class { 'apt': update => { frequency => 'always', }, } include apt $apt_origins = [ 'origin=Debian,n=${distro_codename}', 'origin=Debian,n=${distro_codename}-updates', 'origin=Debian,n=${distro_codename},label=Debian-Security', 'origin=Debian,n=${distro_codename}-security,label=Debian-Security', 'origin=IT-Zukunft Schule,n=${distro_codename},label=IT-Zukunft Schule', ] class ssh_pubkeys_admins { # Mike Gabriel, Fre(i)e Software GmbH ssh_authorized_key { 'mike@minobo': type => 'ssh-rsa', key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDn2moKR4u3yJW+/hvwmhUDjiLBxiMPB+46YO9iEo8HXsdulpMi20hi2TTmWA0w3hog1IEnre6C7UGHcZG0HfPg+eROIuuXRcOfg3WP/IBV0KMF4DTa1KDoN/Nw7HMlhWxGxFrdbumAoj/s2ZaA/of1fpaPKOhunF8S9Ch60LYmgnR3tzJW/b0jS9fww8o/rMB3pZy2WSW0uUfpOIbDv+XHhNiC/iu8IgD+M5KkK+qbNZFPoTQkebc0RPRBcOrmEYroofFGg+7jPU++AEKJUKSaGjZRWzACuXiUzTo2F9fT09EMWU4oiYV9zRqjx6ctncwfEB4qOfoRUycfxBSJk7t7', user => 'root', } # Daniel Teichmann, Fre(i)e Software GmbH ssh_authorized_key { 'daniel@nwt-01': type => 'ssh-rsa', key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCytDYygwrARkiy/1cQ8x9otmWgE3k6EH3ymeHXaFnP/Du0BDRgGuLtdL1yj4OqE4tKqKdXOa1kULLQdbQ0C0ogGGxpZaza1TdxKTpB2YSx1L3LjhzG4KSr0hz/u9qpk7U1PVRi5N7tO/x7eRZWzbuH5UXxLemb1jj5X+q/siAi+8rFfmQmYta+ea4XDQIjfMiKU5ExGjg3DufhyPtsb75zsU9ZcoXo8j4lkjeCJegK7rdKrlmZqMidrZHd8pPN5Tjrn0LMg1fRL0Z+wwHxawhruaw+LHq2iJ3plWJ9igCwvUcXY3KtL1r9owxZATE5CN17OFxCbEFDqsS63OTYr3Xt', user => 'root', } # Thies Wels (Notebook), LW ssh_authorized_key { 'lw@thies-ThinkPad': type => 'ssh-rsa', key => 'AAAAB3NzaC1yc2EAAAADAQABAAABgQC+yPKId58DGMMXt3KhkYMpMZ7HZ2VS9w0Ry5UikgMuv/ZohXnqe2UG3j0KeJ0SAQj7ZlZTyhGT6ZaXupl/eI5nTnjD7tISe3rdrbS1h/73KZ/H0Ooay1Ede/tYHb0AY83RG4DOAiWDCeNGBbO/ksPVscQaXyr6ooewMyQFJqZNWv9Jlxo236IFu9nmBZD9yCwUXzTsY3efdRzhv//ZP5z6UwUIsHRd4tqyFyjcd0kfJNe/QoH0ynME6oAOZ6o9zjD7Srfxv19XGYkqzoEZdg26xOHFJ7v+uXAJLQunCbnPUIDaYSinPdsjoUQ6D0IadYtBIF65mX9Lae2EuvjW2NrSCQtqvYzl1tiSmFzI9ktFvnkOTnTjTndCYodfgo6DJvw4m67OD+rZNSAjZQbEaDcYm6t3gGJn0GhVgGVN55tps2UgE0r+l1AlyRfRb0a7NwiPvNtxk5tuXdUkvINvnRG5hHb5yG5lzvSjhtIQ0XU6mHwZFRX13rpUKfB+KjxukDs=', user => 'root', } # Thies Wels (Notebook [alt]), LW ssh_authorized_key { 'lw@thies-ThinkPad-X1-Carbon-3rd': type => 'ssh-rsa', key => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQCSXN3qZ0ShJkTjmDhUQZbO/llTFS/VirTHWrWOh/Gi8dKRe52jcZ+PRYcjkzUwKmhMjgFQVHB9M3wTaxMFJFAoHYJ8C/j/A9n6AYgk4Ng0vRYPqFcDbFza6lMsA0msSXofg4wckQhF0Bpn7pj3AAEbqOZoXJoOgPxyue1p2b4925sfChSPfhMd+QxXrs1X+xJAysSpZme0ujtB3MYFRk2ySa99nQSeuYrUnQkcKqH6HusRdTVRIthoY+f0sQCAGs9z2mrma0OtfwgMlgyGS1JZWnt2/47Nm35MyljmJdHheD123mRaeGxjKD5z29Pm3vOuj0xn/kff1eCPy4xC2T1jL4IBUROF9vg9T3BQP7A/z2DdJwZ2Lp/xzXQKFV22jillqeKjHMpLmiVNMgDt07C3PaRSPryxuCrUUWnG2cPdcf6vr1a/uoo8zBGXEsWFpTlnZF+q9wDgPtD7EChthkstOB/1IH9FOibmlD4+89GuZfJ4ej0EDsm0jF9ML51plrIie+Q/bsF/w22ctsKpfvm3hl87jBNaYTGiaWqb34BWUL61NjPRhuCPLOwswYbQtNBvVaIByrao4/3huIPq10KsvWghvq7yr4xhNLKjax/Dmmmd65F/xaTEytDM3vtyI4lp+spSvNCTD7Amz36VTsCubAEeRcCyExgcSa2HOFrs/w==', user => 'root', } # Thies Wels (Debian Edu User), LW ssh_authorized_key { 'welthi@debian-edu': type => 'ssh-rsa', key => 'AAAAB3NzaC1yc2EAAAADAQABAAABgQChk8Ifnjc3lxtXaqiAODtZrlTqgFhFiX/24VKoSs9048fIxumjcTjyRBBF6NtNs4d+wuHaTmlvLAGiRQ+/pO2/cX+rlI2P5U6QQIe5bhFnvRJJI6WYt0WDOPZ5Zn9icGrDTlRIN+NLoxs7GrPZDVAm/lRZ09hzOmkyJxt7kpY1E3KYWa30kj5QrkZvwHCn6DNEYJvz1J6fX4KNQuBnWnyY/IeNCOiWPhrBtSLPqH1Qe+HB/glxwQ/0QF3UBGJqXsgS4f2x72ibWxaTJ1xnkbRatuAcKVidl59GDkPjZ/CGKzIibIBeauzf7DHlf+Uy8niODkUMijIbAPla8ghn0bOEIPaMJKHxdTLrbHOPsQduOqdHsHDUOKX+grxgX14ns9r4uqRSm+RHNPSRjo+mGf/NF8gwL3x4Mca75Xh1lSUxqflYMgjrW+9JQvKcrQtUt4UDRKxO6bRxtmddDdSJGtL4j9UeWpJnE5CFk1JT0lIRipPbxFjER0zxIORW1UHSY80=', user => 'root', } } class ssh_pubkeys_firedadmins { # Bad User, Example Project ssh_authorized_key { 'badadmin@NOTEBOOK': ensure => 'absent', type => 'ssh-rsa', key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQC71S/LYktwTalKjE6Sb7XlOyV1tr1O+codh4C3g9uVtjqytYj/Lx6hExxegwN2tiTAjb3skEKpdg7uRbmpEZBtyST/UrrJCB0l0KbjJelfh4MANuRF+H9CNAPwaxcLfCWeTFwmQW8mcSHE20ljY7kpJykEoihBVjK49k+kD+sphIG1o4BU8nQii0i5/U2HqHkPZHzCIjIprN9kTx/n/zMmCLwuIW58KJitG/ttBXPq+TMsN/zcUQm7/PL7UmIMlvUtKzApuM36PUyah7/rpOB5mIYrqFcDXSBUpFLT1CIvfH6ZR5umhnwiRXDsVfP8e0WB1JhOZV1LqOez8s7c4a6/', user => 'root', } } class ssh_pubkeys_backupserver { ssh_authorized_key { 'root@backup-01': type => 'ssh-rsa', key => 'AAAAB3NzaC1yc2EAAAADAQABAAABgQDg+cosM6DbHV8VnCyKkDeQ9rP38ND2Ld1Kf7fKsqFs9DkaMyLVVb4K5tR/7EyRbD13x4WCgvA42tXi4vLxpVZ/x27OGGcr2x8TAFQST2hy2jWiDtIZBzsYU7z7zChcDqvsMmxpOfBLJAtnr+L0Q5K51UKDYDkAUbclDwHou95nRrn1a2Lt360/kUaYMQ+s5uHyfjdBWaVsdIaYZGT4BZgD1Xds9RDv4tIMebbokTcNLoIYEZ5zBb6VnhnAU7BS8tTkyiV8lVSFaADeA3pdZCav4Al5hyOzCzjl4OfMbvaTu7BPLLMzowcYLEZIZvQd/17qD/8s24iVU2jFR7XBW3MdEaDHAEYSlmcIBhFITEJ59Umw9BEc4EYdW2XRtW6po4kJcCyS7Z2tjZMiAv/IcoZcqIYtP9wM18GRu7bZLXA2w1hsel8SSE8bYFXUtkr21meexApxsU/N9U+VagNkTOl9uWLmoX8htX2hdbf9MsbfwnDY8t3utuSk9Gogmn/t/8M=', user => 'root', } } class cups_browsed_polling { file { '/etc/apparmor.d/local/usr.sbin.cups-browsed': content => "/etc/cups/cups-browsed-debian-edu.conf r,\n", } ~> exec { '/usr/bin/systemctl restart apparmor.service': refreshonly => true } ~> exec { '/usr/bin/systemctl restart cups-browsed.service': refreshonly => true } exec { 'cups-browsed-reload': command => '/usr/sbin/service cups-browsed restart', subscribe => [File_line['cups-browsed-create-remote-cups-printers'], File_line['cups-browsed-poll-ipp-intern'], File_line['cups-browsed-queue-naming'], File_line['cups-browsed-no-remote-protos'], File_line['cups-browsed-no-local-protos']], refreshonly => true, } exec { 'cups-delete-dead-printers': command => '/bin/bash -c "LANG=C lpstat -a | grep \"not accepting requests\" | cut -d \" \" -f1 | while read printer; do lpadmin -x \$printer; done"', subscribe => File_line['cups-browsed-no-remote-protos'], refreshonly => true, } file_line { 'cups-browsed-create-remote-cups-printers': path => '/etc/cups/cups-browsed.conf', ensure => present, line => "CreateRemoteCUPSPrinterQueues Yes", match => '^CreateRemoteCUPSPrinterQueues.*', } file_line { 'cups-browsed-no-remote-protos': path => '/etc/cups/cups-browsed.conf', ensure => present, line => "BrowseRemoteProtocols none", match => '^BrowseRemoteProtocols.*', } file_line { 'cups-browsed-no-local-protos': path => '/etc/cups/cups-browsed.conf', ensure => present, line => "BrowseLocalProtocols none", match => '^BrowseLocalProtocols.*', } file_line { 'cups-browsed-queue-naming': path => '/etc/cups/cups-browsed.conf', ensure => present, line => "LocalQueueNamingRemoteCUPS RemoteName", match => '^LocalQueueNamingRemoteCUPS.*', } file_line { 'cups-browsed-poll-ipp-intern': path => '/etc/cups/cups-browsed.conf', ensure => present, line => "BrowsePoll ipp.intern", match => '^BrowsePoll\ .*', append_on_no_match => true, } } class apt_http_proxy_hotfix { exec { 'apt_http_proxy_file_rename': command => "/usr/bin/mv /etc/apt/apt.conf.d/02proxy /etc/apt/apt.conf.d/04proxy", onlyif => "/usr/bin/test -f /etc/apt/apt.conf.d/02proxy", } } class etc_security_groupconf { file_line { 'etc-security-groupconf-update': path => '/etc/security/group.conf', ensure => present, line => '*;*;*;Al0000-2400;audio,bluetooth,cdrom,dialout,dip,floppy,netdev,plugdev,scanner,video', match => '^\*;\*;\*;Al0000-2400;.*', } } class itzks_systems_common { package { 'itzks-systems-common': ensure => 'latest', require => Class['apt::update'] } } class itzks_systems_workstation { package { 'itzks-systems-workstation': ensure => 'latest', require => Class['apt::update'] } package { 'ntp': ensure => 'latest', require => Class['apt::update'] } } class itzks_systems_roamingworkstation { package { 'itzks-systems-roamingworkstation': ensure => 'latest', require => Class['apt::update'] } } class itzks_systems_tablet { package { 'itzks-systems-tablet': ensure => 'latest', require => Class['apt::update'] } } class itzks_systems_mainserver { package { 'itzks-systems-mainserver': ensure => 'latest', require => Class['apt::update'] } } class itzks_systems_faiserver { package { 'itzks-systems-faiserver': ensure => 'latest', require => Class['apt::update'] } } class itzks_systems_puppetserver { package { 'itzks-systems-puppetserver': ensure => 'latest', require => Class['apt::update'] } } class itzks_systems_filter { package { 'itzks-systems-filter': ensure => 'latest', require => Class['apt::update'] } } class itzks_systems_disklserver { package { 'itzks-systems-disklserver': ensure => 'latest', require => Class['apt::update'] } } class lsb_release_with_version { file { '/etc/lsb-release': ensure => present, } file_line { 'lsb-release-with-version': path => '/etc/lsb-release', line => "DISTRIB_DESCRIPTION=\"Debian Edu / Skolelinux ${::operatingsystemrelease}\"", match => "^DISTRIB_DESCRIPTION=\"DebianEdu/Skolelinux\"$", } file_line{ 'lsb-release-remove-cruft-1': path => '/etc/lsb-release', ensure => absent, line => 'DISTRIB_DESCRIPTION="DebianEdu/Skolelinux"', } } class login_manager { package { 'arctica-greeter': ensure => 'installed', require => Class['apt::update'] } package { 'kdm': ensure => 'purged', } package { 'sddm': ensure => 'purged', } package { 'gdm3': ensure => 'purged', } } class browser_firefox { package { firefox-esr: ensure => 'latest', require => Class['apt::update'] } } class browser_chromium { package { chromium: ensure => 'latest', require => Class['apt::update'] } } #node "all_hosts" { # class { 'ssh_pubkeys_admins': } # class { 'ssh_pubkeys_firedadmins': } # class { 'lsb_release_with_version': } # class { 'login_manager': } #} #node "all_servers" { # class { 'ssh_pubkeys_admins': } # class { 'ssh_pubkeys_firedadmins': } # class { 'ssh_pubkeys_backupserver': } # class { 'lsb_release_with_version': } #} node "tjener.intern" { class { 'ssh_pubkeys_admins': } class { 'ssh_pubkeys_firedadmins': } class { 'ssh_pubkeys_backupserver': } class { 'lsb_release_with_version': } class { 'browser_firefox': } class { 'browser_chromium': } class { 'unattended_upgrades': enable => 1, origins => $apt_origins, age => { 'max' => 10 }, auto => { 'clean' => 7, ### WE DON'T REBOOT TJENER }, upgradeable_packages => { download_only => 1, debdelta => 1, }, } class { 'itzks_systems_mainserver': } class { 'itzks_systems_common': } } node "disklserver.intern" { class { 'ssh_pubkeys_admins': } class { 'ssh_pubkeys_firedadmins': } class { 'ssh_pubkeys_backupserver': } class { 'lsb_release_with_version': } # vidar.das-netzwerkteam.de is the deployment source for diskless workstation chroots ssh_authorized_key { 'root@vidar.das-netzwerkteam.de': type => 'ssh-rsa', key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDiLGbx/U9slB9db8PAy8FTRo7/avVvLJUOZzkoBxZa5Edeo+74ezoU2Kv1OxcRJRnSGBe41XDcpLxDS04JMA5xBddUfdq5c+Y1A2SYChUPK1fkrGoKfmGC60dFmEqAQZ33dJhN9rxzQvuvxlmexX8x2TYJC8/jATa+6QuO4chHAFvGo9RLs8hzet5y06fammJDkf0yD6R32GT7q4XMNXilKQ564D1yBJygE6vZx/W3V3l8/QMr6m1lYTTk+W+29IkoxvQBZ6YXKFdnuTVkSYyanafjZwznTFSuBtBZKcgLXFFmyplcB4QlZGvdrrsEJazwwj+pnJeGx0HwV8ePbKxN', user => 'root', } class { 'unattended_upgrades': enable => 1, origins => $apt_origins, auto => { 'clean' => 7, 'reboot' => true, }, upgradeable_packages => { download_only => 1, debdelta => 1, }, } class { 'apt_http_proxy_hotfix': } class { 'itzks_systems_disklserver': } class { 'itzks_systems_common': } class { 'cups_browsed_polling': } class { 'krb5hostkeytab': } } node "faiserver.intern" { class { 'ssh_pubkeys_admins': } class { 'ssh_pubkeys_firedadmins': } class { 'ssh_pubkeys_backupserver': } class { 'lsb_release_with_version': } class { 'unattended_upgrades': enable => 1, origins => $apt_origins, auto => { 'clean' => 7, 'reboot' => true, }, upgradeable_packages => { download_only => 1, debdelta => 1, }, } class { 'apt_http_proxy_hotfix': } class { 'itzks_systems_faiserver': } class { 'itzks_systems_common': } class { 'cups_browsed_polling': } class { 'krb5hostkeytab': } } node "filter.intern" { class { 'ssh_pubkeys_admins': } class { 'ssh_pubkeys_firedadmins': } class { 'ssh_pubkeys_backupserver': } class { 'lsb_release_with_version': } class { 'unattended_upgrades': enable => 1, origins => $apt_origins, auto => { 'clean' => 7, 'reboot' => true, }, upgradeable_packages => { download_only => 1, debdelta => 1, }, } class { 'itzks_systems_filter': } } # NOT PRESENT node "bibserv.intern" inherits "all_servers" {} #node "opsiserver.intern" { # class { 'ssh_pubkeys_admins': } # class { 'ssh_pubkeys_firedadmins': } # class { 'ssh_pubkeys_backupserver': } # class { 'lsb_release_with_version': } # class { 'unattended_upgrades': # enable => 1, # origins => $apt_origins, # auto => { # 'clean' => 7, # 'reboot' => true, # }, # upgradeable_packages => { # download_only => 1, # debdelta => 1, # }, # } #} # NOT PRESENT node "displayserver.intern" inherits "all_servers" {} # NOT PRESENT node "contentserver.intern" inherits "all_servers" {} # NOT PRESENT node "devserver.intern" inherits "all_servers" {} node "puppetserver.intern" { class { 'ssh_pubkeys_admins': } class { 'ssh_pubkeys_firedadmins': } class { 'ssh_pubkeys_backupserver': } class { 'lsb_release_with_version': } class { 'unattended_upgrades': enable => 1, origins => $apt_origins, auto => { 'clean' => 7, 'reboot' => true, }, upgradeable_packages => { download_only => 1, debdelta => 1, }, } class { 'apt_http_proxy_hotfix': } class { 'itzks_systems_puppetserver': } class { 'itzks_systems_common': } class { 'cups_browsed_polling': } class { 'krb5hostkeytab': } } # NOTEBOOKS (aka ROAMING WORKSTATIONS) node /(md-lap-[0-9]+|notebook-[0-9]+|test-notebook)\.intern$/ { class { 'ssh_pubkeys_admins': } class { 'ssh_pubkeys_firedadmins': } class { 'lsb_release_with_version': } class { 'browser_firefox': } class { 'browser_chromium': } class { 'unattended_upgrades': enable => 1, origins => $apt_origins, auto => { 'clean' => 7, }, upgradeable_packages => { download_only => 1, debdelta => 1, }, } class { 'apt_http_proxy_hotfix': } class { 'itzks_systems_roamingworkstation': } class { 'itzks_systems_common': } class { 'login_manager': } class { 'cups_browsed_polling': } class { 'krb5hostkeytab': } class { 'etc_security_groupconf': } } # WORKSTATIONS node /((nuc|workstation)-[0-9]+|test-workstation)\.intern$/ { class { 'ssh_pubkeys_admins': } class { 'ssh_pubkeys_firedadmins': } class { 'lsb_release_with_version': } class { 'browser_firefox': } class { 'browser_chromium': } class { 'unattended_upgrades': enable => 1, origins => $apt_origins, auto => { 'clean' => 7, }, upgradeable_packages => { download_only => 1, debdelta => 1, }, } class { 'apt_http_proxy_hotfix': } class { 'itzks_systems_workstation': } class { 'itzks_systems_common': } class { 'login_manager': } class { 'cups_browsed_polling': } class { 'krb5hostkeytab': } class { 'etc_security_groupconf': } } # TABLETS node /(tab-[0-9]+|test-tablet)\.intern$/ { class { 'ssh_pubkeys_admins': } class { 'ssh_pubkeys_firedadmins': } class { 'lsb_release_with_version': } class { 'browser_chromium': } class { 'unattended_upgrades': enable => 1, origins => $apt_origins, auto => { 'clean' => 7, }, upgradeable_packages => { download_only => 1, debdelta => 1, }, } class { 'apt_http_proxy_hotfix': } class { 'itzks_systems_tablet': } class { 'itzks_systems_common': } class { 'cups_browsed_polling': } class { 'krb5hostkeytab': } class { 'etc_security_groupconf': } } # default / minimal node "default" { class { 'ssh_pubkeys_admins': } class { 'ssh_pubkeys_firedadmins': } class { 'lsb_release_with_version': } class { 'browser_firefox': } class { 'browser_chromium': } class { 'unattended_upgrades': enable => 1, origins => $apt_origins, auto => { 'clean' => 7, }, upgradeable_packages => { download_only => 1, debdelta => 1, }, } class { 'apt_http_proxy_hotfix': } }