Page MenuHomeDevCentral
Files F3768892

No OneTemporary
Actions

View Options

diff --git a/roles/core/sshd/files/sshd_config b/roles/core/sshd/files/sshd_config
index a021e13..3d720e7 100644
--- a/roles/core/sshd/files/sshd_config
+++ b/roles/core/sshd/files/sshd_config
@@ -1,43 +1,43 @@
# -------------------------------------------------------------
# OpenSSH configuration
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-02-28
# License: Trivial work, not eligible to copyright
# Source file: roles/core/sshd/files/sshd_config
# -------------------------------------------------------------
#
# <auto-generated>
# This file is managed by our rOPS SaltStack repository.
#
# Changes to this file may cause incorrect behavior
# and will be lost if the state is redeployed.
# </auto-generated>
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
-{% if grains['os'] == 'CentOS' -%}
+{% if grains['os_family'] == 'RedHat' -%}
# Don't use host DSA key (CentOS by default uses it, see T1352)
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
{%- endif %}
# Nasqueron servers authentication should only occur through SSH keys
# but PAM can offer extra capabilities if needed like OTP.
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes
# Once the core role has been applied to a server, ops users have been created
# and sudo configured. We can so forbid direct root login.
PermitRootLogin no
# Misc options
PrintMotd {{ "yes" if print_motd else "no" }}
AcceptEnv LANG LC_*
# SFTP
Subsystem sftp {{ sftp }}
diff --git a/roles/core/userland-software/init.sls b/roles/core/userland-software/init.sls
index 8c01292..836dba6 100644
--- a/roles/core/userland-software/init.sls
+++ b/roles/core/userland-software/init.sls
@@ -1,132 +1,132 @@
# -------------------------------------------------------------
# Salt — Provision software needed by other core roles
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2016-04-09
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "map.jinja" import dirs, packages with context %}
# -------------------------------------------------------------
# Software sources
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os'] == 'CentOS' %}
+{% if grains['os_family'] == 'RedHat' && grains['os'] != 'Fedora' %}
epel-release:
pkg.installed
/etc/yum.repos.d/nasqueron.repo:
file.managed:
- source: salt://roles/core/userland-software/files/nasqueron.repo
{% endif %}
{% if grains['os'] == 'Debian' %}
/etc/apt/sources.list:
file.managed:
- source: salt://roles/core/userland-software/files/sources.list
- template: jinja
- context:
debian_version: {{ grains['oscodename'] }}
apt_update_debian_sources:
cmd.run:
- name: apt update
- onchanges:
- file: /etc/apt/sources.list
{% endif %}
{% if grains['kernel'] == 'Linux' %}
snapd:
pkg.installed
{% endif %}
{% if grains['os_family'] == 'RedHat' or grains['os'] == 'Arch' %}
snap_enable:
cmd.run:
- name: |
systemctl enable --now snapd.socket
systemctl restart snapd
sleep 30
touch /var/lib/snapd/.enabled
- creates: /var/lib/snapd/.enabled
/snap:
file.symlink:
- target: /var/lib/snapd/snap
{% endif %}
{% if grains['os'] == 'FreeBSD' %}
/etc/periodic/daily/720.portsnap:
file.managed:
- source: salt://roles/core/userland-software/files/720.portsnap
{% endif %}
# -------------------------------------------------------------
# Shells
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
shells:
pkg.installed:
- pkgs:
- bash
- zsh
{% if grains['kernel'] == 'Linux' %}
- tcsh
{% endif %}
# Shell utilities
{% if grains['os'] == 'FreeBSD' %}
- starship
{% endif %}
{% if grains['kernel'] == 'Linux' and grains['osarch'] == 'x86_64' %}
install_starship:
cmd.run:
- name: snap install starship
- creates: /var/lib/snapd/snap/bin/starship
{% endif %}
/usr/local/share/zsh/site-functions/_pm:
file.managed:
# At commit 683d331 - 2017-11-05
- source: https://raw.githubusercontent.com/Angelmmiguel/pm/master/zsh/_pm
- source_hash: deea33968be713cdbd8385d3a72df2dd09c444e42499531893133f009f0ce0ea
- makedirs: True
# -------------------------------------------------------------
# tmux
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
tmux:
pkg.installed
/root/.tmux.conf:
file.managed:
- source: salt://roles/core/userland-software/files/tmux.conf
# -------------------------------------------------------------
# System administration utilities
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
sysadmin_utilities:
pkg.installed:
- pkgs:
- ripgrep
- tree
- wget
{% if grains['os'] == 'FreeBSD' %}
- gnu-watch
{% else %}
- {{ packages.netcat }}
- net-tools
{% endif %}
{% if grains['os_family'] == 'RedHat' %}
- psmisc
{% endif %}
{% if grains['os'] == 'FreeBSD' %}
/usr/local/bin/gwatch:
file.symlink:
- target: /usr/local/bin/gnu-watch
{% endif %}
diff --git a/roles/paas-docker/docker/software.sls b/roles/paas-docker/docker/software.sls
index 019905a..1389c68 100644
--- a/roles/paas-docker/docker/software.sls
+++ b/roles/paas-docker/docker/software.sls
@@ -1,58 +1,58 @@
# -------------------------------------------------------------
# Salt — Provision Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# Created: 2017-05-24
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "map.jinja" import services with context %}
# -------------------------------------------------------------
# Install Docker engine
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-{% if grains['os'] == 'CentOS' %}
+{% if grains['os_family'] == 'RedHat' && grains['os'] != 'Fedora' %}
remove_legacy_docker_packages:
pkg.removed:
- pkgs:
- docker-common
- docker-selinux
- docker-engine
install_docker_engine_dependencies:
file.managed:
- name: /etc/yum.repos.d/docker-ce.repo
- source: https://download.docker.com/linux/centos/docker-ce.repo
- source_hash: 8ab5599eef0afcac10cbd3e8670873efee20fcceb5fb3526a62edeade603cec7
pkg.installed:
- pkgs:
- device-mapper-persistent-data
- lvm2
- require:
- file: install_docker_engine_dependencies
# CentOS 8 can't install docker-ce last version if containerd.io isn't recent enough.
install_docker_engine:
cmd.run:
- name: dnf install -y docker-ce --nobest
- creates: /usr/bin/dockerd
{% endif %}
# -------------------------------------------------------------
# Service
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
start_docker_service:
service.running:
- name: docker
- enable: true
# -------------------------------------------------------------
# Additional utilities
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
install_docker_extra_packages:
pkg.installed:
- pkgs:
- docker-processes

File Metadata

Mime Type
text/x-diff
Expires
Mon, Nov 25, 11:16 (1 d, 13 h)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2260063
Default Alt Text
(7 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator