Page MenuHomeDevCentral
Files F11725460

No OneTemporary
Actions

View Options

diff --git a/roles/core/userland-software/base.sls b/roles/core/userland-software/base.sls
index fe2d83f..55ea788 100644
--- a/roles/core/userland-software/base.sls
+++ b/roles/core/userland-software/base.sls
@@ -1,142 +1,130 @@
# -------------------------------------------------------------
# Salt — Provision software needed by other core roles
# to deploy on all servers
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
{% from "map.jinja" import dirs, packages with context %}
# -------------------------------------------------------------
# Shells
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
shells:
pkg.installed:
- pkgs:
- bash
- zsh
{% if grains['kernel'] == 'Linux' %}
- tcsh
{% endif %}
- # Shell utilities
- {% if grains['os'] == 'FreeBSD' %}
- - starship
- {% endif %}
-
-{% if grains['kernel'] == 'Linux' and grains['osarch'] == 'x86_64' %}
-install_starship:
- cmd.run:
- - name: snap install starship
- - creates: /var/lib/snapd/snap/bin/starship
-{% endif %}
-
/usr/local/share/zsh/site-functions/_pm:
file.managed:
# At commit 683d331 - 2017-11-05
- source: https://raw.githubusercontent.com/Angelmmiguel/pm/master/zsh/_pm
- source_hash: deea33968be713cdbd8385d3a72df2dd09c444e42499531893133f009f0ce0ea
- makedirs: True
# -------------------------------------------------------------
# tmux
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
tmux:
pkg.installed
/root/.tmux.conf:
file.managed:
- source: salt://roles/core/userland-software/files/tmux.conf
{{ dirs.bin }}/tmux-reattach:
file.managed:
- source: salt://roles/core/userland-software/files/tmux-reattach.sh
- mode: 755
# -------------------------------------------------------------
# Python
#
# The "python3" package takes care on FreeBSD to create
# the symbolic link to the relevant Python 3.x version.
#
# If Python is implicitly installed instead, it will be
# a package like python3.9 without the symlink.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
python3:
pkg.installed
# -------------------------------------------------------------
# System administration utilities
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
sysadmin_utilities:
pkg.installed:
- pkgs:
- bat
- colordiff
- git
- nano
- ripgrep
- tree
- wget
{% if grains['os'] == 'FreeBSD' %}
- gnu-watch
{% else %}
- {{ packages.netcat }}
- net-tools
{% endif %}
{% if grains['os_family'] == 'RedHat' %}
- patch
- psmisc
- tar
{% endif %}
{% if grains['os'] == 'Debian' %}
/usr/bin/bat:
file.symlink:
- target: /usr/bin/batcat
{% endif %}
{% if grains['os'] == 'FreeBSD' %}
/usr/local/bin/gwatch:
file.symlink:
- target: /usr/local/bin/gnu-watch
{% endif %}
{% if grains['os_family'] == 'RedHat' %}
{{ dirs.bin }}/new-partition:
file.managed:
- source: salt://roles/core/userland-software/files/new-partition.sh
- mode: 755
{% endif %}
/root/.gitconfig:
file.managed:
- source: salt://roles/core/userland-software/files/gitconfig
- replace: False
- user: root
- group: 0
- mode: 444
# -------------------------------------------------------------
# Nano configuration
#
# YAML syntax highlighting is only available on newest versions:
# As checked 2023-04-19, it's not available on Debian and Rocky.
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
{% if salt['file.file_exists'](dirs["share"] + "/nano/yaml.nanorc") %}
nano_sls_support:
file.replace:
- name: {{ dirs.share }}/nano/yaml.nanorc
- pattern: {{ 'syntax yaml "\.ya?ml$"' | regex_escape }}
- repl: syntax yaml "\.(ya?ml|sls)$"
{% endif %}
{{ dirs.etc }}/nanorc:
nano.config_autogenerated:
- nanorc_dir: {{ dirs.share }}/nano
diff --git a/roles/core/userland-software/files/selinux/systemd-hostnamed.te b/roles/core/userland-software/files/selinux/systemd-hostnamed.te
new file mode 100644
index 0000000..1b44189
--- /dev/null
+++ b/roles/core/userland-software/files/selinux/systemd-hostnamed.te
@@ -0,0 +1,25 @@
+# -------------------------------------------------------------
+# Configuration for systemd-hostnamed for Starship
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Description: SELinux policy to fix T2113
+# Source file: roles/core/userland-software/files/selinux/systemd-hostnamed.te
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+module systemd-hostnamed 1.0;
+
+require {
+ type init_var_run_t;
+ type systemd_hostnamed_t;
+ class sock_file { create unlink };
+}
+
+#============= systemd_hostnamed_t ==============
+allow systemd_hostnamed_t init_var_run_t:sock_file { create unlink };
diff --git a/roles/core/userland-software/init.sls b/roles/core/userland-software/init.sls
index bd66856..cc288a6 100644
--- a/roles/core/userland-software/init.sls
+++ b/roles/core/userland-software/init.sls
@@ -1,11 +1,12 @@
# -------------------------------------------------------------
# Salt — Provision software needed by other core roles
# to deploy on all servers
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Project: Nasqueron
# License: Trivial work, not eligible to copyright
# -------------------------------------------------------------
include:
- .sources
- .base
+ - .starship
diff --git a/roles/core/userland-software/starship.sls b/roles/core/userland-software/starship.sls
new file mode 100644
index 0000000..db3b0ca
--- /dev/null
+++ b/roles/core/userland-software/starship.sls
@@ -0,0 +1,51 @@
+# -------------------------------------------------------------
+# Salt — Provision software needed by other core roles
+# to deploy on all servers
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% from "map.jinja" import dirs, packages with context %}
+
+# -------------------------------------------------------------
+# Starship installation
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{% if grains['os'] == 'FreeBSD' %}
+starship:
+ pkg.installed
+{% endif %}
+
+{% if grains['kernel'] == 'Linux' and grains['osarch'] == 'x86_64' %}
+install_starship:
+ cmd.run:
+ - name: snap install starship
+ - creates: /var/lib/snapd/snap/bin/starship
+{% endif %}
+
+# -------------------------------------------------------------
+# SELinux
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+{% if grains['os_family'] == 'RedHat' %}
+
+/usr/local/share/selinux/systemd-hostnamed.te:
+ file.managed:
+ - source: salt://roles/core/userland-software/files/selinux/systemd-hostnamed.te
+ - makedirs: True
+
+/usr/local/share/selinux/systemd-hostnamed.pp:
+ cmd.run:
+ - name: make -f /usr/share/selinux/devel/Makefile systemd-hostnamed.pp
+ - creates: /usr/local/share/selinux/systemd-hostnamed.pp
+ - cwd: /usr/local/share/selinux
+
+install_selinux_starship_module:
+ cmd.run:
+ - name: semodule -i systemd-hostnamed.pp
+ - cwd: /usr/local/share/selinux
+ - onchanges:
+ - cmd: /usr/local/share/selinux/systemd-hostnamed.pp
+
+{% endif %}

File Metadata

Mime Type
text/x-diff
Expires
Thu, Sep 18, 20:32 (5 h, 56 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2991607
Default Alt Text
(7 KB)

Event Timeline

Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator