Streamline base state extract vagrant specifics

- manage all wanted apt repositories - move vagrant specific stuff to vagrant state - use better password for slapd
2020-03-03 17:24:56 +01:00 · 2020-03-03 17:24:56 +01:00 · 738107b523
commit 738107b523
parent c4dcf12a0a
9 changed files with 108 additions and 34 deletions
--- a/states/base/bashrc
+++ b/states/base/bashrc
@ -1,117 +0,0 @@
-# ~/.bashrc: executed by bash(1) for non-login shells.
-# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
-# for examples
-
-# If not running interactively, don't do anything
-case $- in
-    *i*) ;;
-      *) return;;
-esac
-
-# don't put duplicate lines or lines starting with space in the history.
-# See bash(1) for more options
-HISTCONTROL=ignoreboth
-
-# append to the history file, don't overwrite it
-shopt -s histappend
-
-# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
-HISTSIZE=1000
-HISTFILESIZE=2000
-
-# check the window size after each command and, if necessary,
-# update the values of LINES and COLUMNS.
-shopt -s checkwinsize
-
-# If set, the pattern "**" used in a pathname expansion context will
-# match all files and zero or more directories and subdirectories.
-#shopt -s globstar
-
-# make less more friendly for non-text input files, see lesspipe(1)
-#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
-
-# set variable identifying the chroot you work in (used in the prompt below)
-if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
-    debian_chroot=$(cat /etc/debian_chroot)
-fi
-
-# set a fancy prompt (non-color, unless we know we "want" color)
-case "$TERM" in
-    xterm-color) color_prompt=yes;;
-esac
-
-# uncomment for a colored prompt, if the terminal has the capability; turned
-# off by default to not distract the user: the focus in a terminal window
-# should be on the output of commands, not on the prompt
-#force_color_prompt=yes
-
-if [ -n "$force_color_prompt" ]; then
-    if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
-	# We have color support; assume it's compliant with Ecma-48
-	# (ISO/IEC-6429). (Lack of such support is extremely rare, and such
-	# a case would tend to support setf rather than setaf.)
-	color_prompt=yes
-    else
-	color_prompt=
-    fi
-fi
-
-if [ "$color_prompt" = yes ]; then
-    PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
-else
-    PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
-fi
-unset color_prompt force_color_prompt
-
-# If this is an xterm set the title to user@host:dir
-case "$TERM" in
-xterm*|rxvt*)
-    PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1"
-    ;;
-*)
-    ;;
-esac
-
-# enable color support of ls and also add handy aliases
-if [ -x /usr/bin/dircolors ]; then
-    test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
-    alias ls='ls --color=auto'
-    #alias dir='dir --color=auto'
-    #alias vdir='vdir --color=auto'
-
-    #alias grep='grep --color=auto'
-    #alias fgrep='fgrep --color=auto'
-    #alias egrep='egrep --color=auto'
-fi
-
-# colored GCC warnings and errors
-#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
-
-# some more ls aliases
-#alias ll='ls -l'
-#alias la='ls -A'
-#alias l='ls -CF'
-
-# Alias definitions.
-# You may want to put all your additions into a separate file like
-# ~/.bash_aliases, instead of adding them here directly.
-# See /usr/share/doc/bash-doc/examples in the bash-doc package.
-
-if [ -f ~/.bash_aliases ]; then
-    . ~/.bash_aliases
-fi
-
-# enable programmable completion features (you don't need to enable
-# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
-# sources /etc/bash.bashrc).
-if ! shopt -oq posix; then
-  if [ -f /usr/share/bash-completion/bash_completion ]; then
-    . /usr/share/bash-completion/bash_completion
-  elif [ -f /etc/bash_completion ]; then
-    . /etc/bash_completion
-  fi
-fi
-
-if [ -f ~/.bash_functions ]; then
-    . ~/.bash_functions
-fi
--- a/states/base/init.sls
+++ b/states/base/init.sls
@ -1,15 +1,87 @@
-base:
+deb http://httpredir.debian.org/debian {{ salt['grains.get']('oscodename', 'buster') }} main:
+  pkgrepo.absent
+
+debian-repo:
  pkgrepo.managed:
-    - name: deb http://httpredir.debian.org/debian jessie-backports main
+    - humanname: Debian
+    - name: deb http://deb.debian.org/debian/ {{ salt['grains.get']('oscodename', 'buster') }} main
+    - file: /etc/apt/sources.list
+
+debian-updates-repo:
+  pkgrepo.managed:
+    - humanname: Debian updates
+    - name: deb http://deb.debian.org/debian/ {{ salt['grains.get']('oscodename', 'buster') }}-updates main
+    - file: /etc/apt/sources.list
+
+debian-security-repo:
+  pkgrepo.managed:
+    - humanname: Debian security
+    - name: deb http://security.debian.org/ {{ salt['grains.get']('oscodename', 'buster') }}/updates main
+    - file: /etc/apt/sources.list
+
+backports-repo:
+  pkgrepo.managed:
+    - humanname: Debian backports
+    - name: deb http://deb.debian.org/debian/ {{ salt['grains.get']('oscodename', 'buster') }}-backports main
    - file: /etc/apt/sources.list.d/backports.list

-base-packages:
+salt-repo:
+  pkgrepo.managed:
+    - humanname: Saltstack Repository
+    - name: deb https://repo.saltstack.com/py3/debian/{{ salt['grains.get']('osmajorrelease') }}/amd64/latest {{ salt['grains.get']('oscodename', 'buster') }} main
+    - dist: {{ salt['grains.get']('oscodename', 'buster') }}
+    - file: /etc/apt/sources.list.d/saltstack.list
+    - key_url: https://repo.saltstack.com/py3/debian/{{ salt['grains.get']('osmajorrelease') }}/amd64/latest/SALTSTACK-GPG-KEY.pub
+
+/etc/apt/apt.conf.d/02norecommends:
+  file.managed:
+    - user: root
+    - group: root
+    - mode: 0644
+    - contents: 'Apt::Install-Recommends "false";'
+
+/etc/apt/apt.conf.d/03translations:
+  file.managed:
+    - user: root
+    - group: root
+    - mode: 0644
+    - contents: 'Acquire::Languages "none";'
+
+/etc/apt/apt.conf.d/04compression:
+  file.managed:
+    - user: root
+    - group: root
+    - mode: 0644
+    - contents: 'Acquire::CompressionTypes::Order {"xz"; "gz"; "bz2"; "uncompressed"};'
+
+base:
  pkg.installed:
    - pkgs:
-      - screen
-      - htop
+      - apt-transport-https
+      - bash-completion
+      - bsdmainutils
+      - ca-certificates
+      - debconf-utils
+      - etckeeper
      - git
+      - less
      - locales-all
+      - lsb-release
+      - tmux
+      - virt-what
+
+sudo:
+  pkg.installed
+
+/etc/sudoers.d/sudonopasswd:
+  file:
+    - managed
+    - mode: 0440
+    - user: root
+    - group: root
+    - source: salt://base/sudonopasswd
+    - require:
+      - pkg: sudo

 /etc/salt/grains:
  file.managed:
@ -18,26 +90,9 @@ base-packages:
    - mode: 0600
    - replace: False

-/home/vagrant/.screenrc:
-  file.managed:
-    - user: vagrant
-    - group: vagrant
-    - mode: 0644
-    - source: salt://base/screenrc
+nano:
+  pkg.purged

 update-system:
  pkg.uptodate:
    - refresh: True
-
-/home/vagrant/bin:
-  file.directory:
-    - user: vagrant
-    - group: vagrant
-    - mode: 0750
-
-/home/vagrant/.bashrc:
-  file.managed:
-    - user: vagrant
-    - group: vagrant
-    - mode: 0644
-    - source: salt://base/bashrc
--- a/states/base/sudonopasswd
+++ b/states/base/sudonopasswd
@ -0,0 +1 @@
+%sudo  ALL=(ALL:ALL) NOPASSWD: ALL