From d4e2253ea38f1c2cc75bba9946a77abb57dc8978 Mon Sep 17 00:00:00 2001 From: LinuxSquare <7436714-OfficialLinuxSquare@users.noreply.gitlab.com> Date: Fri, 14 Jul 2023 20:38:09 +0200 Subject: [PATCH] Stuff --- .../files/ssh_authorized_keys | 0 .../files/ssh_sshd_config | 0 {services => applications}/init.sls | 1 - {services => applications}/mysql.sls | 10 +++-- applications/podman.sls | 10 +++++ {services => applications}/ssh.sls | 22 ++++++----- services/files/salt_noveria.conf | 5 --- services/podman.sls | 8 ---- services/salt.sls | 12 ------ system/base.sls | 8 ++++ system/bootloader.sls | 21 ++++++++++ system/btrfs.sls | 20 ---------- system/disks.sls | 38 +++++++++++++++++++ system/files/disks_fstab.jinja | 10 +++++ system/init.sls | 6 ++- system/packages.sls | 13 ------- system/user.sls | 17 +-------- top.sls | 2 +- 18 files changed, 111 insertions(+), 92 deletions(-) rename {services => applications}/files/ssh_authorized_keys (100%) rename {services => applications}/files/ssh_sshd_config (100%) rename {services => applications}/init.sls (80%) rename {services => applications}/mysql.sls (67%) create mode 100644 applications/podman.sls rename {services => applications}/ssh.sls (53%) delete mode 100644 services/files/salt_noveria.conf delete mode 100644 services/podman.sls delete mode 100644 services/salt.sls create mode 100644 system/base.sls create mode 100644 system/bootloader.sls delete mode 100644 system/btrfs.sls create mode 100644 system/disks.sls create mode 100644 system/files/disks_fstab.jinja delete mode 100644 system/packages.sls diff --git a/services/files/ssh_authorized_keys b/applications/files/ssh_authorized_keys similarity index 100% rename from services/files/ssh_authorized_keys rename to applications/files/ssh_authorized_keys diff --git a/services/files/ssh_sshd_config b/applications/files/ssh_sshd_config similarity index 100% rename from services/files/ssh_sshd_config rename to applications/files/ssh_sshd_config diff --git a/services/init.sls b/applications/init.sls similarity index 80% rename from services/init.sls rename to applications/init.sls index 8c66781..b4c74e1 100644 --- a/services/init.sls +++ b/applications/init.sls @@ -2,4 +2,3 @@ include: - .mysql - .podman - .ssh - - .salt diff --git a/services/mysql.sls b/applications/mysql.sls similarity index 67% rename from services/mysql.sls rename to applications/mysql.sls index 53ddd55..aca17b9 100644 --- a/services/mysql.sls +++ b/applications/mysql.sls @@ -1,11 +1,13 @@ -include: - - system.packages +applications_mysql_pkgs: + pkg.installed: + - pkgs: + - mariadb -system_service_mysql_enable: +applications_mysql_enable: service.enabled: - name: mariadb - require: - - system_packages_install + - applications_mysql_pkgs file.directory: - name: /var/lib/mysql - create: False diff --git a/applications/podman.sls b/applications/podman.sls new file mode 100644 index 0000000..a50d355 --- /dev/null +++ b/applications/podman.sls @@ -0,0 +1,10 @@ +applications_podman_pkgs: + pkg.installed: + - pkgs: + - podman + +applications_podman_enable: + service.enabled: + - name: podman + - require: + - system_service_podman_pkgs diff --git a/services/ssh.sls b/applications/ssh.sls similarity index 53% rename from services/ssh.sls rename to applications/ssh.sls index d0db543..2028a84 100644 --- a/services/ssh.sls +++ b/applications/ssh.sls @@ -1,7 +1,9 @@ -include: - - system.packages +applications_ssh_pkgs: + pkg.installed: + - pkgs: + - ssh -system_ssh_add_keys: +applications_ssh_add_keys: file.managed: - name: /root/.ssh/authorized_keys - source: salt://{{ tpldir }}/files/ssh_authorized_keys @@ -9,20 +11,20 @@ system_ssh_add_keys: - user: root - group: root - require: - - system_packages_install + - applications_ssh_pkgs -system_ssh_configuration: +applications_ssh_configuration: file.managed: - name: /etc/ssh/sshd_config - source: salt://{{ tpldir }}/files/ssh_sshd_config -system_ssh_enable: +applications_ssh_enable: service.running: - name: sshd - enable: True - watch: - - system_ssh_configuration - - system_ssh_add_keys + - applications_ssh_configuration + - applications_ssh_add_keys - require: - - system_ssh_configuration - - system_ssh_add_keys + - applications_ssh_configuration + - applications_ssh_add_keys diff --git a/services/files/salt_noveria.conf b/services/files/salt_noveria.conf deleted file mode 100644 index dd0a295..0000000 --- a/services/files/salt_noveria.conf +++ /dev/null @@ -1,5 +0,0 @@ -state_verbose: False -file_client: local -file_roots: - base: - - /srv/salt diff --git a/services/podman.sls b/services/podman.sls deleted file mode 100644 index 11ec1d6..0000000 --- a/services/podman.sls +++ /dev/null @@ -1,8 +0,0 @@ -include: - - system.packages - -system_service_podman_enable: - service.enabled: - - name: podman - - require: - - system_packages_install diff --git a/services/salt.sls b/services/salt.sls deleted file mode 100644 index 727bbfa..0000000 --- a/services/salt.sls +++ /dev/null @@ -1,12 +0,0 @@ -include: - - system.packages - -services_salt_file_client_local: - file.managed: - - name: /etc/salt/minion.d/noveria.conf - - source: salt://{{ tpldir }}/files/salt_noveria.conf - - user: root - - group: root - - mode: 640 - - require: - - system_packages_install diff --git a/system/base.sls b/system/base.sls new file mode 100644 index 0000000..75ccc23 --- /dev/null +++ b/system/base.sls @@ -0,0 +1,8 @@ +system_base_pkgs: + pkg.installed: + - pkgs: + - linux-lts + - linux-firmware-none + - openjdk17-jre-headless + - jq + - zsh diff --git a/system/bootloader.sls b/system/bootloader.sls new file mode 100644 index 0000000..8d528fe --- /dev/null +++ b/system/bootloader.sls @@ -0,0 +1,21 @@ +system_bootloader_pkgs: + pkg.installed: + - pkgs: + - syslinux + +{% if salt['pillar.get']('disk') != "" and salt['pillar.get']('disk') != None %} +system_bootload_gptmbr: + cmd.run: + - name: "dd bs=440 count=1 notrunc if=/usr/share/syslinux/gptmbr.bin of={{ salt['pillar.get']('drive') }}" + - require: + - system_bootloader_pkgs +{% endif %} + +system_bootloader_install: + cmd.run: + - name: 'extlinux --install /boot' + - require: + - system_bootloader_pkgs + {% if salt['pillar.get']('disk') != "" and salt['pillar.get']('disk') != None %} + - system_bootload_gptmbr + {% endif %} diff --git a/system/btrfs.sls b/system/btrfs.sls deleted file mode 100644 index 35df4d7..0000000 --- a/system/btrfs.sls +++ /dev/null @@ -1,20 +0,0 @@ -system_btrfs_create_podman_data_dir: - cmd.run: - - creates: /opt/podman - - name: btrfs subvolume create /opt/podman - file.managed: - - name: /opt/podman - - create: False - - replace: False - - user: root - - group: root - -system_btrfs_create_noveria_home: - cmd.run: - - creates: /home/noveria - - name: btrfs subvolume create /home/noveria - -system_btrfs_create_mysql_data_dir: - cmd.run: - - creates: /var/lib/mysql - - name: btrfs subvolume create /var/lib/mysql diff --git a/system/disks.sls b/system/disks.sls new file mode 100644 index 0000000..12db605 --- /dev/null +++ b/system/disks.sls @@ -0,0 +1,38 @@ +system_disks_pkgs: + pkg.installed: + - pkgs: + - btrfs-progs + +system_disks_btrfs_module: + file.append: + - name: /etc/modules + - content: "btrfs" + - require: + - system_base_pkgs + +system_disks_btrfs_modprobe: + cmd.run: + - name: "modprobe btrfs" + - require: + - system_base_pkgs + - system_base_btrfs_module + +system_disks_btrfs_mount_permission: + file.directory: + - name: /btrfs + - user: root + - group: root + - dir_mode: '0755' + +system_disks_fstab: + file.managed: + - name: /etc/fstab + - source: salt://{{ tpldir }}/files/disks_fstab.jinja + - template: jinja + - context: + TIMESTAMP: {{ salt['pillar.get']('timestamp') }} + - user: root + - group: root + - mode: '0644' + - require: + - system_disks_btrfs_mount_permission diff --git a/system/files/disks_fstab.jinja b/system/files/disks_fstab.jinja new file mode 100644 index 0000000..8398250 --- /dev/null +++ b/system/files/disks_fstab.jinja @@ -0,0 +1,10 @@ +# Static information about the filesystems. +# See fstab(5) for details. + +# +PARTLABEL=ROOT / btrfs noatime,nodiratime,compress=zstd,ssd,discard=async,space_cache=v2,subvol=/@root_{{ TIMESTAMP }} 0 0 +PARTLABEL=ESP /efi vfat rw,nosuid,nodev,noexec,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,utf8,errors=remount-ro 0 2 +PARTLABEL=ROOT /home btrfs noatime,nodiratime,compress=zstd,ssd,discard=async,space_cache=v2,subvol=/@home 0 0 +PARTLABEL=ROOT /var/mysql btrfs noatime,nodiratime,compress=zstd,ssd,discard=async,space_cache=v2,subvol=/@mysql 0 0 +PARTLABEL=ROOT /opt/podman btrfs noatime,nodiratime,compress=zstd,ssd,discard=async,space_cache=v2,subvol=/@podman 0 0 +PARTLABEL=ROOT /btrfs btrfs noatime,nodiratime,compress=zstd,ssd,discard=async,space_cache=v2,space_cache=v2,subvol=/ 0 0 diff --git a/system/init.sls b/system/init.sls index d8f23bf..94d162f 100644 --- a/system/init.sls +++ b/system/init.sls @@ -1,4 +1,6 @@ include: - - .btrfs + - .base + - .bootloader + - .disks + - .firewall - .user - - .packages diff --git a/system/packages.sls b/system/packages.sls deleted file mode 100644 index 11dbbc7..0000000 --- a/system/packages.sls +++ /dev/null @@ -1,13 +0,0 @@ -include: - - .btrfs - -system_packages_install: - pkg.installed: - - pkgs: - - podman - - mariadb - - openjdk17-jre-headless - - jq - - require: - - system_btrfs_create_podman_data_dir - - system_btrfs_create_mysql_data_dir diff --git a/system/user.sls b/system/user.sls index b696a58..d334ed8 100644 --- a/system/user.sls +++ b/system/user.sls @@ -1,22 +1,7 @@ -include: - - .btrfs - system_user_create: user.present: - name: noveria - shell: /bin/false - home: /home/noveria - usergroup: True - - createhome: False - -system_user_create_home_noveria: - file.directory: - - name: /home/noveria - - user: noveria - - group: noveria - - mode: 700 - - recurse: - - user - - group - - require: - - system_btrfs_create_noveria_home + - createhome: True diff --git a/top.sls b/top.sls index 265d4be..64ffe38 100644 --- a/top.sls +++ b/top.sls @@ -1,4 +1,4 @@ base: '*': - system - - services + - applications