initial draft of a minimal puppet config template

1 files changed, 188 insertions, 0 deletions

diff --git a/code/environments/production/manifests/site.pp b/code/environments/production/manifests/site.pp
new file mode 100644
index 0000000..ed159fb
--- /dev/null
+++ b/code/environments/production/manifests/site.pp
@@ -0,0 +1,188 @@
+include apt
+
+$apt_origins = [
+	'origin=Debian,n=${distro_codename}',
+	'origin=Debian,n=${distro_codename}-updates',
+	'origin=Debian,n=${distro_codename},l=Debian-Security',
+	'origin=IT-Zukunft Schule,n=${distro_codename},l=IT-Zukunft Schule',
+]
+
+class ssh_pubkeys_admins {
+	# Mike Gabriel, Fre(i)e Software GmbH
+	ssh_authorized_key { 'mike@minobo':
+		type => 'ssh-rsa',
+		key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDn2moKR4u3yJW+/hvwmhUDjiLBxiMPB+46YO9iEo8HXsdulpMi20hi2TTmWA0w3hog1IEnre6C7UGHcZG0HfPg+eROIuuXRcOfg3WP/IBV0KMF4DTa1KDoN/Nw7HMlhWxGxFrdbumAoj/s2ZaA/of1fpaPKOhunF8S9Ch60LYmgnR3tzJW/b0jS9fww8o/rMB3pZy2WSW0uUfpOIbDv+XHhNiC/iu8IgD+M5KkK+qbNZFPoTQkebc0RPRBcOrmEYroofFGg+7jPU++AEKJUKSaGjZRWzACuXiUzTo2F9fT09EMWU4oiYV9zRqjx6ctncwfEB4qOfoRUycfxBSJk7t7',
+		user => 'root',
+	}
+}
+
+class ssh_pubkeys_firedadmins {
+	# Bad User, Example Project
+	ssh_authorized_key { 'badadmin@NOTEBOOK':
+		ensure => 'absent',
+		type => 'ssh-rsa',
+		key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQC71S/LYktwTalKjE6Sb7XlOyV1tr1O+codh4C3g9uVtjqytYj/Lx6hExxegwN2tiTAjb3skEKpdg7uRbmpEZBtyST/UrrJCB0l0KbjJelfh4MANuRF+H9CNAPwaxcLfCWeTFwmQW8mcSHE20ljY7kpJykEoihBVjK49k+kD+sphIG1o4BU8nQii0i5/U2HqHkPZHzCIjIprN9kTx/n/zMmCLwuIW58KJitG/ttBXPq+TMsN/zcUQm7/PL7UmIMlvUtKzApuM36PUyah7/rpOB5mIYrqFcDXSBUpFLT1CIvfH6ZR5umhnwiRXDsVfP8e0WB1JhOZV1LqOez8s7c4a6/',
+		user => 'root',
+	}
+}
+
+class ssh_pubkeys_backupserver {
+	ssh_authorized_key { 'root@backup-01':
+		type => 'ssh-rsa',
+		key => 'AAAAB3NzaC1yc2EAAAABIwAAAQEAoP6h9pYVdFMlSj/EgXpgYVZZ61mrm3KTS7CNWjAaefPSU1dXk6NUqTP3QbgVQGVQwb/9usW4Wz2xOjarZUAKWZsrH8kkkoitZMBHUSnYVp2hx33MS62NreSuMSKCf8U5hwiR9S4aifg5l6Bcq1uJ8ht2zcUnsuEV1Prrey0YXAfw29mpVMJSr57pQRYsRTWjcPrO959PB4rQFuj3/SN1z5lMH9gfurVN1o7Hz2C+GQVhSW5ngb+Hmb4T3Y7bcLZomWQZLLkmZNv98gfsL33bl0WFEPQ3lH8x2OjUSO7lDuxzKxl0c5HY71fNk7nPU1mx17MPzHOQfleJJPrfSKrf4Q==',
+		user => 'root',
+	}
+}
+
+class lsb_release_with_version {
+	file { '/etc/lsb-release':
+		ensure => present,
+	}
+	file_line { 'lsb-release-with-version':
+		path  => '/etc/lsb-release',
+		line  => "DISTRIB_DESCRIPTION=\"Debian Edu / Skolelinux ${::operatingsystemrelease}\"",
+		match => "^DISTRIB_DESCRIPTION=\"DebianEdu/Skolelinux\"$",
+	}
+	file_line{ 'lsb-release-remove-cruft-1':
+		path   => '/etc/lsb-release',
+		ensure => absent,
+		line   => 'DISTRIB_DESCRIPTION="DebianEdu/Skolelinux"',
+	}
+}
+
+class login_manager {
+	package { 'arctica-greeter':
+		ensure => 'installed',
+	}
+	package { 'kdm':
+		ensure => 'purged',
+	}
+}
+
+class browsers {
+	package { firefox-esr:
+		ensure => 'latest',
+	}
+	package { chromium:
+		ensure => 'latest',
+	}
+}
+
+#node "all_hosts" {
+#	class { 'ssh_pubkeys_admins': }
+#	class { 'ssh_pubkeys_firedadmins': }
+#	class { 'lsb_release_with_version': }
+#	class { 'login_manager': }
+#}
+
+#node "all_servers" {
+#	class { 'ssh_pubkeys_admins': }
+#	class { 'ssh_pubkeys_firedadmins': }
+#	class { 'ssh_pubkeys_backupserver': }
+#	class { 'lsb_release_with_version': }
+#}
+
+node "tjener.intern" {
+	class { 'ssh_pubkeys_admins': }
+	class { 'ssh_pubkeys_firedadmins': }
+	class { 'ssh_pubkeys_backupserver': }
+	class { 'lsb_release_with_version': }
+	class { 'unattended_upgrades':
+		enable => 1,
+		origins => $apt_origins,
+		age => { 'max' => 10 },
+		auto => {
+			'clean' => 7,
+			### WE DON'T REBOOT TJENER
+		},
+		upgradeable_packages => {
+			download_only => 1,
+			debdelta => 1,
+		},
+	}
+}
+
+node "disklserver.intern" {
+	class { 'ssh_pubkeys_admins': }
+	class { 'ssh_pubkeys_firedadmins': }
+	class { 'ssh_pubkeys_backupserver': }
+	class { 'lsb_release_with_version': }
+	# vidar.das-netzwerkteam.de is the deployment source for diskless workstation chroots
+	ssh_authorized_key { 'root@vidar.das-netzwerkteam.de':
+		type => 'ssh-rsa',
+		key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDiLGbx/U9slB9db8PAy8FTRo7/avVvLJUOZzkoBxZa5Edeo+74ezoU2Kv1OxcRJRnSGBe41XDcpLxDS04JMA5xBddUfdq5c+Y1A2SYChUPK1fkrGoKfmGC60dFmEqAQZ33dJhN9rxzQvuvxlmexX8x2TYJC8/jATa+6QuO4chHAFvGo9RLs8hzet5y06fammJDkf0yD6R32GT7q4XMNXilKQ564D1yBJygE6vZx/W3V3l8/QMr6m1lYTTk+W+29IkoxvQBZ6YXKFdnuTVkSYyanafjZwznTFSuBtBZKcgLXFFmyplcB4QlZGvdrrsEJazwwj+pnJeGx0HwV8ePbKxN',
+		user => 'root',
+	}
+	class { 'unattended_upgrades':
+		enable => 1,
+		origins => $apt_origins,
+		auto => {
+			'clean' => 7,
+			'reboot' => true,
+		},
+		upgradeable_packages => {
+			download_only => 1,
+			debdelta => 1,
+		},
+	}
+}
+
+node "filter.intern" {
+	class { 'ssh_pubkeys_admins': }
+	class { 'ssh_pubkeys_firedadmins': }
+	class { 'ssh_pubkeys_backupserver': }
+	class { 'lsb_release_with_version': }
+	class { 'unattended_upgrades':
+		enable => 1,
+		origins => $apt_origins,
+		auto => {
+			'clean' => 7,
+			'reboot' => true,
+		},
+		upgradeable_packages => {
+			download_only => 1,
+			debdelta => 1,
+		},
+	}
+}
+
+# NOT PRESENT node "bibserv.intern" inherits "all_servers" {}
+node "opsiserver.intern" {
+	class { 'ssh_pubkeys_admins': }
+	class { 'ssh_pubkeys_firedadmins': }
+	class { 'ssh_pubkeys_backupserver': }
+	class { 'lsb_release_with_version': }
+	class { 'unattended_upgrades':
+		enable => 1,
+		origins => $apt_origins,
+		auto => {
+			'clean' => 7,
+			'reboot' => true,
+		},
+		upgradeable_packages => {
+			download_only => 1,
+			debdelta => 1,
+		},
+	}
+}
+# NOT PRESENT node "displayserver.intern" inherits "all_servers" {}
+# NOT PRESENT node "contentserver.intern" inherits "all_servers" {}
+# NOT PRESENT node "devserver.intern" inherits "all_servers" {}
+
+# default / minimal
+node "default" {
+	class { 'ssh_pubkeys_admins': }
+	class { 'ssh_pubkeys_firedadmins': }
+	class { 'lsb_release_with_version': }
+	class { 'unattended_upgrades':
+		enable => 1,
+		origins => $apt_origins,
+		auto => {
+			'clean' => 7,
+		},
+		upgradeable_packages => {
+			download_only => 1,
+			debdelta => 1,
+		},
+	}
+}