add sudo

a3313b22 · skorpy · 236b1c69 · a3313b22 · a3313b22 · a3313b22
Commit a3313b22 authored 8 years ago by skorpy
--- a/common/debian.sls
+++ b/common/debian.sls
+rpcbind:
+  pkg.purged
+
+python-systemd:
+  pkg.latest
+
--- a/common/ffadmin.sls
+++ b/common/ffadmin.sls
+ffadmin:
+  user.present:
+    - shell: /bin/zsh
+    - groups:
+      - sudo
+      - ssh-user
+
+/home/ffadmin/.ssh/authorized_keys:
+  file.managed:
+    - source: salt://common/files/authorized_keys.tpl
+    - user: ffadmin
+    - group: ffadmin
+    - mode: 600
+    - makedirs: True
+    - template: jinja
--- a/common/files/authorized_keys.tpl
+++ b/common/files/authorized_keys.tpl
+{% for key in pillar['ffadmin']['ssh']['authorized_keys'] -%}
+{{ key }}
+{% endfor %}
--- a/common/files/sudoers
+++ b/common/files/sudoers
+#
+# This file MUST be edited with the 'visudo' command as root.
+#
+# Please consider adding local content in /etc/sudoers.d/ instead of
+# directly modifying this file.
+#
+# See the man page for details on how to write a sudoers file.
+#
+Defaults	env_reset
+Defaults	mail_badpass
+Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+# Host alias specification
+
+# User alias specification
+
+# Cmnd alias specification
+
+# User privilege specification
+root	ALL=(ALL:ALL) ALL
+
+# Allow members of group sudo to execute any command
+%sudo	ALL=(ALL:ALL) NOPASSWD: ALL
+
+# See sudoers(5) for more information on "#include" directives:
+
+#includedir /etc/sudoers.d
--- a/common/locales.sls
+++ b/common/locales.sls
+locales:
+  pkg.latest
+
+en_locale:
+  locale.present:
+    - name: en_US.UTF-8
+
+de_locale:
+  locale.present:
+    - name: de_DE.UTF-8
+
+
+locales_reconfigure:
+  cmd.wait:
+    - name: /usr/sbin/dpkg-reconfigure -f noninteractive locales
+    - watch:
+      - locale: en_locale
+      - locale: de_locale
+
+default_locale:
+  cmd.run:
+    - name: /usr/sbin/update-locale LANG=en_US.UTF-8
+    - onchanges:
+      - cmd: locales_reconfigure
+
--- a/common/packages.sls
+++ b/common/packages.sls
+packages_base:
+  pkg.installed:
+    - pkgs:
+      - apt-listbugs
+      - ca-certificates
+      - curl
+      - debian-goodies
+      - dnsutils
+      - htop
+      - iperf3
+      - iputils-tracepath
+      - mlocate
+      - mosh
+      - mtr
+      - ncdu
+      - ncurses-term
+      - netcat-openbsd
+      - psmisc
+      - python-augeas
+      - rsync
+      - silversearcher-ag
+      - strace
+      - tcpdump
+      - tig
+      - tmux
+      - tree
+      - vim-nox
+      - wget
+      - whois
+      - zsh
+      - bridge-utils
+  pkg.purged:
+    - pkgs:
+      - xinetd
+      - inetd
+      - tftp-server
+      - ypserv
+      - telnet-server
+      - rsh-server
+
+# these installs have dedicted states, so they can be referenced in require statements
+git:
+  pkg.installed
--- a/common/sudo.sls
+++ b/common/sudo.sls
+sudo:
+  pkg.installed
+
+/etc/sudoers.d/ops:
+  file.managed:
+    - user: root
+    - group: root
+    - mode: 440
+    - contents: "%ops ALL=(ALL:ALL) NOPASSWD: ALL"
+
+/etc/sudoers:
+  file.managed:
+    - user: root
+    - group: root
+    - mode: 440
+    - source: salt://common/files/sudoers
--- a/common/systemd.sls
+++ b/common/systemd.sls
+systemd_pkgs:
+  pkg.installed:
+    - pkgs:
+      - systemd
+      - dbus
+      - libpam-systemd
--- a/top.sls
+++ b/top.sls
@@ -2,11 +2,14 @@ base:
  '*':
    - ssh
    - apt
-#    - common.debian
-#    - common.packages
+    - common.debian
+    - common.packages
 #    - common.datetime
 #    - common.dotfiles
-#    - common.locales
+    - common.locales
+    - common.systemd
+    - common.ffadmin
+    - common.sudo
    - kernel.sysctl
 #    - prometheus
  'bgp*.ffm.freifunk.net':