2020-10-20 04:44:58 +02:00
|
|
|
class zulip_ops::profile::base {
|
2020-10-20 02:49:54 +02:00
|
|
|
include zulip::profile::base
|
2020-07-08 22:14:44 +02:00
|
|
|
include zulip_ops::munin_node
|
2021-02-25 23:11:27 +01:00
|
|
|
include zulip_ops::ksplice_uptrack
|
2021-05-25 03:39:36 +02:00
|
|
|
include zulip_ops::firewall
|
2021-06-02 03:43:49 +02:00
|
|
|
include zulip_ops::teleport::node
|
2013-10-29 23:53:04 +01:00
|
|
|
|
2021-05-25 04:12:28 +02:00
|
|
|
zulip_ops::firewall_allow { 'ssh': order => '10'}
|
|
|
|
|
2021-05-18 05:36:25 +02:00
|
|
|
$org_base_packages = [
|
|
|
|
# Standard kernel, not AWS', so ksplice works
|
|
|
|
'linux-image-virtual',
|
|
|
|
# Management for our systems
|
2018-08-13 21:29:40 +02:00
|
|
|
'openssh-server',
|
|
|
|
'mosh',
|
2018-08-13 21:27:41 +02:00
|
|
|
# package management
|
2018-08-13 21:29:40 +02:00
|
|
|
'aptitude',
|
2021-05-10 07:02:14 +02:00
|
|
|
# SSL certificates
|
2020-04-17 02:28:30 +02:00
|
|
|
'certbot',
|
2018-08-13 21:27:41 +02:00
|
|
|
# For managing our current Debian packages
|
2018-08-13 21:29:40 +02:00
|
|
|
'debian-goodies',
|
2018-08-13 21:27:41 +02:00
|
|
|
# Needed for zulip-ec2-configure-network-interfaces
|
2020-05-20 05:24:50 +02:00
|
|
|
'python3-boto3',
|
2018-08-13 21:29:40 +02:00
|
|
|
'python3-netifaces',
|
2018-08-13 21:27:41 +02:00
|
|
|
# Popular editors
|
2018-08-13 21:29:40 +02:00
|
|
|
'vim',
|
|
|
|
'emacs-nox',
|
2018-08-13 21:27:41 +02:00
|
|
|
# Prevent accidental reboots
|
2018-08-13 21:29:40 +02:00
|
|
|
'molly-guard',
|
2018-08-13 21:27:41 +02:00
|
|
|
# Useful tools in a production environment
|
2018-08-13 21:29:40 +02:00
|
|
|
'screen',
|
|
|
|
'strace',
|
2020-05-11 09:51:51 +02:00
|
|
|
'bind9-host',
|
2018-08-13 21:29:40 +02:00
|
|
|
'git',
|
|
|
|
'nagios-plugins-contrib',
|
2018-08-13 21:27:41 +02:00
|
|
|
]
|
2020-06-16 03:21:27 +02:00
|
|
|
zulip::safepackage { $org_base_packages: ensure => 'installed' }
|
2013-10-29 23:53:04 +01:00
|
|
|
|
2021-05-18 05:36:25 +02:00
|
|
|
# Uninstall the AWS kernel, but only after we install the usual one
|
|
|
|
package { 'linux-image-aws':
|
|
|
|
ensure => absent,
|
|
|
|
require => Package['linux-image-virtual'],
|
|
|
|
}
|
|
|
|
|
2013-11-10 15:32:54 +01:00
|
|
|
file { '/etc/apt/apt.conf.d/02periodic':
|
2018-08-13 21:20:34 +02:00
|
|
|
ensure => file,
|
|
|
|
mode => '0644',
|
|
|
|
source => 'puppet:///modules/zulip_ops/apt/apt.conf.d/02periodic',
|
2013-11-10 15:32:54 +01:00
|
|
|
}
|
|
|
|
|
2016-08-19 17:27:17 +02:00
|
|
|
file { '/etc/apt/apt.conf.d/50unattended-upgrades':
|
2018-08-13 21:20:34 +02:00
|
|
|
ensure => file,
|
|
|
|
mode => '0644',
|
|
|
|
source => 'puppet:///modules/zulip_ops/apt/apt.conf.d/50unattended-upgrades',
|
2016-08-19 17:27:17 +02:00
|
|
|
}
|
|
|
|
|
2013-10-29 23:53:04 +01:00
|
|
|
file { '/home/zulip/.ssh':
|
2018-08-13 21:20:34 +02:00
|
|
|
ensure => directory,
|
|
|
|
require => User['zulip'],
|
2018-08-13 21:29:40 +02:00
|
|
|
owner => 'zulip',
|
|
|
|
group => 'zulip',
|
2018-08-13 21:20:34 +02:00
|
|
|
mode => '0600',
|
2013-10-29 23:53:04 +01:00
|
|
|
}
|
|
|
|
|
2018-05-07 03:47:40 +02:00
|
|
|
# Clear /etc/update-motd.d, to fix load problems with Nagios
|
|
|
|
# caused by Ubuntu's default MOTD tools for things like "checking
|
|
|
|
# for the next release" being super slow.
|
|
|
|
file { '/etc/update-motd.d':
|
2018-08-13 21:20:34 +02:00
|
|
|
ensure => directory,
|
|
|
|
recurse => true,
|
|
|
|
purge => true,
|
2018-05-07 03:47:40 +02:00
|
|
|
}
|
|
|
|
|
2016-09-26 19:22:45 +02:00
|
|
|
file { '/etc/pam.d/common-session':
|
2018-08-13 21:20:34 +02:00
|
|
|
ensure => file,
|
|
|
|
require => Package['openssh-server'],
|
|
|
|
source => 'puppet:///modules/zulip_ops/common-session',
|
|
|
|
owner => 'root',
|
|
|
|
group => 'root',
|
|
|
|
mode => '0644',
|
2016-09-26 19:22:45 +02:00
|
|
|
}
|
|
|
|
|
2018-02-10 01:20:26 +01:00
|
|
|
service { 'ssh':
|
|
|
|
ensure => running,
|
|
|
|
}
|
|
|
|
|
2019-06-26 07:06:59 +02:00
|
|
|
file { '/etc/ssh/sshd_config':
|
|
|
|
ensure => file,
|
|
|
|
require => Package['openssh-server'],
|
|
|
|
source => 'puppet:///modules/zulip_ops/sshd_config',
|
|
|
|
owner => 'root',
|
|
|
|
group => 'root',
|
|
|
|
mode => '0644',
|
|
|
|
notify => Service['ssh'],
|
2013-11-07 23:45:07 +01:00
|
|
|
}
|
|
|
|
|
2016-07-31 05:45:09 +02:00
|
|
|
file { '/root/.emacs':
|
2018-08-13 21:20:34 +02:00
|
|
|
ensure => file,
|
|
|
|
mode => '0600',
|
2018-08-13 21:29:40 +02:00
|
|
|
owner => 'root',
|
|
|
|
group => 'root',
|
2018-08-13 21:20:34 +02:00
|
|
|
source => 'puppet:///modules/zulip_ops/dot_emacs.el',
|
2016-07-31 05:45:09 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
file { '/home/zulip/.emacs':
|
2018-08-13 21:20:34 +02:00
|
|
|
ensure => file,
|
|
|
|
mode => '0600',
|
2018-08-13 21:29:40 +02:00
|
|
|
owner => 'zulip',
|
|
|
|
group => 'zulip',
|
2018-08-13 21:20:34 +02:00
|
|
|
source => 'puppet:///modules/zulip_ops/dot_emacs.el',
|
|
|
|
require => User['zulip'],
|
2016-07-31 05:45:09 +02:00
|
|
|
}
|
|
|
|
|
2019-06-26 07:06:59 +02:00
|
|
|
$hosting_provider = zulipconf('machine', 'hosting_provider', 'ec2')
|
|
|
|
if $hosting_provider == 'ec2' {
|
|
|
|
# This conditional block is for for whether it's not
|
|
|
|
# chat.zulip.org, which uses a different hosting provider.
|
|
|
|
package { 'dhcpcd5':
|
|
|
|
ensure => 'installed',
|
|
|
|
}
|
2018-02-10 01:19:01 +01:00
|
|
|
file { '/root/.ssh/authorized_keys':
|
2018-08-13 21:20:34 +02:00
|
|
|
ensure => file,
|
|
|
|
mode => '0600',
|
2018-08-13 21:29:40 +02:00
|
|
|
owner => 'root',
|
|
|
|
group => 'root',
|
2018-08-13 21:20:34 +02:00
|
|
|
source => 'puppet:///modules/zulip_ops/root_authorized_keys',
|
2018-02-10 01:19:01 +01:00
|
|
|
}
|
|
|
|
file { '/home/zulip/.ssh/authorized_keys':
|
2018-08-13 21:20:34 +02:00
|
|
|
ensure => file,
|
|
|
|
require => File['/home/zulip/.ssh'],
|
|
|
|
mode => '0600',
|
2018-08-13 21:29:40 +02:00
|
|
|
owner => 'zulip',
|
|
|
|
group => 'zulip',
|
2018-08-13 21:20:34 +02:00
|
|
|
source => 'puppet:///modules/zulip_ops/authorized_keys',
|
2018-02-10 01:19:01 +01:00
|
|
|
}
|
|
|
|
file { '/var/lib/nagios/.ssh/authorized_keys':
|
2018-08-13 21:20:34 +02:00
|
|
|
ensure => file,
|
|
|
|
require => File['/var/lib/nagios/.ssh'],
|
|
|
|
mode => '0600',
|
2018-08-13 21:29:40 +02:00
|
|
|
owner => 'nagios',
|
|
|
|
group => 'nagios',
|
2018-08-13 21:20:34 +02:00
|
|
|
source => 'puppet:///modules/zulip_ops/nagios_authorized_keys',
|
2018-02-10 01:19:01 +01:00
|
|
|
}
|
2013-10-29 23:53:04 +01:00
|
|
|
|
2018-02-10 01:17:44 +01:00
|
|
|
file { '/usr/local/sbin/zulip-ec2-configure-interfaces':
|
2018-08-13 21:20:34 +02:00
|
|
|
ensure => file,
|
|
|
|
mode => '0755',
|
|
|
|
source => 'puppet:///modules/zulip_ops/zulip-ec2-configure-interfaces',
|
2018-02-10 01:17:44 +01:00
|
|
|
}
|
2013-10-29 23:53:04 +01:00
|
|
|
|
2018-02-10 01:17:44 +01:00
|
|
|
file { '/etc/network/if-up.d/zulip-ec2-configure-interfaces_if-up.d.sh':
|
2018-08-13 21:20:34 +02:00
|
|
|
ensure => file,
|
|
|
|
mode => '0755',
|
|
|
|
source => 'puppet:///modules/zulip_ops/zulip-ec2-configure-interfaces_if-up.d.sh',
|
2018-02-10 01:17:44 +01:00
|
|
|
}
|
2013-10-29 23:53:04 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
group { 'nagios':
|
2018-08-13 21:20:34 +02:00
|
|
|
ensure => present,
|
|
|
|
gid => '1050',
|
2013-10-29 23:53:04 +01:00
|
|
|
}
|
|
|
|
user { 'nagios':
|
|
|
|
ensure => present,
|
|
|
|
uid => '1050',
|
|
|
|
gid => '1050',
|
|
|
|
shell => '/bin/bash',
|
|
|
|
home => '/var/lib/nagios',
|
|
|
|
managehome => true,
|
|
|
|
}
|
|
|
|
file { '/var/lib/nagios/':
|
2018-08-13 21:20:34 +02:00
|
|
|
ensure => directory,
|
|
|
|
require => User['nagios'],
|
2018-08-13 21:29:40 +02:00
|
|
|
owner => 'nagios',
|
|
|
|
group => 'nagios',
|
2018-08-13 21:20:34 +02:00
|
|
|
mode => '0600',
|
2013-10-29 23:53:04 +01:00
|
|
|
}
|
|
|
|
file { '/var/lib/nagios/.ssh':
|
2018-08-13 21:20:34 +02:00
|
|
|
ensure => directory,
|
|
|
|
require => File['/var/lib/nagios/'],
|
2018-08-13 21:29:40 +02:00
|
|
|
owner => 'nagios',
|
|
|
|
group => 'nagios',
|
2018-08-13 21:20:34 +02:00
|
|
|
mode => '0600',
|
2013-10-29 23:53:04 +01:00
|
|
|
}
|
|
|
|
file { '/home/nagios':
|
2018-08-13 21:20:34 +02:00
|
|
|
ensure => absent,
|
|
|
|
force => true,
|
2013-10-29 23:53:04 +01:00
|
|
|
recurse => true,
|
|
|
|
}
|
|
|
|
}
|