diff options
| author | Hugo Hörnquist <hugo@lysator.liu.se> | 2022-01-12 02:26:25 +0100 |
|---|---|---|
| committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2022-01-12 02:26:25 +0100 |
| commit | dd28dcf3d620a4ac7d0a1532b812213cf094cd3c (patch) | |
| tree | a3fa8c8ef446de2bcc2f317bceb4bca868f7e0f0 | |
| parent | Move webdav into profiles. (diff) | |
| download | webdav_server-dd28dcf3d620a4ac7d0a1532b812213cf094cd3c.tar.gz webdav_server-dd28dcf3d620a4ac7d0a1532b812213cf094cd3c.tar.xz | |
Revert "Move webdav into profiles."
It actually reverts the non-need for the nginx module webdav_ext. Since
Omnifocus requires PROPFIND.
This reverts commit edf6ffe8b399679ba28cc5e558a6838919dd1ee8.
122 files changed, 13 insertions, 3450 deletions
diff --git a/.gitmodules b/.gitmodules deleted file mode 100644 index 31de632..0000000 --- a/.gitmodules +++ /dev/null @@ -1,72 +0,0 @@ -[submodule "modules/apache"] - path = modules/apache - url = https://github.com/puppetlabs/puppetlabs-apache -[submodule "modules/apt"] - path = modules/apt - url = https://github.com/puppetlabs/puppetlabs-apt -[submodule "modules/concat"] - path = modules/concat - url = https://github.com/puppetlabs/puppetlabs-concat -[submodule "modules/epel"] - path = modules/epel - url = https://github.com/voxpupuli/puppet-epel -[submodule "modules/extlib"] - path = modules/extlib - url = https://github.com/voxpupuli/puppet-extlib -[submodule "modules/firewall"] - path = modules/firewall - url = https://github.com/puppetlabs/puppetlabs-firewall -[submodule "modules/git"] - path = modules/git - url = https://github.com/theforeman/puppet-git -[submodule "modules/inifile"] - path = modules/inifile - url = https://github.com/puppetlabs/puppetlabs-inifile -[submodule "modules/postgresql"] - path = modules/postgresql - url = https://github.com/puppetlabs/puppetlabs-postgresql -[submodule "modules/puppet"] - path = modules/puppet - url = https://github.com/theforeman/puppet-puppet -[submodule "modules/puppetboard"] - path = modules/puppetboard - url = https://github.com/voxpupuli/puppet-puppetboard -[submodule "modules/puppetdb"] - path = modules/puppetdb - url = https://github.com/puppetlabs/puppetlabs-puppetdb -[submodule "modules/python"] - path = modules/python - url = https://github.com/voxpupuli/puppet-python -[submodule "modules/stdlib"] - path = modules/stdlib - url = https://github.com/puppetlabs/puppetlabs-stdlib -[submodule "modules/systemd"] - path = modules/systemd - url = https://github.com/voxpupuli/puppet-systemd -[submodule "modules/vcsrepo"] - path = modules/vcsrepo - url = https://github.com/puppetlabs/puppetlabs-vcsrepo -[submodule "module/letsencrypt"] - path = module/letsencrypt - url = https://github.com/voxpupuli/puppet-letsencrypt -[submodule "module/nginx"] - path = module/nginx - url = https://github.com/voxpupuli/puppet-nginx -[submodule "modules/nginx"] - path = modules/nginx - url = https://github.com/voxpupuli/puppet-nginx -[submodule "modules/letsencrypt"] - path = modules/letsencrypt - url = https://github.com/voxpupuli/puppet-letsencrypt -[submodule "modules/dns"] - path = modules/dns - url = https://github.com/theforeman/puppet-dns -[submodule "modules/mysql"] - path = modules/mysql - url = https://github.com/puppetlabs/puppetlabs-mysql -[submodule "modules/hash2stuff"] - path = modules/hash2stuff - url = https://github.com/mmckinst/puppet-hash2stuff -[submodule "modules/ssh"] - path = modules/ssh - url = https://github.com/saz/puppet-ssh diff --git a/data/common.yaml b/data/common.yaml deleted file mode 100644 index b4abd9c..0000000 --- a/data/common.yaml +++ /dev/null @@ -1,2 +0,0 @@ -letsencrypt::config: - server: https://acme-v02.api.letsencrypt.org/directory diff --git a/hiera.yaml b/hiera.yaml deleted file mode 100644 index 1bce073..0000000 --- a/hiera.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -version: 5 -# For any hirearchy level which omits these keys -defaults: - datadir: data - data_hash: yaml_data - -hierarchy: - - name: Per-node data - path: nodes/%{trusted.certname}.yaml - - name: Per-OS defaults - path: os/%{facts.os.family}.yaml - - name: Secrets - path: data.yaml - datadir: /puppet - - name: Common data - path: common.yaml diff --git a/modules/profiles/manifests/webdav.pp b/manifests/init.pp index bd586f6..f1a836c 100644 --- a/modules/profiles/manifests/webdav.pp +++ b/manifests/init.pp @@ -1,13 +1,13 @@ -class profiles::webdav ( +define webdav_server ( String $nginx_server, String $file_path, - String $location, + String $location = $name, String $passwd_file = "${file_path}/.htpasswd", String $owner = 'http', String $group = 'share', Array[Array[String,2,2]] $users = [], Array[String] $dav_methods = ['PUT', 'DELETE', 'MKCOL', 'COPY', 'MOVE'], - # Array[String] $dav_ext_methods = ['PROPFIND', 'OPTIONS'], + Array[String] $dav_ext_methods = ['PROPFIND', 'OPTIONS'], Hash[String,String] $dav_access = { 'user' => 'rw', 'group' => 'rw', @@ -19,15 +19,15 @@ class profiles::webdav ( require ::nginx - # $modname = 'ngx_http_dav_ext_module' - # # This assumes that the directory exists, and that - # # nginx::include_modules_enabled => true - # file { "/etc/nginx/modules-enabled/${modname}.conf": - # ensure => file, - # content => @("EOF") - # load_module /usr/lib/nginx/modules/${modname}.so; - # | EOF - # } + $modname = 'ngx_http_dav_ext_module' + # This assumes that the directory exists, and that + # nginx::include_modules_enabled => true + file { "/etc/nginx/modules-enabled/${modname}.conf": + ensure => file, + content => @("EOF") + load_module /usr/lib/nginx/modules/${modname}.so; + | EOF + } $lines = $users.map |$pair| { $pair.join(':') }.join("\n") @@ -62,7 +62,7 @@ class profiles::webdav ( location_cfg_append => { 'dav_methods' => $dav_methods.join(' '), - # 'dav_ext_methods' => $dav_ext_methods.join(' '), + 'dav_ext_methods' => $dav_ext_methods.join(' '), 'dav_access' => $dav_access.map |$k, $v| { "${k}:${v}" }.join(' '), 'client_body_temp_path' => "${file_path}/tmp", 'create_full_put_path' => 'on', diff --git a/modules/apache b/modules/apache deleted file mode 160000 -Subproject 143ffaf1673cc3f450f269aa5608a10e7a616cb diff --git a/modules/apt b/modules/apt deleted file mode 160000 -Subproject 6fa24e6b09cf988b897b2b5dc9b911770c0c71b diff --git a/modules/blog/files/footers/about.md b/modules/blog/files/footers/about.md deleted file mode 100644 index ffec622..0000000 --- a/modules/blog/files/footers/about.md +++ /dev/null @@ -1,11 +0,0 @@ -#About - -This is a blog and website written and maintained by Hugo Hornquist (me). - -I will primarily post computer related information, and mostly in Swedish. -Some entries might however be written in English to allow for a temporary larger audience. -The about pages are written in English for that reason (Hello! Non Swedes!). - ---- - -A (hopefully) up to date version of the source code for the website is available [here](//github.com/HugoNikanor/website-blog-2). However, be aware that any blog entries, the four files in the bottom bar as well as some other parts of the website are not included in that repository. diff --git a/modules/blog/files/footers/contact.md b/modules/blog/files/footers/contact.md deleted file mode 100644 index 651fec4..0000000 --- a/modules/blog/files/footers/contact.md +++ /dev/null @@ -1,12 +0,0 @@ -#Contact - -There are many ways to contact me, and most of them serve different purposes. - -All regular blog entries should have a comment field where you are more than welcome to write your thoughts. I do however reserve the full right to moderate the comments, and remove comments of an unacceptable nature (you are however free to disagree with me). - -I have an email address for other general contact at <hugo.hornquist@gmail.com>. - -A Twitter account is also present for twittery stuff. [@hugonikanor](//twitter.com/hugonikanor) - -Feel free to contact me in another way if you find out how, I can't however guarantee that I will answer your queries regardless of communications method. - diff --git a/modules/blog/files/footers/legal.md b/modules/blog/files/footers/legal.md deleted file mode 100644 index 87966c7..0000000 --- a/modules/blog/files/footers/legal.md +++ /dev/null @@ -1,28 +0,0 @@ -#Legal - -Website built by Hugo Hornquist (me), however, some parts are made by other people with their permission. - -###[Parsedown](//parsedown.org) -Parsedown is used for tracing the markdown files the entries are written in into proper html. -It is used under the MIT License, readable [here](https://raw.githubusercontent.com/erusev/parsedown/master/LICENSE.txt) - -###[imgur](//imgur.com) -Most images are hosted by imgur. You can read the appropriate terms of service [here](//imgur.com/tos). - -### [RSS Logo](//www.mozilla.org/en-US/foundation/feed-icon-guidelines/) -This is my public statement that I try to follow these guidelines. - ---- - -##Disclaimer - -Any text on this website is subject to change at any time. Everything that I write is in some way shape or form connected to me. Please refrain from being majorly offended by my opinions and remember that I have moderation capabilities. - ---- - -Upon pressing the following button you agree to give your soul to whatever form of devil you believe in. If a deity of required sort isn't available then you instead surrender your legally owned land to the former communist state. - -<form action=""> -<input type="button" name="btn" value="I accept" onclick="alert('You have made a terrible choice')"></input> -</form> -<br> diff --git a/modules/blog/files/footers/qna.md b/modules/blog/files/footers/qna.md deleted file mode 100644 index baa611a..0000000 --- a/modules/blog/files/footers/qna.md +++ /dev/null @@ -1,13 +0,0 @@ -#Questions and Answers - -**Q: Who are you?** -A: *Who knows, but I have a blog that you can read [here](https://www.youtube.com/watch?v=dQw4w9WgXcQ).* - -**Q: What comment system are you using?** -A: *My own comment system, available [here](//github.com/hugonikanor/website-comment-system)* - -**Q: Do you have an RSS feed?** -A: *[I do now!](./rss.php)* - -##Have a question? -If you have a question of your own you would like to see answered, [contact me](./?filename=contact.md). diff --git a/modules/blog/files/special-files.ini b/modules/blog/files/special-files.ini deleted file mode 100644 index e69de29..0000000 --- a/modules/blog/files/special-files.ini +++ /dev/null diff --git a/modules/blog/manifests/init.pp b/modules/blog/manifests/init.pp deleted file mode 100644 index 1ecce39..0000000 --- a/modules/blog/manifests/init.pp +++ /dev/null @@ -1,42 +0,0 @@ -class blog ( - String $blog_root, - Hash[String,Hash] $blogs = {}, - Optional[String] $domain = undef, - Optional[Array[String]] $domain_aliases = undef, -) { - create_resources(blog::instance, $blogs) - - if $domain { - $default = { - access_log => 'absent', - error_log => 'absent', - ssl => true, - ssl_cert => "/etc/letsencrypt/live/${certname}/fullchain.pem", - ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", - use_default_location => false, - } - $domain_conf = { - server_name => [ $domain, ], - index_files => [ 'index.php', 'index.html', 'index.htm', ], - www_root => $blog::blog_root, - } - - $main_conf = { - "${safe_title} - server" => $default + $domain_conf, - } - - create_resources(nginx::resource::server, $main_conf) - - if $domain_aliases { - $alias_conf = { - "${safe_title} - aliases" => $default + { - server_name => $domain_aliases, - server_cfg_append => { - 'return' => '301 $scheme://blog.hornquist.se$request_uri', - }, - }, - } - create_resources(nginx::resource::server, $alias_conf) - } - } -} diff --git a/modules/blog/manifests/instance.pp b/modules/blog/manifests/instance.pp deleted file mode 100644 index adaa30d..0000000 --- a/modules/blog/manifests/instance.pp +++ /dev/null @@ -1,99 +0,0 @@ -define blog::instance ( - String $blog_title = $name, - String $author, - Boolean $has_comments = false, - String $subtitle = '', - Optional[String] $vcs_repo = undef, -) { - - $root = "${blog::blog_root}/${title}" - $safe_title = base64('encode', $blog_title) - - vcsrepo { $root: - ensure => latest, - provider => git, - source => 'https://github.com/HugoNikanor/website-blog-2.git', - revision => 'master', - # keep_local_changes => true, - owner => 'hugo', - group => 'www-data', - } - - if $vcs_repo { - vcsrepo { "${root}/entries": - ensure => latest, - provider => git, - source => $vcs_repo, - revision => 'master', - owner => 'hugo', - group => 'www-data', - } - } else { - file { "${root}/entries": - ensure => directory, - } - } - - file { "${root}/settings.php": - ensure => file, - content => epp('blog/settings.php.epp', { - author => $author, - title => $title, - subtitle => $subtitle, - has_comments => $has_comments, - }), - } - - file { "${root}/footnote": - ensure => directory, - recurse => true, - } - - $foot_files = [ - ['about.md', 'About'], - ['contact.md', 'Contact'], - ['legal.md', 'Legal'], - ['qna.md', '"Q&A"'], - ] - - $foot_files.each |$item| { - file { "${root}/footnote/${item[0]}": - source => "puppet:///modules/blog/footers/${item[0]}", - } - } - - file { "${root}/special-files.ini": - ensure => file, - content => $foot_files, - } - - $certname = lookup('certname') - - if $blog::domain { - - nginx::resource::location { "${safe_title} - server - /": - location => '/', - try_files => ['$uri', '$uri/', '=404'], - index_files => [], - ssl => true, - autoindex => on, - server => [ "${safe_title} - server", ] - } - - nginx::resource::location { "${safe_title} - server - php": - location => '~ \.php$', - fastcgi_params => 'snippets/fastcgi-php.conf', - fastcgi => 'unix:/run/php/php-fpm.sock', - ssl => true, - server => [ "${safe_title} - server", ], - } - - nginx::resource::location { "${safe_title} - server - ht": - location => '~ /\.ht', - location_cfg_append => { deny => 'all' }, - index_files => [], - ssl => true, - server => [ "${safe_title} - server", ], - } - } -} diff --git a/modules/blog/templates/settings.php.epp b/modules/blog/templates/settings.php.epp deleted file mode 100644 index c1ed2d7..0000000 --- a/modules/blog/templates/settings.php.epp +++ /dev/null @@ -1,13 +0,0 @@ -<%- | String $author, - String $title, - String $subtitle, - Boolean $has_comments = false, -| -%> -<%= '<?php' %> -# FILE MANAGED BY PUPPET -$author = "<%= $author %>"; -$blog_title = "<%= $title %>"; -$blog_subtitle = "<%= $subtitle %>"; -$http_host = $_SERVER["HTTP_HOST"]; -$urlbase = "http://$http_host/hugo"; -$has_comments = <%= if $has_comments { 'true' } else { 'false' } %>; diff --git a/modules/blog/templates/special-files.ini.epp b/modules/blog/templates/special-files.ini.epp deleted file mode 100644 index 66b779a..0000000 --- a/modules/blog/templates/special-files.ini.epp +++ /dev/null @@ -1,16 +0,0 @@ -<%- | Array[Tuple[String,String]] $foot_files, -| -%> -; FILE MANAGED BY PUPPET -; -; Which files on the website that are "special" -; This basicly means that they shouldnt have comments -[footnote] -<%- for $foot_files.each |$item| { -%> -files[] = <%= $item[0] %> -title[] = <%= $item[1] %> -<%- } -%> - -[other] -files[] = list -files[] = entry-not-found.md - diff --git a/modules/cgit/files/filters/hugo-highlighting.sh b/modules/cgit/files/filters/hugo-highlighting.sh deleted file mode 100755 index 603b8ab..0000000 --- a/modules/cgit/files/filters/hugo-highlighting.sh +++ /dev/null @@ -1,138 +0,0 @@ -#!/bin/bash -# This script can be used to implement syntax highlighting in the cgit -# tree-view by refering to this file with the source-filter or repo.source- -# filter options in cgitrc. -# -# This script requires a shell supporting the ${var##pattern} syntax. -# It is supported by at least dash and bash, however busybox environments -# might have to use an external call to sed instead. -# -# Note: the highlight command (http://www.andre-simon.de/) uses css for syntax -# highlighting, so you'll probably want something like the following included -# in your css file: -# -# Style definition file generated by highlight 2.4.8, http://www.andre-simon.de/ -# -# table.blob .num { color:#2928ff; } -# table.blob .esc { color:#ff00ff; } -# table.blob .str { color:#ff0000; } -# table.blob .dstr { color:#818100; } -# table.blob .slc { color:#838183; font-style:italic; } -# table.blob .com { color:#838183; font-style:italic; } -# table.blob .dir { color:#008200; } -# table.blob .sym { color:#000000; } -# table.blob .kwa { color:#000000; font-weight:bold; } -# table.blob .kwb { color:#830000; } -# table.blob .kwc { color:#000000; font-weight:bold; } -# table.blob .kwd { color:#010181; } -# -# -# Style definition file generated by highlight 2.6.14, http://www.andre-simon.de/ -# -# body.hl { background-color:#ffffff; } -# pre.hl { color:#000000; background-color:#ffffff; font-size:10pt; font-family:'Courier New';} -# .hl.num { color:#2928ff; } -# .hl.esc { color:#ff00ff; } -# .hl.str { color:#ff0000; } -# .hl.dstr { color:#818100; } -# .hl.slc { color:#838183; font-style:italic; } -# .hl.com { color:#838183; font-style:italic; } -# .hl.dir { color:#008200; } -# .hl.sym { color:#000000; } -# .hl.line { color:#555555; } -# .hl.mark { background-color:#ffffbb;} -# .hl.kwa { color:#000000; font-weight:bold; } -# .hl.kwb { color:#830000; } -# .hl.kwc { color:#000000; font-weight:bold; } -# .hl.kwd { color:#010181; } -# -# -# Style definition file generated by highlight 3.8, http://www.andre-simon.de/ -# -# body.hl { background-color:#e0eaee; } -# pre.hl { color:#000000; background-color:#e0eaee; font-size:10pt; font-family:'Courier New';} -# .hl.num { color:#b07e00; } -# .hl.esc { color:#ff00ff; } -# .hl.str { color:#bf0303; } -# .hl.pps { color:#818100; } -# .hl.slc { color:#838183; font-style:italic; } -# .hl.com { color:#838183; font-style:italic; } -# .hl.ppc { color:#008200; } -# .hl.opt { color:#000000; } -# .hl.lin { color:#555555; } -# .hl.kwa { color:#000000; font-weight:bold; } -# .hl.kwb { color:#0057ae; } -# .hl.kwc { color:#000000; font-weight:bold; } -# .hl.kwd { color:#010181; } -# -# -# Style definition file generated by highlight 3.13, http://www.andre-simon.de/ -# -# body.hl { background-color:#e0eaee; } -# pre.hl { color:#000000; background-color:#e0eaee; font-size:10pt; font-family:'Courier New',monospace;} -# .hl.num { color:#b07e00; } -# .hl.esc { color:#ff00ff; } -# .hl.str { color:#bf0303; } -# .hl.pps { color:#818100; } -# .hl.slc { color:#838183; font-style:italic; } -# .hl.com { color:#838183; font-style:italic; } -# .hl.ppc { color:#008200; } -# .hl.opt { color:#000000; } -# .hl.ipl { color:#0057ae; } -# .hl.lin { color:#555555; } -# .hl.kwa { color:#000000; font-weight:bold; } -# .hl.kwb { color:#0057ae; } -# .hl.kwc { color:#000000; font-weight:bold; } -# .hl.kwd { color:#010181; } -# -# -# The following environment variables can be used to retrieve the configuration -# of the repository for which this script is called: -# CGIT_REPO_URL ( = repo.url setting ) -# CGIT_REPO_NAME ( = repo.name setting ) -# CGIT_REPO_PATH ( = repo.path setting ) -# CGIT_REPO_OWNER ( = repo.owner setting ) -# CGIT_REPO_DEFBRANCH ( = repo.defbranch setting ) -# CGIT_REPO_SECTION ( = section setting ) -# CGIT_REPO_CLONE_URL ( = repo.clone-url setting ) -# - -# store filename and extension in local vars -BASENAME="$1" -EXTENSION="${BASENAME##*.}" - -[ "${BASENAME}" = "${EXTENSION}" ] && EXTENSION=txt -[ -z "${EXTENSION}" ] && EXTENSION=txt - -# map Makefile and Makefile.* to .mk -[ "${BASENAME%%.*}" = "Makefile" ] && EXTENSION=mk - -# highlight versions 2 and 3 have different commandline options. Specifically, -# the -X option that is used for version 2 is replaced by the -O xhtml option -# for version 3. -# -# Version 2 can be found (for example) on EPEL 5, while version 3 can be -# found (for example) on EPEL 6. -# -# This is for version 2 -#exec highlight --force -f -I -X -S "$EXTENSION" 2>/dev/null - -# env - -extension=${REQUEST_URI: -3} - -case $extension in - org) - temp=$(mktemp) - cat - > $temp.org - emacs $temp.org \ - --quick \ - --batch \ - --funcall org-html-export-to-html \ - --kill - tail -n+10 $temp.html - exit 0 - ;; -esac - -exec highlight --force -f -I -O xhtml -S "$EXTENSION" # 2>/dev/null diff --git a/modules/cgit/files/filters/hugo-pre.sh b/modules/cgit/files/filters/hugo-pre.sh deleted file mode 100755 index b716525..0000000 --- a/modules/cgit/files/filters/hugo-pre.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash - -name=$1 - -extension=${name: -3} - -case $extension in - .md) pandoc -f gfm -t html ;; - *) - cat <<- EOF - <pre>$(cat -)</pre> - EOF - ;; -esac - diff --git a/modules/cgit/files/logo.png b/modules/cgit/files/logo.png Binary files differdeleted file mode 100644 index 5c39e4a..0000000 --- a/modules/cgit/files/logo.png +++ /dev/null diff --git a/modules/cgit/files/logo_large.png b/modules/cgit/files/logo_large.png Binary files differdeleted file mode 100644 index bbfa2b5..0000000 --- a/modules/cgit/files/logo_large.png +++ /dev/null diff --git a/modules/cgit/files/root_readme b/modules/cgit/files/root_readme deleted file mode 100644 index aabf4df..0000000 --- a/modules/cgit/files/root_readme +++ /dev/null @@ -1,17 +0,0 @@ - _______________________ -< Den som gör bestämmer > - ----------------------- -\ . . - \ / `. .' " - \ .---. < > < > .---. - \ | \ \ - ~ ~ - / / | - _____ ..-~ ~-..-~ - | | \~~~\.' `./~~~/ - --------- \__/ \__/ - .' O \ / / \ " - (_____, `._.' | } \/~~~/ - `----. / } | / \__/ - `-. | / | / `. ,~~| - ~-.__| /_ - ~ ^| /- _ `..-' - | / | / ~-. `-. _ _ _ - |_____| |_____| ~ - . _ _ _ _ _> diff --git a/modules/cgit/manifests/init.pp b/modules/cgit/manifests/init.pp deleted file mode 100644 index 1444d0d..0000000 --- a/modules/cgit/manifests/init.pp +++ /dev/null @@ -1,90 +0,0 @@ -class cgit ( - String $root = '/var/www/cgit', - String $filterpath = '/usr/lib/cgit/extra-filters', - String $root_title, - String $root_desc, - String $about_filter, - String $auth_filter, - String $source_filter, - String $scan_path, - Array[String] $clone_url, - Boolean $enable_http_clone = false, - Array[String] $public_repos = [], - Array[Struct[{ - name => String, - pass => String }]] $users = [], - Variant[Boolean, Enum['nginx']] $manage_server = false, - Optional[String] $server_name = undef, - Optional[String] $certname = undef, - String $htpasswd = '/var/lib/nginx/cgit-htpasswd', -) { - - # TODO figure out where CSS comes from - - ensure_packages([ - 'git', - 'cgit', - ], { ensure => installed }) - - file { '/etc/cgitrc': - ensure => file, - content => epp('cgit/cgitrc.epp'), - } - - file { "${root}/logo": - ensure => directory, - } - - file { "${root}/logo/logo.png": - ensure => file, - source => 'puppet:///modules/cgit/logo.png', - } - - file { "${root}/logo/logo_large.png": - ensure => file, - source => 'puppet:///modules/cgit/logo_large.png', - } - - file { "${root}/root_readme": - ensure => file, - source => 'puppet:///modules/cgit/root_readme', - } - - file { dirname($filterpath): - ensure => directory, - } - - file { $filterpath: - ensure => directory, - } - - [$about_filter, $source_filter].each |$f| { - file { "${filterpath}/${f}": - ensure => file, - source => "puppet:///modules/cgit/filters/${f}", - mode => stdlib::extname($f) ? { - '.lua' => '0444', - default => '0555', - }, - } - } - - file { "${filterpath}/${auth_filter}": - ensure => file, - content => epp("cgit/${auth_filter}.epp"), - mode => '0444', - } - - if $manage_server { - if $server_name == undef { - fail('server_name must be set if manage_server is set') - } - } - - case $manage_server { - false: {} - 'nginx': { - include ::cgit::nginx - } - } -} diff --git a/modules/cgit/manifests/nginx.pp b/modules/cgit/manifests/nginx.pp deleted file mode 100644 index 329c21d..0000000 --- a/modules/cgit/manifests/nginx.pp +++ /dev/null @@ -1,84 +0,0 @@ -class cgit::nginx { - - if ($cgit::certname == undef) { - nginx::resource::server { 'cgit': - server_name => [ $cgit::server_name, ], - access_log => 'absent', - error_log => 'absent', - index_files => [], - try_files => [ '$uri', '@cgit' ], - ssl => false, - use_default_location => true, - www_root => $cgit::root, - } - } else { - nginx::resource::server { 'cgit': - server_name => [ $cgit::server_name, ], - access_log => 'absent', - error_log => 'absent', - index_files => [], - try_files => [ '$uri', '@cgit' ], - ssl => true, - ssl_cert => "/etc/letsencrypt/live/${cgit::certname}/fullchain.pem", - ssl_key => "/etc/letsencrypt/live/${cgit::certname}/privkey.pem", - use_default_location => true, - www_root => $cgit::root, - ssl_redirect => true, - } - } - - nginx::resource::location { '@cgit': - fastcgi_params => 'fastcgi_params', - fastcgi_param => { - 'SCRIPT_FILENAME' => '/usr/lib/cgit/cgit.cgi', - 'PATH_INFO' => '$fastcgi_script_name', - 'QUERY_STRING' => '$args', - }, - ssl_only => $cgit::certname != undef, - fastcgi => 'unix:/run/fcgiwrap.socket', - server => [ - 'cgit', - ], - } - - file { $cgit::htpasswd: - ensure => file, - content => $cgit::users.map |$user| { - [$user['name'], $user['pass']].join(':') - }.join("\n") - } - - nginx::resource::location { - $cgit::public_repos.map |$repo| { "~ ^(/${repo}\\.git/.*)" }: - server => 'cgit', - ssl_only => $cgit::certname != undef, - priority => 450, - fastcgi => 'unix:/run/fcgiwrap.socket', - fastcgi_params => 'fastcgi_params', - fastcgi_param => { - 'SCRIPT_FILENAME' => '/usr/lib/git-core/git-http-backend', - 'GIT_PROJECT_ROOT' => $cgit::scan_path, - 'GIT_HTTP_EXPORT_ALL' => '""', - 'PATH_INFO' => '$1', - } - } - - - nginx::resource::location { '~ (.*\.git/.*)': - server => 'cgit', - ssl_only => $cgit::certname != undef, - location_cfg_append => { - auth_basic => '"CGit login"', - auth_basic_user_file => $cgit::htpasswd, - }, - fastcgi => 'unix:/run/fcgiwrap.socket', - fastcgi_params => 'fastcgi_params', - fastcgi_param => { - 'SCRIPT_FILENAME' => '/usr/lib/git-core/git-http-backend', - 'GIT_PROJECT_ROOT' => $cgit::scan_path, - 'GIT_HTTP_EXPORT_ALL' => '""', - 'PATH_INFO' => '$1', - } - } - -} diff --git a/modules/cgit/templates/cgitrc.epp b/modules/cgit/templates/cgitrc.epp deleted file mode 100644 index 0f4636d..0000000 --- a/modules/cgit/templates/cgitrc.epp +++ /dev/null @@ -1,64 +0,0 @@ -# -# cgit config -# see cgitrc(5) for details -# -# FILE MANAGED BY PUPPET -# - -# css=/cgit.css -logo=/logo/logo.png -# favicon=/favicon.ico - -enable-index-owner=1 - -root-title=<%= $cgit::root_title %> -#root-desc=Tändes endast mot lådans plån -root-desc=<%= $cgit::root_desc %> -# Also causes the `about' page to exist -# /usr/lib/cgit/readme -root-readme=<%= $cgit::root %>/root_readme - -#source-filter=/srv/filters/dispatch.sh - -# about-filter=/usr/local/lib/cgit/filters/hugo-pre.sh -# auth-filter=lua:/usr/local/lib/cgit/filters/hugo-authentication.lua -# source-filter=/usr/local/lib/cgit/filters/hugo-highlighting.sh -about-filter=<%= $cgit::filterpath %>/<%= $cgit::about_filter %> -auth-filter=<% if stdlib::extname($cgit::auth_filter) == '.lua' { - -%>lua:<% - } -%><%= $cgit::filterpath %>/<%= $cgit::auth_filter %> -source-filter=<%= $cgit::filterpath %>/<%= $cgit::source_filter %> - -enable-follow-links=1 -enable-subject-links=1 # show commit summary for parrent - -#side-by-side-diffs=1 -enable-commit-graph=1 -enable-index-links=1 -enable-remote-branches=1 -local-time=1 - -case-sensative-sort=0 - -max-repo-count=100 - -enable-http-clone=<%= if $cgit::enable_http_clone { 1 } else { 0 } %> -clone-url=<%= $cgit::clone_url.join(' ') %> - -readme=:README -readme=:README.md -readme=:README.txt -readme=:readme -readme=:readme.md -readme=:readme.txt - -virtual-root= -remove-suffix=1 -section-from-path=1 -enable-git-config=1 - -# section=~/git -snapshots=tar.gz tar.xz -scan-path=<%= $cgit::scan_path %> - -#scan-path=/var/www/git/repositories/ diff --git a/modules/cgit/templates/hugo-authentication.lua.epp b/modules/cgit/templates/hugo-authentication.lua.epp deleted file mode 100644 index 7ccce05..0000000 --- a/modules/cgit/templates/hugo-authentication.lua.epp +++ /dev/null @@ -1,329 +0,0 @@ --- This script may be used with the auth-filter. Be sure to configure it as you wish. --- --- Requirements: --- luaossl --- <http://25thandclement.com/~william/projects/luaossl.html> --- luaposix --- <https://github.com/luaposix/luaposix> --- -local sysstat = require("posix.sys.stat") -local unistd = require("posix.unistd") -local rand = require("openssl.rand") -local hmac = require("openssl.hmac") - --- --- --- Configure these variables for your settings. --- --- - --- A list of password protected repositories along with the users who can access them. -local protected_repos = { - glouglou = { laurent = true, jason = true }, - qt = { jason = true, bob = true } -} - -local public_repos = {} -<%- $cgit::public_repos.each |$repo| { -%> -public_repos["<%= $repo %>"] = true -<%- } -%> - --- A list of users and hashes, generated with `mkpasswd -m sha-512 -R 300000`. -local users = { - <%- $cgit::users.each |$user| { -%> - <%= $user['name'] %> = "<%= $user['pass'] %>", - <%- } -%> -} - --- Set this to a path this script can write to for storing a persistent --- cookie secret, which should be guarded. -local secret_filename = "/var/cache/cgit/auth-secret" - --- --- --- Authentication functions follow below. Swap these out if you want different authentication semantics. --- --- - --- Sets HTTP cookie headers based on post and sets up redirection. -function authenticate_post() - local hash = users[post["username"]] - local redirect = validate_value("redirect", post["redirect"]) - - if redirect == nil then - not_found() - return 0 - end - - redirect_to(redirect) - - if hash == nil or hash ~= unistd.crypt(post["password"], hash) then - set_cookie("cgitauth", "") - else - -- One week expiration time - local username = secure_value("username", post["username"], os.time() + 604800) - set_cookie("cgitauth", username) - end - - html("\n") - return 0 -end - - --- Returns 1 if the cookie is valid and 0 if it is not. -function authenticate_cookie() - - -- Everyone has access to the index page. - -- printenv(os.getenv("CGIT_REPO_NAME")); - if cgit["repo"] == "" then - return 1 - end - - ispublic = public_repos[cgit["repo"]] - -- accepted_users = protected_repos[cgit["repo"]] - if ispublic == true then - -- We return as valid if the repo is public - return 1 - end - - local username = validate_value("username", get_cookie(http["cookie"], "cgitauth")) - if username == nil then - return 0 - else - return 1 - end -end - --- Prints the html for the login form. -function body() - html("<h2>Authentication Required</h2>") - -- html("HTML = ") - -- html(tostring(cgit["repo"] == "")) - html("<form method='post' action='") - html_attr(cgit["login"]) - html("'>") - html("<input type='hidden' name='redirect' value='") - html_attr(secure_value("redirect", cgit["url"], 0)) - html("' />") - html("<table>") - html("<tr><td><label for='username'>Username:</label></td><td><input id='username' name='username' autofocus /></td></tr>") - html("<tr><td><label for='password'>Password:</label></td><td><input id='password' name='password' type='password' /></td></tr>") - html("<tr><td colspan='2'><input value='Login' type='submit' /></td></tr>") - html("</table></form>") - - return 0 -end - - - --- --- --- Wrapper around filter API, exposing the http table, the cgit table, and the post table to the above functions. --- --- - -local actions = {} -actions["authenticate-post"] = authenticate_post -actions["authenticate-cookie"] = authenticate_cookie -actions["body"] = body - -function filter_open(...) - action = actions[select(1, ...)] - - http = {} - http["cookie"] = select(2, ...) - http["method"] = select(3, ...) - http["query"] = select(4, ...) - http["referer"] = select(5, ...) - http["path"] = select(6, ...) - http["host"] = select(7, ...) - http["https"] = select(8, ...) - - cgit = {} - cgit["repo"] = select(9, ...) - cgit["page"] = select(10, ...) - cgit["url"] = select(11, ...) - cgit["login"] = select(12, ...) - -end - -function filter_close() - return action() -end - -function filter_write(str) - post = parse_qs(str) -end - - --- --- --- Utility functions based on keplerproject/wsapi. --- --- - -function url_decode(str) - if not str then - return "" - end - str = string.gsub(str, "+", " ") - str = string.gsub(str, "%%(%x%x)", function(h) return string.char(tonumber(h, 16)) end) - str = string.gsub(str, "\r\n", "\n") - return str -end - -function url_encode(str) - if not str then - return "" - end - str = string.gsub(str, "\n", "\r\n") - str = string.gsub(str, "([^%w ])", function(c) return string.format("%%%02X", string.byte(c)) end) - str = string.gsub(str, " ", "+") - return str -end - -function parse_qs(qs) - local tab = {} - for key, val in string.gmatch(qs, "([^&=]+)=([^&=]*)&?") do - tab[url_decode(key)] = url_decode(val) - end - return tab -end - -function get_cookie(cookies, name) - cookies = string.gsub(";" .. cookies .. ";", "%s*;%s*", ";") - return url_decode(string.match(cookies, ";" .. name .. "=(.-);")) -end - -function tohex(b) - local x = "" - for i = 1, #b do - x = x .. string.format("%.2x", string.byte(b, i)) - end - return x -end - --- --- --- Cookie construction and validation helpers. --- --- - -local secret = nil - --- Loads a secret from a file, creates a secret, or returns one from memory. -function get_secret() - if secret ~= nil then - return secret - end - local secret_file = io.open(secret_filename, "r") - if secret_file == nil then - local old_umask = sysstat.umask(63) - local temporary_filename = secret_filename .. ".tmp." .. tohex(rand.bytes(16)) - local temporary_file = io.open(temporary_filename, "w") - if temporary_file == nil then - os.exit(177) - end - temporary_file:write(tohex(rand.bytes(32))) - temporary_file:close() - unistd.link(temporary_filename, secret_filename) -- Intentionally fails in the case that another process is doing the same. - unistd.unlink(temporary_filename) - sysstat.umask(old_umask) - secret_file = io.open(secret_filename, "r") - end - if secret_file == nil then - os.exit(177) - end - secret = secret_file:read() - secret_file:close() - if secret:len() ~= 64 then - os.exit(177) - end - return secret -end - --- Returns value of cookie if cookie is valid. Otherwise returns nil. -function validate_value(expected_field, cookie) - local i = 0 - local value = "" - local field = "" - local expiration = 0 - local salt = "" - local chmac = "" - - if cookie == nil or cookie:len() < 3 or cookie:sub(1, 1) == "|" then - return nil - end - - for component in string.gmatch(cookie, "[^|]+") do - if i == 0 then - field = component - elseif i == 1 then - value = component - elseif i == 2 then - expiration = tonumber(component) - if expiration == nil then - expiration = -1 - end - elseif i == 3 then - salt = component - elseif i == 4 then - chmac = component - else - break - end - i = i + 1 - end - - if chmac == nil or chmac:len() == 0 then - return nil - end - - -- Lua hashes strings, so these comparisons are time invariant. - if chmac ~= tohex(hmac.new(get_secret(), "sha256"):final(field .. "|" .. value .. "|" .. tostring(expiration) .. "|" .. salt)) then - return nil - end - - if expiration == -1 or (expiration ~= 0 and expiration <= os.time()) then - return nil - end - - if url_decode(field) ~= expected_field then - return nil - end - - return url_decode(value) -end - -function secure_value(field, value, expiration) - if value == nil or value:len() <= 0 then - return "" - end - - local authstr = "" - local salt = tohex(rand.bytes(16)) - value = url_encode(value) - field = url_encode(field) - authstr = field .. "|" .. value .. "|" .. tostring(expiration) .. "|" .. salt - authstr = authstr .. "|" .. tohex(hmac.new(get_secret(), "sha256"):final(authstr)) - return authstr -end - -function set_cookie(cookie, value) - html("Set-Cookie: " .. cookie .. "=" .. value .. "; HttpOnly") - if http["https"] == "yes" or http["https"] == "on" or http["https"] == "1" then - html("; secure") - end - html("\n") -end - -function redirect_to(url) - html("Status: 302 Redirect\n") - html("Cache-Control: no-cache, no-store\n") - html("Location: " .. url .. "\n") -end - -function not_found() - html("Status: 404 Not Found\n") - html("Cache-Control: no-cache, no-store\n\n") -end diff --git a/modules/concat b/modules/concat deleted file mode 160000 -Subproject 0a8e8cbc1fcf165e9bd4fa6bf1c0efa47293121 diff --git a/modules/dns b/modules/dns deleted file mode 160000 -Subproject 8e409eb24041aaba3022c32d4f4844871088205 diff --git a/modules/epel b/modules/epel deleted file mode 160000 -Subproject 313256b37f7b7daf01d5bec15b01fefc9d6801a diff --git a/modules/exports/manifests/init.pp b/modules/exports/manifests/init.pp deleted file mode 100644 index 8280c71..0000000 --- a/modules/exports/manifests/init.pp +++ /dev/null @@ -1,21 +0,0 @@ -# Setup export item. -# Should be be callable multiple times -define exports ( - Hash[String,Array[String]] $options, - String $dir = $name, - String $exports_file = '/etc/exports', -) { - - $fixed_opts = $options.map |$key, $val| { - $joined_vals = $val.join(',') - "${key}(${joined_vals})" - }.join(' ') - - file_line { "Export ${exports_file} ${dir}": - ensure => present, - path => $exports_file, - match => "^${dir}", - line => "${dir} ${fixed_opts}" - } - -} diff --git a/modules/extlib b/modules/extlib deleted file mode 160000 -Subproject a65652cee1997a409b45d86ab7cdb3f9e6b9865 diff --git a/modules/firewall b/modules/firewall deleted file mode 160000 -Subproject bddd8ea234548df85b606cfba56a0683577cda5 diff --git a/modules/git b/modules/git deleted file mode 160000 -Subproject dd4c9ba6f1b597dda9a387af927a8740405ee89 diff --git a/modules/hash2stuff b/modules/hash2stuff deleted file mode 160000 -Subproject 5b5e4299463a3796295e2279540dff50ed6f5c1 diff --git a/modules/inifile b/modules/inifile deleted file mode 160000 -Subproject 108e27cbd4b1c8abee321159cceb93d740b2cbb diff --git a/modules/letsencrypt b/modules/letsencrypt deleted file mode 160000 -Subproject 61ffd8dee7c0f10f7ea7e84f23c4d732b7cd669 diff --git a/modules/losetup/files/dismantle-loop-device b/modules/losetup/files/dismantle-loop-device deleted file mode 100644 index be3f3a0..0000000 --- a/modules/losetup/files/dismantle-loop-device +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash - -target_file="$1" -safe_name="$(systemd-escape "$target_file")" - -set +x - -loop_device=$(readlink "/dev/loop-by-name/${safe_name}") -rm "/dev/loop-by-name/${safe_name}" - -for part in "/dev/loop-by-name/${safe_name}"-p*; do - rm "$part" -done - -losetup -d $loop_device diff --git a/modules/losetup/files/loop@.service b/modules/losetup/files/loop@.service deleted file mode 100644 index e9dc008..0000000 --- a/modules/losetup/files/loop@.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Loopback device for %I - -[Service] -ExecStart=/usr/libexec/setup-loop-device "%I" -ExecStop=/usr/libexec/dismantle-loop-device "%I" -#ExecStopPost=rm /dev/loop-by-name/"%i"* -#ExecStart=echo %I -ExecStartPre=mkdir -p /dev/loop-by-name -# Cant't have any dashes in filename, due to escaping rules -# ExecStartPre=/bin/sh -c "grep -vq '-' <<< "%i"" -RemainAfterExit=yes diff --git a/modules/losetup/files/setup-loop-device b/modules/losetup/files/setup-loop-device deleted file mode 100755 index 4215273..0000000 --- a/modules/losetup/files/setup-loop-device +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -target_file="$1" -safe_name="$(systemd-escape "$target_file")" - -set +x - -loop_device=$(losetup --find --show "$target_file") - -ln -s $loop_device "/dev/loop-by-name/${safe_name}" - -for part in "${loop_device}"p*; do - last_two=${part:$[${#part}-2]} - ln -s $part \ - "/dev/loop-by-name/${safe_name}-${last_two}" -done diff --git a/modules/losetup/manifests/init.pp b/modules/losetup/manifests/init.pp deleted file mode 100644 index 8d7f8d8..0000000 --- a/modules/losetup/manifests/init.pp +++ /dev/null @@ -1,24 +0,0 @@ -class losetup { - file { '/etc/systemd/system/loop@.service': - ensure => file, - source => "puppet:///modules/${module_name}/loop@.service", - } - - # ensure_resource ('file', { path => '/usr/libexec', ensure => directory }) - file { '/usr/libexec': - ensure => directory, - } - - file { - default: - ensure => file, - mode => '0555', - ; -'/usr/libexec/setup-loop-device': - source => "puppet:///modules/${module_name}/setup-loop-device", - ; -'/usr/libexec/dismantle-loop-device': - source => "puppet:///modules/${module_name}/dismantle-loop-device", - ; - } -} diff --git a/modules/mysql b/modules/mysql deleted file mode 160000 -Subproject 1dda4a44bbc4c9022d8c64b787d56b7cb01a50e diff --git a/modules/networking/manifests/init.pp b/modules/networking/manifests/init.pp deleted file mode 100644 index 7dc2450..0000000 --- a/modules/networking/manifests/init.pp +++ /dev/null @@ -1,16 +0,0 @@ -class networking ( - Optional[Enum['systemd']] $provider = undef, - Hash[String,Hash] $items = {}, -) { - - # TODO choose a sensible provider here - - case $provider { - 'systemd', undef: { - include ::networking::networkd - create_resources(networking::networkd_instance, $items) - } - default: { - } - } -} diff --git a/modules/networking/manifests/networkd.pp b/modules/networking/manifests/networkd.pp deleted file mode 100644 index dec2e33..0000000 --- a/modules/networking/manifests/networkd.pp +++ /dev/null @@ -1,23 +0,0 @@ -class networking::networkd ( - Boolean $notify_ = true, - Boolean $manage_directory = true, - String $root = '/', - String $path = "${root}/etc/systemd/network", -) { - if $manage_directory { - file { $path: - ensure => directory, - purge => true, - recurse => true, - } - } - - if $notify_ { - exec { 'reload networkd': - command => 'systemctl reload-or-restart systemd-networkd', - path => ['/bin', '/usr/bin',], - refreshonly => true, - } - } -} - diff --git a/modules/networking/manifests/networkd_instance.pp b/modules/networking/manifests/networkd_instance.pp deleted file mode 100644 index 4089e75..0000000 --- a/modules/networking/manifests/networkd_instance.pp +++ /dev/null @@ -1,21 +0,0 @@ -define networking::networkd_instance ( - Hash[String,Hash] $content, - Enum['present','absent'] $ensure = 'present', - String $path = $networking::networkd::path, - String $filename = $name, - Integer $priority = 20, - Enum['network', 'netdev', 'link'] $type = 'network', - String $real_filename = "${priority}-${filename}.${type}", - String $file = "${path}/${real_filename}", -) { - - include ::networking::networkd - - file { $file: - ensure => $ensure, - content => epp('networking/unit_file.epp', { - data => $content - }), - notify => if $networking::networkd::notify_ { Exec['reload networkd'] } else { [] }, - } -} diff --git a/modules/networking/templates/interface.epp b/modules/networking/templates/interface.epp deleted file mode 100644 index d824f69..0000000 --- a/modules/networking/templates/interface.epp +++ /dev/null @@ -1,16 +0,0 @@ -# File managed by puppet -auto host0 -# allow-hotplug host0 - -iface host0 inet <%= if $addr4 { 'static' } else { 'dhcp' } %> -<%- if $addr4 { -%> - address <%= $addr4 %> - <%- if $gw4 { -%> - gateway <%= $gw4 %> - <%- } -%> -<%- } -%> - - -iface host0 inet6 auto - private 0 - diff --git a/modules/networking/templates/unit_file.epp b/modules/networking/templates/unit_file.epp deleted file mode 100644 index 00d486a..0000000 --- a/modules/networking/templates/unit_file.epp +++ /dev/null @@ -1,11 +0,0 @@ -<%- | Hash[String,Hash] $data -| -%> -<%- $data.each |$key, $sub| { -%> -[<%= $key %>] -<%- $sub.each |$k, $v| { -%> -<%- if $v =~ Array { $v.each |$v| { -%> -<%= $k %>=<%= $v %> -<%- } } else { -%> -<%= $k %>=<%= $v %> -<%- } -%> -<%- }} -%> diff --git a/modules/nginx b/modules/nginx deleted file mode 160000 -Subproject f52fb7c1c009aad27219f0134b6085fd0228735 diff --git a/modules/nspawn/facts.d/main.py b/modules/nspawn/facts.d/main.py deleted file mode 100755 index 0db37f3..0000000 --- a/modules/nspawn/facts.d/main.py +++ /dev/null @@ -1,64 +0,0 @@ -#!/usr/bin/env python3 - -import dbus -import yaml - -bus = dbus.SystemBus() -bus_name = 'org.freedesktop.machine1' # dest -object_path = '/org/freedesktop/machine1' -machined_proxy = bus.get_object(bus_name=bus_name, object_path=object_path) -iface = dbus.Interface(machined_proxy, dbus_interface='org.freedesktop.machine1.Manager') - - -machines = iface.ListMachines() -machine_names = [] -machines_info = {} -for (machine_name, *_) in machines: - machine = iface.GetMachine(machine_name) - pp = bus.get_object(bus_name='org.freedesktop.machine1', object_path=machine) - ii = dbus.Interface(pp, dbus_interface='org.freedesktop.DBus.Properties') - out_dict = {} - for key, value in ii.GetAll('org.freedesktop.machine1.Machine').items(): - # see help(dbus.types) - match type(value): - case dbus.ByteArray: - raise NotImplementedError('Byte array') - case dbus.Double: - v = float(value) - case dbus.Boolean: - v = bool(value) - case dbus.Byte | dbus.Int16 | dbus.Int32 | dbus.Int64 | dbus.UInt16 | dbus.UInt32 | dbus.UInt64: - v = int(value) - case dbus.ObjectPath | dbus.Signature: - # string likes - v = str(value) - case dbus.Dictionary: - # dict like - raise NotImplementedError('Dictionary') - case dbus.Array: - match value.signature: - case dbus.Signature('y'): - v = bytes(int(x) for x in value) - case dbus.Signature('i'): - v = [int(x) for x in value] - case _: - print(repr(value)) - print(repr(value.signature)) - raise NotImplementedError('Array') - # case dbus.UnixFd: - # raise NotImplementedError() - case dbus.String: - v = str(value) - case dbus.Struct: - # tuple like - raise NotImplementedError('Struct') - out_dict[str(key)] = v - machine_names.append(str(machine_name)) - machines_info[str(machine_name)] = out_dict - -out = { - 'machined-machines': machine_names, - 'machined-info': machines_info, -} - -print(yaml.dump(out)) diff --git a/modules/nspawn/manifests/machine.pp b/modules/nspawn/manifests/machine.pp deleted file mode 100644 index 8ba9bf3..0000000 --- a/modules/nspawn/manifests/machine.pp +++ /dev/null @@ -1,38 +0,0 @@ -define nspawn::machine ( - String $os, - Hash $os_opts = {} , - String $machine = $name, - Boolean $enable = false, -) { - - require ::nspawn::setup - - file { "/var/lib/machines/${machine}/puppet": - ensure => directory, - } - - file { "/etc/systemd/nspawn/${machine}.nspawn": - content => @("EOF") - [Exec] - Hostname=${machine}.adrift.space - Boot=true - # /usr/lib/systemd/resolv.conf - ResolvConf=copy-static - - [Files] - # TODO This should only be mounted on puppet servers, in case it - # contains secrets - BindReadOnly=/usr/local/puppet:/puppet - - [Network] - Bridge=br0 - | EOF - } - - create_resources("nspawn::os::${os}", { $machine => $os_opts }) - - service { "systemd-nspawn@${machine}.service": - enable => $enable, - } - -} diff --git a/modules/nspawn/manifests/os/arch.pp b/modules/nspawn/manifests/os/arch.pp deleted file mode 100644 index e5fc210..0000000 --- a/modules/nspawn/manifests/os/arch.pp +++ /dev/null @@ -1,14 +0,0 @@ -define nspawn::os::arch ( - String $machine = $name, -) { - - ensure_packages(['arch-install-scripts']) - - $machine_path = "/var/lib/machines/${machine}" - - exec { "/usr/bin/pacstrap '${machine_path}' base puppet": - creates => "${machine_path}/etc/os-release", - } - - nspawn::util::enable_networkd { $machine: } -} diff --git a/modules/nspawn/manifests/os/debian.pp b/modules/nspawn/manifests/os/debian.pp deleted file mode 100644 index fbab9ac..0000000 --- a/modules/nspawn/manifests/os/debian.pp +++ /dev/null @@ -1,49 +0,0 @@ -define nspawn::os::debian ( - String $os_version, - String $machine = $name, -) { - - ensure_packages(['debootstrap']) - - exec { "/usr/bin/deboostrap ${os_version} /var/lib/machines/${machine}": - creates => "/var/lib/machines/${machine}/etc/os-release", - } - - $puppet_deb = "/var/lib/machines/${machine}/tmp/puppet7-release-${os_version}.deb" - file { $puppet_deb: - ensure => file, - source => "https://apt.puppet.com/puppet7-release-${os_version}.deb" - } - - $running = $facts['machined-info'][$machine] != Undef or $facts['machined-info'][$machine]['State'] == 'running' - - if $running { - # TODO - notify { "Notify skipping ${machine} setup": - message => "Skipping setup for ${machine}, already running", - } - } else { - exec { "Set up puppet repo for ${machine}": - subscribe => File[$puppet_deb], - command => [ '/usr/bin/systemd-nspawn', - '-M', $machine, - '--quiet', - '/bin/sh', '-c', - "dpkg -i '/tmp/puppet7-release-${os_version}.deb' && apt update" - ], - } - - exec { "install puppet-agent on ${machine}": - command => [ '/usr/bin/systemd-nspawn', - '-M', $machine, - '--quiet', - 'apt', 'install', 'puppet-agent', - ], - creates => "/var/lib/machines/${machine}/opt/puppetlabs/bin/puppet", - } - } - - nspawn::util::disable_networking { $machine: } - nspawn::util::enable_networkd { $machine: } - -} diff --git a/modules/nspawn/manifests/setup.pp b/modules/nspawn/manifests/setup.pp deleted file mode 100644 index 9f742fd..0000000 --- a/modules/nspawn/manifests/setup.pp +++ /dev/null @@ -1,16 +0,0 @@ -class nspawn::setup { - - # TODO find better file to use for containers - - file { '/usr/lib/systemd/resolv.conf': - ensure => file, - content => @(EOF) - # File /usr/lib/systemd/resolv.conf managed by puppet - # Local changes will be overwritten - nameserver 10.0.0.40 - search adrift.space - | EOF - } - - -} diff --git a/modules/nspawn/manifests/util/disable_networking.pp b/modules/nspawn/manifests/util/disable_networking.pp deleted file mode 100644 index 4a9b31b..0000000 --- a/modules/nspawn/manifests/util/disable_networking.pp +++ /dev/null @@ -1,22 +0,0 @@ -define nspawn::util::disable_networking ( - String $machine = $name, - String $machine_path = "/var/lib/machines/${machine}", -) { - - - $cmd = if $facts['machined-info'][$machine]['State'] == 'running' { - [ 'systemctl', '-M', $machine, 'disable', 'networking' ] - } else { - [ 'systemd-nspawn', '-M', $machine, '--quiet', - 'systemctl', 'disable', 'networking' ] - } - - exec { "Disable networking on ${machine}": - command => $cmd, - path => [ '/bin', '/usr/bin', ], - # among others - # creates => "${machine_path}/etc/systemd/system/multi-user.target.wants/systemd-networkd.service", - } - -} - diff --git a/modules/nspawn/manifests/util/enable_networkd.pp b/modules/nspawn/manifests/util/enable_networkd.pp deleted file mode 100644 index 8e447b9..0000000 --- a/modules/nspawn/manifests/util/enable_networkd.pp +++ /dev/null @@ -1,38 +0,0 @@ -define nspawn::util::enable_networkd ( - String $machine = $name, - String $machine_path = "/var/lib/machines/${machine}", -) { - - # TODO only do this if the directory is empty - networking::networkd_instance { "Initial networking on ${machine}": - priority => 50, - filename => 'puppet-initial', - path => "${machine_path}/${networking::networkd::path}", - content => { - 'Match' => { - 'Name' => 'host0', - }, - 'Network' => { - 'DHCP' => 'ipv4', - 'IPv6AcceptRA' => 1, - }, - }, - } - - $running = $facts['machined-info'][$machine] != Undef or $facts['machined-info'][$machine]['State'] == 'running' - - $cmd = if $running { - [ 'systemctl', '-M', $machine, 'enable', 'systemd-networkd' ] - } else { - [ 'systemd-nspawn', '-M', $machine, '--quiet', - 'systemctl', 'enable', 'systemd-networkd' ] - } - - exec { "Enable systemd-networkd on ${machine}": - command => $cmd, - path => [ '/bin', '/usr/bin', ], - # among others - creates => "${machine_path}/etc/systemd/system/multi-user.target.wants/systemd-networkd.service", - } - -} diff --git a/modules/nsupdate/manifests/init.pp b/modules/nsupdate/manifests/init.pp deleted file mode 100644 index 08c5080..0000000 --- a/modules/nsupdate/manifests/init.pp +++ /dev/null @@ -1,6 +0,0 @@ -class nsupdate ( - Hash[String,Hash] $instances, - Hash[String,Hash] $secrets, -) { - create_resources(nsupdate::instance, $instances) -} diff --git a/modules/nsupdate/manifests/instance.pp b/modules/nsupdate/manifests/instance.pp deleted file mode 100644 index 7f2f3ff..0000000 --- a/modules/nsupdate/manifests/instance.pp +++ /dev/null @@ -1,64 +0,0 @@ -# type DNSRecordType = ['A', 'AAAA', 'AFSDB', 'APL', 'CAA', 'CDNSKEY', 'CDS', -# 'CERT', 'CNAME', 'CSYNC', 'DHCID', 'DLV', 'DNAME', 'DNSKEY', 'DS', 'EUI48', -# 'EUI64', 'HINFO', 'HIP', 'HTTPS', 'IPSECKEY', 'KEY', 'KX', 'LOC', 'MX', -# 'NAPTR', 'NS', 'NSEC', 'NSEC3', 'NSEC3PARAM', 'OPENPGPKEY', 'PTR', 'RRSIG', -# 'RP', 'SIG', 'SMIMEA', 'SOA', 'SRV', 'SSHFP', 'SVCB', 'TA', 'TKEY', 'TLSA', -# 'TSIG', 'TXT', 'URI', 'ZA', 'AAAA', 'AFSDB', 'APL', 'CAA', 'CDNSKEY', 'CDS', -# 'CERT', 'CNAME', 'CSYNC', 'DHCID', 'DLV', 'DNAME', 'DNSKEY', 'DS', 'EUI48', -# 'EUI64', 'HINFO', 'HIP', 'HTTPS', 'IPSECKEY', 'KEY', 'KX', 'LOC', 'MX', -# 'NAPTR', 'NS', 'NSEC', 'NSEC3', 'NSEC3PARAM', 'OPENPGPKEY', 'PTR', 'RRSIG', -# 'RP', 'SIG', 'SMIMEA', 'SOA', 'SRV', 'SSHFP', 'SVCB', 'TA', 'TKEY', 'TLSA', -# 'TSIG', 'TXT', 'URI', 'ZONEMD'] - -type DNSRecordType = Enum['A'] - -type DNSRecord = Struct[{ - domain => String, - type => DNSRecordType, - ttl => Integer, -}] - -# Sets up a single instance of a reoccuring nsupdate. -# Note that nsupdate::secret.$keyname needs to be made available through hiera -# /etc/puppetlabs/code/environments/production/data/nodes/hornquist.se.yaml -define nsupdate::instance ( - String $nameserver, - Array[DNSRecord] $records, - String $iface = $facts['networking']['primary'], - Enum['present', 'absent'] $ensure = present, - String $keyname = $name, -) { - - require ::nsupdate::setup - - file { "/usr/libexec/nsupdate/${name}": - ensure => $ensure, - mode => '0555', - content => epp('nsupdate/nsupdate.epp', { - iface => $iface, - nameserver => $nameserver, - records => $records, - keyname => $keyname, - }) - } - - $key = $nsupdate::secrets[$keyname] - $secret = Sensitive($key['secret']) - file { "/var/lib/nsupdate/${keyname}.key": - ensure => file, - mode => '0400', - show_diff => false, - content => @("EOF") - key "${keyname}" { - algorithm ${key['algorithm']}; - secret "${secret.unwrap}"; - }; - | EOF - } - - cron { "nsupdate ${name}": - ensure => $ensure, - command => "/usr/libexec/nsupdate/${name}", - minute => 0, - } -} diff --git a/modules/nsupdate/manifests/setup.pp b/modules/nsupdate/manifests/setup.pp deleted file mode 100644 index 9aba4ff..0000000 --- a/modules/nsupdate/manifests/setup.pp +++ /dev/null @@ -1,14 +0,0 @@ -class nsupdate::setup ( -) { - file { '/usr/libexec/nsupdate': - ensure => directory, - } - - file { '/var/lib/nsupdate': - ensure => directory, - } - - ensure_packages(['bind9-dnsutils'], { - ensure => installed, - }) -} diff --git a/modules/nsupdate/templates/nsupdate.epp b/modules/nsupdate/templates/nsupdate.epp deleted file mode 100644 index 66fe4b2..0000000 --- a/modules/nsupdate/templates/nsupdate.epp +++ /dev/null @@ -1,18 +0,0 @@ -<%- | - String $iface, - String $nameserver, - String $keyname, - Array[DNSRecord] $records, -| -%> -#!/bin/bash - -IP=$(ip -j a show dev <%= $iface %> | jq --raw-output '.[0].addr_info[] | select(.family == "inet").local') - -nsupdate "$@" -k '/var/lib/nsupdate/<%= $keyname %>.key' << EOF -server <%= $nameserver %> -<%- $records.each |$record| { -%> -update delete <%= $record['domain'] %> <%= $record['type'] %> -update add <%= $record['domain'] %> <%= $record['ttl'] %> <%= $record['type'] %> ${IP} -<%- } -%> -send -EOF diff --git a/modules/overlay/manifests/init.pp b/modules/overlay/manifests/init.pp deleted file mode 100644 index a85683d..0000000 --- a/modules/overlay/manifests/init.pp +++ /dev/null @@ -1,17 +0,0 @@ -define overlay ( -) { - - { - lowerdir => "${dir}/root/base", - upperdir => "${dir}/root/overlays/${name}", - workdir => "${dir}/root/workdirs/${name}", - nfs_export => 'on', - } - - file_line { - ensure => present, - path => "${dir}/fstab" - line => "overlay root/export/${name} - } - -} diff --git a/modules/pacman/files/mirrorlist b/modules/pacman/files/mirrorlist deleted file mode 100644 index 4ea5d0e..0000000 --- a/modules/pacman/files/mirrorlist +++ /dev/null @@ -1,6 +0,0 @@ -# File managed by puppet, local changes WILL be overwritten - -Server = https://ftp.lysator.liu.se/pub/archlinux/$repo/os/$arch -Server = http://ftp.lysator.liu.se/pub/archlinux/$repo/os/$arch -Server = https://ftp.acc.umu.se/mirror/archlinux/$repo/os/$arch -Server = http://ftp.acc.umu.se/mirror/archlinux/$repo/os/$arch diff --git a/modules/pacman/manifests/hook.pp b/modules/pacman/manifests/hook.pp deleted file mode 100644 index f8478e6..0000000 --- a/modules/pacman/manifests/hook.pp +++ /dev/null @@ -1,80 +0,0 @@ - -type Pacman::Operation = Enum['Install', 'Upgrade', 'Remove'] -# type Variant[Type, Array[Type, 1]] = Variant[Type, Array[Type, 1]] - -type Pacman::Trigger = Struct[{ - type => Enum['Path', 'Package'], - operation => Variant[Pacman::Operation, Array[Pacman::Operation, 1]], - target => Variant[String, Array[String, 1]], -}] - -define pacman::hook ( - Integer $priority = 50, - Optional[String] $description = undef, - Enum['PreTransation', 'PostTransaction'] $when, - String $exec, - Optional[Variant[String, Array[String, 1]]] $depends = undef, - Boolean $abortOnFail = false, # only for PreTransation - Boolean $needsTargets = false, - Variant[Pacman::Trigger, Array[Pacman::Trigger, 1]] $trigger, -) { - - require ::pacman - - if ($abortOnFail and $when != 'PreTransation') { - fail('abortOnFail only valid when "when" => "PreTransation"') - } - - # Normalize triggers to list - $triggers = ($trigger ? { - Array => $trigger, - default => [$trigger], - }).map |$trigger| { - # Normalize contents of each trigger, making - { - type => $trigger['type'], - operation => $trigger['operation'] ? { - Array => $trigger['operation'], - default => [$trigger['operation']], - }, - target => $trigger['target'] ? { - Array => $trigger['target'], - default => [$trigger['target']], - } - } - } - - $triggers.each |$trigger| { - if $trigger['type'] == 'Path' { - $trigger['target'].each |$target| { - if $target[0] == '/' { - fail("Target paths shouldn't start with '/' ${target} in trigger ${name}") - } - } - } - } - - $str = epp('pacman/hook.epp', { - description => $description, - depends => $depends ? { - Optional => [], - Array => $depends, - default => [$depends], - }, - triggers => $triggers, - exec => $exec, - when => $when, - abortOnFail => $abortOnFail, - needsTargets => $needsTargets, - }) - - $chksum = $str.md5() - - file { $chksum: - ensure => 'present', - content => $str, - path => "${pacman::hooks_path}/${priority}-${name}.hook", - checksum => 'md5', - checksum_value => $chksum, - } -} diff --git a/modules/pacman/manifests/init.pp b/modules/pacman/manifests/init.pp deleted file mode 100644 index fb23328..0000000 --- a/modules/pacman/manifests/init.pp +++ /dev/null @@ -1,44 +0,0 @@ -class pacman ( - String $hooks_path = '/etc/pacman.d/hooks-puppet', - String $conf_path = '/etc/pacman.conf', - Boolean $ilovecandy = false, -) { - - ini_setting { 'Pacman HookDir': - path => $conf_path, - section => 'options', - setting => 'HookDir', - value => $hooks_path, - - } - - ini_setting { 'Pacman ILoveCandy': - ensure => if ($ilovecandy) { present } else { absent }, - path => '/etc/pacman.conf', - section => 'options', - setting => 'ILoveCandy', - key_val_separator => '', - value => '', - } - - if versioncmp($facts['pacman-version'], '6.0.0') >= 0 { - ini_setting { 'Pacman parallel downloads': - path => '/etc/pacman.conf', - section => 'options', - setting => 'ParallelDownloads', - value => 8, - } - } - - file { $hooks_path: - ensure => directory, - recurse => true, - purge => true, - } - - file { '/etc/pacman.d/mirrorlist': - ensure => present, - backup => true, - source => 'puppet:///modules/pacman/mirrorlist', - } -} diff --git a/modules/pacman/manifests/repo.pp b/modules/pacman/manifests/repo.pp deleted file mode 100644 index 28f92b0..0000000 --- a/modules/pacman/manifests/repo.pp +++ /dev/null @@ -1,24 +0,0 @@ -define pacman::repo ( - Enum['present', 'absent'] $ensure = 'present', - String $repo_name = $name, - # String $include, - String $server, - String $sig_level, -) { - - ini_setting { - default: - ensure => $ensure, - path => $::pacman::conf_path, - section => $repo_name , - ; - "Pacman repo [${repo_name}] server": - setting => 'Server', - value => $server , - ; - "Pacman repo [${repo_name}] SigLevel": - setting => 'SigLevel', - value => $sig_level , - ; - } -} diff --git a/modules/pacman/templates/hook.epp b/modules/pacman/templates/hook.epp deleted file mode 100644 index 08377d9..0000000 --- a/modules/pacman/templates/hook.epp +++ /dev/null @@ -1,31 +0,0 @@ -<%- | Array[Pacman::Trigger] $triggers, - Optional[String] $description, - String $exec, - Enum['PreTransation', 'PostTransaction'] $when, - Array[String] $depends, - Boolean $abortOnFail, - Boolean $needsTargets, - -| -%> -# Managed by Puppet - -[Trigger] -<%- $triggers.each |$trigger| { -%> -Type = <%= $trigger['type'] %> -<%- $trigger['operation'].each |$op| { -%> -Operation = <%= $op %> -<%- } -%> -<% $trigger['target'].each |$target| { -%> -Target = <%= $target %> -<%- } -%> -<%- } %> - -[Action] -<%- if ($description) { -%>Description = <%= $description %><% } %> -Exec = <%= $exec %> -When = <%= $when %> -<%- $depends.each |$depend| { -%> -Depends = <%= $depend %> -<%- } -%> -<%- if ($abortOnFail) { -%>AbortOnFail<% } %> -<%- if ($needsTargets) { -%>NeedsTargets<% } %> diff --git a/modules/postgresql b/modules/postgresql deleted file mode 160000 -Subproject ecf7ad5db7cb46b9f22d62c921c8bcf899bda7a diff --git a/modules/profiles/files/firewall/rules.v4 b/modules/profiles/files/firewall/rules.v4 deleted file mode 100644 index bdc63cc..0000000 --- a/modules/profiles/files/firewall/rules.v4 +++ /dev/null @@ -1,15 +0,0 @@ -# Generated by iptables-save v1.8.4 on Thu Jun 3 20:27:52 2021 -*filter -:INPUT DROP [120:97784] -:FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [526:114637] --A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT --A INPUT -p udp -m udp --dport 67:68 -j ACCEPT --A INPUT -p icmp -j ACCEPT --A INPUT -p tcp -m tcp --dport 80 -j ACCEPT --A INPUT -p tcp -m tcp --dport 443 -j ACCEPT --A INPUT -p tcp -m tcp --dport 22 -j ACCEPT --A INPUT -p tcp -m tcp --dport 53 -j ACCEPT --A INPUT -p udp -m udp --dport 53 -j ACCEPT -COMMIT -# Completed on Thu Jun 3 20:27:52 2021 diff --git a/modules/profiles/files/node-classifier.py b/modules/profiles/files/node-classifier.py deleted file mode 100644 index 7fc096f..0000000 --- a/modules/profiles/files/node-classifier.py +++ /dev/null @@ -1,44 +0,0 @@ -#!/usr/bin/env python3 - -import yaml -import sys -import configparser - -# https://puppet.com/docs/puppet/7/nodes_external.html - - -def main(args): - if len(args) == 1: - print('usage ./node-classifier <node-name>') - return - - parser = configparser.ConfigParser() - conf_file = '/etc/node-classifier.ini' - if parser.read(conf_file) != [conf_file]: - print(f'Configuration file missing, expected {conf_file}') - return 1 - - try: - fmt = parser.get('common', 'node_fmt') - if fmt != 'yaml': - print(f'Unknown format {fmt}') - return 1 - filename = parser.get('common', 'nodes') - except configparser.NoSectionError as e: - print(e) - return 1 - except NoOptionError as e: - print(e) - return 1 - - with open(filename) as f: - data = yaml.load(f) - - nodename = sys.argv[1] - instance = data.get(nodename) - if not instance: - instance = data.get('default') - print(yaml.dump(instance)) - -if __name__ == '__main__': - sys.exit(main(sys.argv)) diff --git a/modules/profiles/files/passmenu b/modules/profiles/files/passmenu deleted file mode 100755 index 653ebda..0000000 --- a/modules/profiles/files/passmenu +++ /dev/null @@ -1,29 +0,0 @@ -#!/usr/bin/env bash - -shopt -s nullglob globstar - -typeit=0 -if [[ $1 == "--type" ]]; then - typeit=1 - shift -fi - -prefix=${PASSWORD_STORE_DIR-~/.password-store} -password_files=( "$prefix"/**/*.gpg ) -password_files=( "${password_files[@]#"$prefix"/}" ) -password_files=( "${password_files[@]%.gpg}" ) - -password=$(printf '%s\n' "${password_files[@]}" | dmenu "$@") - -[[ -n $password ]] || exit - -if [[ "$password" == *-otp ]]; then - otp='otp' -fi - -if [[ $typeit -eq 0 ]]; then - pass $otp show -c "$password" 2>/dev/null -else - pass $otp show "$password" | { IFS= read -r pass; printf %s "$pass"; } | - xdotool type --clearmodifiers --file - -fi diff --git a/modules/profiles/files/ssh-agent.service b/modules/profiles/files/ssh-agent.service deleted file mode 100644 index d49edc6..0000000 --- a/modules/profiles/files/ssh-agent.service +++ /dev/null @@ -1,13 +0,0 @@ -# https://unix.stackexchange.com/questions/339840/how-to-start-and-use-ssh-agent-as-systemd-service - -[Unit] -Description=SSH key agent - -[Service] -Type=simple -Environment=SSH_AUTH_SOCK=%t/ssh-agent.socket -# ExecStart=/usr/bin/ssh-agent -D -a $SSH_AUTH_SOCK -ExecStart=/usr/bin/ssh-agent -D -a $SSH_AUTH_SOCK - -[Install] -WantedBy=default.target diff --git a/modules/profiles/lib/facter/pacman_version.rb b/modules/profiles/lib/facter/pacman_version.rb deleted file mode 100644 index 1d17b04..0000000 --- a/modules/profiles/lib/facter/pacman_version.rb +++ /dev/null @@ -1,7 +0,0 @@ -Facter.add('pacman-version') do - if File.exists?('/bin/pacman') then - setcode do - `pacman -Qi pacman | awk -F' : ' '/^Version/ { print $2 }'`.strip() - end - end -end diff --git a/modules/profiles/manifests/client.pp b/modules/profiles/manifests/client.pp deleted file mode 100644 index f0a9b93..0000000 --- a/modules/profiles/manifests/client.pp +++ /dev/null @@ -1,9 +0,0 @@ -class profiles::client { - - class { 'puppet': - server => false, - agent => true, - puppetmaster => $facts['extlib__puppet_config']['main']['server'], - } - -} diff --git a/modules/profiles/manifests/common.pp b/modules/profiles/manifests/common.pp deleted file mode 100644 index 4cb5226..0000000 --- a/modules/profiles/manifests/common.pp +++ /dev/null @@ -1,43 +0,0 @@ -class profiles::common ( - String $timezone, - Array[String] $locales = [ 'en_US.UTF-8', ], -) { - - file_line { 'hosts ourself': - ensure => present, - line => "::1\t${facts['name']}\t${::fqdn}", - path => '/etc/hosts', - } - - file { '/etc/localtime': - ensure => link, - target => "/usr/share/zoneinfo/${timezone}", - } - - # TODO possibly check in /usr/share/i18n/locales if file exists - # there - - $fixed_locales = ($locales.map |$locale| { - if $locale =~ /^[^.]*\.(.*)$/ { - "${locale} ${1}" - } else { - "${locale} UTF-8" - } - } + [ '' ]) - - file { '/etc/locale.gen': - content => $fixed_locales.join("\n") - } ~> exec { 'locale-gen': - path => [ '/bin', '/usr/bin', ], - refreshonly => true, - } - - file { 'Default locales': - path => '/etc/locale.conf', - content => @(EOF) - LANG=en_US.UTF-8 - LC_TIME=sv_SE.UTF-8 - | EOF - } - -} diff --git a/modules/profiles/manifests/dns_zones.pp b/modules/profiles/manifests/dns_zones.pp deleted file mode 100644 index 8e9edf8..0000000 --- a/modules/profiles/manifests/dns_zones.pp +++ /dev/null @@ -1,12 +0,0 @@ -class profiles::dns_zones ( - Hash $zones, - Hash $default = {}, -) { - create_resources(dns::zone, $zones, $default) - - $rev_zone = dns::reverse_dns($facts['networking']['network6'])[32,-1] - dns::zone { $rev_zone: - reverse => true, - } - -} diff --git a/modules/profiles/manifests/dolphin.pp b/modules/profiles/manifests/dolphin.pp deleted file mode 100644 index f1fdcf8..0000000 --- a/modules/profiles/manifests/dolphin.pp +++ /dev/null @@ -1,70 +0,0 @@ -# Configure the file manager dolphin -class profiles::dolphin { - ensure_packages ([ - 'dolphin', - 'kde-cli-tools', - 'ffmpegthumbs', - 'kdegraphics-thumbnailers', - 'konsole', - 'breeze-icons', - ], { ensure => installed }) - - - $dolphin_settings = { - 'General' => { - 'BrowseThroughArchives' => 'true', - 'GlobalViewProps' => 'false', - 'HomeUrl' => '/usr/net/video', - 'OpenExternallyCalledFolderInNewTab' => 'false', - 'RememberOpenedTabs' => 'false', - 'ShowFullPath' => 'true', - }, - 'MainWindow' => { - 'MenuBar' => 'Disabled', - 'ToolBarsMovable' => 'Disabled', - }, - 'VersionControl' => { - 'enabledPlugins' => [ - 'Dropbox', - 'Git', - ] - }, - 'PreviewSettings' => { - 'Plugins' => [ - 'appimagethumbnail', - 'audiothumbnail', - 'blenderthumbnail', - 'comicbookthumbnail', - 'djvuthumbnail', - 'ebookthumbnail', - 'exrthumbnail', - 'directorythumbnail', - 'fontthumbnail', - 'imagethumbnail', - 'jpegthumbnail', - 'kraorathumbnail', - 'windowsexethumbnail', - 'windowsimagethumbnail', - 'opendocumentthumbnail', - 'gsthumbnail', - 'svgthumbnail', - 'textthumbnail', - 'ffmpegthumbs', - ] - } - } - - $dolphin_settings.map |$category, $group| { - $group.map |$setting, $value| { - ini_setting { "Dolphin [${category}].${setting}": - path => '/etc/xdg/dolphinrc', - section => $category, - setting => $setting, - value => $value ? { - Array => $value.join(','), - String => $value, - } - } - } - } -} diff --git a/modules/profiles/manifests/fcgiwrap.pp b/modules/profiles/manifests/fcgiwrap.pp deleted file mode 100644 index fa667d1..0000000 --- a/modules/profiles/manifests/fcgiwrap.pp +++ /dev/null @@ -1,8 +0,0 @@ -class profiles::fcgiwrap { - ensure_packages(['fcgiwrap']) - - service { 'fcgiwrap.socket': - ensure => running, - enable => true, - } -} diff --git a/modules/profiles/manifests/firewall.pp b/modules/profiles/manifests/firewall.pp deleted file mode 100644 index 6c9d7e6..0000000 --- a/modules/profiles/manifests/firewall.pp +++ /dev/null @@ -1,19 +0,0 @@ -class profiles::firewall { - ensure_packages ([ - 'iptables-persistent', - 'fail2ban', - ], { ensure => installed }) - - file { '/etc/iptables/rules.v4': - source => 'puppet:///modules/profiles/firewall/rules.v4', - } ~> exec { 'reload firewall': - command => '/usr/share/netfilter-persistent/plugins.d/15-ip4tables restart', - refreshonly => true, - } - - service { 'fail2ban': - ensure => running, - enable => true, - } - -} diff --git a/modules/profiles/manifests/group_profile.pp b/modules/profiles/manifests/group_profile.pp deleted file mode 100644 index 2025a4b..0000000 --- a/modules/profiles/manifests/group_profile.pp +++ /dev/null @@ -1,16 +0,0 @@ -class profiles::group_profile { - file { '/etc/profile.d/group-env.sh': - ensure => 'file', - content => @(EOF) - for group in $(groups $(id -nu)) - do - f="/etc/profile.d/group.d/${group}" - test -f "$f" && . $f - done - | EOF - } - - file { '/etc/profile.d/group.d': - ensure => 'directory', - } -} diff --git a/modules/profiles/manifests/imagemagick.pp b/modules/profiles/manifests/imagemagick.pp deleted file mode 100644 index 7663cf8..0000000 --- a/modules/profiles/manifests/imagemagick.pp +++ /dev/null @@ -1,17 +0,0 @@ -class profiles::imagemagick { - package { 'imagemagick': - ensure => installed, - } - - file { '/etc/ImageMagick-7/policy.xml': - content => epp('profiles/imagemagick-policy.xml', { - policies => [ - { - domain => 'coder', - rights => 'read | write', - pattern => 'PDF' - }, - ] - }), - } -} diff --git a/modules/profiles/manifests/letsencrypt.pp b/modules/profiles/manifests/letsencrypt.pp deleted file mode 100644 index 48aa3a8..0000000 --- a/modules/profiles/manifests/letsencrypt.pp +++ /dev/null @@ -1,35 +0,0 @@ -class profiles::letsencrypt ( - String $certname, - Array[String] $domains, - Enum['nginx','apache'] $provider, - Optional[String] $nginx_plugin = undef, - Optional[String] $apache_plugin = undef, -) { - - include ::letsencrypt - - $plugin = $provider - $post_hook = $provider ? { - 'nginx' => 'systemctl restart nginx.service', - 'apache' => 'systemctl restart apache2.service', - } - - case $provider { - 'apache': { - ensure_packages ([$apache_plugin]) - } - 'nginx': { - ensure_packages ([$nginx_plugin]) - } - } - - letsencrypt::certonly { $certname: - ensure => present, - domains => $domains, - manage_cron => true, - plugin => $plugin, - additional_args => [ '--quiet', ], - # pre_hook_commands => [ 'systemctl stop nginx.service', ], - post_hook_commands => [ $post_hook, ], - } -} diff --git a/modules/profiles/manifests/mysql.pp b/modules/profiles/manifests/mysql.pp deleted file mode 100644 index 01372d0..0000000 --- a/modules/profiles/manifests/mysql.pp +++ /dev/null @@ -1,8 +0,0 @@ -class profiles::mysql { - require ::mysql::server - - mysql_user { 'root@localhost': - ensure => present, - plugin => 'unix_socket', - } -} diff --git a/modules/profiles/manifests/phpfpm.pp b/modules/profiles/manifests/phpfpm.pp deleted file mode 100644 index 2aaf0df..0000000 --- a/modules/profiles/manifests/phpfpm.pp +++ /dev/null @@ -1,21 +0,0 @@ -class profiles::phpfpm ( - String $version = '7.4', -) { - - # The packageg php-fpm also exists, which simply pulls in php7.4-fpm - - ensure_packages(["php${version}-fpm"]) - - service { "php${version}-fpm": - ensure => running, - enable => true, - } - - systemd::dropin_file { 'runtime-dir.conf': - unit => 'php${version}-fpm.service', - content => @(EOF) - [Service] - RuntimeDirectory=php - | EOF - } -} diff --git a/modules/profiles/manifests/puppetboard.pp b/modules/profiles/manifests/puppetboard.pp deleted file mode 100644 index d477632..0000000 --- a/modules/profiles/manifests/puppetboard.pp +++ /dev/null @@ -1,57 +0,0 @@ -class profiles::puppetboard { - # https://forge.puppet.com/modules/puppet/puppetboard/readme - # Configure Apache - class { 'apache': - default_vhost => false, - purge_configs => true, - } - - $wsgi = $facts['os']['family'] ? { - 'Debian' => { - package_name => 'libapache2-mod-wsgi-py3', - mod_path => '/usr/lib/apache2/modules/mod_wsgi.so', - }, - default => {} - } - - class { 'apache::mod::wsgi': - * => $wsgi, - } - - # Configure puppetboard - - class { 'puppetboard': - manage_git => true, - manage_virtualenv => true, - require => Class['puppetdb'], - puppetdb_port => 8080, - # Required for /metrics/ to work - puppetdb_host => '127.0.0.1', - enable_catalog => true, - python_loglevel => 'info', - offline_mode => true, - } - - class { '::profiles::letsencrypt': - provider => apache, - } - - $certname = lookup('certname') - class { 'puppetboard::apache::vhost': - vhost_name => $::fqdn, - port => 443, - ssl => true, - ssl_cert => "/etc/letsencrypt/live/${certname}/cert.pem", - ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", - ssl_chain => "/etc/letsencrypt/live/${certname}/fullchain.pem", - } - - apache::vhost { "http-redirect": - servername => $::fqdn, - port => 80, - redirect_source => ['/'], - redirect_dest => ["https://${::fqdn}/"], - redirect_status => ['permanent'], - docroot => false, - } -} diff --git a/modules/profiles/manifests/puppetdb.pp b/modules/profiles/manifests/puppetdb.pp deleted file mode 100644 index ddfb73c..0000000 --- a/modules/profiles/manifests/puppetdb.pp +++ /dev/null @@ -1,10 +0,0 @@ -class profiles::puppetdb { - # exec { 'puppetdb ssl-setup': - # creates => '/etc/puppetlabs/puppetdb/ssl/{ca,private,public}.pem' - # } - - class { 'puppetdb': - listen_address => '::', - disable_ssl => false, - } -} diff --git a/modules/profiles/manifests/puppetserver.pp b/modules/profiles/manifests/puppetserver.pp deleted file mode 100644 index 82de2b5..0000000 --- a/modules/profiles/manifests/puppetserver.pp +++ /dev/null @@ -1,46 +0,0 @@ -class profiles::puppetserver ( - Hash $hiera, -) { - # required for the git hook - ensure_packages(['ruby']) - - file { '/usr/libexec': - ensure => directory, - } - - ensure_packages(['python3-yaml']) - - inifile::create_ini_settings( - { common => { - node_fmt => yaml, - nodes => '/puppet/nodes.yaml', - }, - }, - { - path => '/etc/node-classifier.ini', - } - ) - - file { '/usr/libexec/external-node-classifier': - mode => '0555', - source => 'puppet:///modules/profiles/node-classifier.py', - } - - class { 'puppet': - server => true, - server_foreman => false, - server_reports => 'puppetdb', - server_storeconfigs => true, - server_git_repo => true, - server_git_repo_path => '/var/lib/puppet.git', - server_external_nodes => '/usr/libexec/external-node-classifier', - server_strict_variables => true, - } - - file { "/etc/puppetlabs/puppet/hiera.yaml": - ensure => file, - content => hash2yaml($hiera, { - 'header' => '# This file is managed by puppet', - }), - } -} diff --git a/modules/profiles/manifests/remarkable.pp b/modules/profiles/manifests/remarkable.pp deleted file mode 100644 index d88486f..0000000 --- a/modules/profiles/manifests/remarkable.pp +++ /dev/null @@ -1,30 +0,0 @@ -define profiles::remarkable ( - String $prefix = '10.11.99', - String $addr = '2', -) { - - file_line { 'remarkable usb': - ensure => present, - path => '/etc/hosts', - line => "${prefix}.1 remarkable.usb", - } - - file_line { 'remarkable usb self': - ensure => present, - path => '/etc/hosts', - line => "${prefix}.${addr} host.usb", - } - - # TODO Shouldn't we just use DHCP as intended here? - networking::networkd_instance { 'remarkable-usb': - content => { - 'Match' => { - 'Name' => 'enp3s0f0u4', - }, - 'Network' => { - 'Description' => 'Remarkable USB connection', - 'Address' => "${prefix}.${addr}/29", - }, - }, - } -} diff --git a/modules/profiles/manifests/shiori.pp b/modules/profiles/manifests/shiori.pp deleted file mode 100644 index df9b718..0000000 --- a/modules/profiles/manifests/shiori.pp +++ /dev/null @@ -1,46 +0,0 @@ -class profiles::shiori ( - String $server_name, - Array[String] $group_members = [], - $port = 8080, -) { - - class { 'shiori': - port => $port, - } - - group { 'shiori': - ensure => present, - members => $group_members, - } - - include ::profiles::group_profile - - file { '/etc/profile.d/group.d/shiori': - ensure => file, - content => "export SHIORI_DIR=${shiori::dir}\n", - } - - include ::nginx - - $certname = lookup('certname') - - nginx::resource::server { $server_name: - ipv6_enable => true, - ipv6_listen_options => '', - ssl => true, - ssl_redirect => true, - ssl_cert => "/etc/letsencrypt/live/${certname}/fullchain.pem", - ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", - www_root => $shiori::dir, - use_default_location => false, - } - - nginx::resource::location { 'shiori /': - location => '/', - proxy => "http://[::]:$port", - index_files => [], - ssl => true, - ssl_only => true, - server => $server_name, - } -} diff --git a/modules/profiles/manifests/ssh.pp b/modules/profiles/manifests/ssh.pp deleted file mode 100644 index 1cf0fbf..0000000 --- a/modules/profiles/manifests/ssh.pp +++ /dev/null @@ -1,18 +0,0 @@ -class profiles::ssh { - include ::ssh - - $authorized_keys = lookup('ssh_authorized_keys', Array[Hash], undef, []) - - ssh::client::config::user { 'root': - user_home_dir => '/root' - } - - $authorized_keys.each |$key| { - ssh_authorized_key { $key['name']: - user => $key['user'], - type => $key['type'], - key => $key['key'], - } - } -} - diff --git a/modules/profiles/manifests/syncthing.pp b/modules/profiles/manifests/syncthing.pp deleted file mode 100644 index 7d8183e..0000000 --- a/modules/profiles/manifests/syncthing.pp +++ /dev/null @@ -1,28 +0,0 @@ -class profiles::syncthing ( - Array[String] $enable_for = [] -) { - - # TODO add repo for those systems that need it - - package { 'syncthing': - ensure => installed - } - - systemd::dropin_file { 'nospam.conf': - unit => 'syncthing@.service', - content => @(EOF) - [Service] - ExecStart= - ExecStart=/bin/bash -c 'set -o pipefail; /usr/bin/syncthing -no-browser -no-restart -logflags=0 | grep -v "INFO: "' - | EOF - } - - $enable_for.map |$user| { - service { "syncthing@${user}": - enable => true, - } - } - - # TODO manage synced data - -} diff --git a/modules/profiles/manifests/synth.pp b/modules/profiles/manifests/synth.pp deleted file mode 100644 index eb01f8f..0000000 --- a/modules/profiles/manifests/synth.pp +++ /dev/null @@ -1,33 +0,0 @@ -class profiles::synth { - - package { 'freepats-general-midi': - ensure => installed, - } - - file { '/etc/conf.d/fluidsynth': - content => @(EOF) - SOUND_FONT=/usr/share/soundfonts/freepats-general-midi.sf2 - OTHER_OPTS='-a alsa' - | EOF - } - - # TODO pull in aur package from - # https://git.hornquist.se/archpkg/aconnect-service/ - - # TODO setup the rest - - # - template: - # dest: ~/.config/aconnect/impact - # source: aconnect - # vars: - # input_unit: Impact LX25 - # output_unit: FLUID Synth - # - # - systemd: - # name: aconnect@{{ impact }} - # scope: user - # enabled: yes - # become: yes - # become_user: hugo - -} diff --git a/modules/profiles/manifests/transmission.pp b/modules/profiles/manifests/transmission.pp deleted file mode 100644 index f79517b..0000000 --- a/modules/profiles/manifests/transmission.pp +++ /dev/null @@ -1,71 +0,0 @@ -class profiles::transmission ( - Optional[String] $nginx_server = undef, - Enum['None', 'Error', 'Info', 'Debug'] $msg_level = 'Error', -) { - - $transmission_url = '/transmission' - $transmission_port = 9091 - - if ($nginx_server) { - require ::nginx - - nginx::resource::location { $transmission_url: - proxy => "http://localhost:${transmission_port}${transmission_url}", - proxy_set_header => [], - server => $nginx_server, - ssl => true, - ssl_only => true, - } - } - - ensure_packages(['transmission-cli'], - { ensure => installed }) - - systemd::dropin_file { 'transmission-after.conf': - unit => 'transmission.service', - content => @(EOF) - [Unit] - After=network-online.target - | EOF - } - - systemd::dropin_file { 'transmission-flags.conf': - unit => 'transmission.service', - content => @(EOF) - [Service] - ExecStart= - ExecStart=/usr/bin/transmission-daemon -f - | EOF - } - - # TODO whitelists are currently disabled, since they don't seem to - # work. Possibly turn them on again some day. - - # https://github.com/transmission/transmission/wiki/Editing-Configuration-File - file { '/var/lib/transmission/.config/transmission-daemon/settings.json': - content => epp('profiles/transmission.json.epp', { - rpc_username => 'hugo', - # '{' + sha1(password + salt) - # But I don't know how I managed to generate it, since - # transmission rolls its own crypto - rpc_password => '{eb43101d3b9aa02223466d7f98c5329c841c7967/Zr2tFpn', - download_dir => '/usr/net/', - rpc_whitelist => ['127.0.0.1', '::1'], - rpc_port => $transmission_port, - rpc_url => "${transmission_url}/", - msg_level => case $msg_level { - 'None': { 0 } - 'Error': { 1 } - 'Info': { 2 } - 'Debug': { 3 } - }, - }), - } ~> exec { '/bin/systemctl reload transmission': - refreshonly => true, - } - - service { 'transmission': - ensure => 'running', - enable => true, - } -} diff --git a/modules/profiles/manifests/workstation.pp b/modules/profiles/manifests/workstation.pp deleted file mode 100644 index 167faef..0000000 --- a/modules/profiles/manifests/workstation.pp +++ /dev/null @@ -1,137 +0,0 @@ -class profiles::workstation ( -) { - $os = $facts['os']['name'].downcase() - include "::profiles::workstation::${os}" - - include ::profiles::group_profile - - if ($facts['systemd']) { - file { 'User ssh-agent service': - path => '/etc/systemd/user/ssh-agent.service', - source => "puppet:///modules/profiles/ssh-agent.service", - } - } - - # NOTE Hard coding checksums here kind of defeats the point of - # pulling in data from above (since we no longer get updates), - # but since GitHub doesn't send checksum headers the files gets - # updated every time otherwise, which creates noise. - - file { 'Dvorak A6 TTY keyboard layout': - ensure => file, - path => '/usr/share/kbd/keymaps/i386/dvorak/dvorak-sv-a6.map', - checksum => 'md5', - checksum_value => '96be6c1aa81522db46673c0f68e3336a', - source => 'https://raw.githubusercontent.com/HugoNikanor/keymaps/master/linux-tty/dvorak-sv-a6.map', - } - - file { 'Dvorak A6 X11 keyboard layout': - ensure => file, - path => '/usr/share/X11/xkb/symbols/planck', - checksum => 'md5', - checksum_value => '1f1023f6958916de592695cedbc94e5c', - source => 'https://raw.githubusercontent.com/HugoNikanor/keymaps/master/X11/planck', - } - - $xkb_layout = 'planck' - $xkb_variant = 'dvorak_a6' - $xkb_options = 'compose:caps' - - file { '/etc/X11/xorg.conf.d': - ensure => directory, - recurse => false, - } - - file { 'X11 Raise max clients': - ensure => file, - path => '/etc/X11/xorg.conf.d/99-maxclients.conf', - content => @(EOF) - Section "ServerFlags" - Option "MaxClients" "2048" - EndSection - | EOF - } - - file { 'Default X11 keymap': - ensure => file, - path => '/etc/X11/xorg.conf.d/00-keyboard.conf', - content => @("EOF") - Section "InputClass" - Identifier "system-keyboard" - MatchIsKeyboard "on" - Option "XkbLayout" "${xkb_layout}" - Option "XkbModel" "pc105" - Option "XkbVariant" "${xkb_variant}" - Option "XkbOptions" "${xkb_options}" - EndSection - | EOF - } - - file { 'Model M X11 keymap': - ensure => file, - path => '/etc/X11/xorg.conf.d/01-model-m.conf', - content => @(EOF) - Section "InputClass" - Identifier "Model M" - MatchUSBID "17f6:0822" - Option "XkbLayout" "us" - Option "XkbVariant" "dvorak" - EndSection - | EOF - } - - file { 'Setup console': - ensure => file, - path => '/etc/vconsole.conf', - content => epp('profiles/keyvalue.epp', { 'values' => { - 'KEYMAP' => 'dvorak-sv-a6', - 'FONT' => 'lat9v-12', - }}), - } - - $cowpath = [ - '/usr/share/cows', - '/usr/local/share/cows', - ] - - file { '/etc/environment': - content => epp('profiles/keyvalue.epp', { values => { - 'COWPATH' => $cowpath.join(':'), - 'MANWIDTH' => 80, - 'MPD_HOST' => 'jukebox.lysator.liu.se', - 'PAGER' => 'less', - 'EDITOR' => '/usr/bin/vi', - 'VISUAL' => '/usr/bin/vim', - }}) - } - - service { 'systemd-resolved': - enable => mask, - } - - file { 'Passmenu with OTP support': - path => '/usr/local/bin/passmenu', - mode => '0555', - source => 'puppet:///modules/profiles/passmenu', - } - - file { '/etc/sudoers': - validate_cmd => '/usr/bin/visudo -cf %', - content => @(EOF) - Defaults insults - root ALL=(ALL) ALL - %root ALL=(ALL) ALL - %wheel ALL=(ALL) ALL - - @includedir /etc/sudoers.d - | EOF - } - - - systemd_mount { '/usr/net': - what => 'elrond:/files', - where => '/usr/net', - wantedBy => 'remote-fs.target', - automount => true, - } -} diff --git a/modules/profiles/manifests/workstation/archlinux.pp b/modules/profiles/manifests/workstation/archlinux.pp deleted file mode 100644 index 0919efd..0000000 --- a/modules/profiles/manifests/workstation/archlinux.pp +++ /dev/null @@ -1,51 +0,0 @@ -class profiles::workstation::archlinux { - - pacman::hook { 'systemd daemon-reload': - description => 'Reload systemd user daemon', - exec => '/bin/sudo systemctl --machine=hugo@.host --user daemon-reload', - when => 'PostTransaction', - trigger => { - operation => 'Upgrade', - type => 'Path', - target => 'usr/lib/systemd/user/*', - }, - } - - package { 'kernel-modules-hook': - ensure => installed, - } -> service { 'linux-modules-cleanup': - enable => true, - } - - $cpus = $facts['processors']['count'] - 1 - file_line { 'Makepkg paralell': - path => '/etc/makepkg.conf', - after => '^#-- Make flags', - line => "MAKEFLAGS='-j${cpus}'" - } - - pacman::repo { 'adrift-space': - ensure => present, - server => 'http://repo.gandalf.adrift.space/arch', - sig_level => 'Optional', - } - - # remove - # - netctl - - # aur-packages -# - pacaur -# - ansible-aur-git -# - cyrus-sasl-xoauth2-git -# - todotxt -# - effitask -# - getmail -# - mu -# # - pacaur -# - pandoc-bin -# - tlclient -# # backups old modules on kernel update -# - kernel-modules-hook - - -} diff --git a/modules/profiles/manifests/xmonad.pp b/modules/profiles/manifests/xmonad.pp deleted file mode 100644 index be8d516..0000000 --- a/modules/profiles/manifests/xmonad.pp +++ /dev/null @@ -1,29 +0,0 @@ -# Setup xmonad, only tested on arch linux -class profiles::xmonad { - ensure_packages ([ - 'xmonad', - 'xmonad-contrib', - # apparently really needed by xmonad - 'xorg-fonts-misc', - 'ghc', - 'xorg-xmessage', - 'dzen2', - 'dmenu', - 'rofi', - ], { ensure => installed }) - - # Rebuilt my local xmonad config after an upgrade to xmonad. - # It's required, I think due to something with dynamic linking. - # It's actually pretty ugly that I'm hardcoded in here, but - # something had to be done. - pacman::hook { 'xmonad': - description => 'Rebuild local xmonad config.', - when => 'PostTransaction', - exec => '/bin/sudo -Hu hugo xmonad --recompile', - trigger => { - type => 'Package', - operation => ['Upgrade', 'Install'], - target => 'xmonad*', - }, - } -} diff --git a/modules/profiles/templates/aconnect.epp b/modules/profiles/templates/aconnect.epp deleted file mode 100644 index 044ada6..0000000 --- a/modules/profiles/templates/aconnect.epp +++ /dev/null @@ -1,8 +0,0 @@ -<%- | String $input_unit, - String $output_unit -| -%> -# Where data comes from -INPUT_UNIT='<%= $input_unit %>' -# Where it should go -OUTPUT_UNIT='<%= $output_unit %>' - diff --git a/modules/profiles/templates/imagemagick-policy.xml.epp b/modules/profiles/templates/imagemagick-policy.xml.epp deleted file mode 100644 index cbea9e9..0000000 --- a/modules/profiles/templates/imagemagick-policy.xml.epp +++ /dev/null @@ -1,89 +0,0 @@ -<%- | Array[Hash] $policies | -%> -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE policymap [ - <!ELEMENT policymap (policy)*> - <!ATTLIST policymap xmlns CDATA #FIXED ''> - <!ELEMENT policy EMPTY> - <!ATTLIST policy xmlns CDATA #FIXED '' domain NMTOKEN #REQUIRED - name NMTOKEN #IMPLIED pattern CDATA #IMPLIED rights NMTOKEN #IMPLIED - stealth NMTOKEN #IMPLIED value CDATA #IMPLIED> -]> -<!-- - Configure ImageMagick policies. - - Domains include system, delegate, coder, filter, path, or resource. - - Rights include none, read, write, execute and all. Use | to combine them, - for example: "read | write" to permit read from, or write to, a path. - - Use a glob expression as a pattern. - - Suppose we do not want users to process MPEG video images: - - <policy domain="delegate" rights="none" pattern="mpeg:decode" /> - - Here we do not want users reading images from HTTP: - - <policy domain="coder" rights="none" pattern="HTTP" /> - - The /repository file system is restricted to read only. We use a glob - expression to match all paths that start with /repository: - - <policy domain="path" rights="read" pattern="/repository/*" /> - - Lets prevent users from executing any image filters: - - <policy domain="filter" rights="none" pattern="*" /> - - Any large image is cached to disk rather than memory: - - <policy domain="resource" name="area" value="1GP"/> - - Use the default system font unless overwridden by the application: - - <policy domain="system" name="font" value="/usr/share/fonts/favorite.ttf"/> - - Define arguments for the memory, map, area, width, height and disk resources - with SI prefixes (.e.g 100MB). In addition, resource policies are maximums - for each instance of ImageMagick (e.g. policy memory limit 1GB, -limit 2GB - exceeds policy maximum so memory limit is 1GB). - - Rules are processed in order. Here we want to restrict ImageMagick to only - read or write a small subset of proven web-safe image types: - - <policy domain="delegate" rights="none" pattern="*" /> - <policy domain="filter" rights="none" pattern="*" /> - <policy domain="coder" rights="none" pattern="*" /> - <policy domain="coder" rights="read|write" pattern="{GIF,JPEG,PNG,WEBP}" /> ---> -<policymap> - <!-- Sample policies --> - <!-- <policy domain="resource" name="temporary-path" value="/tmp"/> --> - <!-- <policy domain="resource" name="memory" value="2GiB"/> --> - <!-- <policy domain="resource" name="map" value="4GiB"/> --> - <!-- <policy domain="resource" name="width" value="10KP"/> --> - <!-- <policy domain="resource" name="height" value="10KP"/> --> - <!-- <policy domain="resource" name="list-length" value="128"/> --> - <!-- <policy domain="resource" name="area" value="100MP"/> --> - <!-- <policy domain="resource" name="disk" value="16EiB"/> --> - <!-- <policy domain="resource" name="file" value="768"/> --> - <!-- <policy domain="resource" name="thread" value="4"/> --> - <!-- <policy domain="resource" name="throttle" value="0"/> --> - <!-- <policy domain="resource" name="time" value="3600"/> --> - <!-- <policy domain="coder" rights="none" pattern="MVG" /> --> - <!-- <policy domain="module" rights="none" pattern="{PS,PDF,XPS}" /> --> - <!-- <policy domain="delegate" rights="none" pattern="HTTPS" /> --> - <!-- <policy domain="path" rights="none" pattern="@*" /> --> - <!-- <policy domain="cache" name="memory-map" value="anonymous"/> --> - <!-- <policy domain="cache" name="synchronize" value="True"/> --> - <!-- <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/> --> - <!-- <policy domain="system" name="max-memory-request" value="256MiB"/> --> - <!-- <policy domain="system" name="shred" value="2"/> --> - <!-- <policy domain="system" name="precision" value="6"/> --> - <!-- <policy domain="system" name="font" value="/path/to/unicode-font.ttf"/> --> - <!-- Below policies generated from puppet --> - <% $policies.map |$policy| { %> - <policy domain="<%= $policy['domain'] %>" rights="<%= $policy['rights'] %>" pattern="<%= $policy['pattern'] %>" /> - <%- } %> -</policymap> -<!-- NOTE File managed by puppet, any manual changes will be overwritten. --> diff --git a/modules/profiles/templates/keyvalue.epp b/modules/profiles/templates/keyvalue.epp deleted file mode 100644 index 694978a..0000000 --- a/modules/profiles/templates/keyvalue.epp +++ /dev/null @@ -1,4 +0,0 @@ -<%- | Hash $values | -%> -<% $values.map |$key, $value| { -%> -<%= $key %>=<%= $value %> -<%- } %> diff --git a/modules/profiles/templates/transmission.json.epp b/modules/profiles/templates/transmission.json.epp deleted file mode 100644 index 885ad5e..0000000 --- a/modules/profiles/templates/transmission.json.epp +++ /dev/null @@ -1,77 +0,0 @@ -<%- | String $rpc_username, - String $rpc_password, - String $download_dir, - Integer $rpc_port, - String $rpc_url, - Integer $msg_level = 1, - Optional[String] $incomplete_dir = undef, - Optional[Array[String]] $rpc_whitelist = undef, -| -%> -{ - "alt-speed-down": 50, - "alt-speed-enabled": false, - "alt-speed-time-begin": 540, - "alt-speed-time-day": 127, - "alt-speed-time-enabled": false, - "alt-speed-time-end": 1020, - "alt-speed-up": 50, - "bind-address-ipv4": "0.0.0.0", - "bind-address-ipv6": "::", - "blocklist-enabled": false, - "blocklist-url": "http://www.example.com/blocklist", - "cache-size-mb": 4, - "dht-enabled": true, - "download-dir": "<%= $download_dir -%>", - "download-queue-enabled": true, - "download-queue-size": 5, - "encryption": 1, - "idle-seeding-limit": 30, - "idle-seeding-limit-enabled": false, - "incomplete-dir": "<%= $incomplete_dir -%>", - "incomplete-dir-enabled": <%= if ($incomplete_dir) { 'true' } else { 'false' } -%>, - "lpd-enabled": false, - "message-level": <%= $msg_level -%>, - "peer-congestion-algorithm": "", - "peer-id-ttl-hours": 6, - "peer-limit-global": 200, - "peer-limit-per-torrent": 50, - "peer-port": 51413, - "peer-port-random-high": 65535, - "peer-port-random-low": 49152, - "peer-port-random-on-start": false, - "peer-socket-tos": "default", - "pex-enabled": true, - "port-forwarding-enabled": true, - "preallocation": 1, - "prefetch-enabled": true, - "queue-stalled-enabled": true, - "queue-stalled-minutes": 30, - "ratio-limit": 2, - "ratio-limit-enabled": false, - "rename-partial-files": true, - "rpc-authentication-required": true, - "rpc-bind-address": "::", - "rpc-enabled": true, - "rpc-host-whitelist": "", - "rpc-host-whitelist-enabled": false, - "rpc-password": "<%= $rpc_password -%>", - "rpc-port": <%= $rpc_port -%>, - "rpc-url": "<%= $rpc_url -%>", - "rpc-username": "<%= $rpc_username -%>", - "rpc-whitelist": "<%= $rpc_whitelist.join(',') -%>", - "rpc-whitelist-enabled": <%= if ($rpc_whitelist) { 'false' } else { 'false' }-%>, - "scrape-paused-torrents-enabled": true, - "script-torrent-done-enabled": false, - "script-torrent-done-filename": "", - "seed-queue-enabled": false, - "seed-queue-size": 10, - "speed-limit-down": 100, - "speed-limit-down-enabled": false, - "speed-limit-up": 100, - "speed-limit-up-enabled": false, - "start-added-torrents": true, - "trash-original-torrent-files": false, - "umask": 18, - "upload-slots-per-torrent": 14, - "utp-enabled": true -} diff --git a/modules/puppet b/modules/puppet deleted file mode 160000 -Subproject 16dd0ea27eeaea5e307d9268da2c3041e45f15a diff --git a/modules/puppetboard b/modules/puppetboard deleted file mode 160000 -Subproject 2e009bffd36e314aea828c2bcc0d976e482363f diff --git a/modules/puppetdb b/modules/puppetdb deleted file mode 160000 -Subproject 74a62e9f9c8bf9c0864362b26a07c7b98864ddc diff --git a/modules/python b/modules/python deleted file mode 160000 -Subproject f87c9c2963be633394dad44a1a8ed047291f838 diff --git a/modules/rss_filter/files/config.scm b/modules/rss_filter/files/config.scm deleted file mode 100644 index 9b20bcf..0000000 --- a/modules/rss_filter/files/config.scm +++ /dev/null @@ -1,52 +0,0 @@ -(define-module (config) - :export (feeds)) - -(use-modules - (sxml xpath) - (ice-9 regex) - - (rss-filter feed-handler) - - ((ice-9 i18n) :select (make-locale)) - ((texinfo string-utils) :select (escape-special-chars)) - - ((calp util) :select (->)) - ((datetime) :select (datetime datetime->string - string->datetime))) - - -(define feeds - (list - (make-feed - "https://lwn.net/headlines/Features" - `((rss:item - . ,(lambda (key . children) - (define tag (cons key children)) - (call-with-values (lambda () (apply values ((sxpath '(rss:title *text*)) tag))) - (case-lambda (() tag) - ((title . _) - (if (string-match (escape-special-chars "^[$]" "[]$" #\\) - title) - '() tag)))))))) - - (make-feed - "https://swordscomic.com/comic/feed/" - `((rss:pubDate - . ,(lambda (key . children) - (list key - (-> (car children) - (string->datetime "~b. ~d, ~Y, ~H:~M ~p" (make-locale LC_TIME "en_US.UTF-8")) - (datetime->string "~Y-~m-~dT~H:~M:~S"))))) - - (rss:description - . ,(lambda (key . children) - (cons key - ;; Each entry has a <style/> tag at the - ;; beggining, which brakes the short preview on - ;; NetNewsWire. This removes it - (cond ((string-match "</style>" (car children)) - => (lambda (m) - (list (string-drop (car children) (match:end m))))) - (else children))))) - )) - )) diff --git a/modules/rss_filter/files/rss-filter.service b/modules/rss_filter/files/rss-filter.service deleted file mode 100644 index 541da3d..0000000 --- a/modules/rss_filter/files/rss-filter.service +++ /dev/null @@ -1,7 +0,0 @@ -[Unit] -Description=Fetch and filter RSS feeds - -[Service] -EnvironmentFile=/etc/rss-filter/environment -ExecStart=/usr/bin/rss-filter --output $OUTDIR --config-dir /etc/rss-filter -Type=oneshot diff --git a/modules/rss_filter/files/rss-filter.timer b/modules/rss_filter/files/rss-filter.timer deleted file mode 100644 index a793107..0000000 --- a/modules/rss_filter/files/rss-filter.timer +++ /dev/null @@ -1,5 +0,0 @@ -[Timer] -OnCalendar=*:0/30 - -[Install] -WantedBy=default.target diff --git a/modules/rss_filter/manifests/init.pp b/modules/rss_filter/manifests/init.pp deleted file mode 100644 index 2663dea..0000000 --- a/modules/rss_filter/manifests/init.pp +++ /dev/null @@ -1,32 +0,0 @@ -class rss_filter { - - # Once I get it into the repos - # ensure_packages(['rss-filter']) - - systemd::unit_file { 'rss-filter.service': - source => "puppet:///modules/${module_name}/rss-filter.service", - } - - systemd::unit_file { 'rss-filter.timer': - source => "puppet:///modules/${module_name}/rss-filter.timer", - } - - file { '/etc/rss-filter': - ensure => directory, - } - - file { '/etc/rss-filter/environment': - ensure => file, - content => "OUTDIR=/var/www/adrift.space/rss\n", - } - - file { '/etc/rss-filter/config.scm': - ensure => file, - source => "puppet:///modules/${module_name}/config.scm", - } - - service { 'rss-filter.timer': - ensure => running, - enable => true, - } -} diff --git a/modules/shiori/files/shiori.service b/modules/shiori/files/shiori.service deleted file mode 100644 index 6c8de29..0000000 --- a/modules/shiori/files/shiori.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Bookmark server - -[Service] -User=shiori -Environment=SHIORI_DIR=/var/www/shiori -Environment=PORT=8080 -EnvironmentFile=-/etc/conf.d/shiori -ExecStart=shiori serve -p $PORT -Restart=always - -[Install] -WantedBy=multi-user.target diff --git a/modules/shiori/manifests/init.pp b/modules/shiori/manifests/init.pp deleted file mode 100644 index 69d5fde..0000000 --- a/modules/shiori/manifests/init.pp +++ /dev/null @@ -1,65 +0,0 @@ -class shiori ( - $port = 8080, - $dir = '/var/www/shiori', -) { - - - # on arch this is available through the aur - package { 'shiori-bin': - ensure => installed, - } - - user { 'shiori': - ensure => present, - system => true, - home => $dir, - } - - file { $dir: - ensure => directory, - owner => shiori, - group => shiori, - mode => '0750', - } - - file { [ - "${dir}/archive", - "${dir}/thumb", - ] : - ensure => directory, - owner => shiori, - group => shiori, - mode => '0770', - } - - file { "${dir}/shiori.db": - owner => 'shiori', - group => 'shiori', - mode => '0660', - } - - file { '/etc/systemd/system/shiori.service': - ensure => file, - source => 'puppet:///modules/shiori/shiori.service', - } - - file { '/etc/conf.d/shiori': - ensure => 'file', - content => @("EOF") - # This file is managed by Puppet. - PORT=${port} - SHIORI_DIR=${dir} - | EOF - } - - service { 'shiori': - ensure => running, - enable => true, - require => [ - File['/etc/systemd/system/shiori.service'], - File['/etc/conf.d/shiori'], - ], - } - - # Users could be managed here, through shioris HTTP API -} diff --git a/modules/ssh b/modules/ssh deleted file mode 160000 -Subproject b84d4dcea802ce0a12e7d1d96bd71e993cd579b diff --git a/modules/stdlib b/modules/stdlib deleted file mode 160000 -Subproject 15e13b2b63f0f4b24e68a46cd4c2703682006d8 diff --git a/modules/syslinux/files/mkinitcpio.linux b/modules/syslinux/files/mkinitcpio.linux deleted file mode 100644 index 81554d7..0000000 --- a/modules/syslinux/files/mkinitcpio.linux +++ /dev/null @@ -1,14 +0,0 @@ -# mkinitcpio preset file for the 'linux' package - -ALL_config="/etc/mkinitcpio.conf" -ALL_kver="/boot/efi/EFI/arch/vmlinuz-linux" - -PRESETS=('default' 'fallback') - -#default_config="/etc/mkinitcpio.conf" -default_image="/boot/efi/EFI/arch/initramfs-linux.img" -#default_options="" - -#fallback_config="/etc/mkinitcpio.conf" -fallback_image="/boot/efi/EFI/arch/initramfs-linux-fallback.img" -fallback_options="-S autodetect" diff --git a/modules/syslinux/lib/facter/blkid.rb b/modules/syslinux/lib/facter/blkid.rb deleted file mode 100644 index 0940707..0000000 --- a/modules/syslinux/lib/facter/blkid.rb +++ /dev/null @@ -1,18 +0,0 @@ -Facter.add('blkid') do - setcode do - lines = Facter::Core::Execution.execute('blkid').split("\n") - out = {} - lines.each do |line| - a = line.match(/^([^:]*):(.*)/) - d = {} - remaining = a[2] - while m = remaining.match(/ (\w*)="([^"]*)"/) do - d[m[1]] = m[2] - remaining = m.post_match - end - out[a[1]] = d - end - out - end -end - diff --git a/modules/syslinux/lib/facter/efibootmgr.rb b/modules/syslinux/lib/facter/efibootmgr.rb deleted file mode 100644 index 81a3dc3..0000000 --- a/modules/syslinux/lib/facter/efibootmgr.rb +++ /dev/null @@ -1,21 +0,0 @@ -if Facter::Core::Execution.which('efibootmgr') then - Facter.add('efi') do - setcode do - out = {} - data = Facter::Core::Execution.execute('efibootmgr') - boots = {} - data.split("\n").each do |item| - if a = item.match(/BootOrder: (.*)/) then - out['BootOrder'] = a[1].split(',') - elsif a = item.match(/(\w*): (.*)/) then - out[a[1]] = a[2] - elsif a = item.match(/Boot(\d*)(\*?) (.*)/) - # a[2] contains if it's active - boots[a[1]] = a[3] - end - end - out['boots'] = boots - out - end - end -end diff --git a/modules/syslinux/lib/facter/partid.rb b/modules/syslinux/lib/facter/partid.rb deleted file mode 100644 index 53fc37c..0000000 --- a/modules/syslinux/lib/facter/partid.rb +++ /dev/null @@ -1,16 +0,0 @@ -Facter.add('partinfo') do - setcode do - obj = {} - Dir.entries('/sys/class/block/').each do |entry| - if entry == '.' or entry == '..' then next end - path = "/sys/class/block/#{entry}/partition" - if File.file?(path) then - obj[entry] = { - 'partid' => File.read(path).strip(), - 'device' => File.basename(File.dirname(File.readlink("/sys/class/block/#{entry}"))), - } - end - end - obj - end -end diff --git a/modules/syslinux/manifests/init.pp b/modules/syslinux/manifests/init.pp deleted file mode 100644 index 8428b5c..0000000 --- a/modules/syslinux/manifests/init.pp +++ /dev/null @@ -1,119 +0,0 @@ -type Bootentry = Struct[{ - 'label' => String, - 'type' => Enum['linux','com'], - # linux specific - 'extra_args' => Optional[String], - 'initrd' => Optional[String], - # com specific - 'com' => Optional[String], -}] - -class syslinux ( - String $kernel = 'linux', - String $efi_root = '/boot/efi', - String $bootentry = 'syslinux', - - Hash[String,Bootentry,1] $boot_entries, - String $default_boot_entry = $boot_entries.map |$k, $_| { $k }[0], -) { - - $efi_dev = $facts['mountpoints'][$efi_root] - if ! $efi_dev { - fail("A device needs to be mounted on efi_root [${efi_root}]") - } - # $efi_dev['device'] - - ensure_packages ([ - $kernel, - mkinitcpio, - syslinux, - efibootmgr, - ], { - ensure => installed, - }) - - file { "/etc/mkinitcpio.d/${kernel}.preset": - ensure => file, - source => "puppet:///modules/${module_name}/mkinitcpio.${kernel}", - } - - # cp -r /usr/lib/syslinux/efi64 ${efi_root}/EFI/syslinux - - $device = $facts['mountpoints']['/']['device'] - $partuuid = $facts['blkid'][$device]['PARTUUID'] - - $entries = $boot_entries.map |$key, $entry| { - case $entry['type'] { - 'linux': { - $extra_args = $entry['extra_args'] - $initrd = $entry['initrd'] - $hash = { - 'APPEND' => "root=PARTUUID=${partuuid} rw ${extra_args}", - 'INITRD' => "../arch/${initrd}", - 'LINUX' => "../arch/vmlinuz-${kernel}", - } - } - 'com': { - $com = $entry['com'] - $hash = { - 'COM32' => "${com}.c32", - } - } - } - - $common = { 'MENU LABEL' => $entry['label'], } - [$key, $common + $hash] - }.convert_to(Hash) - - file { "${efi_root}/EFI/syslinux/syslinux.cfg": - content => epp("${module_name}/syslinux.cfg.epp", { - 'default' => $default_boot_entry, - 'entries' => $entries, - }) - } - - file { "${efi_root}/EFI/arch": - ensure => directory, - } - - $has_syslinux = $facts['efi']['boots'].any |$_, $value| { - $value == $bootentry - } - - $partition = $facts['partinfo'][basename($efi_dev['device'])] - - if ! $has_syslinux { - $efi_device = $partition['device'] - $partid = $partition['partid'] - exec { "efibootmgr --disk '/dev/${efi_device}' --part ${partid} --create --label '${bootentry}' --loader /EFI/syslinux/syslinux.efi": - path => [ '/usr/bin', '/bin', ], - } - } - - file { '/usr/libexec': - ensure => directory, - } - - file { '/usr/libexec/move-kernel': - ensure => file, - mode => '0555', - content => @("EOF"/$) - #!/bin/sh - IFS='\n' read data - cp "/\$data" "${efi_root}/EFI/arch/vmlinuz-${kernel}" - | EOF - } - - pacman::hook { 'install-kernel': - priority => 60, # something less than /usr/share/libalpm/hooks/90-mkinitcpio-install.hook - trigger => { - type => 'Path', - operation => [ 'Install', 'Upgrade' ], - target => [ 'usr/lib/modules/*/vmlinuz', ], - }, - description => 'Moving kernel to EFI', - when => 'PostTransaction', - exec => '/usr/libexec/move-kernel', - needsTargets => true , - } -} diff --git a/modules/syslinux/templates/syslinux.cfg.epp b/modules/syslinux/templates/syslinux.cfg.epp deleted file mode 100644 index 0d0b946..0000000 --- a/modules/syslinux/templates/syslinux.cfg.epp +++ /dev/null @@ -1,60 +0,0 @@ -<%- | String $default, - Hash $entries, -| -%> -# Config file for Syslinux - -# /boot/syslinux/syslinux.cfg -# -# Comboot modules: -# * menu.c32 - provides a text menu -# * vesamenu.c32 - provides a graphical menu -# * chain.c32 - chainload MBRs, partition boot sectors, Windows bootloaders -# * hdt.c32 - hardware detection tool -# * reboot.c32 - reboots the system -# -# To Use: Copy the respective files from /usr/lib/syslinux to /boot/syslinux. -# If /usr and /boot are on the same file system, symlink the files instead -# of copying them. -# -# If you do not use a menu, a 'boot:' prompt will be shown and the system -# will boot automatically after 5 seconds. -# -# Please review the wiki: https://wiki.archlinux.org/index.php/Syslinux -# The wiki provides further configuration examples - -DEFAULT <%= $default %> -PROMPT 0 # Set to 1 if you always want to display the boot: prompt -TIMEOUT 50 -# You can create syslinux keymaps with the keytab-lilo tool -#KBDMAP de.ktl - -# Menu Configuration -# Either menu.c32 or vesamenu32.c32 must be copied to /boot/syslinux -UI menu.c32 -#UI vesamenu.c32 - -# Refer to http://syslinux.zytor.com/wiki/index.php/Doc/menu -MENU TITLE Arch Linux -#MENU BACKGROUND splash.png -MENU COLOR border 30;44 #40ffffff #a0000000 std -MENU COLOR title 1;36;44 #9033ccff #a0000000 std -MENU COLOR sel 7;37;40 #e0ffffff #20ffffff all -MENU COLOR unsel 37;44 #50ffffff #a0000000 std -MENU COLOR help 37;40 #c0ffffff #a0000000 std -MENU COLOR timeout_msg 37;40 #80ffffff #00000000 std -MENU COLOR timeout 1;37;40 #c0ffffff #00000000 std -MENU COLOR msg07 37;40 #90ffffff #a0000000 std -MENU COLOR tabmsg 31;40 #30ffffff #00000000 std - -# boot sections follow -# -# TIP: If you want a 1024x768 framebuffer, add "vga=773" to your kernel line. -# -#-* - - -<%- $entries.each |$name, $entry| { -%> -LABEL <%= $name %> - <%- $entry.each |$k, $v| { -%> - <%= $k %> <%= $v %> - <%- } -%> -<%- } -%> diff --git a/modules/systemd b/modules/systemd deleted file mode 160000 -Subproject 469b0f271797e8dac57ba6c29822c92e9619989 diff --git a/modules/systemd_mount/manifests/init.pp b/modules/systemd_mount/manifests/init.pp deleted file mode 100644 index ff081e4..0000000 --- a/modules/systemd_mount/manifests/init.pp +++ /dev/null @@ -1,42 +0,0 @@ -define systemd_mount ( - String $what, # elrond:/files - String $where, # /usr/net - Boolean $automount = false, - String $wantedBy = 'default.target', -) { - - $mostly_fixed = regsubst($where, '/', '-', 'G') - $fixed = if $mostly_fixed[0] == '-' { - $mostly_fixed[1, -1] # drop first char - } else { - $mostly_fixed - } - - systemd::unit_file { "${fixed}.mount": - content => epp('systemd_mount/mount.epp', { - what => $what, - where => $where, - wantedby => if ($automount) { '' } else { "WantedBy=${wantedBy}" }, - }), - } - - if ($automount) { - systemd::unit_file { "${fixed}.automount": - content => epp('systemd_mount/automount.epp', { - where => $where, - wantedBy => "WantedBy=${wantedBy}", - }), - } - - service { "${fixed}.automount": - enable => true, - ensure => running, - } - } else { - service { "${fixed}.mount": - enable => true, - ensure => running, - } - } - -} diff --git a/modules/systemd_mount/templates/automount.epp b/modules/systemd_mount/templates/automount.epp deleted file mode 100644 index c65f2ae..0000000 --- a/modules/systemd_mount/templates/automount.epp +++ /dev/null @@ -1,11 +0,0 @@ -<%- | String $where, - String $wantedBy, -| -%> - -[Unit] - -[Install] -<%= $wantedBy %> - -[Automount] -Where=<%= $where %> diff --git a/modules/systemd_mount/templates/mount.epp b/modules/systemd_mount/templates/mount.epp deleted file mode 100644 index 54d191a..0000000 --- a/modules/systemd_mount/templates/mount.epp +++ /dev/null @@ -1,13 +0,0 @@ -<%- | String $where, - String $what, - String $wantedby, -| -%> - -[Unit] - -[Install] -<%= $wantedby %> - -[Mount] -Where=<%= $where %> -What=<%= $what %> diff --git a/modules/vcsrepo b/modules/vcsrepo deleted file mode 160000 -Subproject 52102eede67b000e2447df5f9cc0a622ca2b7df diff --git a/modules/wpa_supplicant/manifests/init.pp b/modules/wpa_supplicant/manifests/init.pp deleted file mode 100644 index e78f23f..0000000 --- a/modules/wpa_supplicant/manifests/init.pp +++ /dev/null @@ -1,6 +0,0 @@ -class wpa_supplicant ( - Hash[String,Hash] $interfaces, - String $ctrl_interface = '/run/wpa_supplicant', -) { - create_resources(wpa_supplicant::interface, $interfaces) -} diff --git a/modules/wpa_supplicant/manifests/interface.pp b/modules/wpa_supplicant/manifests/interface.pp deleted file mode 100644 index 10373d1..0000000 --- a/modules/wpa_supplicant/manifests/interface.pp +++ /dev/null @@ -1,20 +0,0 @@ -define wpa_supplicant::interface ( - String $interface = $name, - Array[Hash] $networks = [], -) { - service { "wpa_supplicant@${interface}.service": - ensure => running, - enable => true, - } - - file { "/etc/wpa_supplicant/wpa_supplicant-${interface}.conf": - ensure => file, - content => epp('wpa_supplicant/wpa_supplicant.conf.epp', { - networks => $networks - }), - } ~> exec { "Reload wpa_supplicant for ${interface}": - command => [ 'wpa_cli', 'reconfigure', '-i', $interface, ], - path => [ '/bin', '/usr/bin', ], - refreshonly => true, - } -} diff --git a/modules/wpa_supplicant/templates/wpa_supplicant.conf.epp b/modules/wpa_supplicant/templates/wpa_supplicant.conf.epp deleted file mode 100644 index 48680bb..0000000 --- a/modules/wpa_supplicant/templates/wpa_supplicant.conf.epp +++ /dev/null @@ -1,15 +0,0 @@ -<%- | Array[Hash] $networks | -%> -# FILE MANAGED BY PUPPET - -ctrl_interface=DIR=<%= $wpa_supplicant::ctrl_interface %> GROUP=wheel -update_config=0 -ap_scan=1 -eapol_version=2 - -<% $networks.each |$network| { %> -network={ - <%- $network.each |$k, $v| { -%> - <%= $k %>=<%= $v %> - <%- } -%> -} -<% } %> @@ -1,26 +0,0 @@ -#!/bin/bash - -# Needed on ubuntu, since this path is not set for root -# Arch installs puppet in /usr/bin/puppet. -export PATH="/opt/puppetlabs/bin/:$PATH" - -osid=$(awk -F= '/^ID=/ { print $2 }' /etc/os-release) - -# This is the WRONG way to do it, but it sholud work for now -case $osid in - ubuntu) - modpath=/etc/puppetlabs/code/environments/production/modules - ;; - arch) - modpath=/etc/puppetlabs/code/modules/ - ;; -esac - -set -x - -sudo env PATH="/opt/puppetlabs/bin/:$PATH" \ - puppet apply \ - --modulepath="$PWD/modules:${modpath}" \ - manifests \ - --verbose \ - "$@" |
