From 738107b52327f65dd737d6510792ac5bd9436922 Mon Sep 17 00:00:00 2001
From: Jan Dittberner <jan@dittberner.info>
Date: Tue, 3 Mar 2020 17:24:56 +0100
Subject: [PATCH] Streamline base state extract vagrant specifics

- manage all wanted apt repositories
- move vagrant specific stuff to vagrant state
- use better password for slapd
---
 .gitignore                                    |   1 +
 states/base/init.sls                          | 103 ++++++++++++++----
 states/base/sudonopasswd                      |   1 +
 .../gvaldap/create_base_ldap_objects.sh       |   2 +-
 states/ldapserver/init.sls                    |   4 +-
 states/{base => vagrant}/bashrc               |   0
 states/vagrant/init.sls                       |  24 ++++
 states/{vim => vagrant}/vimrc                 |   0
 states/vim/init.sls                           |   7 --
 9 files changed, 108 insertions(+), 34 deletions(-)
 create mode 100644 states/base/sudonopasswd
 rename states/{base => vagrant}/bashrc (100%)
 create mode 100644 states/vagrant/init.sls
 rename states/{vim => vagrant}/vimrc (100%)

diff --git a/.gitignore b/.gitignore
index 9f11b75..c4b505e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
+.*.swp
 .idea/
diff --git a/states/base/init.sls b/states/base/init.sls
index 1b665e9..960e4bd 100644
--- a/states/base/init.sls
+++ b/states/base/init.sls
@@ -1,15 +1,87 @@
-base:
+deb http://httpredir.debian.org/debian {{ salt['grains.get']('oscodename', 'buster') }} main:
+  pkgrepo.absent
+
+debian-repo:
   pkgrepo.managed:
-    - name: deb http://httpredir.debian.org/debian jessie-backports main
+    - humanname: Debian
+    - name: deb http://deb.debian.org/debian/ {{ salt['grains.get']('oscodename', 'buster') }} main
+    - file: /etc/apt/sources.list
+
+debian-updates-repo:
+  pkgrepo.managed:
+    - humanname: Debian updates
+    - name: deb http://deb.debian.org/debian/ {{ salt['grains.get']('oscodename', 'buster') }}-updates main
+    - file: /etc/apt/sources.list
+
+debian-security-repo:
+  pkgrepo.managed:
+    - humanname: Debian security
+    - name: deb http://security.debian.org/ {{ salt['grains.get']('oscodename', 'buster') }}/updates main
+    - file: /etc/apt/sources.list
+
+backports-repo:
+  pkgrepo.managed:
+    - humanname: Debian backports
+    - name: deb http://deb.debian.org/debian/ {{ salt['grains.get']('oscodename', 'buster') }}-backports main
     - file: /etc/apt/sources.list.d/backports.list
 
-base-packages:
+salt-repo:
+  pkgrepo.managed:
+    - humanname: Saltstack Repository
+    - name: deb https://repo.saltstack.com/py3/debian/{{ salt['grains.get']('osmajorrelease') }}/amd64/latest {{ salt['grains.get']('oscodename', 'buster') }} main
+    - dist: {{ salt['grains.get']('oscodename', 'buster') }}
+    - file: /etc/apt/sources.list.d/saltstack.list
+    - key_url: https://repo.saltstack.com/py3/debian/{{ salt['grains.get']('osmajorrelease') }}/amd64/latest/SALTSTACK-GPG-KEY.pub
+
+/etc/apt/apt.conf.d/02norecommends:
+  file.managed:
+    - user: root
+    - group: root
+    - mode: 0644
+    - contents: 'Apt::Install-Recommends "false";'
+
+/etc/apt/apt.conf.d/03translations:
+  file.managed:
+    - user: root
+    - group: root
+    - mode: 0644
+    - contents: 'Acquire::Languages "none";'
+
+/etc/apt/apt.conf.d/04compression:
+  file.managed:
+    - user: root
+    - group: root
+    - mode: 0644
+    - contents: 'Acquire::CompressionTypes::Order {"xz"; "gz"; "bz2"; "uncompressed"};'
+
+base:
   pkg.installed:
     - pkgs:
-      - screen
-      - htop
+      - apt-transport-https
+      - bash-completion
+      - bsdmainutils
+      - ca-certificates
+      - debconf-utils
+      - etckeeper
       - git
+      - less
       - locales-all
+      - lsb-release
+      - tmux
+      - virt-what
+
+sudo:
+  pkg.installed
+
+/etc/sudoers.d/sudonopasswd:
+  file:
+    - managed
+    - mode: 0440
+    - user: root
+    - group: root
+    - source: salt://base/sudonopasswd
+    - require:
+      - pkg: sudo
 
 /etc/salt/grains:
   file.managed:
@@ -18,26 +90,9 @@ base-packages:
     - mode: 0600
     - replace: False
 
-/home/vagrant/.screenrc:
-  file.managed:
-    - user: vagrant
-    - group: vagrant
-    - mode: 0644
-    - source: salt://base/screenrc
+nano:
+  pkg.purged
 
 update-system:
   pkg.uptodate:
     - refresh: True
-
-/home/vagrant/bin:
-  file.directory:
-    - user: vagrant
-    - group: vagrant
-    - mode: 0750
-
-/home/vagrant/.bashrc:
-  file.managed:
-    - user: vagrant
-    - group: vagrant
-    - mode: 0644
-    - source: salt://base/bashrc
diff --git a/states/base/sudonopasswd b/states/base/sudonopasswd
new file mode 100644
index 0000000..132eca2
--- /dev/null
+++ b/states/base/sudonopasswd
@@ -0,0 +1 @@
+%sudo  ALL=(ALL:ALL) NOPASSWD: ALL
diff --git a/states/gnuviechadmin/gvaldap/create_base_ldap_objects.sh b/states/gnuviechadmin/gvaldap/create_base_ldap_objects.sh
index 66edc19..748753b 100644
--- a/states/gnuviechadmin/gvaldap/create_base_ldap_objects.sh
+++ b/states/gnuviechadmin/gvaldap/create_base_ldap_objects.sh
@@ -48,7 +48,7 @@ olcAccess: {4}to *
 EOD
 
 # add OUs, groups and ldapadmin user
-ldapmodify -v -H {{ salt['pillar.get']('gnuviechadmin:ldap_url') }} -x -D "cn=admin,{{ base_dn }}" -w '{{ salt["grains.get_or_set_hash"]("slapd.password") }}' <<EOD
+ldapmodify -v -H {{ salt['pillar.get']('gnuviechadmin:ldap_url') }} -x -D "cn=admin,{{ base_dn }}" -w '{{ salt["grains.get_or_set_hash"]("slapd:password", 16) }}' <<EOD
 dn: ou={{ ldap_users_ou }},{{ base_dn }}
 changetype: add
 objectClass: top
diff --git a/states/ldapserver/init.sls b/states/ldapserver/init.sls
index 94c1832..326c58a 100644
--- a/states/ldapserver/init.sls
+++ b/states/ldapserver/init.sls
@@ -3,8 +3,8 @@ ldapserver-packages:
     - name: slapd
     - data:
         'slapd/domain': {'type': 'string', 'value': '{{ salt["pillar.get"]("gnuviechadmin:ldap_domain") }}'}
-        'slapd/password1': {'type': 'string', 'value': '{{ salt["grains.get_or_set_hash"]("slapd.password") }}'}
-        'slapd/password2': {'type': 'string', 'value': '{{ salt["grains.get_or_set_hash"]("slapd.password") }}'}
+        'slapd/password1': {'type': 'string', 'value': '{{ salt["grains.get_or_set_hash"]("slapd:password", 16) }}'}
+        'slapd/password2': {'type': 'string', 'value': '{{ salt["grains.get_or_set_hash"]("slapd:password", 16) }}'}
   pkg.installed:
     - pkgs:
       - ldap-utils
diff --git a/states/base/bashrc b/states/vagrant/bashrc
similarity index 100%
rename from states/base/bashrc
rename to states/vagrant/bashrc
diff --git a/states/vagrant/init.sls b/states/vagrant/init.sls
new file mode 100644
index 0000000..911e424
--- /dev/null
+++ b/states/vagrant/init.sls
@@ -0,0 +1,24 @@
+include:
+  - vim
+
+/home/vagrant/bin:
+  file.directory:
+    - user: vagrant
+    - group: vagrant
+    - mode: 0750
+
+/home/vagrant/.bashrc:
+  file.managed:
+    - user: vagrant
+    - group: vagrant
+    - mode: 0644
+    - source: salt://vagrant/bashrc
+
+/home/vagrant/.vimrc:
+  file.managed:
+    - user: vagrant
+    - group: vagrant
+    - mode: 0644
+    - source: salt://vagrant/vimrc
+    - require:
+      - pkg: vim-nox
diff --git a/states/vim/vimrc b/states/vagrant/vimrc
similarity index 100%
rename from states/vim/vimrc
rename to states/vagrant/vimrc
diff --git a/states/vim/init.sls b/states/vim/init.sls
index fa234e3..b1a7322 100644
--- a/states/vim/init.sls
+++ b/states/vim/init.sls
@@ -6,10 +6,3 @@ editor:
     - path: /usr/bin/vim.nox
     - require:
       - pkg: vim-nox
-
-/home/vagrant/.vimrc:
-  file.managed:
-    - user: vagrant
-    - group: vagrant
-    - mode: 0644
-    - source: salt://vim/vimrc