Restructure states, add podman package install workaround

2023-10-26 23:59:19 +02:00 · 2023-10-26 23:59:19 +02:00 · b0ac9dc850
commit b0ac9dc850
parent 552908f0b9
20 changed files with 167 additions and 154 deletions
--- a/applications/init.sls
+++ b/applications/init.sls
@ -1,4 +0,0 @@
 include:
  - .mysql
  - .podman
  - .ssh
--- a/applications/mysql.sls
+++ b/applications/mysql.sls
@ -1,35 +0,0 @@
 applications_mysql_pkgs:
  pkg.installed:
    - pkgs:
      - mariadb
      - mariadb-client
      - mariadb-openrc
 applications_mysql_directory:
  file.directory:
    - name: /var/lib/mysql
    - create: False
    - replace: False
    - user: mysql
    - group: mysql
    - recurse:
      - user
      - group
    - require:
      - applications_mysql_pkgs
 {% if not salt['file.directory_exists']('/var/lib/mysql/mysql') %}
 applications_mysql_setup:
  cmd.run:
    - name: /etc/init.d/mariadb setup
    - runas: root
    - shell: /bin/ash
    - require:
      - applications_mysql_directory
 applications_mysql_service:
  service.enabled:
    - name: mariadb
    - require:
      - applications_mysql_setup
 {% endif %}
--- a/applications/podman.sls
+++ b/applications/podman.sls
@ -1,84 +0,0 @@
 applications_podman_pkgs:
  pkg.installed:
    - pkgs:
      - podman
      - podman-openrc
 application_podman_compose_pkg:
  pkg.installed:
    - sources:
      - podman-compose: https://dl-cdn.alpinelinux.org/alpine/edge/testing
 applications_podman_rootless_confd:
  file.keyvalue:
    - name: /etc/conf.d/podman
    - key_values:
        podman_user: '"puser"'
    - separator: '='
    - uncomment: '#'
    - key_ignore_case: false
    - value_ignore_case: false
    - append_if_not_found: true
    - require:
      - applications_podman_pkgs
 applications_podman_service:
  service.running:
    - name: podman
    - enable: True
    - watch:
      - file: /etc/conf.d/podman
    - require:
      - applications_podman_rootless_confd
 applications_podman_rootless_cgroup_mode:
  file.keyvalue:
    - name: /etc/rc.conf
    - key_values:
        rc_cgroup_mode: '"unified"'
    - separator: '='
    - uncomment: '#'
    - key_ignore_case: false
    - value_ignore_case: false
    - append_if_not_found: true
    - require:
      - applications_podman_pkgs
 applications_podman_rootless_cgroups:
  service.running:
    - name: cgroups
    - enable: True
    - watch:
      - applications_podman_rootless_cgroup_mode
 applications_podman_user:
  user.present:
    - name: puser
    - uid: 2000
    - shell: /bin/zsh
    - home: /home/puser
    - usergroup: True
    - createhome: True
    - require:
      - applications_podman_pkgs
 applications_podman_rootless_modules:
  file.append:
    - name: /etc/modules
    - text:
      - tun
      - fuse
 applications_podman_rootless_subgid:
  file.append:
    - name: /etc/subgid
    - text: puser:100000:65536
    - require:
      - applications_podman_user
 applications_podman_rootless_subuid:
  file.append:
    - name: /etc/subuid
    - text: puser:100000:65536
    - require:
      - applications_podman_user
--- a/applications/ssh.sls
+++ b/applications/ssh.sls
@ -1,30 +0,0 @@
 applications_ssh_pkgs:
  pkg.installed:
    - pkgs:
      - openssh-server
 applications_ssh_add_keys:
  file.managed:
    - name: /root/.ssh/authorized_keys
    - source: salt://{{ tpldir }}/files/ssh_authorized_keys
    - makedirs: True
    - user: root
    - group: root
    - require:
      - applications_ssh_pkgs
 applications_ssh_configuration:
  file.managed:
    - name: /etc/ssh/sshd_config
    - source: salt://{{ tpldir }}/files/ssh_sshd_config
 applications_ssh_enable:
  service.running:
    - name: sshd
    - enable: True
    - watch:
      - applications_ssh_configuration
      - applications_ssh_add_keys
    - require:
      - applications_ssh_configuration
      - applications_ssh_add_keys
--- a/mysql/directory.sls
+++ b/mysql/directory.sls
@ -0,0 +1,12 @@
 mysql_directory:
  file.directory:
    - name: /var/lib/mysql
    - create: False
    - replace: False
    - user: mysql
    - group: mysql
    - recurse:
      - user
      - group
    - require:
      - applications_mysql_pkgs
--- a/mysql/init.sls
+++ b/mysql/init.sls
@ -0,0 +1,4 @@
 include:
  - .pkg
  - .directory
  - .service
--- a/mysql/pkg.sls
+++ b/mysql/pkg.sls
@ -0,0 +1,6 @@
 mysql_pkg:
  pkg.installed:
    - pkgs:
      - mariadb
      - mariadb-client
      - mariadb-openrc
--- a/mysql/service.sls
+++ b/mysql/service.sls
@ -0,0 +1,15 @@
 {% if not salt['file.directory_exists']('/var/lib/mysql/mysql') %}
 mysql_service_setup:
  cmd.run:
    - name: /etc/init.d/mariadb setup
    - runas: root
    - shell: /bin/ash
    - require:
      - applications_mysql_directory
 mysql_service_enable:
  service.enabled:
    - name: mariadb
    - require:
      - mysql_service_setup
 {% endif %}
--- a/openssh/config.sls
+++ b/openssh/config.sls
@ -0,0 +1,17 @@
 include:
  - .pkg
 openssh_config_configuration:
  file.managed:
    - name: /etc/ssh/sshd_config
    - source: salt://{{ tpldir }}/files/openssh_sshd_config
 openssh_config_keys:
  file.managed:
    - name: /root/.ssh/authorized_keys
    - source: salt://{{ tpldir }}/files/openssh_authorized_keys
    - makedirs: True
    - user: root
    - group: root
    - require:
      - openssh_pkg
--- a/applications/files/ssh_authorized_keys
+++ b/applications/files/ssh_authorized_keys
--- a/applications/files/ssh_sshd_config
+++ b/applications/files/ssh_sshd_config
--- a/openssh/init.sls
+++ b/openssh/init.sls
@ -0,0 +1,4 @@
 include:
  - .pkg
  - .config
  - .service
--- a/openssh/pkg.sls
+++ b/openssh/pkg.sls
@ -0,0 +1,4 @@
 openssh_pkg:
  pkg.installed:
    - pkgs:
      - openssh-server
--- a/openssh/service.sls
+++ b/openssh/service.sls
@ -0,0 +1,13 @@
 include:
  - .config
 openssh_service_enable:
  service.running:
    - name: sshd
    - enable: True
    - watch:
      - openssh_config_configuration
      - openssh_config_keys
    - require:
      - openssh_config_configuration
      - openssh_config_keys
--- a/podman/init.sls
+++ b/podman/init.sls
@ -0,0 +1,5 @@
 include:
  - .pkg
  - .rootless
  - .user
  - .service
--- a/podman/pkg.sls
+++ b/podman/pkg.sls
@ -0,0 +1,3 @@
 podman_pkg:
  cmd.run:
    - name: "apk add podman podman-openrc podman-compose@testing"
--- a/podman/rootless.sls
+++ b/podman/rootless.sls
@ -0,0 +1,57 @@
 include:
  - .pkg
  - .user
 podman_rootless_confd:
  file.keyvalue:
    - name: /etc/conf.d/podman
    - key_values:
        podman_user: '"puser"'
    - separator: '='
    - uncomment: '#'
    - key_ignore_case: false
    - value_ignore_case: false
    - append_if_not_found: true
    - require:
      - podman_pkg
 podman_rootless_cgroup_mode:
  file.keyvalue:
    - name: /etc/rc.conf
    - key_values:
        rc_cgroup_mode: '"unified"'
    - separator: '='
    - uncomment: '#'
    - key_ignore_case: false
    - value_ignore_case: false
    - append_if_not_found: true
    - require:
      - podman_pkg
 podman_rootless_cgroups:
  service.running:
    - name: cgroups
    - enable: True
    - watch:
      - podman_rootless_cgroup_mode
 podman_rootless_modules:
  file.append:
    - name: /etc/modules
    - text:
      - tun
      - fuse
 podman_rootless_subgid:
  file.append:
    - name: /etc/subgid
    - text: puser:100000:65536
    - require:
      - podman_user
 podman_rootless_subuid:
  file.append:
    - name: /etc/subuid
    - text: puser:100000:65536
    - require:
      - podman_user
--- a/podman/service.sls
+++ b/podman/service.sls
@ -0,0 +1,11 @@
 include:
  - .rootless
 applications_podman_service:
  service.running:
    - name: podman
    - enable: True
    - watch:
      - file: /etc/conf.d/podman
    - require:
      - podman_rootless_confd
--- a/podman/user.sls
+++ b/podman/user.sls
@ -0,0 +1,13 @@
 include:
  - .pkg
 podman_user:
  user.present:
    - name: puser
    - uid: 2000
    - shell: /bin/zsh
    - home: /home/puser
    - usergroup: True
    - createhome: True
    - require:
      - podman_pkg
--- a/top.sls
+++ b/top.sls
@ -2,5 +2,7 @@ base:
  '*':
    - system
    - network
    - applications
    - util
    - podman
    - mysql
    - openssh