Freenode #nasqueron-ops or on DevCentral.
	+ to Libera #nasqueron-ops or on DevCentral.
	_____________________________________________________________
	diff --git a/roles/shellserver/odderon/account.sls b/roles/shellserver/odderon/account.sls
	index 4028078..86a713c 100644
	--- a/roles/shellserver/odderon/account.sls
	+++ b/roles/shellserver/odderon/account.sls
	@@ -1,34 +1,34 @@
	# -------------------------------------------------------------
	# Salt — Deploy Odderon (darkbot)
	# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
	# Project: Nasqueron
	# Created: 2017-01-24
	-# Description: Darkbot on Freenode
	+# Description: Darkbot
	# License: Trivial work, not eligible to copyright
	# -------------------------------------------------------------

	{% from "map.jinja" import dirs with context %}

	# -------------------------------------------------------------
	# Service account
	# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

	odderon_account:
	user.present:
	- name: odderon
	- fullname: Odderon
	- uid: 830
	- gid: 829
	- home: /opt/odderon

	# -------------------------------------------------------------
	# Sudo capabilities
	#
	# Members of nasqueron-irc should be able to sudo -u odderon …
	# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

	odderon_sudo_capabilities_file:
	file.managed:
	- name: {{ dirs.etc }}/sudoers.d/odderon
	- source: salt://roles/shellserver/odderon/files/odderon.sudoers
	- template: jinja
	diff --git a/roles/shellserver/odderon/config.sls b/roles/shellserver/odderon/config.sls
	index 824930f..616d533 100644
	--- a/roles/shellserver/odderon/config.sls
	+++ b/roles/shellserver/odderon/config.sls
	@@ -1,20 +1,20 @@
	# -------------------------------------------------------------
	# Salt — Deploy Odderon unit (darkbot)
	# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
	# Project: Nasqueron
	# Created: 2017-10-19
	-# Description: Darkbot unit (Freenode)
	+# Description: Darkbot
	# License: Trivial work, not eligible to copyright
	# -------------------------------------------------------------

	# -------------------------------------------------------------
	# File permissions and ownership
	# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

	odderon_fix_permissions_and_ownership:
	file.managed:
	- name: /opt/odderon/var/darkbot/userlist.db
	- user: odderon
	- group: nasqueron-irc
	- chmod: 640
	- replace: False
	diff --git a/roles/shellserver/odderon/service.sls b/roles/shellserver/odderon/service.sls
	index da2b6eb..9e879a5 100644
	--- a/roles/shellserver/odderon/service.sls
	+++ b/roles/shellserver/odderon/service.sls
	@@ -1,36 +1,36 @@
	# -------------------------------------------------------------
	# Salt — Deploy Odderon unit (darkbot)
	# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
	# Project: Nasqueron
	# Created: 2017-01-25
	-# Description: Darkbot unit (Freenode)
	+# Description: Darkbot
	# License: Trivial work, not eligible to copyright
	# -------------------------------------------------------------

	{% from "map.jinja" import services with context %}

	# -------------------------------------------------------------
	# Unit configuration
	# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

	{% if services['manager'] == 'systemd' %}

	odderon_unit:
	file.managed:
	- name: /etc/systemd/system/odderon.service
	- source: salt://roles/shellserver/odderon/files/odderon.service
	- mode: 644
	module.run:
	- service.force_reload:
	- name: odderon
	- onchanges:
	- file: odderon_unit

	odderon_running:
	service.running:
	- name: odderon
	- enable: true
	- watch:
	- module: odderon_unit

	{% endif %}
	diff --git a/roles/viperserv/account/init.sls b/roles/viperserv/account/init.sls
	index 5dc241f..f484ce2 100644
	--- a/roles/viperserv/account/init.sls
	+++ b/roles/viperserv/account/init.sls
	@@ -1,47 +1,47 @@
	# -------------------------------------------------------------
	# Salt — Deploy ViperServ (eggdrop)
	# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
	# Project: Nasqueron
	# Created: 2017-11-14
	-# Description: Eggdrop on Freenode
	+# Description: Eggdrop on Libera
	# License: Trivial work, not eligible to copyright
	# -------------------------------------------------------------

	{% from "map.jinja" import dirs with context %}

	# -------------------------------------------------------------
	# Service accounts
	# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

	{% for username, user in pillar['viperserv_accounts'].items() %}

	viperserv_account_{{ username }}:
	user.present:
	- name: {{ username }}
	- fullname: {{ user['fullname'] }}
	- uid: {{ user['uid'] }}
	- gid: nasqueron-irc
	- home: {{ dirs.share }}/{{ username }}

	/var/run/{{ username }}:
	file.directory:
	- user: {{ user['uid'] }}
	- group: nasqueron-irc
	- dir_mode: 711

	{% endfor %}

	# -------------------------------------------------------------
	# Sudo capabilities
	#
	# Members of nasqueron-irc should be able to sudo -u viperserv …
	# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

	viperserv_sudo_capabilities_file:
	file.managed:
	- name: {{ dirs.etc }}/sudoers.d/viperserv
	- source: salt://roles/viperserv/account/files/viperserv.sudoers
	- template: jinja
	- context:
	accounts: {{ pillar['viperserv_accounts'] }}
	bots: {{ pillar['viperserv_bots'] }}

File Metadata

Mime Type: text/x-diff
Expires: Mon, Nov 25, 18:43 (11 h, 54 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 2257766
Default Alt Text: (9 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions