diff options
| author | Hugo Hörnquist <hugo@lysator.liu.se> | 2022-01-12 02:26:25 +0100 |
|---|---|---|
| committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2022-01-12 02:26:25 +0100 |
| commit | dd28dcf3d620a4ac7d0a1532b812213cf094cd3c (patch) | |
| tree | a3fa8c8ef446de2bcc2f317bceb4bca868f7e0f0 /modules/profiles | |
| parent | Move webdav into profiles. (diff) | |
| download | webdav_server-dd28dcf3d620a4ac7d0a1532b812213cf094cd3c.tar.gz webdav_server-dd28dcf3d620a4ac7d0a1532b812213cf094cd3c.tar.xz | |
Revert "Move webdav into profiles."
It actually reverts the non-need for the nginx module webdav_ext. Since
Omnifocus requires PROPFIND.
This reverts commit edf6ffe8b399679ba28cc5e558a6838919dd1ee8.
Diffstat (limited to 'modules/profiles')
33 files changed, 0 insertions, 1173 deletions
diff --git a/modules/profiles/files/firewall/rules.v4 b/modules/profiles/files/firewall/rules.v4 deleted file mode 100644 index bdc63cc..0000000 --- a/modules/profiles/files/firewall/rules.v4 +++ /dev/null @@ -1,15 +0,0 @@ -# Generated by iptables-save v1.8.4 on Thu Jun 3 20:27:52 2021 -*filter -:INPUT DROP [120:97784] -:FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [526:114637] --A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT --A INPUT -p udp -m udp --dport 67:68 -j ACCEPT --A INPUT -p icmp -j ACCEPT --A INPUT -p tcp -m tcp --dport 80 -j ACCEPT --A INPUT -p tcp -m tcp --dport 443 -j ACCEPT --A INPUT -p tcp -m tcp --dport 22 -j ACCEPT --A INPUT -p tcp -m tcp --dport 53 -j ACCEPT --A INPUT -p udp -m udp --dport 53 -j ACCEPT -COMMIT -# Completed on Thu Jun 3 20:27:52 2021 diff --git a/modules/profiles/files/node-classifier.py b/modules/profiles/files/node-classifier.py deleted file mode 100644 index 7fc096f..0000000 --- a/modules/profiles/files/node-classifier.py +++ /dev/null @@ -1,44 +0,0 @@ -#!/usr/bin/env python3 - -import yaml -import sys -import configparser - -# https://puppet.com/docs/puppet/7/nodes_external.html - - -def main(args): - if len(args) == 1: - print('usage ./node-classifier <node-name>') - return - - parser = configparser.ConfigParser() - conf_file = '/etc/node-classifier.ini' - if parser.read(conf_file) != [conf_file]: - print(f'Configuration file missing, expected {conf_file}') - return 1 - - try: - fmt = parser.get('common', 'node_fmt') - if fmt != 'yaml': - print(f'Unknown format {fmt}') - return 1 - filename = parser.get('common', 'nodes') - except configparser.NoSectionError as e: - print(e) - return 1 - except NoOptionError as e: - print(e) - return 1 - - with open(filename) as f: - data = yaml.load(f) - - nodename = sys.argv[1] - instance = data.get(nodename) - if not instance: - instance = data.get('default') - print(yaml.dump(instance)) - -if __name__ == '__main__': - sys.exit(main(sys.argv)) diff --git a/modules/profiles/files/passmenu b/modules/profiles/files/passmenu deleted file mode 100755 index 653ebda..0000000 --- a/modules/profiles/files/passmenu +++ /dev/null @@ -1,29 +0,0 @@ -#!/usr/bin/env bash - -shopt -s nullglob globstar - -typeit=0 -if [[ $1 == "--type" ]]; then - typeit=1 - shift -fi - -prefix=${PASSWORD_STORE_DIR-~/.password-store} -password_files=( "$prefix"/**/*.gpg ) -password_files=( "${password_files[@]#"$prefix"/}" ) -password_files=( "${password_files[@]%.gpg}" ) - -password=$(printf '%s\n' "${password_files[@]}" | dmenu "$@") - -[[ -n $password ]] || exit - -if [[ "$password" == *-otp ]]; then - otp='otp' -fi - -if [[ $typeit -eq 0 ]]; then - pass $otp show -c "$password" 2>/dev/null -else - pass $otp show "$password" | { IFS= read -r pass; printf %s "$pass"; } | - xdotool type --clearmodifiers --file - -fi diff --git a/modules/profiles/files/ssh-agent.service b/modules/profiles/files/ssh-agent.service deleted file mode 100644 index d49edc6..0000000 --- a/modules/profiles/files/ssh-agent.service +++ /dev/null @@ -1,13 +0,0 @@ -# https://unix.stackexchange.com/questions/339840/how-to-start-and-use-ssh-agent-as-systemd-service - -[Unit] -Description=SSH key agent - -[Service] -Type=simple -Environment=SSH_AUTH_SOCK=%t/ssh-agent.socket -# ExecStart=/usr/bin/ssh-agent -D -a $SSH_AUTH_SOCK -ExecStart=/usr/bin/ssh-agent -D -a $SSH_AUTH_SOCK - -[Install] -WantedBy=default.target diff --git a/modules/profiles/lib/facter/pacman_version.rb b/modules/profiles/lib/facter/pacman_version.rb deleted file mode 100644 index 1d17b04..0000000 --- a/modules/profiles/lib/facter/pacman_version.rb +++ /dev/null @@ -1,7 +0,0 @@ -Facter.add('pacman-version') do - if File.exists?('/bin/pacman') then - setcode do - `pacman -Qi pacman | awk -F' : ' '/^Version/ { print $2 }'`.strip() - end - end -end diff --git a/modules/profiles/manifests/client.pp b/modules/profiles/manifests/client.pp deleted file mode 100644 index f0a9b93..0000000 --- a/modules/profiles/manifests/client.pp +++ /dev/null @@ -1,9 +0,0 @@ -class profiles::client { - - class { 'puppet': - server => false, - agent => true, - puppetmaster => $facts['extlib__puppet_config']['main']['server'], - } - -} diff --git a/modules/profiles/manifests/common.pp b/modules/profiles/manifests/common.pp deleted file mode 100644 index 4cb5226..0000000 --- a/modules/profiles/manifests/common.pp +++ /dev/null @@ -1,43 +0,0 @@ -class profiles::common ( - String $timezone, - Array[String] $locales = [ 'en_US.UTF-8', ], -) { - - file_line { 'hosts ourself': - ensure => present, - line => "::1\t${facts['name']}\t${::fqdn}", - path => '/etc/hosts', - } - - file { '/etc/localtime': - ensure => link, - target => "/usr/share/zoneinfo/${timezone}", - } - - # TODO possibly check in /usr/share/i18n/locales if file exists - # there - - $fixed_locales = ($locales.map |$locale| { - if $locale =~ /^[^.]*\.(.*)$/ { - "${locale} ${1}" - } else { - "${locale} UTF-8" - } - } + [ '' ]) - - file { '/etc/locale.gen': - content => $fixed_locales.join("\n") - } ~> exec { 'locale-gen': - path => [ '/bin', '/usr/bin', ], - refreshonly => true, - } - - file { 'Default locales': - path => '/etc/locale.conf', - content => @(EOF) - LANG=en_US.UTF-8 - LC_TIME=sv_SE.UTF-8 - | EOF - } - -} diff --git a/modules/profiles/manifests/dns_zones.pp b/modules/profiles/manifests/dns_zones.pp deleted file mode 100644 index 8e9edf8..0000000 --- a/modules/profiles/manifests/dns_zones.pp +++ /dev/null @@ -1,12 +0,0 @@ -class profiles::dns_zones ( - Hash $zones, - Hash $default = {}, -) { - create_resources(dns::zone, $zones, $default) - - $rev_zone = dns::reverse_dns($facts['networking']['network6'])[32,-1] - dns::zone { $rev_zone: - reverse => true, - } - -} diff --git a/modules/profiles/manifests/dolphin.pp b/modules/profiles/manifests/dolphin.pp deleted file mode 100644 index f1fdcf8..0000000 --- a/modules/profiles/manifests/dolphin.pp +++ /dev/null @@ -1,70 +0,0 @@ -# Configure the file manager dolphin -class profiles::dolphin { - ensure_packages ([ - 'dolphin', - 'kde-cli-tools', - 'ffmpegthumbs', - 'kdegraphics-thumbnailers', - 'konsole', - 'breeze-icons', - ], { ensure => installed }) - - - $dolphin_settings = { - 'General' => { - 'BrowseThroughArchives' => 'true', - 'GlobalViewProps' => 'false', - 'HomeUrl' => '/usr/net/video', - 'OpenExternallyCalledFolderInNewTab' => 'false', - 'RememberOpenedTabs' => 'false', - 'ShowFullPath' => 'true', - }, - 'MainWindow' => { - 'MenuBar' => 'Disabled', - 'ToolBarsMovable' => 'Disabled', - }, - 'VersionControl' => { - 'enabledPlugins' => [ - 'Dropbox', - 'Git', - ] - }, - 'PreviewSettings' => { - 'Plugins' => [ - 'appimagethumbnail', - 'audiothumbnail', - 'blenderthumbnail', - 'comicbookthumbnail', - 'djvuthumbnail', - 'ebookthumbnail', - 'exrthumbnail', - 'directorythumbnail', - 'fontthumbnail', - 'imagethumbnail', - 'jpegthumbnail', - 'kraorathumbnail', - 'windowsexethumbnail', - 'windowsimagethumbnail', - 'opendocumentthumbnail', - 'gsthumbnail', - 'svgthumbnail', - 'textthumbnail', - 'ffmpegthumbs', - ] - } - } - - $dolphin_settings.map |$category, $group| { - $group.map |$setting, $value| { - ini_setting { "Dolphin [${category}].${setting}": - path => '/etc/xdg/dolphinrc', - section => $category, - setting => $setting, - value => $value ? { - Array => $value.join(','), - String => $value, - } - } - } - } -} diff --git a/modules/profiles/manifests/fcgiwrap.pp b/modules/profiles/manifests/fcgiwrap.pp deleted file mode 100644 index fa667d1..0000000 --- a/modules/profiles/manifests/fcgiwrap.pp +++ /dev/null @@ -1,8 +0,0 @@ -class profiles::fcgiwrap { - ensure_packages(['fcgiwrap']) - - service { 'fcgiwrap.socket': - ensure => running, - enable => true, - } -} diff --git a/modules/profiles/manifests/firewall.pp b/modules/profiles/manifests/firewall.pp deleted file mode 100644 index 6c9d7e6..0000000 --- a/modules/profiles/manifests/firewall.pp +++ /dev/null @@ -1,19 +0,0 @@ -class profiles::firewall { - ensure_packages ([ - 'iptables-persistent', - 'fail2ban', - ], { ensure => installed }) - - file { '/etc/iptables/rules.v4': - source => 'puppet:///modules/profiles/firewall/rules.v4', - } ~> exec { 'reload firewall': - command => '/usr/share/netfilter-persistent/plugins.d/15-ip4tables restart', - refreshonly => true, - } - - service { 'fail2ban': - ensure => running, - enable => true, - } - -} diff --git a/modules/profiles/manifests/group_profile.pp b/modules/profiles/manifests/group_profile.pp deleted file mode 100644 index 2025a4b..0000000 --- a/modules/profiles/manifests/group_profile.pp +++ /dev/null @@ -1,16 +0,0 @@ -class profiles::group_profile { - file { '/etc/profile.d/group-env.sh': - ensure => 'file', - content => @(EOF) - for group in $(groups $(id -nu)) - do - f="/etc/profile.d/group.d/${group}" - test -f "$f" && . $f - done - | EOF - } - - file { '/etc/profile.d/group.d': - ensure => 'directory', - } -} diff --git a/modules/profiles/manifests/imagemagick.pp b/modules/profiles/manifests/imagemagick.pp deleted file mode 100644 index 7663cf8..0000000 --- a/modules/profiles/manifests/imagemagick.pp +++ /dev/null @@ -1,17 +0,0 @@ -class profiles::imagemagick { - package { 'imagemagick': - ensure => installed, - } - - file { '/etc/ImageMagick-7/policy.xml': - content => epp('profiles/imagemagick-policy.xml', { - policies => [ - { - domain => 'coder', - rights => 'read | write', - pattern => 'PDF' - }, - ] - }), - } -} diff --git a/modules/profiles/manifests/letsencrypt.pp b/modules/profiles/manifests/letsencrypt.pp deleted file mode 100644 index 48aa3a8..0000000 --- a/modules/profiles/manifests/letsencrypt.pp +++ /dev/null @@ -1,35 +0,0 @@ -class profiles::letsencrypt ( - String $certname, - Array[String] $domains, - Enum['nginx','apache'] $provider, - Optional[String] $nginx_plugin = undef, - Optional[String] $apache_plugin = undef, -) { - - include ::letsencrypt - - $plugin = $provider - $post_hook = $provider ? { - 'nginx' => 'systemctl restart nginx.service', - 'apache' => 'systemctl restart apache2.service', - } - - case $provider { - 'apache': { - ensure_packages ([$apache_plugin]) - } - 'nginx': { - ensure_packages ([$nginx_plugin]) - } - } - - letsencrypt::certonly { $certname: - ensure => present, - domains => $domains, - manage_cron => true, - plugin => $plugin, - additional_args => [ '--quiet', ], - # pre_hook_commands => [ 'systemctl stop nginx.service', ], - post_hook_commands => [ $post_hook, ], - } -} diff --git a/modules/profiles/manifests/mysql.pp b/modules/profiles/manifests/mysql.pp deleted file mode 100644 index 01372d0..0000000 --- a/modules/profiles/manifests/mysql.pp +++ /dev/null @@ -1,8 +0,0 @@ -class profiles::mysql { - require ::mysql::server - - mysql_user { 'root@localhost': - ensure => present, - plugin => 'unix_socket', - } -} diff --git a/modules/profiles/manifests/phpfpm.pp b/modules/profiles/manifests/phpfpm.pp deleted file mode 100644 index 2aaf0df..0000000 --- a/modules/profiles/manifests/phpfpm.pp +++ /dev/null @@ -1,21 +0,0 @@ -class profiles::phpfpm ( - String $version = '7.4', -) { - - # The packageg php-fpm also exists, which simply pulls in php7.4-fpm - - ensure_packages(["php${version}-fpm"]) - - service { "php${version}-fpm": - ensure => running, - enable => true, - } - - systemd::dropin_file { 'runtime-dir.conf': - unit => 'php${version}-fpm.service', - content => @(EOF) - [Service] - RuntimeDirectory=php - | EOF - } -} diff --git a/modules/profiles/manifests/puppetboard.pp b/modules/profiles/manifests/puppetboard.pp deleted file mode 100644 index d477632..0000000 --- a/modules/profiles/manifests/puppetboard.pp +++ /dev/null @@ -1,57 +0,0 @@ -class profiles::puppetboard { - # https://forge.puppet.com/modules/puppet/puppetboard/readme - # Configure Apache - class { 'apache': - default_vhost => false, - purge_configs => true, - } - - $wsgi = $facts['os']['family'] ? { - 'Debian' => { - package_name => 'libapache2-mod-wsgi-py3', - mod_path => '/usr/lib/apache2/modules/mod_wsgi.so', - }, - default => {} - } - - class { 'apache::mod::wsgi': - * => $wsgi, - } - - # Configure puppetboard - - class { 'puppetboard': - manage_git => true, - manage_virtualenv => true, - require => Class['puppetdb'], - puppetdb_port => 8080, - # Required for /metrics/ to work - puppetdb_host => '127.0.0.1', - enable_catalog => true, - python_loglevel => 'info', - offline_mode => true, - } - - class { '::profiles::letsencrypt': - provider => apache, - } - - $certname = lookup('certname') - class { 'puppetboard::apache::vhost': - vhost_name => $::fqdn, - port => 443, - ssl => true, - ssl_cert => "/etc/letsencrypt/live/${certname}/cert.pem", - ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", - ssl_chain => "/etc/letsencrypt/live/${certname}/fullchain.pem", - } - - apache::vhost { "http-redirect": - servername => $::fqdn, - port => 80, - redirect_source => ['/'], - redirect_dest => ["https://${::fqdn}/"], - redirect_status => ['permanent'], - docroot => false, - } -} diff --git a/modules/profiles/manifests/puppetdb.pp b/modules/profiles/manifests/puppetdb.pp deleted file mode 100644 index ddfb73c..0000000 --- a/modules/profiles/manifests/puppetdb.pp +++ /dev/null @@ -1,10 +0,0 @@ -class profiles::puppetdb { - # exec { 'puppetdb ssl-setup': - # creates => '/etc/puppetlabs/puppetdb/ssl/{ca,private,public}.pem' - # } - - class { 'puppetdb': - listen_address => '::', - disable_ssl => false, - } -} diff --git a/modules/profiles/manifests/puppetserver.pp b/modules/profiles/manifests/puppetserver.pp deleted file mode 100644 index 82de2b5..0000000 --- a/modules/profiles/manifests/puppetserver.pp +++ /dev/null @@ -1,46 +0,0 @@ -class profiles::puppetserver ( - Hash $hiera, -) { - # required for the git hook - ensure_packages(['ruby']) - - file { '/usr/libexec': - ensure => directory, - } - - ensure_packages(['python3-yaml']) - - inifile::create_ini_settings( - { common => { - node_fmt => yaml, - nodes => '/puppet/nodes.yaml', - }, - }, - { - path => '/etc/node-classifier.ini', - } - ) - - file { '/usr/libexec/external-node-classifier': - mode => '0555', - source => 'puppet:///modules/profiles/node-classifier.py', - } - - class { 'puppet': - server => true, - server_foreman => false, - server_reports => 'puppetdb', - server_storeconfigs => true, - server_git_repo => true, - server_git_repo_path => '/var/lib/puppet.git', - server_external_nodes => '/usr/libexec/external-node-classifier', - server_strict_variables => true, - } - - file { "/etc/puppetlabs/puppet/hiera.yaml": - ensure => file, - content => hash2yaml($hiera, { - 'header' => '# This file is managed by puppet', - }), - } -} diff --git a/modules/profiles/manifests/remarkable.pp b/modules/profiles/manifests/remarkable.pp deleted file mode 100644 index d88486f..0000000 --- a/modules/profiles/manifests/remarkable.pp +++ /dev/null @@ -1,30 +0,0 @@ -define profiles::remarkable ( - String $prefix = '10.11.99', - String $addr = '2', -) { - - file_line { 'remarkable usb': - ensure => present, - path => '/etc/hosts', - line => "${prefix}.1 remarkable.usb", - } - - file_line { 'remarkable usb self': - ensure => present, - path => '/etc/hosts', - line => "${prefix}.${addr} host.usb", - } - - # TODO Shouldn't we just use DHCP as intended here? - networking::networkd_instance { 'remarkable-usb': - content => { - 'Match' => { - 'Name' => 'enp3s0f0u4', - }, - 'Network' => { - 'Description' => 'Remarkable USB connection', - 'Address' => "${prefix}.${addr}/29", - }, - }, - } -} diff --git a/modules/profiles/manifests/shiori.pp b/modules/profiles/manifests/shiori.pp deleted file mode 100644 index df9b718..0000000 --- a/modules/profiles/manifests/shiori.pp +++ /dev/null @@ -1,46 +0,0 @@ -class profiles::shiori ( - String $server_name, - Array[String] $group_members = [], - $port = 8080, -) { - - class { 'shiori': - port => $port, - } - - group { 'shiori': - ensure => present, - members => $group_members, - } - - include ::profiles::group_profile - - file { '/etc/profile.d/group.d/shiori': - ensure => file, - content => "export SHIORI_DIR=${shiori::dir}\n", - } - - include ::nginx - - $certname = lookup('certname') - - nginx::resource::server { $server_name: - ipv6_enable => true, - ipv6_listen_options => '', - ssl => true, - ssl_redirect => true, - ssl_cert => "/etc/letsencrypt/live/${certname}/fullchain.pem", - ssl_key => "/etc/letsencrypt/live/${certname}/privkey.pem", - www_root => $shiori::dir, - use_default_location => false, - } - - nginx::resource::location { 'shiori /': - location => '/', - proxy => "http://[::]:$port", - index_files => [], - ssl => true, - ssl_only => true, - server => $server_name, - } -} diff --git a/modules/profiles/manifests/ssh.pp b/modules/profiles/manifests/ssh.pp deleted file mode 100644 index 1cf0fbf..0000000 --- a/modules/profiles/manifests/ssh.pp +++ /dev/null @@ -1,18 +0,0 @@ -class profiles::ssh { - include ::ssh - - $authorized_keys = lookup('ssh_authorized_keys', Array[Hash], undef, []) - - ssh::client::config::user { 'root': - user_home_dir => '/root' - } - - $authorized_keys.each |$key| { - ssh_authorized_key { $key['name']: - user => $key['user'], - type => $key['type'], - key => $key['key'], - } - } -} - diff --git a/modules/profiles/manifests/syncthing.pp b/modules/profiles/manifests/syncthing.pp deleted file mode 100644 index 7d8183e..0000000 --- a/modules/profiles/manifests/syncthing.pp +++ /dev/null @@ -1,28 +0,0 @@ -class profiles::syncthing ( - Array[String] $enable_for = [] -) { - - # TODO add repo for those systems that need it - - package { 'syncthing': - ensure => installed - } - - systemd::dropin_file { 'nospam.conf': - unit => 'syncthing@.service', - content => @(EOF) - [Service] - ExecStart= - ExecStart=/bin/bash -c 'set -o pipefail; /usr/bin/syncthing -no-browser -no-restart -logflags=0 | grep -v "INFO: "' - | EOF - } - - $enable_for.map |$user| { - service { "syncthing@${user}": - enable => true, - } - } - - # TODO manage synced data - -} diff --git a/modules/profiles/manifests/synth.pp b/modules/profiles/manifests/synth.pp deleted file mode 100644 index eb01f8f..0000000 --- a/modules/profiles/manifests/synth.pp +++ /dev/null @@ -1,33 +0,0 @@ -class profiles::synth { - - package { 'freepats-general-midi': - ensure => installed, - } - - file { '/etc/conf.d/fluidsynth': - content => @(EOF) - SOUND_FONT=/usr/share/soundfonts/freepats-general-midi.sf2 - OTHER_OPTS='-a alsa' - | EOF - } - - # TODO pull in aur package from - # https://git.hornquist.se/archpkg/aconnect-service/ - - # TODO setup the rest - - # - template: - # dest: ~/.config/aconnect/impact - # source: aconnect - # vars: - # input_unit: Impact LX25 - # output_unit: FLUID Synth - # - # - systemd: - # name: aconnect@{{ impact }} - # scope: user - # enabled: yes - # become: yes - # become_user: hugo - -} diff --git a/modules/profiles/manifests/transmission.pp b/modules/profiles/manifests/transmission.pp deleted file mode 100644 index f79517b..0000000 --- a/modules/profiles/manifests/transmission.pp +++ /dev/null @@ -1,71 +0,0 @@ -class profiles::transmission ( - Optional[String] $nginx_server = undef, - Enum['None', 'Error', 'Info', 'Debug'] $msg_level = 'Error', -) { - - $transmission_url = '/transmission' - $transmission_port = 9091 - - if ($nginx_server) { - require ::nginx - - nginx::resource::location { $transmission_url: - proxy => "http://localhost:${transmission_port}${transmission_url}", - proxy_set_header => [], - server => $nginx_server, - ssl => true, - ssl_only => true, - } - } - - ensure_packages(['transmission-cli'], - { ensure => installed }) - - systemd::dropin_file { 'transmission-after.conf': - unit => 'transmission.service', - content => @(EOF) - [Unit] - After=network-online.target - | EOF - } - - systemd::dropin_file { 'transmission-flags.conf': - unit => 'transmission.service', - content => @(EOF) - [Service] - ExecStart= - ExecStart=/usr/bin/transmission-daemon -f - | EOF - } - - # TODO whitelists are currently disabled, since they don't seem to - # work. Possibly turn them on again some day. - - # https://github.com/transmission/transmission/wiki/Editing-Configuration-File - file { '/var/lib/transmission/.config/transmission-daemon/settings.json': - content => epp('profiles/transmission.json.epp', { - rpc_username => 'hugo', - # '{' + sha1(password + salt) - # But I don't know how I managed to generate it, since - # transmission rolls its own crypto - rpc_password => '{eb43101d3b9aa02223466d7f98c5329c841c7967/Zr2tFpn', - download_dir => '/usr/net/', - rpc_whitelist => ['127.0.0.1', '::1'], - rpc_port => $transmission_port, - rpc_url => "${transmission_url}/", - msg_level => case $msg_level { - 'None': { 0 } - 'Error': { 1 } - 'Info': { 2 } - 'Debug': { 3 } - }, - }), - } ~> exec { '/bin/systemctl reload transmission': - refreshonly => true, - } - - service { 'transmission': - ensure => 'running', - enable => true, - } -} diff --git a/modules/profiles/manifests/webdav.pp b/modules/profiles/manifests/webdav.pp deleted file mode 100644 index bd586f6..0000000 --- a/modules/profiles/manifests/webdav.pp +++ /dev/null @@ -1,73 +0,0 @@ -class profiles::webdav ( - String $nginx_server, - String $file_path, - String $location, - String $passwd_file = "${file_path}/.htpasswd", - String $owner = 'http', - String $group = 'share', - Array[Array[String,2,2]] $users = [], - Array[String] $dav_methods = ['PUT', 'DELETE', 'MKCOL', 'COPY', 'MOVE'], - # Array[String] $dav_ext_methods = ['PROPFIND', 'OPTIONS'], - Hash[String,String] $dav_access = { - 'user' => 'rw', - 'group' => 'rw', - } -) { - - # TODO install this module somehow - # AUR: nginx-mainline-mod-dav-ext - - require ::nginx - - # $modname = 'ngx_http_dav_ext_module' - # # This assumes that the directory exists, and that - # # nginx::include_modules_enabled => true - # file { "/etc/nginx/modules-enabled/${modname}.conf": - # ensure => file, - # content => @("EOF") - # load_module /usr/lib/nginx/modules/${modname}.so; - # | EOF - # } - - $lines = $users.map |$pair| { $pair.join(':') }.join("\n") - - file { - default: - owner => $owner, - group => $group, - ; - $file_path: - ensure => 'directory', - mode => '0770', - recurse => 'false', - ; - $passwd_file: - ensure => 'file', - mode => '0660', - content => @("EOF") - # File managed by puppet - ${lines} - | EOF - ; - } - - nginx::resource::location { $location: - server => $nginx_server, - location_alias => $file_path, - ssl => true, - ssl_only => true, - - auth_basic => 'Enter password for dav access', - auth_basic_user_file => $passwd_file, - - location_cfg_append => { - 'dav_methods' => $dav_methods.join(' '), - # 'dav_ext_methods' => $dav_ext_methods.join(' '), - 'dav_access' => $dav_access.map |$k, $v| { "${k}:${v}" }.join(' '), - 'client_body_temp_path' => "${file_path}/tmp", - 'create_full_put_path' => 'on', - 'autoindex' => 'on', - 'allow' => 'all', - } - } -} diff --git a/modules/profiles/manifests/workstation.pp b/modules/profiles/manifests/workstation.pp deleted file mode 100644 index 167faef..0000000 --- a/modules/profiles/manifests/workstation.pp +++ /dev/null @@ -1,137 +0,0 @@ -class profiles::workstation ( -) { - $os = $facts['os']['name'].downcase() - include "::profiles::workstation::${os}" - - include ::profiles::group_profile - - if ($facts['systemd']) { - file { 'User ssh-agent service': - path => '/etc/systemd/user/ssh-agent.service', - source => "puppet:///modules/profiles/ssh-agent.service", - } - } - - # NOTE Hard coding checksums here kind of defeats the point of - # pulling in data from above (since we no longer get updates), - # but since GitHub doesn't send checksum headers the files gets - # updated every time otherwise, which creates noise. - - file { 'Dvorak A6 TTY keyboard layout': - ensure => file, - path => '/usr/share/kbd/keymaps/i386/dvorak/dvorak-sv-a6.map', - checksum => 'md5', - checksum_value => '96be6c1aa81522db46673c0f68e3336a', - source => 'https://raw.githubusercontent.com/HugoNikanor/keymaps/master/linux-tty/dvorak-sv-a6.map', - } - - file { 'Dvorak A6 X11 keyboard layout': - ensure => file, - path => '/usr/share/X11/xkb/symbols/planck', - checksum => 'md5', - checksum_value => '1f1023f6958916de592695cedbc94e5c', - source => 'https://raw.githubusercontent.com/HugoNikanor/keymaps/master/X11/planck', - } - - $xkb_layout = 'planck' - $xkb_variant = 'dvorak_a6' - $xkb_options = 'compose:caps' - - file { '/etc/X11/xorg.conf.d': - ensure => directory, - recurse => false, - } - - file { 'X11 Raise max clients': - ensure => file, - path => '/etc/X11/xorg.conf.d/99-maxclients.conf', - content => @(EOF) - Section "ServerFlags" - Option "MaxClients" "2048" - EndSection - | EOF - } - - file { 'Default X11 keymap': - ensure => file, - path => '/etc/X11/xorg.conf.d/00-keyboard.conf', - content => @("EOF") - Section "InputClass" - Identifier "system-keyboard" - MatchIsKeyboard "on" - Option "XkbLayout" "${xkb_layout}" - Option "XkbModel" "pc105" - Option "XkbVariant" "${xkb_variant}" - Option "XkbOptions" "${xkb_options}" - EndSection - | EOF - } - - file { 'Model M X11 keymap': - ensure => file, - path => '/etc/X11/xorg.conf.d/01-model-m.conf', - content => @(EOF) - Section "InputClass" - Identifier "Model M" - MatchUSBID "17f6:0822" - Option "XkbLayout" "us" - Option "XkbVariant" "dvorak" - EndSection - | EOF - } - - file { 'Setup console': - ensure => file, - path => '/etc/vconsole.conf', - content => epp('profiles/keyvalue.epp', { 'values' => { - 'KEYMAP' => 'dvorak-sv-a6', - 'FONT' => 'lat9v-12', - }}), - } - - $cowpath = [ - '/usr/share/cows', - '/usr/local/share/cows', - ] - - file { '/etc/environment': - content => epp('profiles/keyvalue.epp', { values => { - 'COWPATH' => $cowpath.join(':'), - 'MANWIDTH' => 80, - 'MPD_HOST' => 'jukebox.lysator.liu.se', - 'PAGER' => 'less', - 'EDITOR' => '/usr/bin/vi', - 'VISUAL' => '/usr/bin/vim', - }}) - } - - service { 'systemd-resolved': - enable => mask, - } - - file { 'Passmenu with OTP support': - path => '/usr/local/bin/passmenu', - mode => '0555', - source => 'puppet:///modules/profiles/passmenu', - } - - file { '/etc/sudoers': - validate_cmd => '/usr/bin/visudo -cf %', - content => @(EOF) - Defaults insults - root ALL=(ALL) ALL - %root ALL=(ALL) ALL - %wheel ALL=(ALL) ALL - - @includedir /etc/sudoers.d - | EOF - } - - - systemd_mount { '/usr/net': - what => 'elrond:/files', - where => '/usr/net', - wantedBy => 'remote-fs.target', - automount => true, - } -} diff --git a/modules/profiles/manifests/workstation/archlinux.pp b/modules/profiles/manifests/workstation/archlinux.pp deleted file mode 100644 index 0919efd..0000000 --- a/modules/profiles/manifests/workstation/archlinux.pp +++ /dev/null @@ -1,51 +0,0 @@ -class profiles::workstation::archlinux { - - pacman::hook { 'systemd daemon-reload': - description => 'Reload systemd user daemon', - exec => '/bin/sudo systemctl --machine=hugo@.host --user daemon-reload', - when => 'PostTransaction', - trigger => { - operation => 'Upgrade', - type => 'Path', - target => 'usr/lib/systemd/user/*', - }, - } - - package { 'kernel-modules-hook': - ensure => installed, - } -> service { 'linux-modules-cleanup': - enable => true, - } - - $cpus = $facts['processors']['count'] - 1 - file_line { 'Makepkg paralell': - path => '/etc/makepkg.conf', - after => '^#-- Make flags', - line => "MAKEFLAGS='-j${cpus}'" - } - - pacman::repo { 'adrift-space': - ensure => present, - server => 'http://repo.gandalf.adrift.space/arch', - sig_level => 'Optional', - } - - # remove - # - netctl - - # aur-packages -# - pacaur -# - ansible-aur-git -# - cyrus-sasl-xoauth2-git -# - todotxt -# - effitask -# - getmail -# - mu -# # - pacaur -# - pandoc-bin -# - tlclient -# # backups old modules on kernel update -# - kernel-modules-hook - - -} diff --git a/modules/profiles/manifests/xmonad.pp b/modules/profiles/manifests/xmonad.pp deleted file mode 100644 index be8d516..0000000 --- a/modules/profiles/manifests/xmonad.pp +++ /dev/null @@ -1,29 +0,0 @@ -# Setup xmonad, only tested on arch linux -class profiles::xmonad { - ensure_packages ([ - 'xmonad', - 'xmonad-contrib', - # apparently really needed by xmonad - 'xorg-fonts-misc', - 'ghc', - 'xorg-xmessage', - 'dzen2', - 'dmenu', - 'rofi', - ], { ensure => installed }) - - # Rebuilt my local xmonad config after an upgrade to xmonad. - # It's required, I think due to something with dynamic linking. - # It's actually pretty ugly that I'm hardcoded in here, but - # something had to be done. - pacman::hook { 'xmonad': - description => 'Rebuild local xmonad config.', - when => 'PostTransaction', - exec => '/bin/sudo -Hu hugo xmonad --recompile', - trigger => { - type => 'Package', - operation => ['Upgrade', 'Install'], - target => 'xmonad*', - }, - } -} diff --git a/modules/profiles/templates/aconnect.epp b/modules/profiles/templates/aconnect.epp deleted file mode 100644 index 044ada6..0000000 --- a/modules/profiles/templates/aconnect.epp +++ /dev/null @@ -1,8 +0,0 @@ -<%- | String $input_unit, - String $output_unit -| -%> -# Where data comes from -INPUT_UNIT='<%= $input_unit %>' -# Where it should go -OUTPUT_UNIT='<%= $output_unit %>' - diff --git a/modules/profiles/templates/imagemagick-policy.xml.epp b/modules/profiles/templates/imagemagick-policy.xml.epp deleted file mode 100644 index cbea9e9..0000000 --- a/modules/profiles/templates/imagemagick-policy.xml.epp +++ /dev/null @@ -1,89 +0,0 @@ -<%- | Array[Hash] $policies | -%> -<?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE policymap [ - <!ELEMENT policymap (policy)*> - <!ATTLIST policymap xmlns CDATA #FIXED ''> - <!ELEMENT policy EMPTY> - <!ATTLIST policy xmlns CDATA #FIXED '' domain NMTOKEN #REQUIRED - name NMTOKEN #IMPLIED pattern CDATA #IMPLIED rights NMTOKEN #IMPLIED - stealth NMTOKEN #IMPLIED value CDATA #IMPLIED> -]> -<!-- - Configure ImageMagick policies. - - Domains include system, delegate, coder, filter, path, or resource. - - Rights include none, read, write, execute and all. Use | to combine them, - for example: "read | write" to permit read from, or write to, a path. - - Use a glob expression as a pattern. - - Suppose we do not want users to process MPEG video images: - - <policy domain="delegate" rights="none" pattern="mpeg:decode" /> - - Here we do not want users reading images from HTTP: - - <policy domain="coder" rights="none" pattern="HTTP" /> - - The /repository file system is restricted to read only. We use a glob - expression to match all paths that start with /repository: - - <policy domain="path" rights="read" pattern="/repository/*" /> - - Lets prevent users from executing any image filters: - - <policy domain="filter" rights="none" pattern="*" /> - - Any large image is cached to disk rather than memory: - - <policy domain="resource" name="area" value="1GP"/> - - Use the default system font unless overwridden by the application: - - <policy domain="system" name="font" value="/usr/share/fonts/favorite.ttf"/> - - Define arguments for the memory, map, area, width, height and disk resources - with SI prefixes (.e.g 100MB). In addition, resource policies are maximums - for each instance of ImageMagick (e.g. policy memory limit 1GB, -limit 2GB - exceeds policy maximum so memory limit is 1GB). - - Rules are processed in order. Here we want to restrict ImageMagick to only - read or write a small subset of proven web-safe image types: - - <policy domain="delegate" rights="none" pattern="*" /> - <policy domain="filter" rights="none" pattern="*" /> - <policy domain="coder" rights="none" pattern="*" /> - <policy domain="coder" rights="read|write" pattern="{GIF,JPEG,PNG,WEBP}" /> ---> -<policymap> - <!-- Sample policies --> - <!-- <policy domain="resource" name="temporary-path" value="/tmp"/> --> - <!-- <policy domain="resource" name="memory" value="2GiB"/> --> - <!-- <policy domain="resource" name="map" value="4GiB"/> --> - <!-- <policy domain="resource" name="width" value="10KP"/> --> - <!-- <policy domain="resource" name="height" value="10KP"/> --> - <!-- <policy domain="resource" name="list-length" value="128"/> --> - <!-- <policy domain="resource" name="area" value="100MP"/> --> - <!-- <policy domain="resource" name="disk" value="16EiB"/> --> - <!-- <policy domain="resource" name="file" value="768"/> --> - <!-- <policy domain="resource" name="thread" value="4"/> --> - <!-- <policy domain="resource" name="throttle" value="0"/> --> - <!-- <policy domain="resource" name="time" value="3600"/> --> - <!-- <policy domain="coder" rights="none" pattern="MVG" /> --> - <!-- <policy domain="module" rights="none" pattern="{PS,PDF,XPS}" /> --> - <!-- <policy domain="delegate" rights="none" pattern="HTTPS" /> --> - <!-- <policy domain="path" rights="none" pattern="@*" /> --> - <!-- <policy domain="cache" name="memory-map" value="anonymous"/> --> - <!-- <policy domain="cache" name="synchronize" value="True"/> --> - <!-- <policy domain="cache" name="shared-secret" value="passphrase" stealth="true"/> --> - <!-- <policy domain="system" name="max-memory-request" value="256MiB"/> --> - <!-- <policy domain="system" name="shred" value="2"/> --> - <!-- <policy domain="system" name="precision" value="6"/> --> - <!-- <policy domain="system" name="font" value="/path/to/unicode-font.ttf"/> --> - <!-- Below policies generated from puppet --> - <% $policies.map |$policy| { %> - <policy domain="<%= $policy['domain'] %>" rights="<%= $policy['rights'] %>" pattern="<%= $policy['pattern'] %>" /> - <%- } %> -</policymap> -<!-- NOTE File managed by puppet, any manual changes will be overwritten. --> diff --git a/modules/profiles/templates/keyvalue.epp b/modules/profiles/templates/keyvalue.epp deleted file mode 100644 index 694978a..0000000 --- a/modules/profiles/templates/keyvalue.epp +++ /dev/null @@ -1,4 +0,0 @@ -<%- | Hash $values | -%> -<% $values.map |$key, $value| { -%> -<%= $key %>=<%= $value %> -<%- } %> diff --git a/modules/profiles/templates/transmission.json.epp b/modules/profiles/templates/transmission.json.epp deleted file mode 100644 index 885ad5e..0000000 --- a/modules/profiles/templates/transmission.json.epp +++ /dev/null @@ -1,77 +0,0 @@ -<%- | String $rpc_username, - String $rpc_password, - String $download_dir, - Integer $rpc_port, - String $rpc_url, - Integer $msg_level = 1, - Optional[String] $incomplete_dir = undef, - Optional[Array[String]] $rpc_whitelist = undef, -| -%> -{ - "alt-speed-down": 50, - "alt-speed-enabled": false, - "alt-speed-time-begin": 540, - "alt-speed-time-day": 127, - "alt-speed-time-enabled": false, - "alt-speed-time-end": 1020, - "alt-speed-up": 50, - "bind-address-ipv4": "0.0.0.0", - "bind-address-ipv6": "::", - "blocklist-enabled": false, - "blocklist-url": "http://www.example.com/blocklist", - "cache-size-mb": 4, - "dht-enabled": true, - "download-dir": "<%= $download_dir -%>", - "download-queue-enabled": true, - "download-queue-size": 5, - "encryption": 1, - "idle-seeding-limit": 30, - "idle-seeding-limit-enabled": false, - "incomplete-dir": "<%= $incomplete_dir -%>", - "incomplete-dir-enabled": <%= if ($incomplete_dir) { 'true' } else { 'false' } -%>, - "lpd-enabled": false, - "message-level": <%= $msg_level -%>, - "peer-congestion-algorithm": "", - "peer-id-ttl-hours": 6, - "peer-limit-global": 200, - "peer-limit-per-torrent": 50, - "peer-port": 51413, - "peer-port-random-high": 65535, - "peer-port-random-low": 49152, - "peer-port-random-on-start": false, - "peer-socket-tos": "default", - "pex-enabled": true, - "port-forwarding-enabled": true, - "preallocation": 1, - "prefetch-enabled": true, - "queue-stalled-enabled": true, - "queue-stalled-minutes": 30, - "ratio-limit": 2, - "ratio-limit-enabled": false, - "rename-partial-files": true, - "rpc-authentication-required": true, - "rpc-bind-address": "::", - "rpc-enabled": true, - "rpc-host-whitelist": "", - "rpc-host-whitelist-enabled": false, - "rpc-password": "<%= $rpc_password -%>", - "rpc-port": <%= $rpc_port -%>, - "rpc-url": "<%= $rpc_url -%>", - "rpc-username": "<%= $rpc_username -%>", - "rpc-whitelist": "<%= $rpc_whitelist.join(',') -%>", - "rpc-whitelist-enabled": <%= if ($rpc_whitelist) { 'false' } else { 'false' }-%>, - "scrape-paused-torrents-enabled": true, - "script-torrent-done-enabled": false, - "script-torrent-done-filename": "", - "seed-queue-enabled": false, - "seed-queue-size": 10, - "speed-limit-down": 100, - "speed-limit-down-enabled": false, - "speed-limit-up": 100, - "speed-limit-up-enabled": false, - "start-added-torrents": true, - "trash-original-torrent-files": false, - "umask": 18, - "upload-slots-per-torrent": 14, - "utp-enabled": true -} |