Streamline base state extract vagrant specifics

- manage all wanted apt repositories - move vagrant specific stuff to vagrant state - use better password for slapd
2020-03-03 17:24:56 +01:00 · 2020-03-03 17:24:56 +01:00 · 738107b523
commit 738107b523
parent c4dcf12a0a
9 changed files with 108 additions and 34 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
+.*.swp
 .idea/
--- a/states/base/init.sls
+++ b/states/base/init.sls
@ -1,15 +1,87 @@
-base:
+deb http://httpredir.debian.org/debian {{ salt['grains.get']('oscodename', 'buster') }} main:
+  pkgrepo.absent
+
+debian-repo:
  pkgrepo.managed:
-    - name: deb http://httpredir.debian.org/debian jessie-backports main
+    - humanname: Debian
+    - name: deb http://deb.debian.org/debian/ {{ salt['grains.get']('oscodename', 'buster') }} main
+    - file: /etc/apt/sources.list
+
+debian-updates-repo:
+  pkgrepo.managed:
+    - humanname: Debian updates
+    - name: deb http://deb.debian.org/debian/ {{ salt['grains.get']('oscodename', 'buster') }}-updates main
+    - file: /etc/apt/sources.list
+
+debian-security-repo:
+  pkgrepo.managed:
+    - humanname: Debian security
+    - name: deb http://security.debian.org/ {{ salt['grains.get']('oscodename', 'buster') }}/updates main
+    - file: /etc/apt/sources.list
+
+backports-repo:
+  pkgrepo.managed:
+    - humanname: Debian backports
+    - name: deb http://deb.debian.org/debian/ {{ salt['grains.get']('oscodename', 'buster') }}-backports main
    - file: /etc/apt/sources.list.d/backports.list

-base-packages:
+salt-repo:
+  pkgrepo.managed:
+    - humanname: Saltstack Repository
+    - name: deb https://repo.saltstack.com/py3/debian/{{ salt['grains.get']('osmajorrelease') }}/amd64/latest {{ salt['grains.get']('oscodename', 'buster') }} main
+    - dist: {{ salt['grains.get']('oscodename', 'buster') }}
+    - file: /etc/apt/sources.list.d/saltstack.list
+    - key_url: https://repo.saltstack.com/py3/debian/{{ salt['grains.get']('osmajorrelease') }}/amd64/latest/SALTSTACK-GPG-KEY.pub
+
+/etc/apt/apt.conf.d/02norecommends:
+  file.managed:
+    - user: root
+    - group: root
+    - mode: 0644
+    - contents: 'Apt::Install-Recommends "false";'
+
+/etc/apt/apt.conf.d/03translations:
+  file.managed:
+    - user: root
+    - group: root
+    - mode: 0644
+    - contents: 'Acquire::Languages "none";'
+
+/etc/apt/apt.conf.d/04compression:
+  file.managed:
+    - user: root
+    - group: root
+    - mode: 0644
+    - contents: 'Acquire::CompressionTypes::Order {"xz"; "gz"; "bz2"; "uncompressed"};'
+
+base:
  pkg.installed:
    - pkgs:
-      - screen
-      - htop
+      - apt-transport-https
+      - bash-completion
+      - bsdmainutils
+      - ca-certificates
+      - debconf-utils
+      - etckeeper
      - git
+      - less
      - locales-all
+      - lsb-release
+      - tmux
+      - virt-what
+
+sudo:
+  pkg.installed
+
+/etc/sudoers.d/sudonopasswd:
+  file:
+    - managed
+    - mode: 0440
+    - user: root
+    - group: root
+    - source: salt://base/sudonopasswd
+    - require:
+      - pkg: sudo

 /etc/salt/grains:
  file.managed:
@ -18,26 +90,9 @@ base-packages:
    - mode: 0600
    - replace: False

-/home/vagrant/.screenrc:
-  file.managed:
-    - user: vagrant
-    - group: vagrant
-    - mode: 0644
-    - source: salt://base/screenrc
+nano:
+  pkg.purged

 update-system:
  pkg.uptodate:
    - refresh: True
-
-/home/vagrant/bin:
-  file.directory:
-    - user: vagrant
-    - group: vagrant
-    - mode: 0750
-
-/home/vagrant/.bashrc:
-  file.managed:
-    - user: vagrant
-    - group: vagrant
-    - mode: 0644
-    - source: salt://base/bashrc
--- a/states/base/sudonopasswd
+++ b/states/base/sudonopasswd
@ -0,0 +1 @@
+%sudo  ALL=(ALL:ALL) NOPASSWD: ALL
--- a/states/gnuviechadmin/gvaldap/create_base_ldap_objects.sh
+++ b/states/gnuviechadmin/gvaldap/create_base_ldap_objects.sh
@ -48,7 +48,7 @@ olcAccess: {4}to *
 EOD

 # add OUs, groups and ldapadmin user
-ldapmodify -v -H {{ salt['pillar.get']('gnuviechadmin:ldap_url') }} -x -D "cn=admin,{{ base_dn }}" -w '{{ salt["grains.get_or_set_hash"]("slapd.password") }}' <<EOD
+ldapmodify -v -H {{ salt['pillar.get']('gnuviechadmin:ldap_url') }} -x -D "cn=admin,{{ base_dn }}" -w '{{ salt["grains.get_or_set_hash"]("slapd:password", 16) }}' <<EOD
 dn: ou={{ ldap_users_ou }},{{ base_dn }}
 changetype: add
 objectClass: top
--- a/states/ldapserver/init.sls
+++ b/states/ldapserver/init.sls
@ -3,8 +3,8 @@ ldapserver-packages:
    - name: slapd
    - data:
        'slapd/domain': {'type': 'string', 'value': '{{ salt["pillar.get"]("gnuviechadmin:ldap_domain") }}'}
-        'slapd/password1': {'type': 'string', 'value': '{{ salt["grains.get_or_set_hash"]("slapd.password") }}'}
-        'slapd/password2': {'type': 'string', 'value': '{{ salt["grains.get_or_set_hash"]("slapd.password") }}'}
+        'slapd/password1': {'type': 'string', 'value': '{{ salt["grains.get_or_set_hash"]("slapd:password", 16) }}'}
+        'slapd/password2': {'type': 'string', 'value': '{{ salt["grains.get_or_set_hash"]("slapd:password", 16) }}'}
  pkg.installed:
    - pkgs:
      - ldap-utils
--- a/states/vagrant/bashrc
+++ b/states/vagrant/bashrc
--- a/states/vagrant/init.sls
+++ b/states/vagrant/init.sls
@ -0,0 +1,24 @@
+include:
+  - vim
+
+/home/vagrant/bin:
+  file.directory:
+    - user: vagrant
+    - group: vagrant
+    - mode: 0750
+
+/home/vagrant/.bashrc:
+  file.managed:
+    - user: vagrant
+    - group: vagrant
+    - mode: 0644
+    - source: salt://vagrant/bashrc
+
+/home/vagrant/.vimrc:
+  file.managed:
+    - user: vagrant
+    - group: vagrant
+    - mode: 0644
+    - source: salt://vagrant/vimrc
+    - require:
+      - pkg: vim-nox
--- a/states/vagrant/vimrc
+++ b/states/vagrant/vimrc
--- a/states/vim/init.sls
+++ b/states/vim/init.sls
@ -6,10 +6,3 @@ editor:
    - path: /usr/bin/vim.nox
    - require:
      - pkg: vim-nox
-
-/home/vagrant/.vimrc:
-  file.managed:
-    - user: vagrant
-    - group: vagrant
-    - mode: 0644
-    - source: salt://vim/vimrc