Stuff

2023-07-14 20:38:09 +02:00 · 2023-07-14 20:38:09 +02:00 · d4e2253ea3
commit d4e2253ea3
parent dedc587d54
18 changed files with 111 additions and 92 deletions
--- a/applications/files/ssh_authorized_keys
+++ b/applications/files/ssh_authorized_keys
--- a/applications/files/ssh_sshd_config
+++ b/applications/files/ssh_sshd_config
--- a/applications/init.sls
+++ b/applications/init.sls
@ -2,4 +2,3 @@ include:
  - .mysql
  - .podman
  - .ssh
-  - .salt
--- a/applications/mysql.sls
+++ b/applications/mysql.sls
@ -1,11 +1,13 @@
-include:
-  - system.packages
+applications_mysql_pkgs:
+  pkg.installed:
+    - pkgs:
+      - mariadb

-system_service_mysql_enable:
+applications_mysql_enable:
  service.enabled:
    - name: mariadb
    - require:
-      - system_packages_install
+      - applications_mysql_pkgs
  file.directory:
    - name: /var/lib/mysql
    - create: False
--- a/applications/podman.sls
+++ b/applications/podman.sls
@ -0,0 +1,10 @@
+applications_podman_pkgs:
+  pkg.installed:
+    - pkgs:
+      - podman
+
+applications_podman_enable:
+  service.enabled:
+    - name: podman
+    - require:
+      - system_service_podman_pkgs
--- a/applications/ssh.sls
+++ b/applications/ssh.sls
@ -1,7 +1,9 @@
-include:
-    - system.packages
+applications_ssh_pkgs:
+  pkg.installed:
+    - pkgs:
+      - ssh

-system_ssh_add_keys:
+applications_ssh_add_keys:
  file.managed:
    - name: /root/.ssh/authorized_keys
    - source: salt://{{ tpldir }}/files/ssh_authorized_keys
@ -9,20 +11,20 @@ system_ssh_add_keys:
    - user: root
    - group: root
    - require:
-      - system_packages_install
+      - applications_ssh_pkgs

-system_ssh_configuration:
+applications_ssh_configuration:
  file.managed:
    - name: /etc/ssh/sshd_config
    - source: salt://{{ tpldir }}/files/ssh_sshd_config

-system_ssh_enable:
+applications_ssh_enable:
  service.running:
    - name: sshd
    - enable: True
    - watch:
-      - system_ssh_configuration
-      - system_ssh_add_keys
+      - applications_ssh_configuration
+      - applications_ssh_add_keys
    - require:
-      - system_ssh_configuration
-      - system_ssh_add_keys
+      - applications_ssh_configuration
+      - applications_ssh_add_keys
--- a/services/files/salt_noveria.conf
+++ b/services/files/salt_noveria.conf
@ -1,5 +0,0 @@
-state_verbose: False
-file_client: local
-file_roots:
-  base:
-    - /srv/salt
--- a/services/podman.sls
+++ b/services/podman.sls
@ -1,8 +0,0 @@
-include:
-  - system.packages
-
-system_service_podman_enable:
-  service.enabled:
-    - name: podman
-    - require:
-      - system_packages_install
--- a/services/salt.sls
+++ b/services/salt.sls
@ -1,12 +0,0 @@
-include:
-  - system.packages
-
-services_salt_file_client_local:
-  file.managed:
-    - name: /etc/salt/minion.d/noveria.conf
-    - source: salt://{{ tpldir }}/files/salt_noveria.conf
-    - user: root
-    - group: root
-    - mode: 640
-    - require:
-      - system_packages_install
--- a/system/base.sls
+++ b/system/base.sls
@ -0,0 +1,8 @@
+system_base_pkgs:
+  pkg.installed:
+    - pkgs:
+      - linux-lts
+      - linux-firmware-none
+      - openjdk17-jre-headless
+      - jq
+      - zsh
--- a/system/bootloader.sls
+++ b/system/bootloader.sls
@ -0,0 +1,21 @@
+system_bootloader_pkgs:
+  pkg.installed:
+    - pkgs:
+      - syslinux
+
+{% if salt['pillar.get']('disk') != "" and salt['pillar.get']('disk') != None %}
+system_bootload_gptmbr:
+  cmd.run:
+    - name: "dd bs=440 count=1 notrunc if=/usr/share/syslinux/gptmbr.bin of={{ salt['pillar.get']('drive') }}"
+    - require:
+      - system_bootloader_pkgs
+{% endif %}
+
+system_bootloader_install:
+  cmd.run:
+    - name: 'extlinux --install /boot'
+    - require:
+      - system_bootloader_pkgs
+      {% if salt['pillar.get']('disk') != "" and salt['pillar.get']('disk') != None %}
+      - system_bootload_gptmbr
+      {% endif %}
--- a/system/btrfs.sls
+++ b/system/btrfs.sls
@ -1,20 +0,0 @@
-system_btrfs_create_podman_data_dir:
-  cmd.run:
-    - creates: /opt/podman
-    - name: btrfs subvolume create /opt/podman
-  file.managed:
-    - name: /opt/podman
-    - create: False
-    - replace: False
-    - user: root
-    - group: root
-
-system_btrfs_create_noveria_home:
-  cmd.run:
-    - creates: /home/noveria
-    - name: btrfs subvolume create /home/noveria
-
-system_btrfs_create_mysql_data_dir:
-  cmd.run:
-    - creates: /var/lib/mysql
-    - name: btrfs subvolume create /var/lib/mysql
--- a/system/disks.sls
+++ b/system/disks.sls
@ -0,0 +1,38 @@
+system_disks_pkgs:
+  pkg.installed:
+    - pkgs:
+      - btrfs-progs
+
+system_disks_btrfs_module:
+  file.append:
+    - name: /etc/modules
+    - content: "btrfs"
+    - require:
+      - system_base_pkgs
+
+system_disks_btrfs_modprobe:
+  cmd.run:
+    - name: "modprobe btrfs"
+    - require:
+      - system_base_pkgs
+      - system_base_btrfs_module
+
+system_disks_btrfs_mount_permission:
+  file.directory:
+    - name: /btrfs
+    - user: root
+    - group: root
+    - dir_mode: '0755'
+
+system_disks_fstab:
+  file.managed:
+    - name: /etc/fstab
+    - source: salt://{{ tpldir }}/files/disks_fstab.jinja
+    - template: jinja
+    - context:
+        TIMESTAMP: {{ salt['pillar.get']('timestamp') }}
+    - user: root
+    - group: root
+    - mode: '0644'
+    - require:
+      - system_disks_btrfs_mount_permission
--- a/system/files/disks_fstab.jinja
+++ b/system/files/disks_fstab.jinja
@ -0,0 +1,10 @@
+# Static information about the filesystems.
+# See fstab(5) for details.
+
+# <file system>     <dir>       <type>  <options> <dump> <pass>
+PARTLABEL=ROOT    /           btrfs   noatime,nodiratime,compress=zstd,ssd,discard=async,space_cache=v2,subvol=/@root_{{ TIMESTAMP }}  0 0
+PARTLABEL=ESP     /efi        vfat    rw,nosuid,nodev,noexec,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro   0 2
+PARTLABEL=ROOT    /home       btrfs   noatime,nodiratime,compress=zstd,ssd,discard=async,space_cache=v2,subvol=/@home    0 0
+PARTLABEL=ROOT    /var/mysql  btrfs   noatime,nodiratime,compress=zstd,ssd,discard=async,space_cache=v2,subvol=/@mysql    0 0
+PARTLABEL=ROOT    /opt/podman btrfs   noatime,nodiratime,compress=zstd,ssd,discard=async,space_cache=v2,subvol=/@podman    0 0
+PARTLABEL=ROOT    /btrfs      btrfs   noatime,nodiratime,compress=zstd,ssd,discard=async,space_cache=v2,space_cache=v2,subvol=/     0 0
--- a/system/init.sls
+++ b/system/init.sls
@ -1,4 +1,6 @@
 include:
-  - .btrfs
+  - .base
+  - .bootloader
+  - .disks
+  - .firewall
  - .user
-  - .packages
--- a/system/packages.sls
+++ b/system/packages.sls
@ -1,13 +0,0 @@
-include:
-  - .btrfs
-
-system_packages_install:
-  pkg.installed:
-    - pkgs:
-      - podman
-      - mariadb
-      - openjdk17-jre-headless
-      - jq
-    - require:
-      - system_btrfs_create_podman_data_dir
-      - system_btrfs_create_mysql_data_dir
--- a/system/user.sls
+++ b/system/user.sls
@ -1,22 +1,7 @@
-include:
-    - .btrfs
-
 system_user_create:
  user.present:
    - name: noveria
    - shell: /bin/false
    - home: /home/noveria
    - usergroup: True
-    - createhome: False
-
-system_user_create_home_noveria:
-  file.directory:
-    - name: /home/noveria
-    - user: noveria
-    - group: noveria
-    - mode: 700
-    - recurse:
-      - user
-      - group
-    - require:
-      - system_btrfs_create_noveria_home
+    - createhome: True
--- a/top.sls
+++ b/top.sls
@ -1,4 +1,4 @@
 base:
  '*':
    - system
-    - services
+    - applications