├── ansible ├── hosts ├── playbooks │ ├── site.yml │ ├── roles │ │ ├── vim │ │ │ ├── vars │ │ │ │ ├── default.yml │ │ │ │ └── RedHat.yml │ │ │ ├── files │ │ │ │ ├── vimrc.Suse │ │ │ │ ├── vimrc.local │ │ │ │ └── vimrc.RedHat │ │ │ └── tasks │ │ │ │ └── main.yml │ │ ├── locale │ │ │ ├── vars │ │ │ │ ├── Debian.yml │ │ │ │ ├── Suse.yml │ │ │ │ ├── RedHat.yml │ │ │ │ └── default.yml │ │ │ ├── templates │ │ │ │ └── environment.j2 │ │ │ ├── handlers │ │ │ │ └── main.yml │ │ │ └── tasks │ │ │ │ └── main.yml │ │ ├── ssh │ │ │ ├── files │ │ │ │ └── sshrc │ │ │ ├── vars │ │ │ │ ├── Suse.yml │ │ │ │ ├── Debian.yml │ │ │ │ └── default.yml │ │ │ └── tasks │ │ │ │ └── main.yml │ │ ├── epel │ │ │ ├── vars │ │ │ │ ├── CentOS.yml │ │ │ │ └── default.yml │ │ │ ├── handlers │ │ │ │ └── main.yml │ │ │ └── tasks │ │ │ │ └── main.yml │ │ ├── fail2ban │ │ │ ├── vars │ │ │ │ ├── Debian.yml │ │ │ │ ├── RedHat.yml │ │ │ │ └── Suse.yml │ │ │ ├── files │ │ │ │ └── fail2ban.local │ │ │ ├── handlers │ │ │ │ └── main.yml │ │ │ ├── templates │ │ │ │ └── jail.local.j2 │ │ │ └── tasks │ │ │ │ └── main.yml │ │ ├── screen │ │ │ ├── files │ │ │ │ └── screenrc │ │ │ └── tasks │ │ │ │ └── main.yml │ │ ├── postfix │ │ │ ├── vars │ │ │ │ ├── Suse.yml │ │ │ │ ├── Debian.yml │ │ │ │ └── default.yml │ │ │ ├── handlers │ │ │ │ └── main.yml │ │ │ ├── tasks │ │ │ │ └── main.yml │ │ │ └── templates │ │ │ │ └── main.cf.j2 │ │ ├── net │ │ │ ├── vars │ │ │ │ ├── Suse.yml │ │ │ │ ├── Debian.yml │ │ │ │ └── default.yml │ │ │ └── tasks │ │ │ │ └── main.yml │ │ ├── etckeeper │ │ │ ├── templates │ │ │ │ └── gitconfig.j2 │ │ │ └── tasks │ │ │ │ └── main.yml │ │ ├── haveged │ │ │ └── tasks │ │ │ │ └── main.yml │ │ └── misc │ │ │ └── tasks │ │ │ └── main.yml │ └── local.yml └── standalone-ansible.sh ├── puppet ├── modules │ ├── ssh │ │ ├── files │ │ │ └── sshrc │ │ └── manifests │ │ │ └── init.pp │ ├── screen │ │ ├── files │ │ │ └── screenrc │ │ └── manifests │ │ │ └── init.pp │ ├── vim │ │ ├── files │ │ │ ├── vimrc.RedHat │ │ │ ├── vimrc.Suse │ │ │ └── vimrc.local │ │ └── manifests │ │ │ └── init.pp │ ├── fail2ban │ │ ├── files │ │ │ └── fail2ban.local │ │ ├── templates │ │ │ └── jail.local.erb │ │ └── manifests │ │ │ └── init.pp │ ├── locale │ │ ├── templates │ │ │ └── environment.erb │ │ └── manifests │ │ │ └── init.pp │ ├── etckeeper │ │ ├── templates │ │ │ └── gitconfig.erb │ │ └── manifests │ │ │ └── init.pp │ ├── haveged │ │ └── manifests │ │ │ └── init.pp │ ├── epel │ │ └── manifests │ │ │ └── init.pp │ ├── misc │ │ └── manifests │ │ │ └── init.pp │ ├── net │ │ └── manifests │ │ │ └── init.pp │ └── postfix │ │ ├── templates │ │ └── main.cf.erb │ │ └── manifests │ │ └── init.pp ├── manifests │ └── standalone-site.pp └── standalone-puppet.sh ├── saltstack ├── salt │ ├── ssh │ │ ├── files │ │ │ └── sshrc │ │ └── init.sls │ ├── screen │ │ ├── files │ │ │ └── screenrc │ │ └── init.sls │ ├── vim │ │ ├── files │ │ │ ├── vimrc.RedHat │ │ │ ├── vimrc.Suse │ │ │ └── vimrc.local │ │ └── init.sls │ ├── fail2ban │ │ ├── files │ │ │ ├── fail2ban.local │ │ │ └── jail.local.j2 │ │ └── init.sls │ ├── salt │ │ ├── files │ │ │ └── standalone.conf │ │ └── init.sls │ ├── haveged │ │ └── init.sls │ ├── locale │ │ ├── files │ │ │ └── environment.j2 │ │ └── init.sls │ ├── top.sls │ ├── etckeeper │ │ ├── files │ │ │ └── gitconfig.j2 │ │ └── init.sls │ ├── epel │ │ └── init.sls │ ├── net │ │ └── init.sls │ ├── misc │ │ └── init.sls │ └── postfix │ │ ├── init.sls │ │ └── files │ │ └── main.cf.j2 ├── pillar │ ├── top.sls │ ├── locale │ │ └── init.sls │ ├── svc │ │ └── init.sls │ └── pkg │ │ └── init.sls └── standalone-salt.sh ├── chef ├── cookbooks │ ├── ssh │ │ ├── files │ │ │ └── default │ │ │ │ └── sshrc │ │ ├── attributes │ │ │ └── default.rb │ │ └── recipes │ │ │ └── default.rb │ ├── screen │ │ ├── files │ │ │ └── default │ │ │ │ └── screenrc │ │ └── recipes │ │ │ └── default.rb │ ├── vim │ │ ├── files │ │ │ └── default │ │ │ │ ├── vimrc.Suse │ │ │ │ ├── vimrc.local │ │ │ │ └── vimrc.RedHat │ │ └── recipes │ │ │ └── default.rb │ ├── fail2ban │ │ ├── files │ │ │ └── default │ │ │ │ └── fail2ban.local │ │ ├── templates │ │ │ └── default │ │ │ │ └── jail.local.erb │ │ └── recipes │ │ │ └── default.rb │ ├── locale │ │ ├── templates │ │ │ └── default │ │ │ │ └── environment.erb │ │ ├── attributes │ │ │ └── default.rb │ │ └── recipes │ │ │ └── default.rb │ ├── haveged │ │ └── recipes │ │ │ └── default.rb │ ├── etckeeper │ │ ├── templates │ │ │ └── default │ │ │ │ └── gitconfig.erb │ │ └── recipes │ │ │ └── default.rb │ ├── net │ │ ├── attributes │ │ │ └── default.rb │ │ └── recipes │ │ │ └── default.rb │ ├── misc │ │ └── recipes │ │ │ └── default.rb │ ├── epel │ │ └── recipes │ │ │ └── default.rb │ └── postfix │ │ ├── recipes │ │ └── default.rb │ │ └── templates │ │ └── default │ │ └── main.cf.erb ├── client.rb ├── node.json └── standalone-chef.sh ├── common └── files │ ├── fail2ban │ └── fail2ban.local │ ├── ssh │ └── sshrc │ ├── screen │ └── screenrc │ └── vim │ ├── vimrc.local │ ├── vimrc.RedHat │ └── vimrc.Suse ├── README.md ├── .circleci └── config.yml └── LICENSE /ansible/hosts: -------------------------------------------------------------------------------- 1 | 127.0.0.1 2 | -------------------------------------------------------------------------------- /ansible/playbooks/site.yml: -------------------------------------------------------------------------------- 1 | - import_playbook: local.yml 2 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/vim/vars/default.yml: -------------------------------------------------------------------------------- 1 | vim_package: vim 2 | -------------------------------------------------------------------------------- /puppet/modules/ssh/files/sshrc: -------------------------------------------------------------------------------- 1 | ../../../../common/files/ssh/sshrc -------------------------------------------------------------------------------- /saltstack/salt/ssh/files/sshrc: -------------------------------------------------------------------------------- 1 | ../../../../common/files/ssh/sshrc -------------------------------------------------------------------------------- /ansible/playbooks/roles/vim/vars/RedHat.yml: -------------------------------------------------------------------------------- 1 | vim_package: vim-enhanced 2 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/locale/vars/Debian.yml: -------------------------------------------------------------------------------- 1 | locales_package: locales 2 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/locale/vars/Suse.yml: -------------------------------------------------------------------------------- 1 | locales_package: glibc-locale 2 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/ssh/files/sshrc: -------------------------------------------------------------------------------- 1 | ../../../../../common/files/ssh/sshrc -------------------------------------------------------------------------------- /chef/cookbooks/ssh/files/default/sshrc: -------------------------------------------------------------------------------- 1 | ../../../../../common/files/ssh/sshrc -------------------------------------------------------------------------------- /puppet/modules/screen/files/screenrc: -------------------------------------------------------------------------------- 1 | ../../../../common/files/screen/screenrc -------------------------------------------------------------------------------- /puppet/modules/vim/files/vimrc.RedHat: -------------------------------------------------------------------------------- 1 | ../../../../common/files/vim/vimrc.RedHat -------------------------------------------------------------------------------- /puppet/modules/vim/files/vimrc.Suse: -------------------------------------------------------------------------------- 1 | ../../../../common/files/vim/vimrc.Suse -------------------------------------------------------------------------------- /puppet/modules/vim/files/vimrc.local: -------------------------------------------------------------------------------- 1 | ../../../../common/files/vim/vimrc.local -------------------------------------------------------------------------------- /saltstack/salt/screen/files/screenrc: -------------------------------------------------------------------------------- 1 | ../../../../common/files/screen/screenrc -------------------------------------------------------------------------------- /saltstack/salt/vim/files/vimrc.RedHat: -------------------------------------------------------------------------------- 1 | ../../../../common/files/vim/vimrc.RedHat -------------------------------------------------------------------------------- /saltstack/salt/vim/files/vimrc.Suse: -------------------------------------------------------------------------------- 1 | ../../../../common/files/vim/vimrc.Suse -------------------------------------------------------------------------------- /saltstack/salt/vim/files/vimrc.local: -------------------------------------------------------------------------------- 1 | ../../../../common/files/vim/vimrc.local -------------------------------------------------------------------------------- /ansible/playbooks/roles/epel/vars/CentOS.yml: -------------------------------------------------------------------------------- 1 | epel_release_uri: epel-release 2 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/locale/vars/RedHat.yml: -------------------------------------------------------------------------------- 1 | locales_package: glibc-common 2 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/fail2ban/vars/Debian.yml: -------------------------------------------------------------------------------- 1 | fail2ban_logpath: /var/log/auth.log 2 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/fail2ban/vars/RedHat.yml: -------------------------------------------------------------------------------- 1 | fail2ban_logpath: /var/log/secure 2 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/fail2ban/vars/Suse.yml: -------------------------------------------------------------------------------- 1 | fail2ban_logpath: /var/log/messages 2 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/screen/files/screenrc: -------------------------------------------------------------------------------- 1 | ../../../../../common/files/screen/screenrc -------------------------------------------------------------------------------- /ansible/playbooks/roles/vim/files/vimrc.Suse: -------------------------------------------------------------------------------- 1 | ../../../../../common/files/vim/vimrc.Suse -------------------------------------------------------------------------------- /ansible/playbooks/roles/vim/files/vimrc.local: -------------------------------------------------------------------------------- 1 | ../../../../../common/files/vim/vimrc.local -------------------------------------------------------------------------------- /chef/cookbooks/screen/files/default/screenrc: -------------------------------------------------------------------------------- 1 | ../../../../../common/files/screen/screenrc -------------------------------------------------------------------------------- /chef/cookbooks/vim/files/default/vimrc.Suse: -------------------------------------------------------------------------------- 1 | ../../../../../common/files/vim/vimrc.Suse -------------------------------------------------------------------------------- /chef/cookbooks/vim/files/default/vimrc.local: -------------------------------------------------------------------------------- 1 | ../../../../../common/files/vim/vimrc.local -------------------------------------------------------------------------------- /ansible/playbooks/roles/postfix/vars/Suse.yml: -------------------------------------------------------------------------------- 1 | exim_package: exim 2 | mailx_package: mailx 3 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/vim/files/vimrc.RedHat: -------------------------------------------------------------------------------- 1 | ../../../../../common/files/vim/vimrc.RedHat -------------------------------------------------------------------------------- /chef/cookbooks/vim/files/default/vimrc.RedHat: -------------------------------------------------------------------------------- 1 | ../../../../../common/files/vim/vimrc.RedHat -------------------------------------------------------------------------------- /puppet/modules/fail2ban/files/fail2ban.local: -------------------------------------------------------------------------------- 1 | ../../../../common/files/fail2ban/fail2ban.local -------------------------------------------------------------------------------- /saltstack/pillar/top.sls: -------------------------------------------------------------------------------- 1 | base: 2 | '*': 3 | - pkg 4 | - svc 5 | - locale 6 | -------------------------------------------------------------------------------- /saltstack/salt/fail2ban/files/fail2ban.local: -------------------------------------------------------------------------------- 1 | ../../../../common/files/fail2ban/fail2ban.local -------------------------------------------------------------------------------- /ansible/playbooks/roles/postfix/vars/Debian.yml: -------------------------------------------------------------------------------- 1 | exim_package: exim4 2 | mailx_package: s-nail 3 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/postfix/vars/default.yml: -------------------------------------------------------------------------------- 1 | exim_package: exim 2 | mailx_package: s-nail 3 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/ssh/vars/Suse.yml: -------------------------------------------------------------------------------- 1 | openssh_package: openssh 2 | openssh_service: sshd 3 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/locale/vars/default.yml: -------------------------------------------------------------------------------- 1 | locale: en_US.UTF-8 2 | timezone: America/New_York 3 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/net/vars/Suse.yml: -------------------------------------------------------------------------------- 1 | bindutils_package: bind-utils 2 | iperf_package: iperf 3 | -------------------------------------------------------------------------------- /chef/cookbooks/fail2ban/files/default/fail2ban.local: -------------------------------------------------------------------------------- 1 | ../../../../../common/files/fail2ban/fail2ban.local -------------------------------------------------------------------------------- /saltstack/pillar/locale/init.sls: -------------------------------------------------------------------------------- 1 | locale: 2 | locale: en_US.UTF-8 3 | timezone: America/New_York 4 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/fail2ban/files/fail2ban.local: -------------------------------------------------------------------------------- 1 | ../../../../../common/files/fail2ban/fail2ban.local -------------------------------------------------------------------------------- /ansible/playbooks/roles/net/vars/Debian.yml: -------------------------------------------------------------------------------- 1 | bindutils_package: bind9-dnsutils 2 | iperf_package: iperf3 3 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/net/vars/default.yml: -------------------------------------------------------------------------------- 1 | bindutils_package: bind-utils 2 | iperf_package: iperf3 3 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/ssh/vars/Debian.yml: -------------------------------------------------------------------------------- 1 | openssh_package: openssh-server 2 | openssh_service: ssh 3 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/ssh/vars/default.yml: -------------------------------------------------------------------------------- 1 | openssh_package: openssh-server 2 | openssh_service: sshd 3 | -------------------------------------------------------------------------------- /chef/client.rb: -------------------------------------------------------------------------------- 1 | run_path = '/srv/chef' 2 | file_cache_path run_path 3 | cookbook_path run_path + '/cookbooks' 4 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/locale/templates/environment.j2: -------------------------------------------------------------------------------- 1 | LC_ALL={{ locale }} 2 | LANG={{ locale }} 3 | LANGUAGE={{ locale }} 4 | -------------------------------------------------------------------------------- /puppet/modules/locale/templates/environment.erb: -------------------------------------------------------------------------------- 1 | LC_ALL=<%= @locale %> 2 | LANG=<%= @locale %> 3 | LANGUAGE=<%= @locale %> 4 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/epel/vars/default.yml: -------------------------------------------------------------------------------- 1 | epel_release_uri: https://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm 2 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/locale/handlers/main.yml: -------------------------------------------------------------------------------- 1 | - name: Exec locale-gen 2 | ansible.builtin.command: locale-gen 3 | changed_when: false 4 | -------------------------------------------------------------------------------- /common/files/fail2ban/fail2ban.local: -------------------------------------------------------------------------------- 1 | [Definition] 2 | loglevel = WARNING 3 | logtarget = SYSLOG 4 | socket = /var/run/fail2ban/fail2ban.sock 5 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/epel/handlers/main.yml: -------------------------------------------------------------------------------- 1 | - name: Update dnf cache 2 | ansible.builtin.command: dnf -y makecache 3 | changed_when: false 4 | -------------------------------------------------------------------------------- /saltstack/salt/salt/files/standalone.conf: -------------------------------------------------------------------------------- 1 | # don't use remote salt server 2 | file_client: local 3 | startup_states: highstate 4 | hash_type: sha256 5 | -------------------------------------------------------------------------------- /chef/cookbooks/locale/templates/default/environment.erb: -------------------------------------------------------------------------------- 1 | LC_ALL=<%= node['locales']['locale'] %> 2 | LANG=<%= node['locales']['locale'] %> 3 | LANGUAGE=<%= node['locales']['locale'] %> 4 | -------------------------------------------------------------------------------- /saltstack/salt/haveged/init.sls: -------------------------------------------------------------------------------- 1 | haveged: 2 | pkg: 3 | - installed 4 | {% if not salt['pillar.get']('containerized') %} 5 | service: 6 | - running 7 | - enable: True 8 | {% endif %} 9 | -------------------------------------------------------------------------------- /saltstack/salt/locale/files/environment.j2: -------------------------------------------------------------------------------- 1 | LC_ALL={{ salt['pillar.get']('locale:locale') }} 2 | LANG={{ salt['pillar.get']('locale:locale') }} 3 | LANGUAGE={{ salt['pillar.get']('locale:locale') }} 4 | -------------------------------------------------------------------------------- /chef/cookbooks/haveged/recipes/default.rb: -------------------------------------------------------------------------------- 1 | package 'haveged' do 2 | action :install 3 | end 4 | 5 | service 'haveged' do 6 | action [:enable, :start] 7 | not_if { node['containerized'] } 8 | end 9 | -------------------------------------------------------------------------------- /saltstack/pillar/svc/init.sls: -------------------------------------------------------------------------------- 1 | svcs: 2 | {% if grains['os_family'] == 'RedHat' %} 3 | ssh: sshd 4 | {% elif grains['os_family'] == 'Debian' %} 5 | ssh: ssh 6 | {% elif grains['os_family'] == 'Suse' %} 7 | ssh: sshd 8 | {% endif %} 9 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/fail2ban/handlers/main.yml: -------------------------------------------------------------------------------- 1 | - name: Restart fail2ban 2 | ansible.builtin.service: 3 | name: fail2ban 4 | state: restarted 5 | when: ansible_virtualization_type is not defined or ansible_virtualization_type != 'docker' 6 | -------------------------------------------------------------------------------- /chef/cookbooks/screen/recipes/default.rb: -------------------------------------------------------------------------------- 1 | package 'screen' do 2 | action :install 3 | end 4 | 5 | cookbook_file 'screenrc' do 6 | path '/etc/screenrc' 7 | owner 'root' 8 | group 'root' 9 | mode '0644' 10 | action :create 11 | end 12 | -------------------------------------------------------------------------------- /puppet/modules/etckeeper/templates/gitconfig.erb: -------------------------------------------------------------------------------- 1 | [core] 2 | repositoryformatversion = 0 3 | filemode = true 4 | bare = false 5 | logallrefupdates = true 6 | 7 | [user] 8 | email = root@<%= @fqdn %> 9 | name = Enoch Root 10 | -------------------------------------------------------------------------------- /saltstack/salt/top.sls: -------------------------------------------------------------------------------- 1 | base: 2 | '*': 3 | - salt 4 | - epel 5 | - locale 6 | - etckeeper 7 | - misc 8 | - net 9 | - screen 10 | - ssh 11 | - fail2ban 12 | - haveged 13 | - vim 14 | - postfix 15 | -------------------------------------------------------------------------------- /saltstack/salt/etckeeper/files/gitconfig.j2: -------------------------------------------------------------------------------- 1 | [core] 2 | repositoryformatversion = 0 3 | filemode = true 4 | bare = false 5 | logallrefupdates = true 6 | 7 | [user] 8 | email = root@{{ grains['fqdn'] }} 9 | name = Enoch Root 10 | -------------------------------------------------------------------------------- /saltstack/salt/screen/init.sls: -------------------------------------------------------------------------------- 1 | screen: 2 | pkg.installed 3 | 4 | /etc/screenrc: 5 | file.managed: 6 | - source: salt://screen/files/screenrc 7 | - user: root 8 | - group: root 9 | - mode: '0644' 10 | - follow_symlinks: True 11 | -------------------------------------------------------------------------------- /chef/cookbooks/fail2ban/templates/default/jail.local.erb: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | ignoreip = 127.0.0.1/8 3 | bantime = 600 4 | maxretry = 5 5 | backend = auto 6 | destemail = root@localhost 7 | 8 | [sshd] 9 | enabled = true 10 | logpath = <%= @logfile %> 11 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/etckeeper/templates/gitconfig.j2: -------------------------------------------------------------------------------- 1 | [core] 2 | repositoryformatversion = 0 3 | filemode = true 4 | bare = false 5 | logallrefupdates = true 6 | 7 | [user] 8 | email = root@{{ ansible_fqdn }} 9 | name = Enoch Root 10 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/fail2ban/templates/jail.local.j2: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | ignoreip = 127.0.0.1/8 3 | bantime = 600 4 | maxretry = 5 5 | backend = auto 6 | destemail = root@localhost 7 | 8 | [sshd] 9 | enabled = true 10 | logpath = {{ fail2ban_logpath }} 11 | -------------------------------------------------------------------------------- /chef/cookbooks/etckeeper/templates/default/gitconfig.erb: -------------------------------------------------------------------------------- 1 | [core] 2 | repositoryformatversion = 0 3 | filemode = true 4 | bare = false 5 | logallrefupdates = true 6 | 7 | [user] 8 | email = root@<%= node['fqdn'] %> 9 | name = Enoch Root 10 | -------------------------------------------------------------------------------- /chef/cookbooks/ssh/attributes/default.rb: -------------------------------------------------------------------------------- 1 | default['ssh']['package'] = 'openssh-server' 2 | default['ssh']['service'] = 'sshd' 3 | 4 | case node['platform_family'] 5 | when 'debian' 6 | default['ssh']['service'] = 'ssh' 7 | when 'suse' 8 | default['ssh']['package'] = 'openssh' 9 | end 10 | -------------------------------------------------------------------------------- /chef/cookbooks/net/attributes/default.rb: -------------------------------------------------------------------------------- 1 | default['bind-utils']['package'] = 'bind-utils' 2 | default['iperf']['package'] = 'iperf3' 3 | 4 | if platform_family?('debian') 5 | default['bind-utils']['package'] = 'bind9-dnsutils' 6 | end 7 | 8 | if platform_family?('suse') 9 | default['iperf']['package'] = 'iperf' 10 | end 11 | -------------------------------------------------------------------------------- /puppet/modules/haveged/manifests/init.pp: -------------------------------------------------------------------------------- 1 | class haveged { 2 | 3 | package { 'haveged': 4 | ensure => installed, 5 | } 6 | 7 | if $facts['containerized'] == 'false' { 8 | service { 'haveged': 9 | ensure => running, 10 | enable => true, 11 | require => Package['haveged'], 12 | } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /saltstack/salt/epel/init.sls: -------------------------------------------------------------------------------- 1 | {% if grains['os_family'] == 'RedHat' and grains['os'] != 'Fedora' %} 2 | 3 | dnf -y makecache: 4 | cmd.run: 5 | - onchanges: 6 | - pkg: epel-release 7 | 8 | epel-release: 9 | pkg.installed: 10 | - source: https://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm 11 | 12 | {% endif %} 13 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/screen/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Install screen package 2 | ansible.builtin.package: 3 | name: screen 4 | state: present 5 | 6 | - name: Copy screenrc file 7 | ansible.builtin.copy: 8 | src: screenrc 9 | dest: /etc/screenrc 10 | owner: root 11 | group: root 12 | mode: '0644' 13 | backup: true 14 | -------------------------------------------------------------------------------- /puppet/modules/screen/manifests/init.pp: -------------------------------------------------------------------------------- 1 | class screen { 2 | 3 | package { 'screen': 4 | ensure => installed, 5 | } 6 | 7 | file { '/etc/screenrc': 8 | source => 'puppet:///modules/screen/screenrc', 9 | owner => 'root', 10 | group => 'root', 11 | mode => '0644', 12 | require => Package['screen'], 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/postfix/handlers/main.yml: -------------------------------------------------------------------------------- 1 | - name: Restart postfix 2 | ansible.builtin.service: 3 | name: postfix 4 | state: restarted 5 | when: ansible_virtualization_type is not defined or ansible_virtualization_type != 'docker' 6 | 7 | - name: Exec newaliases 8 | ansible.builtin.command: /usr/bin/newaliases 9 | changed_when: false 10 | -------------------------------------------------------------------------------- /chef/cookbooks/net/recipes/default.rb: -------------------------------------------------------------------------------- 1 | net_packages = %w( 2 | ethtool 3 | tcpdump 4 | nmap 5 | telnet 6 | iftop 7 | whois 8 | wget2 9 | ipset 10 | nload 11 | bmon 12 | ) 13 | 14 | net_packages += [node['bind-utils']['package']] 15 | net_packages += [node['iperf']['package']] 16 | 17 | package net_packages do 18 | action :install 19 | end 20 | -------------------------------------------------------------------------------- /chef/cookbooks/misc/recipes/default.rb: -------------------------------------------------------------------------------- 1 | misc_packages = %w( 2 | htop 3 | tree 4 | git 5 | strace 6 | diffstat 7 | bash-completion 8 | pwgen 9 | lsof 10 | multitail 11 | plocate 12 | ) 13 | 14 | misc_packages += %w(debian-goodies apt-transport-https) if platform_family?('debian') 15 | 16 | package misc_packages do 17 | action :install 18 | end 19 | -------------------------------------------------------------------------------- /saltstack/salt/net/init.sls: -------------------------------------------------------------------------------- 1 | netpkgs: 2 | pkg.installed: 3 | - pkgs: 4 | - ethtool 5 | - tcpdump 6 | - nmap 7 | - telnet 8 | - iftop 9 | - whois 10 | - wget2 11 | - ipset 12 | - nload 13 | - bmon 14 | - {{ salt['pillar.get']('pkgs:bind-utils') }} 15 | - {{ salt['pillar.get']('pkgs:iperf') }} 16 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/epel/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Set up distro vars 2 | ansible.builtin.include_vars: 3 | file: "{{ item }}" 4 | with_first_found: 5 | - "{{ ansible_distribution }}.yml" 6 | - default.yml 7 | 8 | - name: Install epel release 9 | ansible.builtin.dnf: 10 | name: "{{ epel_release_uri }}" 11 | state: present 12 | notify: Update dnf cache 13 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/haveged/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Install haveged package 2 | ansible.builtin.package: 3 | name: haveged 4 | state: present 5 | 6 | - name: Start haveged service 7 | ansible.builtin.service: 8 | name: haveged 9 | state: started 10 | enabled: true 11 | when: ansible_virtualization_type is not defined or ansible_virtualization_type != 'docker' 12 | -------------------------------------------------------------------------------- /saltstack/salt/salt/init.sls: -------------------------------------------------------------------------------- 1 | {% if not salt['pillar.get']('containerized') %} 2 | salt-minion: 3 | service: 4 | - dead 5 | - enable: False 6 | - watch: 7 | - file: /etc/salt/minion.d/standalone.conf 8 | {% endif %} 9 | 10 | /etc/salt/minion.d/standalone.conf: 11 | file.managed: 12 | - source: salt://salt/files/standalone.conf 13 | - user: root 14 | - group: root 15 | - mode: '0640' 16 | -------------------------------------------------------------------------------- /saltstack/salt/etckeeper/init.sls: -------------------------------------------------------------------------------- 1 | etckeeper: 2 | pkg.installed 3 | 4 | etckeeper init: 5 | cmd.run: 6 | - creates: /etc/.git 7 | - require: 8 | - pkg: etckeeper 9 | 10 | /etc/.git/config: 11 | file.managed: 12 | - source: salt://etckeeper/files/gitconfig.j2 13 | - template: jinja 14 | - user: root 15 | - group: root 16 | - mode: '0644' 17 | - require: 18 | - cmd: etckeeper init 19 | -------------------------------------------------------------------------------- /chef/cookbooks/ssh/recipes/default.rb: -------------------------------------------------------------------------------- 1 | package 'openssh' do 2 | package_name node['ssh']['package'] 3 | action :install 4 | end 5 | 6 | cookbook_file 'sshrc' do 7 | path '/etc/ssh/sshrc' 8 | owner 'root' 9 | group 'root' 10 | mode '0644' 11 | action :create 12 | end 13 | 14 | service 'openssh' do 15 | service_name node['ssh']['service'] 16 | action [:enable, :start] 17 | not_if { node['containerized'] } 18 | end 19 | -------------------------------------------------------------------------------- /saltstack/salt/misc/init.sls: -------------------------------------------------------------------------------- 1 | miscpkgs: 2 | pkg.installed: 3 | - pkgs: 4 | - htop 5 | - tree 6 | - git 7 | - strace 8 | - diffstat 9 | - bash-completion 10 | - pwgen 11 | - lsof 12 | - multitail 13 | - plocate 14 | 15 | {% if grains['os_family'] == 'Debian' %} 16 | 17 | debian-goodies: 18 | pkg.installed 19 | 20 | apt-transport-https: 21 | pkg.installed 22 | 23 | {% endif %} 24 | -------------------------------------------------------------------------------- /chef/cookbooks/epel/recipes/default.rb: -------------------------------------------------------------------------------- 1 | if platform_family?('rhel') 2 | 3 | execute 'dnf_makecache' do 4 | command '/usr/bin/dnf -y makecache' 5 | action :nothing 6 | end 7 | 8 | package 'epel-release' do 9 | source 'http://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm' 10 | action :install 11 | provider Chef::Provider::Package::Rpm 12 | notifies :run, 'execute[dnf_makecache]', :immediately 13 | end 14 | end 15 | -------------------------------------------------------------------------------- /ansible/playbooks/local.yml: -------------------------------------------------------------------------------- 1 | - hosts: 127.0.0.1 2 | user: root 3 | connection: local 4 | 5 | roles: 6 | - role: 'epel' 7 | when: ansible_os_family == 'RedHat' and ansible_distribution != 'Fedora' 8 | - role: 'locale' 9 | - role: 'etckeeper' 10 | - role: 'misc' 11 | - role: 'net' 12 | - role: 'screen' 13 | - role: 'ssh' 14 | - role: 'fail2ban' 15 | - role: 'haveged' 16 | - role: 'vim' 17 | - role: 'postfix' 18 | -------------------------------------------------------------------------------- /chef/cookbooks/locale/attributes/default.rb: -------------------------------------------------------------------------------- 1 | case node['platform_family'] 2 | when 'debian' 3 | default['locales']['package'] = 'locales' 4 | when 'rhel' 5 | default['locales']['package'] = 'glibc-common' 6 | when 'fedora' 7 | default['locales']['package'] = 'glibc-common' 8 | when 'suse' 9 | default['locales']['package'] = 'glibc-locale' 10 | end 11 | 12 | default['locales']['locale'] = 'en_US.UTF-8' 13 | default['locales']['timezone'] = 'America/New_York' 14 | -------------------------------------------------------------------------------- /puppet/manifests/standalone-site.pp: -------------------------------------------------------------------------------- 1 | node default { 2 | 3 | Package { 4 | allow_virtual => true 5 | } 6 | 7 | stage { ['pre', 'post']: } 8 | 9 | Stage['pre'] -> Stage['main'] -> Stage['post'] 10 | 11 | class { 'epel': 12 | stage => 'pre', 13 | } 14 | 15 | include etckeeper 16 | include locale 17 | include misc 18 | include net 19 | include screen 20 | include ssh 21 | include fail2ban 22 | include haveged 23 | include vim 24 | } 25 | -------------------------------------------------------------------------------- /saltstack/salt/fail2ban/files/jail.local.j2: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | ignoreip = 127.0.0.1/8 3 | bantime = 600 4 | maxretry = 5 5 | backend = auto 6 | destemail = root@localhost 7 | 8 | [sshd] 9 | enabled = true 10 | {% if grains['os_family'] == 'Debian' -%} 11 | logpath = /var/log/auth.log 12 | {% endif -%} 13 | {% if grains['os_family'] == 'RedHat' -%} 14 | logpath = /var/log/secure 15 | {% endif -%} 16 | {% if grains['os_family'] == 'Suse' -%} 17 | logpath = /var/log/messages 18 | {%- endif -%} 19 | -------------------------------------------------------------------------------- /puppet/modules/fail2ban/templates/jail.local.erb: -------------------------------------------------------------------------------- 1 | [DEFAULT] 2 | ignoreip = 127.0.0.1/8 3 | bantime = 600 4 | maxretry = 5 5 | backend = auto 6 | destemail = root@localhost 7 | 8 | [sshd] 9 | enabled = true 10 | <% if @facts['os']['family'] == 'Debian' -%> 11 | logpath = /var/log/auth.log 12 | <% end -%> 13 | <% if @facts['os']['family'] == 'RedHat' -%> 14 | logpath = /var/log/secure 15 | <% end -%> 16 | <% if @facts['os']['family'] == 'Suse' -%> 17 | logpath = /var/log/messages 18 | <% end -%> 19 | -------------------------------------------------------------------------------- /chef/node.json: -------------------------------------------------------------------------------- 1 | { 2 | "containerized": false, 3 | "postfix": { 4 | "root_alias": "", 5 | "mail_relay": "" 6 | }, 7 | "run_list": [ "recipe[epel]", 8 | "recipe[locale]", 9 | "recipe[etckeeper]", 10 | "recipe[misc]", 11 | "recipe[net]", 12 | "recipe[screen]", 13 | "recipe[ssh]", 14 | "recipe[fail2ban]", 15 | "recipe[haveged]", 16 | "recipe[vim]", 17 | "recipe[postfix]" ] 18 | } 19 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/net/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Set up distro vars 2 | ansible.builtin.include_vars: 3 | file: "{{ item }}" 4 | with_first_found: 5 | - "{{ ansible_os_family }}.yml" 6 | - default.yml 7 | 8 | - name: Install net packages 9 | ansible.builtin.package: 10 | name: "{{ item }}" 11 | state: present 12 | loop: 13 | - tcpdump 14 | - nmap 15 | - telnet 16 | - iftop 17 | - whois 18 | - wget2 19 | - ipset 20 | - nload 21 | - bmon 22 | - "{{ iperf_package }}" 23 | - "{{ bindutils_package }}" 24 | -------------------------------------------------------------------------------- /puppet/modules/epel/manifests/init.pp: -------------------------------------------------------------------------------- 1 | class epel { 2 | 3 | if $facts['os']['family'] == 'RedHat' { 4 | 5 | $epel_release_uri = $facts['os']['name']? { 6 | 'CentOS' => 'epel-release', 7 | default => 'https://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm', 8 | } 9 | 10 | package { $epel_release_uri: 11 | ensure => installed, 12 | notify => Exec['dnf_makecache'], 13 | } 14 | 15 | exec { 'dnf_makecache': 16 | command => '/usr/bin/dnf -y makecache', 17 | refreshonly => true, 18 | } 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /chef/cookbooks/etckeeper/recipes/default.rb: -------------------------------------------------------------------------------- 1 | etckeeper_packages = %w(etckeeper) 2 | 3 | etckeeper_packages += %w(etckeeper-dnf python) if platform_family?('rhel') 4 | 5 | package etckeeper_packages do 6 | action :install 7 | notifies :run, 'execute[etckeeper-init]', :immediately 8 | end 9 | 10 | execute 'etckeeper-init' do 11 | command 'etckeeper init' 12 | creates '/etc/.git' 13 | notifies :create, 'template[gitconfig]', :immediately 14 | end 15 | 16 | template 'gitconfig' do 17 | path '/etc/.git/config' 18 | owner 'root' 19 | group 'root' 20 | mode '0644' 21 | end 22 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/misc/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Install misc packages 2 | ansible.builtin.package: 3 | name: "{{ item }}" 4 | state: present 5 | loop: 6 | - htop 7 | - tree 8 | - git 9 | - strace 10 | - diffstat 11 | - bash-completion 12 | - pwgen 13 | - lsof 14 | - multitail 15 | - plocate 16 | 17 | - name: Install misc packages for Debian 18 | ansible.builtin.package: 19 | name: "{{ item }}" 20 | state: present 21 | when: ansible_os_family == 'Debian' 22 | loop: 23 | - debian-goodies 24 | - apt-transport-https 25 | -------------------------------------------------------------------------------- /common/files/ssh/sshrc: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Fix SSH auth socket location so agent forwarding works with screen. 4 | if test "$SSH_AUTH_SOCK" ; then 5 | ln -sf $SSH_AUTH_SOCK ~/.ssh/ssh_auth_sock 6 | fi 7 | 8 | # Taken from the sshd(8) manpage. 9 | if read proto cookie && [ -n "$DISPLAY" ] ; then 10 | if [ `echo $DISPLAY | cut -c1-10` = 'localhost:' ] ; then 11 | # X11UseLocalhost=yes 12 | echo add unix:`echo $DISPLAY | 13 | cut -c11-` $proto $cookie 14 | else 15 | # X11UseLocalhost=no 16 | echo add $DISPLAY $proto $cookie 17 | fi | xauth -q - 18 | fi 19 | -------------------------------------------------------------------------------- /puppet/modules/misc/manifests/init.pp: -------------------------------------------------------------------------------- 1 | class misc { 2 | 3 | $misc_packages = [ 4 | 'htop', 5 | 'tree', 6 | 'git', 7 | 'strace', 8 | 'diffstat', 9 | 'bash-completion', 10 | 'pwgen', 11 | 'lsof', 12 | 'multitail', 13 | 'plocate', 14 | ] 15 | 16 | package { $misc_packages: 17 | ensure => installed, 18 | } 19 | 20 | if $facts['os']['family'] == 'Debian' { 21 | $debian_packages = [ 22 | 'apt-transport-https', 23 | 'debian-goodies', 24 | ] 25 | 26 | package { $debian_packages: 27 | ensure => installed, 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /puppet/modules/etckeeper/manifests/init.pp: -------------------------------------------------------------------------------- 1 | class etckeeper { 2 | 3 | require epel 4 | 5 | package { 'etckeeper': 6 | ensure => installed, 7 | } 8 | 9 | exec { 'etckeeper-init': 10 | path => '/usr/bin:/usr/sbin:/bin:/sbin', 11 | command => 'etckeeper init', 12 | subscribe => Package['etckeeper'], 13 | unless => 'test -d /etc/.git', 14 | } 15 | 16 | file { '/etc/.git/config': 17 | owner => 'root', 18 | group => 'root', 19 | mode => '0644', 20 | content => template('etckeeper/gitconfig.erb'), 21 | require => Exec[etckeeper-init], 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /puppet/modules/net/manifests/init.pp: -------------------------------------------------------------------------------- 1 | class net { 2 | 3 | $bindutils = $facts['os']['family'] ? { 4 | 'Debian' => 'bind9-dnsutils', 5 | default => 'bind-utils', 6 | } 7 | 8 | $iperf = $facts['os']['family'] ? { 9 | 'Suse' => 'iperf', 10 | default => 'iperf3', 11 | } 12 | 13 | $net_packages = [ 14 | 'ethtool', 15 | 'tcpdump', 16 | 'nmap', 17 | 'telnet', 18 | 'iftop', 19 | 'whois', 20 | 'wget2', 21 | 'ipset', 22 | 'nload', 23 | 'bmon', 24 | $bindutils, 25 | $iperf, 26 | ] 27 | 28 | package { $net_packages: 29 | ensure => installed, 30 | } 31 | } 32 | -------------------------------------------------------------------------------- /saltstack/salt/ssh/init.sls: -------------------------------------------------------------------------------- 1 | openssh-server: 2 | pkg: 3 | - installed 4 | - name: {{ salt['pillar.get']('pkgs:openssh-server') }} 5 | 6 | /etc/ssh/sshrc: 7 | file.managed: 8 | - source: salt://ssh/files/sshrc 9 | - user: root 10 | - group: root 11 | - mode: '0644' 12 | - follow_symlinks: True 13 | - require: 14 | - pkg: openssh-server 15 | 16 | {% if not salt['pillar.get']('containerized') %} 17 | ssh: 18 | service: 19 | - name: {{ salt['pillar.get']('svcs:ssh') }} 20 | - running 21 | - enable: True 22 | - watch: 23 | - pkg: openssh-server 24 | - require: 25 | - pkg: openssh-server 26 | - file: /etc/ssh/sshrc 27 | {% endif %} 28 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/etckeeper/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Install etckeeper packaqge 2 | ansible.builtin.package: 3 | name: etckeeper 4 | state: present 5 | 6 | - name: Check for /etc/.git dir 7 | ansible.builtin.stat: 8 | path: /etc/.git 9 | register: etc_git 10 | 11 | - name: Run etckeeper init 12 | ansible.builtin.command: etckeeper init 13 | when: not etc_git.stat.exists 14 | changed_when: false 15 | 16 | - name: Force all notified handlers to run 17 | ansible.builtin.meta: flush_handlers 18 | 19 | - name: Install /etc/.git/config 20 | ansible.builtin.template: 21 | src: gitconfig.j2 22 | dest: /etc/.git/config 23 | owner: root 24 | group: root 25 | mode: '0644' 26 | -------------------------------------------------------------------------------- /saltstack/pillar/pkg/init.sls: -------------------------------------------------------------------------------- 1 | pkgs: 2 | {% if grains['os_family'] == 'RedHat' %} 3 | openssh-server: openssh-server 4 | apache: httpd 5 | vim: vim-enhanced 6 | mailx: s-nail 7 | exim: exim 8 | bind-utils: bind-utils 9 | iperf: iperf3 10 | locales: glibc-common 11 | {% elif grains['os_family'] == 'Debian' %} 12 | openssh-server: openssh-server 13 | apache: apache2 14 | vim: vim 15 | mailx: s-nail 16 | exim: exim4 17 | bind-utils: bind9-dnsutils 18 | iperf: iperf3 19 | locales: locales 20 | {% elif grains['os_family'] == 'Suse' %} 21 | openssh-server: openssh 22 | apache: apache2 23 | vim: vim 24 | mailx: mailx 25 | exim: exim 26 | bind-utils: bind-utils 27 | iperf: iperf 28 | locales: glibc-locale 29 | {% endif %} 30 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/ssh/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Set up distro vars 2 | ansible.builtin.include_vars: 3 | file: "{{ item }}" 4 | with_first_found: 5 | - "{{ ansible_os_family }}.yml" 6 | - default.yml 7 | 8 | - name: Install openssh package 9 | ansible.builtin.package: 10 | name: "{{ openssh_package }}" 11 | state: present 12 | 13 | - name: Copy sshrc file 14 | ansible.builtin.copy: 15 | src: sshrc 16 | dest: /etc/ssh/sshrc 17 | owner: root 18 | group: root 19 | mode: '0644' 20 | backup: true 21 | 22 | - name: Start openssh service 23 | ansible.builtin.service: 24 | name: "{{ openssh_service }}" 25 | state: started 26 | enabled: true 27 | when: ansible_virtualization_type is not defined or ansible_virtualization_type != 'docker' 28 | -------------------------------------------------------------------------------- /puppet/modules/ssh/manifests/init.pp: -------------------------------------------------------------------------------- 1 | class ssh { 2 | 3 | $openssh_service = $facts['os']['family'] ? { 4 | 'Debian' => 'ssh', 5 | default => 'sshd', 6 | } 7 | 8 | $openssh_package = $facts['os']['family'] ? { 9 | 'Suse' => 'openssh', 10 | default => 'openssh-server', 11 | } 12 | 13 | package { $openssh_package: 14 | ensure => installed, 15 | } 16 | 17 | file { '/etc/ssh/sshrc': 18 | ensure => present, 19 | owner => 'root', 20 | group => 'root', 21 | mode => '0644', 22 | source => 'puppet:///modules/ssh/sshrc', 23 | } 24 | 25 | if $facts['containerized'] == 'false' { 26 | service { $openssh_service: 27 | ensure => running, 28 | require => [Package[$openssh_package], 29 | File['/etc/ssh/sshrc']], 30 | } 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /saltstack/salt/fail2ban/init.sls: -------------------------------------------------------------------------------- 1 | fail2ban: 2 | pkg: 3 | - installed 4 | {% if not salt['pillar.get']('containerized') %} 5 | service: 6 | - running 7 | - enable: True 8 | - watch: 9 | - file: /etc/fail2ban/fail2ban.local 10 | - file: /etc/fail2ban/jail.local 11 | {% endif %} 12 | 13 | /etc/fail2ban/jail.local: 14 | file.managed: 15 | - source: salt://fail2ban/files/jail.local.j2 16 | - template: jinja 17 | - user: root 18 | - group: root 19 | - mode: '0644' 20 | - follow_symlinks: True 21 | - require: 22 | - pkg: fail2ban 23 | 24 | /etc/fail2ban/fail2ban.local: 25 | file.managed: 26 | - source: salt://fail2ban/files/fail2ban.local 27 | - user: root 28 | - group: root 29 | - mode: '0644' 30 | - follow_symlinks: True 31 | - require: 32 | - pkg: fail2ban 33 | -------------------------------------------------------------------------------- /chef/cookbooks/fail2ban/recipes/default.rb: -------------------------------------------------------------------------------- 1 | package 'fail2ban' do 2 | action :install 3 | end 4 | 5 | service 'fail2ban' do 6 | action [:enable, :start] 7 | not_if { node['containerized'] } 8 | end 9 | 10 | cookbook_file 'fail2ban.local' do 11 | path '/etc/fail2ban/fail2ban.local' 12 | owner 'root' 13 | group 'root' 14 | mode '0644' 15 | action :create 16 | notifies :restart, 'service[fail2ban]' 17 | end 18 | 19 | case node['platform_family'] 20 | when 'debian' 21 | logfile = '/var/log/auth.log' 22 | when 'rhel' 23 | logfile = '/var/log/secure' 24 | when 'suse' 25 | logfile = '/var/log/messages' 26 | end 27 | 28 | template 'jail.local' do 29 | path '/etc/fail2ban/jail.local' 30 | owner 'root' 31 | group 'root' 32 | mode '0644' 33 | action :create 34 | variables( 35 | logfile: logfile 36 | ) 37 | notifies :restart, 'service[fail2ban]' 38 | end 39 | -------------------------------------------------------------------------------- /chef/cookbooks/vim/recipes/default.rb: -------------------------------------------------------------------------------- 1 | case node['platform_family'] 2 | when 'debian' 3 | package ['vim', 'vim-scripts'] do 4 | action :install 5 | end 6 | when 'rhel' 7 | package 'vim-enhanced' do 8 | action :install 9 | end 10 | cookbook_file 'vimrc.RedHat' do 11 | path '/etc/vimrc' 12 | owner 'root' 13 | group 'root' 14 | mode '0644' 15 | action :create 16 | end 17 | when 'suse' 18 | package ['vim', 'vim-data'] do 19 | action :install 20 | end 21 | cookbook_file 'vimrc.Suse' do 22 | path '/etc/vimrc' 23 | owner 'root' 24 | group 'root' 25 | mode '0644' 26 | action :create 27 | end 28 | end 29 | 30 | directory '/etc/vim' do 31 | owner 'root' 32 | group 'root' 33 | mode '0755' 34 | action :create 35 | end 36 | 37 | cookbook_file 'vimrc.local' do 38 | path '/etc/vim/vimrc.local' 39 | owner 'root' 40 | group 'root' 41 | mode '0644' 42 | action :create 43 | end 44 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/fail2ban/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Set up distro vars 2 | ansible.builtin.include_vars: 3 | file: "{{ item }}" 4 | with_first_found: 5 | - "{{ ansible_os_family }}.yml" 6 | - default.yml 7 | 8 | - name: Install fail2ban 9 | ansible.builtin.package: 10 | name: fail2ban 11 | state: present 12 | 13 | - name: Start fail2ban service 14 | ansible.builtin.service: 15 | name: fail2ban 16 | state: started 17 | enabled: true 18 | when: ansible_virtualization_type != 'docker' 19 | 20 | - name: Configure fail2ban 21 | ansible.builtin.copy: 22 | src: fail2ban.local 23 | dest: /etc/fail2ban/fail2ban.local 24 | owner: root 25 | group: root 26 | mode: '0644' 27 | backup: true 28 | notify: Restart fail2ban 29 | 30 | - name: Configure fail2ban ssh jail 31 | ansible.builtin.template: 32 | src: jail.local.j2 33 | dest: /etc/fail2ban/jail.local 34 | owner: root 35 | group: root 36 | mode: '0644' 37 | backup: true 38 | notify: Restart fail2ban 39 | -------------------------------------------------------------------------------- /puppet/modules/fail2ban/manifests/init.pp: -------------------------------------------------------------------------------- 1 | class fail2ban { 2 | 3 | package { 'fail2ban': 4 | ensure => installed, 5 | } 6 | 7 | if $facts['containerized'] == 'false' { 8 | service { 'fail2ban': 9 | ensure => running, 10 | enable => true, 11 | require => [Package['fail2ban'], 12 | File[ '/etc/fail2ban/jail.local', 13 | '/etc/fail2ban/fail2ban.local']], 14 | subscribe => File[ '/etc/fail2ban/jail.local', 15 | '/etc/fail2ban/fail2ban.local'], 16 | } 17 | } 18 | 19 | file { '/etc/fail2ban/jail.local': 20 | content => template('fail2ban/jail.local.erb'), 21 | owner => 'root', 22 | group => 'root', 23 | mode => '0644', 24 | require => Package['fail2ban'], 25 | } 26 | 27 | file { '/etc/fail2ban/fail2ban.local': 28 | source => 'puppet:///modules/fail2ban/fail2ban.local', 29 | owner => 'root', 30 | group => 'root', 31 | mode => '0644', 32 | require => Package['fail2ban'], 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /saltstack/salt/postfix/init.sls: -------------------------------------------------------------------------------- 1 | postfix: 2 | pkg: 3 | - installed 4 | - require: 5 | - pkg: exim 6 | {% if not salt['pillar.get']('containerized') %} 7 | service: 8 | - running 9 | - enable: True 10 | - watch: 11 | - file: /etc/postfix/main.cf 12 | {% endif %} 13 | 14 | {% if grains['os_family'] in ['Debian', 'RedHat'] %} 15 | postfix-lmdb: 16 | pkg: 17 | - installed 18 | {% endif %} 19 | 20 | mailx: 21 | pkg: 22 | - installed 23 | - name: {{ salt['pillar.get']('pkgs:mailx') }} 24 | 25 | exim: 26 | pkg: 27 | - removed 28 | - name: {{ salt['pillar.get']('pkgs:exim') }} 29 | 30 | /etc/postfix/main.cf: 31 | file.managed: 32 | - source: salt://postfix/files/main.cf.j2 33 | - template: jinja 34 | - user: root 35 | - group: root 36 | - mode: '0644' 37 | - require: 38 | - pkg: postfix 39 | 40 | {% if salt['pillar.get']('root_alias') %} 41 | root: 42 | alias.present: 43 | - target: {{ salt['pillar.get']('root_alias') }} 44 | {% endif %} 45 | 46 | newaliases: 47 | cmd.run 48 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## Synopsis 2 | 3 | This project aims to give some basic examples of how to use each of chef, 4 | puppet, salt and ansible as standalone configuration management systems. 5 | 6 | ## Usage 7 | 8 | ### Puppet 9 | ``` 10 | curl -O https://raw.githubusercontent.com/furlongm/standalone-configuration-management/main/puppet/standalone-puppet.sh 11 | sudo -E bash -x standalone-puppet.sh -e furlongm@gmail.com 12 | ``` 13 | 14 | ### Salt 15 | ``` 16 | curl -O https://raw.githubusercontent.com/furlongm/standalone-configuration-management/main/saltstack/standalone-salt.sh 17 | sudo -E bash -x standalone-salt.sh -e furlongm@gmail.com 18 | ``` 19 | 20 | ### Chef 21 | ``` 22 | curl -O https://raw.githubusercontent.com/furlongm/standalone-configuration-management/main/chef/standalone-chef.sh 23 | sudo -E bash -x standalone-chef.sh -e furlongm@gmail.com 24 | ``` 25 | 26 | ### Ansible 27 | ``` 28 | curl -O https://raw.githubusercontent.com/furlongm/standalone-configuration-management/main/ansible/standalone-ansible.sh 29 | sudo -E bash -x standalone-ansible.sh -e furlongm@gmail.com 30 | ``` 31 | -------------------------------------------------------------------------------- /chef/cookbooks/locale/recipes/default.rb: -------------------------------------------------------------------------------- 1 | locale = node['locales']['locale'] 2 | timezone = node['locales']['timezone'] 3 | 4 | package node['locales']['package'] do 5 | action :install 6 | end 7 | 8 | if platform_family?('debian') 9 | file '/etc/locale.gen' do 10 | content "#{locale} UTF-8\n" 11 | mode '0644' 12 | owner 'root' 13 | group 'root' 14 | notifies :run, 'execute[locale-gen]' 15 | end 16 | 17 | template 'environment' do 18 | path '/etc/environment' 19 | mode '0644' 20 | owner 'root' 21 | group 'root' 22 | notifies :run, 'execute[locale-gen]' 23 | end 24 | 25 | execute 'locale-gen' do 26 | command 'locale-gen' 27 | action :nothing 28 | end 29 | end 30 | 31 | execute 'set-locale' do 32 | command "localectl set-locale LANG=#{locale}" 33 | not_if { node['containerized'] } 34 | not_if "localectl status | grep #{locale}" 35 | end 36 | 37 | execute 'set-timezone' do 38 | command "timedatectl set-timezone #{timezone}" 39 | not_if { node['containerized'] } 40 | not_if "timedatectl status | grep #{timezone}" 41 | end 42 | -------------------------------------------------------------------------------- /saltstack/salt/vim/init.sls: -------------------------------------------------------------------------------- 1 | vim: 2 | pkg: 3 | - installed 4 | - name: {{ salt['pillar.get']('pkgs:vim') }} 5 | 6 | {% if grains['os_family'] == 'Debian' %} 7 | 8 | vim-scripts: 9 | pkg.installed 10 | 11 | {% endif %} 12 | 13 | {% if grains['os_family'] == 'Suse' %} 14 | 15 | vim-data: 16 | pkg.installed 17 | 18 | /etc/vimrc: 19 | file.managed: 20 | - source: salt://vim/files/vimrc.Suse 21 | - user: root 22 | - group: root 23 | - mode: '0644' 24 | - follow_symlinks: True 25 | {% endif %} 26 | 27 | {% if grains['os_family'] == 'RedHat' %} 28 | /etc/vimrc: 29 | file.managed: 30 | - source: salt://vim/files/vimrc.RedHat 31 | - user: root 32 | - group: root 33 | - mode: '0644' 34 | - follow_symlinks: True 35 | {% endif %} 36 | 37 | /etc/vim: 38 | file.directory: 39 | - user: root 40 | - group: root 41 | - mode: '0755' 42 | 43 | /etc/vim/vimrc.local: 44 | file.managed: 45 | - source: salt://vim/files/vimrc.local 46 | - user: root 47 | - group: root 48 | - mode: '0644' 49 | - follow_symlinks: True 50 | - require: 51 | - file: /etc/vim 52 | -------------------------------------------------------------------------------- /saltstack/salt/locale/init.sls: -------------------------------------------------------------------------------- 1 | locales: 2 | pkg: 3 | - installed 4 | - name: {{ salt['pillar.get']('pkgs:locales') }} 5 | 6 | {% if grains['os_family'] == 'Debian' %} 7 | 8 | locale-gen: 9 | cmd.run: 10 | - onchanges: 11 | - file: locale.gen 12 | 13 | locale.gen: 14 | file.managed: 15 | - name: /etc/locale.gen 16 | - contents: "{{ salt['pillar.get']('locale:locale') }} UTF-8\n" 17 | - user: root 18 | - group: root 19 | - mode: '0644' 20 | - require: 21 | - pkg: locales 22 | 23 | {% endif %} 24 | 25 | environment: 26 | file.managed: 27 | - name: /etc/environment 28 | - source: salt://locale/files/environment.j2 29 | - template: jinja 30 | - user: root 31 | - group: root 32 | - mode: '0644' 33 | - require: 34 | - pkg: locales 35 | 36 | {% if not salt['pillar.get']('containerized') %} 37 | localectl set-locale LANG={{ salt['pillar.get']('locale:locale') }}: 38 | cmd.run: 39 | - unless: 40 | - localectl status | grep {{ salt['pillar.get']('locale:locale') }} 41 | - require: 42 | - pkg: locales 43 | 44 | timedatectl set-timezone {{ salt['pillar.get']('locale:timezone') }}: 45 | cmd.run: 46 | - unless: 47 | - timedatectl status | grep {{ salt['pillar.get']('locale:timezone') }} 48 | {% endif %} 49 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/vim/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Set up distro vars 2 | ansible.builtin.include_vars: 3 | file: "{{ item }}" 4 | with_first_found: 5 | - "{{ ansible_os_family }}.yml" 6 | - default.yml 7 | 8 | - name: Install vim package 9 | ansible.builtin.package: 10 | name: "{{ vim_package }}" 11 | state: present 12 | 13 | - name: Install vim-scripts on Debian 14 | ansible.builtin.package: 15 | name: vim-scripts 16 | state: present 17 | when: ansible_os_family == 'Debian' 18 | 19 | - name: Install vim-data on Suse 20 | ansible.builtin.package: 21 | name: vim-data 22 | state: present 23 | when: ansible_os_family == 'Suse' 24 | 25 | - name: Copy vimrc file 26 | ansible.builtin.copy: 27 | src: vimrc.{{ ansible_os_family }} 28 | dest: /etc/vimrc 29 | owner: root 30 | group: root 31 | mode: '0644' 32 | backup: true 33 | when: ansible_os_family == 'RedHat' or ansible_os_family == 'Suse' 34 | 35 | - name: Ensure /etc/vim exists 36 | ansible.builtin.file: 37 | path: /etc/vim 38 | state: directory 39 | mode: '0755' 40 | 41 | - name: Copy vimrc.local file 42 | ansible.builtin.copy: 43 | src: vimrc.local 44 | dest: /etc/vim/vimrc.local 45 | owner: root 46 | group: root 47 | mode: '0644' 48 | backup: true 49 | -------------------------------------------------------------------------------- /puppet/modules/vim/manifests/init.pp: -------------------------------------------------------------------------------- 1 | class vim { 2 | 3 | $vim = $facts['os']['family'] ? { 4 | 'RedHat' => 'vim-enhanced', 5 | default => 'vim', 6 | } 7 | 8 | package { $vim: 9 | ensure => installed, 10 | } 11 | 12 | if $facts['os']['family'] == 'Debian' { 13 | package { 'vim-scripts': 14 | ensure => installed, 15 | } 16 | } 17 | 18 | if $facts['os']['family'] == 'Suse' { 19 | package { 'vim-data': 20 | ensure => installed, 21 | } 22 | 23 | file { '/etc/vimrc': 24 | ensure => present, 25 | owner => 'root', 26 | group => 'root', 27 | mode => '0644', 28 | source => 'puppet:///modules/vim/vimrc.Suse', 29 | } 30 | } 31 | 32 | if $facts['os']['family'] == 'RedHat' { 33 | file { '/etc/vimrc': 34 | ensure => present, 35 | owner => 'root', 36 | group => 'root', 37 | mode => '0644', 38 | source => 'puppet:///modules/vim/vimrc.RedHat', 39 | } 40 | } 41 | 42 | file { '/etc/vim': 43 | ensure => directory, 44 | owner => 'root', 45 | group => 'root', 46 | mode => '0755', 47 | } 48 | 49 | file { '/etc/vim/vimrc.local': 50 | ensure => present, 51 | source => 'puppet:///modules/vim/vimrc.local', 52 | owner => 'root', 53 | group => 'root', 54 | mode => '0644', 55 | require => File['/etc/vim'], 56 | } 57 | } 58 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/postfix/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Set up distro vars 2 | ansible.builtin.include_vars: 3 | file: "{{ item }}" 4 | with_first_found: 5 | - "{{ ansible_os_family }}.yml" 6 | - default.yml 7 | 8 | - name: Remove exim package 9 | ansible.builtin.package: 10 | name: "{{ exim_package }}" 11 | state: absent 12 | 13 | - name: Install mailx package 14 | ansible.builtin.package: 15 | name: "{{ mailx_package }}" 16 | state: present 17 | 18 | - name: Install postfix package 19 | ansible.builtin.package: 20 | name: postfix 21 | state: present 22 | 23 | - name: Install postfix-lmdb package 24 | ansible.builtin.package: 25 | name: postfix-lmdb 26 | state: present 27 | when: ansible_os_family in ['Debian', 'RedHat'] 28 | 29 | - name: Start postfix service 30 | ansible.builtin.service: 31 | name: postfix 32 | state: started 33 | enabled: true 34 | when: ansible_virtualization_type is not defined or ansible_virtualization_type != 'docker' 35 | 36 | - name: Configure postfix 37 | ansible.builtin.template: 38 | src: main.cf.j2 39 | dest: /etc/postfix/main.cf 40 | owner: root 41 | group: root 42 | mode: '0644' 43 | backup: true 44 | notify: Restart postfix 45 | 46 | - name: Add root mail alias 47 | ansible.builtin.lineinfile: 48 | path: /etc/aliases 49 | regexp: '^root:' 50 | line: "root: {{ root_alias }}" 51 | notify: Exec newaliases 52 | -------------------------------------------------------------------------------- /puppet/modules/postfix/templates/main.cf.erb: -------------------------------------------------------------------------------- 1 | smtpd_banner = $myhostname ESMTP $mail_name 2 | biff = no 3 | 4 | # appending .domain is the MUA's job. 5 | append_dot_mydomain = no 6 | 7 | # Uncomment the next line to generate "delayed mail" warnings 8 | #delay_warning_time = 4h 9 | 10 | readme_directory = no 11 | 12 | # TLS parameters 13 | smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem 14 | smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key 15 | smtpd_use_tls = yes 16 | smtpd_tls_session_cache_database = lmdb:${data_directory}/smtpd_scache 17 | smtp_tls_session_cache_database = lmdb:${data_directory}/smtp_scache 18 | 19 | myhostname = <%= @hostname %> 20 | alias_maps = lmdb:/etc/aliases 21 | alias_database = lmdb:/etc/aliases 22 | myorigin = <%= @fqdn %> 23 | 24 | <% if @fqdn != @hostname -%> 25 | mydestination = <%= @fqdn %>, <%= @hostname %>, localhost.localdomain, localhost 26 | <% else -%> 27 | mydestination = <%= @fqdn %>, localhost.localdomain, localhost 28 | <% end -%> 29 | 30 | smtpd_recipient_restrictions = permit_mynetworks,reject 31 | smtpd_relay_restrictions = permit_sasl_authenticated,reject 32 | 33 | <% if @mail_relay != "" -%> 34 | relayhost = <%= @mail_relay %> 35 | <% end -%> 36 | mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 37 | mailbox_size_limit = 0 38 | recipient_delimiter = + 39 | inet_interfaces = loopback-only 40 | 41 | <% if @facts['os']['family'] == 'Suse' -%> 42 | setgid_group = maildrop 43 | daemon_directory = /usr/lib/postfix/bin/ 44 | <% end -%> 45 | -------------------------------------------------------------------------------- /common/files/screen/screenrc: -------------------------------------------------------------------------------- 1 | # This is the global screenrc file. Handle with care. 2 | 3 | startup_message off 4 | defscrollback 30720 5 | 6 | # Turn visual bell on 7 | vbell on 8 | vbell_msg " Wuff ---- Wuff!! " 9 | 10 | # Remove some stupid / dangerous key bindings 11 | bind ^k 12 | bind ^\ 13 | # Make them better 14 | bind \\ quit 15 | bind K kill 16 | bind I login on 17 | bind O login off 18 | bind } history 19 | bindkey -k F1 prev 20 | bindkey -k F2 next 21 | 22 | # Set these terminals up to be 'optimal' instead of vt100 23 | termcapinfo xterm*|linux*|rxvt*|Eterm* OP 24 | 25 | # Change the xterm initialization string from is2=\E[!p\E[?3;4l\E[4l\E> 26 | # (This fixes the "Aborted because of window size change" konsole symptoms found 27 | # in bug #134198) 28 | termcapinfo xterm 'is=\E[r\E[m\E[2J\E[H\E[?7h\E[?1;4;6l' 29 | 30 | # To get screen to add lines to xterm's scrollback buffer, uncomment the 31 | # following termcapinfo line which tells xterm to use the normal screen buffer 32 | # (which has scrollback), not the alternate screen buffer. 33 | # 34 | termcapinfo xterm|xterms|xs|rxvt ti@:te@ 35 | 36 | # Enable non-blocking mode to better cope with flaky ssh connections. 37 | defnonblock 5 38 | 39 | # Enable SSH agent persistence over logins 40 | setenv SSH_AUTH_SOCK $HOME/.ssh/ssh_auth_sock 41 | 42 | # Window list at the bottom. 43 | hardstatus alwayslastline 44 | hardstatus string '%{= kr}[%{= kr} %H %{= kr}]%{= kW} %-w%{= BW}%50>%n %t%{-}%+w %{= kW}%=%{= kr}[%{=b kr} %c %d/%m/%y %{= kr}]%{=b kr}' 45 | -------------------------------------------------------------------------------- /puppet/modules/locale/manifests/init.pp: -------------------------------------------------------------------------------- 1 | class locale { 2 | 3 | $locale = 'en_US.UTF-8' 4 | $timezone = 'America/New_York' 5 | 6 | $locale_package = $facts['os']['family'] ? { 7 | 'Debian' => 'locales', 8 | 'Fedora' => 'glibc-common', 9 | 'RedHat' => 'glibc-common', 10 | 'Suse' => 'glibc-locale', 11 | } 12 | 13 | package { $locale_package: 14 | ensure => installed, 15 | } 16 | 17 | if $facts['os']['family'] == 'Debian' { 18 | file { '/etc/locale.gen': 19 | content => "${locale} UTF-8\n", 20 | owner => 'root', 21 | group => 'root', 22 | mode => '0644', 23 | } 24 | 25 | file { '/etc/environment': 26 | content => template('locale/environment.erb'), 27 | owner => 'root', 28 | group => 'root', 29 | mode => '0644', 30 | } 31 | 32 | exec { 'locale-gen': 33 | command => '/usr/sbin/locale-gen', 34 | refreshonly => true, 35 | subscribe => File['/etc/locale.gen'], 36 | } 37 | } 38 | 39 | if $facts['containerized'] == 'false' { 40 | exec { 'set-locale': 41 | path => '/usr/bin:/usr/sbin:/bin:/sbin', 42 | command => "localectl set-locale LANG=${locale}", 43 | unless => "localectl status | grep ${locale}", 44 | } 45 | 46 | exec { 'set-timezone': 47 | path => '/usr/bin:/usr/sbin:/bin:/sbin', 48 | command => "timedatectl set-timezone ${timezone}", 49 | unless => "timedatectl status | grep ${timezone}" 50 | } 51 | } 52 | } 53 | -------------------------------------------------------------------------------- /chef/cookbooks/postfix/recipes/default.rb: -------------------------------------------------------------------------------- 1 | exim = if platform_family?('debian') 2 | 'exim4' 3 | else 4 | 'exim' 5 | end 6 | 7 | mailx = if platform_family?('suse') 8 | 'mailx' 9 | else 10 | 's-nail' 11 | end 12 | 13 | package exim do 14 | action :remove 15 | end 16 | 17 | package mailx do 18 | action :install 19 | end 20 | 21 | package 'postfix' do 22 | action :install 23 | end 24 | 25 | if platform_family?('debian', 'fedora', 'redhat') 26 | package 'postfix-lmdb' do 27 | action :install 28 | end 29 | end 30 | 31 | template 'main.cf' do 32 | path '/etc/postfix/main.cf' 33 | owner 'root' 34 | group 'root' 35 | mode '0644' 36 | action :create 37 | variables( 38 | mail_relay: node['postfix']['mail_relay'] 39 | ) 40 | notifies :restart, 'service[postfix]' 41 | end 42 | 43 | service 'postfix' do 44 | action [:enable, :start] 45 | not_if { node['containerized'] } 46 | end 47 | 48 | ruby_block 'add_root_mail_alias' do 49 | block do 50 | mail_alias = 'root: ' + node['postfix']['root_alias'] 51 | file = Chef::Util::FileEdit.new('/etc/aliases') 52 | file.search_file_replace_line(/^root:/, mail_alias) 53 | file.insert_line_if_no_match(/^root:/, mail_alias) 54 | file.write_file 55 | end 56 | notifies :run, 'execute[run-newaliases]', :immediately 57 | end 58 | 59 | execute 'run-newaliases' do 60 | command '/usr/bin/newaliases' 61 | action :nothing 62 | notifies :restart, 'service[postfix]' 63 | end 64 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/postfix/templates/main.cf.j2: -------------------------------------------------------------------------------- 1 | smtpd_banner = $myhostname ESMTP $mail_name 2 | biff = no 3 | 4 | # appending .domain is the MUA's job. 5 | append_dot_mydomain = no 6 | 7 | # Uncomment the next line to generate "delayed mail" warnings 8 | #delay_warning_time = 4h 9 | 10 | readme_directory = no 11 | 12 | # TLS parameters 13 | smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem 14 | smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key 15 | smtpd_use_tls = yes 16 | smtpd_tls_session_cache_database = lmdb:${data_directory}/smtpd_scache 17 | smtp_tls_session_cache_database = lmdb:${data_directory}/smtp_scache 18 | 19 | myhostname = {{ ansible_hostname }} 20 | alias_maps = lmdb:/etc/aliases 21 | alias_database = lmdb:/etc/aliases 22 | myorigin = {{ ansible_fqdn }} 23 | 24 | {% if ansible_fqdn != ansible_hostname -%} 25 | mydestination = {{ ansible_fqdn }}, {{ ansible_hostname }}, localhost.localdomain, localhost 26 | {% else -%} 27 | mydestination = {{ ansible_hostname }}, localhost.localdomain, localhost 28 | {%- endif %} 29 | 30 | smtpd_recipient_restrictions = permit_mynetworks,reject 31 | smtpd_relay_restrictions = permit_sasl_authenticated,reject 32 | 33 | {% if mail_relay -%} 34 | relayhost = {{ mail_relay }} 35 | {% endif -%} 36 | mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 37 | mailbox_size_limit = 0 38 | recipient_delimiter = + 39 | inet_interfaces = loopback-only 40 | 41 | {% if ansible_os_family == 'Suse' %} 42 | setgid_group = maildrop 43 | daemon_directory = /usr/lib/postfix/bin/ 44 | {% endif %} 45 | -------------------------------------------------------------------------------- /saltstack/salt/postfix/files/main.cf.j2: -------------------------------------------------------------------------------- 1 | smtpd_banner = $myhostname ESMTP $mail_name 2 | biff = no 3 | 4 | # appending .domain is the MUA's job. 5 | append_dot_mydomain = no 6 | 7 | # Uncomment the next line to generate "delayed mail" warnings 8 | #delay_warning_time = 4h 9 | 10 | readme_directory = no 11 | 12 | # TLS parameters 13 | smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem 14 | smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key 15 | smtpd_use_tls = yes 16 | smtpd_tls_session_cache_database = lmdb:${data_directory}/smtpd_scache 17 | smtp_tls_session_cache_database = lmdb:${data_directory}/smtp_scache 18 | 19 | myhostname = {{ grains['host'] }} 20 | alias_maps = lmdb:/etc/aliases 21 | alias_database = lmdb:/etc/aliases 22 | myorigin = {{ grains['fqdn'] }} 23 | 24 | {% if grains['fqdn'] != grains['host'] -%} 25 | mydestination = {{ grains['fqdn'] }}, {{ grains['host'] }}, localhost.localdomain, localhost 26 | {%- else -%} 27 | mydestination = {{ grains['host'] }}, localhost.localdomain, localhost 28 | {%- endif %} 29 | 30 | smtpd_recipient_restrictions = permit_mynetworks,reject 31 | smtpd_relay_restrictions = permit_sasl_authenticated,reject 32 | 33 | {% if pillar['mail_relay'] -%} 34 | relayhost = {{ pillar['mail_relay'] }} 35 | {%- endif %} 36 | mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 37 | mailbox_size_limit = 0 38 | recipient_delimiter = + 39 | inet_interfaces = loopback-only 40 | {% if grains['os_family'] == 'Suse' %} 41 | setgid_group = maildrop 42 | daemon_directory = /usr/lib/postfix/bin/ 43 | {%- endif %} 44 | -------------------------------------------------------------------------------- /puppet/modules/postfix/manifests/init.pp: -------------------------------------------------------------------------------- 1 | class postfix( 2 | $root_alias='admin@example.com' 3 | ) { 4 | 5 | $mailx = $facts['os']['family'] ? { 6 | 'Suse' => 'mailx', 7 | default => 's-nail', 8 | } 9 | 10 | package { $mailx: 11 | ensure => installed, 12 | } 13 | 14 | $exim = $facts['os']['family'] ? { 15 | 'Debian' => 'exim4', 16 | default => 'exim', 17 | } 18 | 19 | package { 'postfix': 20 | ensure => installed, 21 | } 22 | 23 | package { $exim: 24 | ensure => absent, 25 | } 26 | 27 | if ($facts['os']['family'] == 'Debian') or ($facts['os']['family'] == 'RedHat') { 28 | package { 'postfix-lmdb': 29 | ensure => installed, 30 | } 31 | } 32 | 33 | if $facts['containerized'] == 'false' { 34 | service { 'postfix': 35 | ensure => running, 36 | enable => true, 37 | require => Package['postfix'], 38 | subscribe => [File['/etc/postfix/main.cf'], 39 | Exec['newaliases']], 40 | } 41 | } 42 | 43 | file { '/etc/postfix/main.cf': 44 | content => template('postfix/main.cf.erb'), 45 | owner => 'root', 46 | group => 'root', 47 | mode => '0644', 48 | require => Package['postfix'], 49 | } 50 | 51 | mailalias { 'root_alias': 52 | ensure => present, 53 | name => 'root', 54 | recipient => $root_alias, 55 | target => '/etc/aliases' 56 | } 57 | 58 | exec { 'newaliases': 59 | command => '/usr/bin/newaliases', 60 | refreshonly => true, 61 | subscribe => Mailalias['root_alias'], 62 | } 63 | } 64 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/locale/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Include locale vars 2 | ansible.builtin.include_vars: 3 | file: "{{ item }}" 4 | loop: 5 | - "{{ ansible_os_family }}.yml" 6 | - default.yml 7 | 8 | - name: Install locales package 9 | ansible.builtin.package: 10 | name: "{{ locales_package }}" 11 | state: present 12 | 13 | - name: Add /etc/locale.gen file on Debian 14 | ansible.builtin.copy: 15 | dest: /etc/locale.gen 16 | content: "{{ locale }} UTF-8\n" 17 | owner: root 18 | group: root 19 | mode: '0644' 20 | when: ansible_os_family == 'Debian' 21 | notify: Exec locale-gen 22 | 23 | - name: Add /etc/environment 24 | ansible.builtin.template: 25 | src: environment.j2 26 | dest: /etc/environment 27 | owner: root 28 | group: root 29 | mode: '0644' 30 | 31 | - name: Get locale 32 | ansible.builtin.shell: localectl status | grep {{ locale }} 33 | register: result 34 | ignore_errors: true 35 | when: ansible_virtualization_type is not defined or ansible_virtualization_type != 'docker' 36 | changed_when: false 37 | 38 | - name: Set locale 39 | ansible.builtin.command: localectl set-locale LANG={{ locale }} 40 | when: result is defined and result is failed 41 | changed_when: false 42 | 43 | - name: Get timezone 44 | ansible.builtin.shell: timedatectl status | grep {{ timezone }} 45 | register: result 46 | ignore_errors: true 47 | when: ansible_virtualization_type is not defined or ansible_virtualization_type != 'docker' 48 | changed_when: false 49 | 50 | - name: Set timezone 51 | ansible.builtin.command: timedatectl set-timezone {{ timezone }} 52 | when: result is defined and result is failed 53 | changed_when: false 54 | -------------------------------------------------------------------------------- /common/files/vim/vimrc.local: -------------------------------------------------------------------------------- 1 | " https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864074 2 | " https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837761 3 | if filereadable("/usr/share/vim/vim80/defaults.vim") 4 | source /usr/share/vim/vim80/defaults.vim 5 | endif 6 | " Ensure defaults file is not loaded after this file 7 | let g:skip_defaults_vim = 1 8 | 9 | " Set the mouse mode to 'r' 10 | if has('mouse') 11 | set mouse=r 12 | endif 13 | 14 | " Set nocompatible mode 15 | set nocompatible 16 | 17 | " Always use syntax highlighting 18 | syntax on 19 | 20 | " Enable the modelines 21 | set modeline 22 | 23 | " Don't do autoindent when pasting text 24 | set paste 25 | set noautoindent 26 | 27 | " Four spaces for tabs 28 | set tabstop=4 29 | set shiftwidth=4 30 | set smarttab 31 | set expandtab 32 | set softtabstop=4 33 | 34 | " Show the cursor position all the time 35 | set ruler 36 | 37 | " Set the number of commands remembered by vim 38 | set history=1000 39 | 40 | " Don't show line numbers 41 | set nonu 42 | 43 | " Ignore case when searching 44 | set ignorecase 45 | 46 | " Highlight search pattern matches 47 | set hlsearch 48 | 49 | " Show extraneous whitespace 50 | set list 51 | set listchars=tab:>-,trail:= 52 | 53 | " Support backspace in insert mode 54 | set backspace=indent,eol,start 55 | 56 | if has("autocmd") 57 | " Jump to the last position when reopening a file 58 | autocmd BufReadPost * 59 | \ if line("'\"") > 0 && line ("'\"") <= line("$") | 60 | \ exe "normal! g'\"" | 61 | \ endif 62 | " Don't write swapfile on most commonly used directories for NFS mounts or USB sticks 63 | autocmd BufNewFile,BufReadPre /media/*,/run/media/*,/mnt/* set directory=~/tmp,/var/tmp,/tmp 64 | " Fix puppet files to be Ruby 65 | autocmd BufRead *.pp set filetype=ruby 66 | endif 67 | -------------------------------------------------------------------------------- /chef/cookbooks/postfix/templates/default/main.cf.erb: -------------------------------------------------------------------------------- 1 | smtpd_banner = $myhostname ESMTP $mail_name 2 | biff = no 3 | 4 | # appending .domain is the MUA's job. 5 | append_dot_mydomain = no 6 | 7 | # Uncomment the next line to generate "delayed mail" warnings 8 | #delay_warning_time = 4h 9 | 10 | readme_directory = no 11 | 12 | # TLS parameters 13 | smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem 14 | smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key 15 | smtpd_use_tls = yes 16 | smtpd_tls_session_cache_database = lmdb:${data_directory}/smtpd_scache 17 | smtp_tls_session_cache_database = lmdb:${data_directory}/smtp_scache 18 | 19 | myhostname = <%= node['hostname'] %> 20 | alias_maps = lmdb:/etc/aliases 21 | alias_database = lmdb:/etc/aliases 22 | <% if node['fqdn'] == nil -%> 23 | myorigin = <%= node['hostname'] %> 24 | <% else -%> 25 | myorigin = <%= node['fqdn'] %> 26 | <% end -%> 27 | 28 | <% if node['fqdn'] == nil -%> 29 | mydestination = <%= node['hostname'] %>, localhost.localdomain, localhost 30 | <% else -%> 31 | <%- if node['fqdn'] != node['hostname'] -%> 32 | mydestination = <%= node['fqdn'] %>, <%= node['hostname'] %>, localhost.localdomain, localhost 33 | <%- else -%> 34 | mydestination = <%= node['fqdn'] %>, localhost.localdomain, localhost 35 | <%- end -%> 36 | <% end -%> 37 | 38 | smtpd_recipient_restrictions = permit_mynetworks,reject 39 | smtpd_relay_restrictions = permit_sasl_authenticated,reject 40 | 41 | <% if @mail_relay != "" -%> 42 | relayhost = <%= @mail_relay %> 43 | <% end -%> 44 | mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 45 | mailbox_size_limit = 0 46 | recipient_delimiter = + 47 | inet_interfaces = loopback-only 48 | 49 | <% if node['platform_family'] == 'suse' -%> 50 | setgid_group = maildrop 51 | daemon_directory = /usr/lib/postfix/bin/ 52 | <% end -%> 53 | -------------------------------------------------------------------------------- /common/files/vim/vimrc.RedHat: -------------------------------------------------------------------------------- 1 | if v:lang =~ "utf8$" || v:lang =~ "UTF-8$" 2 | set fileencodings=ucs-bom,utf-8,latin1 3 | endif 4 | 5 | set nocompatible " Use Vim defaults (much better!) 6 | set bs=indent,eol,start " allow backspacing over everything in insert mode 7 | "set ai " always set autoindenting on 8 | "set backup " keep a backup file 9 | set viminfo='20,\"50 " read/write a .viminfo file, don't store more 10 | " than 50 lines of registers 11 | set history=50 " keep 50 lines of command line history 12 | set ruler " show the cursor position all the time 13 | 14 | " Only do this part when compiled with support for autocommands 15 | if has("autocmd") 16 | augroup redhat 17 | autocmd! 18 | " In text files, always limit the width of text to 78 characters 19 | " autocmd BufRead *.txt set tw=78 20 | " When editing a file, always jump to the last cursor position 21 | autocmd BufReadPost * 22 | \ if line("'\"") > 0 && line ("'\"") <= line("$") | 23 | \ exe "normal! g'\"" | 24 | \ endif 25 | " don't write swapfile on most commonly used directories for NFS mounts or USB sticks 26 | autocmd BufNewFile,BufReadPre /media/*,/run/media/*,/mnt/* set directory=~/tmp,/var/tmp,/tmp 27 | " start with spec file template 28 | autocmd BufNewFile *.spec 0r /usr/share/vim/vimfiles/template.spec 29 | augroup END 30 | endif 31 | 32 | if has("cscope") && filereadable("/usr/bin/cscope") 33 | set csprg=/usr/bin/cscope 34 | set csto=0 35 | set cst 36 | set nocsverb 37 | " add any database in current directory 38 | if filereadable("cscope.out") 39 | cs add $PWD/cscope.out 40 | " else add database pointed to by environment 41 | elseif $CSCOPE_DB != "" 42 | cs add $CSCOPE_DB 43 | endif 44 | set csverb 45 | endif 46 | 47 | " Switch syntax highlighting on, when the terminal has colors 48 | " Also switch on highlighting the last used search pattern. 49 | if &t_Co > 2 || has("gui_running") 50 | syntax on 51 | set hlsearch 52 | endif 53 | 54 | filetype plugin on 55 | 56 | if &term=="xterm" 57 | set t_Co=8 58 | set t_Sb=[4%dm 59 | set t_Sf=[3%dm 60 | endif 61 | 62 | " Don't wake up system with blinking cursor: 63 | " http://www.linuxpowertop.org/known.php 64 | let &guicursor = &guicursor . ",a:blinkon0" 65 | 66 | " Source a global configuration file if available 67 | if filereadable("/etc/vim/vimrc.local") 68 | source /etc/vim/vimrc.local 69 | endif 70 | -------------------------------------------------------------------------------- /chef/standalone-chef.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | usage() { 4 | echo "Usage: $0 -e EMAIL_ADDRESS [-m MAIL_RELAY_HOST] [-l] [-c] [-b branch] (as root)" 5 | exit 1 6 | } 7 | 8 | get_pm() { 9 | . /etc/os-release 10 | if [[ "${ID_LIKE}" =~ "debian" ]] || [[ "${ID}" == "debian" ]] ; then 11 | pm='apt -y' 12 | ${pm} update 13 | elif [[ "${ID_LIKE}" =~ "rhel" ]] || [[ "${ID_LIKE}" =~ "fedora" ]] || [[ "${ID}" == "fedora" ]] ; then 14 | pm='dnf -y' 15 | ${pm} makecache 16 | ${pm} install --allowerasing which findutils hostname libxcrypt-compat coreutils curl procps gawk dnf-utils 17 | elif [[ "${ID_LIKE}" =~ "suse" ]] ; then 18 | pm='zypper -n' 19 | ${pm} refresh 20 | ${pm} install gzip hostname 21 | else 22 | echo "Error: no package manager found." 23 | exit 1 24 | fi 25 | } 26 | 27 | install_deps() { 28 | ${pm} install git curl 29 | } 30 | 31 | install_chef() { 32 | curl -L https://omnitruck.cinc.sh/install.sh | bash || exit 1 33 | } 34 | 35 | install_vim_syntax_highlighting() { 36 | if [ -n "${SUDO_UID}" ] ; then 37 | home=$(getent passwd "${SUDO_UID}" | cut -d: -f6) 38 | else 39 | home=~ 40 | fi 41 | if [ -f "${home}"/.vim/syntax/chef.vim ] ; then 42 | return 43 | fi 44 | tmp_dir=$(mktemp -d) 45 | mkdir -p "${home}"/.vim 46 | git clone https://github.com/vadv/vim-chef "${tmp_dir}" 47 | cp -r "${tmp_dir}"/* "${home}"/.vim/ 48 | if [ -n "${SUDO_UID}" ] ; then 49 | # shellcheck disable=SC2153 50 | chown -R "${SUDO_UID}":"${SUDO_GID}" "${home}"/.vim 51 | fi 52 | rm -fr "${tmp_dir}" 53 | } 54 | 55 | get_config_from_github() { 56 | tmp_dir=$(mktemp -d) 57 | git clone --branch "${branch}" https://github.com/furlongm/standalone-configuration-management "${tmp_dir}" 58 | cp -Lr "${tmp_dir}"/chef /srv 59 | rm -fr "${tmp_dir}" 60 | run_path=/srv/chef 61 | } 62 | 63 | get_local_config() { 64 | tmp_dir=$(mktemp -d) 65 | cp -Lr . "${tmp_dir}" 66 | run_path=${tmp_dir} 67 | } 68 | 69 | main() { 70 | get_pm 71 | which git 1>/dev/null 2>&1 || install_deps 72 | which curl 1>/dev/null 2>&1 || install_deps 73 | which chef-client 1>/dev/null 2>&1 || install_chef 74 | install_vim_syntax_highlighting 75 | if [ -z "${run_locally}" ] ; then 76 | get_config_from_github 77 | else 78 | get_local_config 79 | fi 80 | sed -i -e "s#run_path =.*#run_path = '${run_path}'#" "${run_path}"/client.rb 81 | sed -i -e "s/root_alias.*\"/root_alias\": \"${root_alias}\"/" "${run_path}"/node.json 82 | sed -i -e "s/mail_relay.*\"/mail_relay\": \"${mail_relay}\"/" "${run_path}"/node.json 83 | sed -i -e "s/containerized.*/containerized\": ${containerized},/" "${run_path}"/node.json 84 | set -e 85 | chef-client -z -j "${run_path}"/node.json -c "${run_path}"/client.rb --chef-license accept 86 | rm -fr "${tmp_dir}" 87 | } 88 | 89 | # defaults 90 | containerized=false 91 | branch=main 92 | 93 | while getopts ":le:m:cb:" opt ; do 94 | case ${opt} in 95 | e) 96 | root_alias=${OPTARG} 97 | ;; 98 | l) 99 | run_locally=true 100 | ;; 101 | m) 102 | mail_relay=${OPTARG} 103 | ;; 104 | c) 105 | containerized=true 106 | ;; 107 | b) 108 | branch=${OPTARG} 109 | ;; 110 | *) 111 | usage 112 | ;; 113 | esac 114 | done 115 | 116 | if [[ -z ${root_alias} || ${EUID} -ne 0 ]] ; then 117 | usage 118 | fi 119 | main 120 | -------------------------------------------------------------------------------- /saltstack/standalone-salt.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | usage() { 4 | echo "Usage: $0 -e EMAIL_ADDRESS [-m MAIL_RELAY_HOST] [-l] [-c] [-b branch] (as root)" 5 | exit 1 6 | } 7 | 8 | get_pm() { 9 | . /etc/os-release 10 | if [[ "${ID_LIKE}" =~ "debian" ]] || [[ "${ID}" == "debian" ]] ; then 11 | pm='apt -y' 12 | ${pm} update 13 | ${pm} install virt-what 14 | elif [[ "${ID_LIKE}" =~ "rhel" ]] || [[ "${ID_LIKE}" =~ "fedora" ]] || [[ "${ID}" == "fedora" ]] ; then 15 | pm='dnf -y' 16 | ${pm} makecache 17 | ${pm} install --allowerasing which findutils hostname libxcrypt-compat coreutils curl procps gawk virt-what systemd 18 | elif [[ "${ID_LIKE}" =~ "suse" ]] ; then 19 | pm='zypper -n' 20 | ${pm} refresh 21 | ${pm} install which gzip virt-what 22 | else 23 | echo "Error: no package manager found." 24 | exit 1 25 | fi 26 | } 27 | 28 | install_deps() { 29 | ${pm} install git curl 30 | } 31 | 32 | install_salt() { 33 | curl -L https://github.com/saltstack/salt-bootstrap/releases/latest/download/bootstrap-salt.sh | bash -s -- -X -d -x python3 || exit 1 34 | } 35 | 36 | install_vim_syntax_highlighting() { 37 | if [ -n "${SUDO_UID}" ] ; then 38 | home=$(getent passwd "${SUDO_UID}" | cut -d: -f6) 39 | else 40 | home=~ 41 | fi 42 | for i in ftdetect ftplugin indent ; do 43 | if [ -f "${home}"/.vim/${i}/sls.vim ] ; then 44 | return 45 | fi 46 | done 47 | tmp_dir=$(mktemp -d) 48 | mkdir -p "${home}"/.vim 49 | git clone https://github.com/saltstack/salt-vim "${tmp_dir}" 50 | cp -r "${tmp_dir}"/ftdetect "${tmp_dir}"/ftplugin "${tmp_dir}"/syntax "${home}"/.vim/ 51 | if [ -n "${SUDO_UID}" ] ; then 52 | # shellcheck disable=SC2153 53 | chown -R "${SUDO_UID}":"${SUDO_GID}" "${home}"/.vim 54 | fi 55 | rm -fr "${tmp_dir}" 56 | } 57 | 58 | get_config_from_github() { 59 | tmp_dir=$(mktemp -d) 60 | git clone --branch "${branch}" https://github.com/furlongm/standalone-configuration-management "${tmp_dir}" 61 | cp -Lr "${tmp_dir}"/saltstack/salt /srv 62 | cp -r "${tmp_dir}"/saltstack/pillar /srv 63 | rm -fr "${tmp_dir}" 64 | run_path=/srv 65 | } 66 | 67 | get_local_config() { 68 | run_path=. 69 | } 70 | 71 | main() { 72 | get_pm 73 | which git 1>/dev/null 2>&1 || install_deps 74 | which curl 1>/dev/null 2>&1 || install_deps 75 | which patch 1>/dev/null 2>&1 || install_deps 76 | which salt-call 1>/dev/null 2>&1 || install_salt 77 | install_vim_syntax_highlighting 78 | if [ -z "${run_locally}" ] ; then 79 | get_config_from_github 80 | else 81 | get_local_config 82 | fi 83 | set -e 84 | salt-call --local --file-root ${run_path}/salt --pillar-root ${run_path}/pillar state.highstate pillar="{'containerized': ${containerized}, 'mail_relay': \"${mail_relay}\", 'root_alias': \"${root_alias}\"}" 85 | } 86 | 87 | # defaults 88 | containerized=false 89 | branch=main 90 | 91 | while getopts ":le:m:cb:" opt ; do 92 | case ${opt} in 93 | e) 94 | root_alias=${OPTARG} 95 | ;; 96 | l) 97 | run_locally=true 98 | ;; 99 | m) 100 | mail_relay=${OPTARG} 101 | ;; 102 | c) 103 | containerized=true 104 | ;; 105 | b) 106 | branch=${OPTARG} 107 | ;; 108 | *) 109 | usage 110 | ;; 111 | esac 112 | done 113 | 114 | if [[ -z ${root_alias} || ${EUID} -ne 0 ]] ; then 115 | usage 116 | fi 117 | main 118 | -------------------------------------------------------------------------------- /ansible/standalone-ansible.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | usage() { 4 | echo "Usage: $0 -e EMAIL_ADDRESS [-m MAIL_RELAY_HOST] [-l] [-c] [-b branch] (as root)" 5 | exit 1 6 | } 7 | 8 | get_pm() { 9 | . /etc/os-release 10 | if [[ "${ID_LIKE}" =~ "debian" ]] || [[ "${ID}" == "debian" ]] ; then 11 | pm='apt -y' 12 | ${pm} update 13 | elif [[ "${ID_LIKE}" =~ "rhel" ]] || [[ "${ID_LIKE}" =~ "fedora" ]] || [[ "${ID}" == "fedora" ]] ; then 14 | pm='dnf -y' 15 | ${pm} makecache 16 | ${pm} install --allowerasing which findutils hostname libxcrypt-compat coreutils curl procps gawk 17 | elif [[ "${ID_LIKE}" =~ "suse" ]] ; then 18 | pm='zypper -n' 19 | ${pm} refresh 20 | ${pm} install gzip 21 | else 22 | echo "Error: no package manager found." 23 | exit 1 24 | fi 25 | } 26 | 27 | install_epel() { 28 | if [[ "${NAME}" =~ "Red Hat" ]] ; then 29 | epel_release_uri=https://dl.fedoraproject.org/pub/epel/epel-release-latest-10.noarch.rpm 30 | else 31 | epel_release_uri=epel-release 32 | fi 33 | ${pm} install ${epel_release_uri} 34 | ${pm} makecache 35 | } 36 | 37 | install_deps() { 38 | ${pm} install git curl python3 39 | } 40 | 41 | install_ansible() { 42 | if [[ "${NAME}" =~ "CentOS" ]] ; then 43 | ansible="ansible-core" 44 | else 45 | ansible="ansible" 46 | fi 47 | ${pm} install ${ansible} 48 | } 49 | 50 | install_vim_syntax_highlighting() { 51 | if [ -n "${SUDO_UID}" ] ; then 52 | home=$(getent passwd "${SUDO_UID}" | cut -d: -f6) 53 | else 54 | home=~ 55 | fi 56 | for i in ftdetect ftplugin indent syntax ; do 57 | if [ -f "${home}"/.vim/${i}/ansible.vim ] ; then 58 | return 59 | fi 60 | done 61 | tmp_dir=$(mktemp -d) 62 | mkdir -p "${home}"/.vim 63 | git clone https://github.com/pearofducks/ansible-vim "${tmp_dir}" 64 | cp -r "${tmp_dir}"/* "${home}"/.vim/ 65 | if [ -n "${SUDO_UID}" ] ; then 66 | # shellcheck disable=SC2153 67 | chown -R "${SUDO_UID}":"${SUDO_GID}" "${home}"/.vim 68 | fi 69 | rm -fr "${tmp_dir}" 70 | } 71 | 72 | get_config_from_github() { 73 | tmp_dir=$(mktemp -d) 74 | git clone --branch "${branch}" https://github.com/furlongm/standalone-configuration-management "${tmp_dir}" 75 | cp -Lr "${tmp_dir}"/ansible /srv 76 | rm -fr "${tmp_dir}" 77 | run_path=/srv/ansible 78 | } 79 | 80 | get_local_config() { 81 | run_path=. 82 | } 83 | 84 | main() { 85 | get_pm 86 | which dnf 1>/dev/null 2>&1 && install_epel 87 | which git 1>/dev/null 2>&1 || install_deps 88 | which curl 1>/dev/null 2>&1 || install_deps 89 | which ansible 1>/dev/null 2>&1 || install_ansible 90 | install_vim_syntax_highlighting 91 | if [ -z "${run_locally}" ] ; then 92 | get_config_from_github 93 | else 94 | get_local_config 95 | fi 96 | set -e 97 | ansible --version 98 | ansible-playbook --diff -i ${run_path}/hosts ${run_path}/playbooks/site.yml -e "mail_relay=${mail_relay}" -e "root_alias=${root_alias}" 99 | } 100 | 101 | # defaults 102 | branch=main 103 | 104 | while getopts ":le:m:cb:" opt ; do 105 | case ${opt} in 106 | e) 107 | root_alias=${OPTARG} 108 | ;; 109 | l) 110 | run_locally=true 111 | ;; 112 | m) 113 | mail_relay=${OPTARG} 114 | ;; 115 | c) 116 | # noop on ansible as ansible is the only one that correctly detects being run in a container 117 | ;; 118 | b) 119 | branch=${OPTARG} 120 | ;; 121 | *) 122 | usage 123 | ;; 124 | esac 125 | done 126 | 127 | if [[ -z ${root_alias} || ${EUID} -ne 0 ]] ; then 128 | usage 129 | fi 130 | main 131 | -------------------------------------------------------------------------------- /puppet/standalone-puppet.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | usage() { 4 | echo "Usage: $0 -e EMAIL_ADDRESS [-m MAIL_RELAY_HOST] [-l] [-c] [-b branch] (as root)" 5 | exit 1 6 | } 7 | 8 | get_pm() { 9 | . /etc/os-release 10 | if [[ "${ID_LIKE}" =~ "debian" ]] || [[ "${ID}" == "debian" ]] ; then 11 | pm='apt -y' 12 | ${pm} update 13 | ${pm} install wget virt-what 14 | elif [[ "${ID_LIKE}" =~ "rhel" ]] || [[ "${ID_LIKE}" =~ "fedora" ]] || [[ "${ID}" == "fedora" ]] ; then 15 | pm='dnf -y' 16 | ${pm} makecache 17 | ${pm} install --allowerasing which findutils hostname libxcrypt-compat coreutils curl procps gawk virt-what 18 | elif [[ "${ID_LIKE}" =~ "suse" ]] ; then 19 | pm='zypper -n --no-gpg-checks --gpg-auto-import-keys' 20 | ${pm} refresh 21 | ${pm} install gzip virt-what 22 | else 23 | echo "Error: no package manager found." 24 | exit 1 25 | fi 26 | } 27 | 28 | install_deps() { 29 | ${pm} install git curl 30 | } 31 | 32 | install_puppet() { 33 | puppet_package=openvox-agent 34 | if [[ "${pm}" =~ "apt" ]] ; then 35 | deb=openvox8-release-${ID}${VERSION_ID}.deb 36 | wget https://apt.voxpupuli.org/"${deb}" 37 | dpkg -i "${deb}" 38 | rm "${deb}" 39 | ${pm} update 40 | elif [[ "${pm}" =~ "dnf" ]] ; then 41 | if [[ "${ID}" == "fedora" ]] ; then 42 | ${pm} install https://yum.voxpupuli.org/openvox8-release-fedora-"${VERSION_ID}".noarch.rpm 43 | else 44 | ${pm} install https://yum.voxpupuli.org/openvox8-release-el-"${VERSION_ID}".noarch.rpm 45 | fi 46 | ${pm} makecache 47 | elif [[ "${pm}" =~ "zypper" ]] ; then 48 | ${pm} install https://yum.voxpupuli.org/openvox8-release-sles-"${VERSION_ID/.*/}".noarch.rpm 49 | ${pm} refresh 50 | fi 51 | ${pm} install ${puppet_package} 52 | } 53 | 54 | install_vim_syntax_highlighting() { 55 | if [ -n "${SUDO_UID}" ] ; then 56 | home=$(getent passwd "${SUDO_UID}" | cut -d: -f6) 57 | else 58 | home=~ 59 | fi 60 | for i in ftdetect ftplugin indent syntax ; do 61 | if [ -f "${home}"/.vim/${i}/puppet.vim ] ; then 62 | return 63 | fi 64 | done 65 | tmp_dir=$(mktemp -d) 66 | mkdir -p "${home}"/.vim 67 | git clone https://github.com/rodjek/vim-puppet "${tmp_dir}" 68 | cp -r "${tmp_dir}"/* "${home}"/.vim/ 69 | if [ -n "${SUDO_UID}" ] ; then 70 | # shellcheck disable=SC2153 71 | chown -R "${SUDO_UID}":"${SUDO_GID}" "${home}"/.vim 72 | fi 73 | rm -fr "${tmp_dir}" 74 | } 75 | 76 | get_config_from_github() { 77 | tmp_dir=$(mktemp -d) 78 | git clone --branch "${branch}" https://github.com/furlongm/standalone-configuration-management "${tmp_dir}" 79 | mkdir -p /etc/puppet/{manifests,modules} 80 | cp -Lr "${tmp_dir}"/puppet/modules/* /etc/puppet/modules 81 | cp -r "${tmp_dir}"/puppet/manifests/* /etc/puppet/manifests 82 | run_path=/etc/puppet 83 | } 84 | 85 | get_local_config() { 86 | tmp_dir=$(mktemp -d) 87 | cp -Lr ./modules "${tmp_dir}" 88 | cp -Lr ./manifests "${tmp_dir}" 89 | run_path=${tmp_dir} 90 | } 91 | 92 | main() { 93 | get_pm 94 | which git 1>/dev/null 2>&1 || install_deps 95 | which curl 1>/dev/null 2>&1 || install_deps 96 | which puppet 1>/dev/null 2>&1 || install_puppet 97 | install_vim_syntax_highlighting 98 | if [ -z "${run_locally}" ] ; then 99 | get_config_from_github 100 | else 101 | get_local_config 102 | fi 103 | get_config_from_github 104 | export PATH=/opt/puppetlabs/bin:${PATH} 105 | export FACTER_root_alias=${root_alias} 106 | export FACTER_mail_relay=${mail_relay} 107 | export FACTER_containerized=${containerized} 108 | puppet module install --target-dir "${run_path}"/modules puppetlabs-mailalias_core 109 | puppet apply --show_diff --detailed-exitcodes --modulepath "${run_path}"/modules "${run_path}"/manifests/standalone-site.pp 110 | retval=${?} 111 | case ${retval} in 112 | 0) 113 | failed=false 114 | ;; 115 | 2) 116 | failed=false 117 | ;; 118 | *) 119 | failed=true 120 | ;; 121 | esac 122 | if [ "${failed}" == "true" ] ; then 123 | exit 1 124 | fi 125 | rm -fr "${tmp_dir}" 126 | } 127 | 128 | # defaults 129 | containerized=false 130 | branch=main 131 | 132 | while getopts ":le:m:cb:" opt ; do 133 | case ${opt} in 134 | e) 135 | root_alias=${OPTARG} 136 | ;; 137 | l) 138 | run_locally=true 139 | ;; 140 | m) 141 | mail_relay=${OPTARG} 142 | ;; 143 | c) 144 | containerized=true 145 | ;; 146 | b) 147 | branch=${OPTARG} 148 | ;; 149 | *) 150 | usage 151 | ;; 152 | esac 153 | done 154 | 155 | if [[ -z ${root_alias} || ${EUID} -ne 0 ]] ; then 156 | usage 157 | fi 158 | main 159 | -------------------------------------------------------------------------------- /.circleci/config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | version: 2.1 3 | jobs: 4 | shellcheck: 5 | docker: 6 | - image: ubuntu:24.04 7 | steps: 8 | - checkout 9 | - run: 10 | name: shellcheck 11 | command: | 12 | apt update 13 | DEBIAN_FRONTEND=noninteractive apt -y install shellcheck 14 | find -name *.sh -print0 | xargs -0 -n1 shellcheck -x 15 | lint-ansible: 16 | docker: 17 | - image: ubuntu:24.04 18 | steps: 19 | - checkout 20 | - run: 21 | name: ansible-lint 22 | command: | 23 | apt update 24 | DEBIAN_FRONTEND=noninteractive apt -y install build-essential python3-virtualenv git 25 | virtualenv ansible-lint 26 | . ansible-lint/bin/activate 27 | pip install ansible ansible-lint 28 | cd ansible/playbooks/roles 29 | ansible-lint * 30 | lint-puppet: 31 | docker: 32 | - image: ubuntu:24.04 33 | steps: 34 | - checkout 35 | - run: 36 | name: puppet-lint 37 | command: | 38 | apt update 39 | DEBIAN_FRONTEND=noninteractive apt -y install build-essential zlib1g-dev ruby ruby-dev 40 | gem install puppet-lint 41 | puppet-lint --fail-on-warnings --no-documentation-check puppet/modules 42 | lint-salt: 43 | docker: 44 | - image: ubuntu:24.04 45 | steps: 46 | - checkout 47 | - run: 48 | name: salt-lint 49 | command: | 50 | apt update 51 | DEBIAN_FRONTEND=noninteractive apt -y install build-essential python3-dev python3-virtualenv 52 | virtualenv salt-lint 53 | . salt-lint/bin/activate 54 | pip install salt-lint 55 | find saltstack -name "*.sls" -print0 | xargs -0 -n1 salt-lint 56 | lint-chef: 57 | docker: 58 | - image: ubuntu:24.04 59 | steps: 60 | - checkout 61 | - run: 62 | name: chef-lint 63 | command: | 64 | apt update 65 | DEBIAN_FRONTEND=noninteractive apt -y install build-essential zlib1g-dev ruby ruby-dev 66 | gem install foodcritic cookstyle 67 | foodcritic -t ~FC031 -t ~FC071 -t ~FC011 -t ~FC109 chef/cookbooks 68 | cookstyle chef 69 | ansible-debian: 70 | docker: 71 | - image: debian:13 72 | steps: 73 | - checkout 74 | - run: 75 | name: ansible-debian 76 | command: | 77 | cd ansible 78 | bash -x standalone-ansible.sh -e furlongm@gmail.com -l 79 | puppet-debian: 80 | docker: 81 | - image: debian:13 82 | steps: 83 | - checkout 84 | - run: 85 | name: puppet-debian 86 | command: | 87 | cd puppet 88 | bash -x standalone-puppet.sh -e furlongm@gmail.com -l -c 89 | salt-debian: 90 | docker: 91 | - image: debian:13 92 | steps: 93 | - checkout 94 | - run: 95 | name: salt-debian 96 | command: | 97 | cd saltstack 98 | bash -x standalone-salt.sh -e furlongm@gmail.com -l -c 99 | chef-debian: 100 | docker: 101 | - image: debian:13 102 | steps: 103 | - checkout 104 | - run: 105 | name: chef-debian 106 | command: | 107 | cd chef 108 | bash -x standalone-chef.sh -e furlongm@gmail.com -l -c 109 | ansible-ubuntu: 110 | docker: 111 | - image: ubuntu:24.04 112 | steps: 113 | - checkout 114 | - run: 115 | name: ansible-ubuntu 116 | command: | 117 | export DEBIAN_FRONTEND=noninteractive 118 | cd ansible 119 | bash -x standalone-ansible.sh -e furlongm@gmail.com -l 120 | puppet-ubuntu: 121 | docker: 122 | - image: ubuntu:24.04 123 | steps: 124 | - checkout 125 | - run: 126 | name: puppet-ubuntu 127 | command: | 128 | export DEBIAN_FRONTEND=noninteractive 129 | cd puppet 130 | bash -x standalone-puppet.sh -e furlongm@gmail.com -l -c 131 | salt-ubuntu: 132 | docker: 133 | - image: ubuntu:24.04 134 | steps: 135 | - checkout 136 | - run: 137 | name: salt-ubuntu 138 | command: | 139 | export DEBIAN_FRONTEND=noninteractive 140 | cd saltstack 141 | bash -x standalone-salt.sh -e furlongm@gmail.com -l -c 142 | chef-ubuntu: 143 | docker: 144 | - image: ubuntu:24.04 145 | steps: 146 | - checkout 147 | - run: 148 | name: chef-ubuntu 149 | command: | 150 | cd chef 151 | bash -x standalone-chef.sh -e furlongm@gmail.com -l -c 152 | ansible-centos: 153 | docker: 154 | - image: quay.io/centos/centos:stream10 155 | steps: 156 | - checkout 157 | - run: 158 | name: ansible-centos 159 | command: | 160 | cd ansible 161 | bash -x standalone-ansible.sh -e furlongm@gmail.com -l 162 | puppet-centos: 163 | docker: 164 | - image: quay.io/centos/centos:stream10 165 | steps: 166 | - checkout 167 | - run: 168 | name: puppet-centos 169 | command: | 170 | cd puppet 171 | bash -x standalone-puppet.sh -e furlongm@gmail.com -l -c 172 | salt-centos: 173 | docker: 174 | - image: quay.io/centos/centos:stream10 175 | steps: 176 | - checkout 177 | - run: 178 | name: salt-centos 179 | command: | 180 | cd saltstack 181 | bash -x standalone-salt.sh -e furlongm@gmail.com -l -c 182 | chef-centos: 183 | docker: 184 | - image: quay.io/centos/centos:stream10 185 | steps: 186 | - checkout 187 | - run: 188 | name: chef-centos 189 | command: | 190 | cd chef 191 | bash -x standalone-chef.sh -e furlongm@gmail.com -l -c 192 | ansible-opensuse: 193 | docker: 194 | - image: opensuse/leap:15.6 195 | steps: 196 | - checkout 197 | - run: 198 | name: ansible-opensuse 199 | command: | 200 | cd ansible 201 | bash -x standalone-ansible.sh -e furlongm@gmail.com -l 202 | puppet-opensuse: 203 | docker: 204 | - image: opensuse/leap:15.6 205 | steps: 206 | - checkout 207 | - run: 208 | name: puppet-opensuse 209 | command: | 210 | cd puppet 211 | bash -x standalone-puppet.sh -e furlongm@gmail.com -l -c 212 | salt-opensuse: 213 | docker: 214 | - image: opensuse/leap:15.6 215 | steps: 216 | - checkout 217 | - run: 218 | name: salt-opensuse 219 | command: | 220 | cd saltstack 221 | bash -x standalone-salt.sh -e furlongm@gmail.com -l -c 222 | chef-opensuse: 223 | docker: 224 | - image: opensuse/leap:15.6 225 | steps: 226 | - checkout 227 | - run: 228 | name: chef-opensuse 229 | command: | 230 | cd chef 231 | bash -x standalone-chef.sh -e furlongm@gmail.com -l -c 232 | ansible-fedora: 233 | docker: 234 | - image: fedora:43 235 | steps: 236 | - checkout 237 | - run: 238 | name: ansible-fedora 239 | command: | 240 | cd ansible 241 | bash -x standalone-ansible.sh -e furlongm@gmail.com -l 242 | puppet-fedora: 243 | docker: 244 | - image: fedora:43 245 | steps: 246 | - checkout 247 | - run: 248 | name: puppet-fedora 249 | command: | 250 | cd puppet 251 | bash -x standalone-puppet.sh -e furlongm@gmail.com -l -c 252 | salt-fedora: 253 | docker: 254 | - image: fedora:43 255 | steps: 256 | - checkout 257 | - run: 258 | name: salt-fedora 259 | command: | 260 | cd saltstack 261 | bash -x standalone-salt.sh -e furlongm@gmail.com -l -c 262 | chef-fedora: 263 | docker: 264 | - image: fedora:43 265 | steps: 266 | - checkout 267 | - run: 268 | name: chef-fedora 269 | command: | 270 | cd chef 271 | bash -x standalone-chef.sh -e furlongm@gmail.com -l -c 272 | 273 | workflows: 274 | linters: 275 | jobs: 276 | - shellcheck 277 | - lint-ansible 278 | - lint-puppet 279 | - lint-salt 280 | - lint-chef 281 | test-tool-distro-combos: 282 | jobs: 283 | - ansible-debian 284 | - ansible-ubuntu 285 | - ansible-centos 286 | - ansible-opensuse 287 | - ansible-fedora 288 | - puppet-debian 289 | - puppet-ubuntu 290 | - puppet-centos 291 | - puppet-opensuse 292 | - puppet-fedora 293 | - salt-debian 294 | - salt-ubuntu 295 | - salt-centos 296 | - salt-opensuse 297 | - salt-fedora 298 | - chef-debian 299 | - chef-ubuntu 300 | - chef-centos 301 | - chef-opensuse 302 | - chef-fedora 303 | -------------------------------------------------------------------------------- /common/files/vim/vimrc.Suse: -------------------------------------------------------------------------------- 1 | " /etc/vimrc (configuration file for vim only) 2 | " author: Klaus Franken 3 | " author: Werner Fink 4 | " author: Florian La Roche 5 | " version: 2017/04/28 6 | " commented lines start with `"' 7 | 8 | function! SKEL_spec() 9 | 0r /usr/share/vim/current/skeletons/skeleton.spec 10 | language time en_US 11 | if $USER != '' 12 | let login = $USER 13 | elseif $LOGNAME != '' 14 | let login = $LOGNAME 15 | else 16 | let login = 'unknown' 17 | endif 18 | let newline = stridx(login, "\n") 19 | if newline != -1 20 | let login = strpart(login, 0, newline) 21 | endif 22 | if $HOSTNAME != '' 23 | let hostname = $HOSTNAME 24 | else 25 | let hostname = system('hostname -f') 26 | if v:shell_error 27 | let hostname = 'localhost' 28 | endif 29 | endif 30 | let newline = stridx(hostname, "\n") 31 | if newline != -1 32 | let hostname = strpart(hostname, 0, newline) 33 | endif 34 | exe "%s/specCURRENT_YEAR/" . strftime("%Y") . "/ge" 35 | exe "%s/specRPM_CREATION_DATE/" . strftime("%a\ %b\ %d\ %Y") . "/ge" 36 | exe "%s/specRPM_CREATION_AUTHOR_MAIL/" . login . "@" . hostname . "/ge" 37 | exe "%s/specRPM_CREATION_NAME/" . expand("%:t:r") . "/ge" 38 | setf spec 39 | endfunction 40 | 41 | " enable syntax highlighting 42 | syntax on 43 | 44 | " automatically indent lines (default) 45 | " set noautoindent 46 | 47 | " select case-insenitiv search (not default) 48 | " set ignorecase 49 | 50 | " show cursor line and column in the status line 51 | set ruler 52 | 53 | " show matching brackets 54 | set showmatch 55 | 56 | " display mode INSERT/REPLACE/... 57 | set showmode 58 | 59 | " changes special characters in search patterns (default) 60 | " set magic 61 | 62 | " Required to be able to use keypad keys and map missed escape sequences 63 | set esckeys 64 | 65 | " get easier to use and more user friendly vim defaults 66 | " CAUTION: This option breaks some vi compatibility. 67 | " Switch it off if you prefer real vi compatibility 68 | set nocompatible 69 | 70 | " allow backspacing over everything in insert mode 71 | set backspace=indent,eol,start 72 | 73 | " Complete longest common string, then each full match 74 | " enable this for bash compatible behaviour 75 | " set wildmode=longest,full 76 | 77 | " Try to get the correct main terminal type 78 | if &term =~ "xterm" 79 | let myterm = "xterm" 80 | elseif &term =~ "screen" 81 | let myterm = "screen" 82 | else 83 | let myterm = &term 84 | endif 85 | let myterm = substitute(myterm, "cons[0-9][0-9].*$", "linux", "") 86 | let myterm = substitute(myterm, "cons[0-9][0-9].*$", "linux", "") 87 | let myterm = substitute(myterm, "vt1[0-9][0-9].*$", "vt100", "") 88 | let myterm = substitute(myterm, "vt2[0-9][0-9].*$", "vt220", "") 89 | let myterm = substitute(myterm, "\\([^-]*\\)[_-].*$", "\\1", "") 90 | 91 | " Here we define the keys of the NumLock in keyboard transmit mode of xterm 92 | " which misses or hasn't activated Alt/NumLock Modifiers. Often not defined 93 | " within termcap/terminfo and we should map the character printed on the keys. 94 | if myterm == "xterm" || myterm == "kvt" || myterm == "gnome" 95 | " keys in insert/command mode. 96 | map! Oo : 97 | map! Oj * 98 | map! Om - 99 | map! Ok + 100 | map! Ol , 101 | map! OM 102 | map! Ow 7 103 | map! Ox 8 104 | map! Oy 9 105 | map! Ot 4 106 | map! Ou 5 107 | map! Ov 6 108 | map! Oq 1 109 | map! Or 2 110 | map! Os 3 111 | map! Op 0 112 | map! On . 113 | " 8bit control characters 114 | map! o : 115 | map! j * 116 | map! m - 117 | map! k + 118 | map! l , 119 | map! M 120 | map! w 7 121 | map! x 8 122 | map! y 9 123 | map! t 4 124 | map! u 5 125 | map! v 6 126 | map! q 1 127 | map! r 2 128 | map! s 3 129 | map! p 0 130 | map! n . 131 | " keys in normal mode 132 | map Oo : 133 | map Oj * 134 | map Om - 135 | map Ok + 136 | map Ol , 137 | map OM 138 | map Ow 7 139 | map Ox 8 140 | map Oy 9 141 | map Ot 4 142 | map Ou 5 143 | map Ov 6 144 | map Oq 1 145 | map Or 2 146 | map Os 3 147 | map Op 0 148 | map On . 149 | " 8bit control characters 150 | map o : 151 | map j * 152 | map m - 153 | map k + 154 | map l , 155 | map M 156 | map w 7 157 | map x 8 158 | map y 9 159 | map t 4 160 | map u 5 161 | map v 6 162 | map q 1 163 | map r 2 164 | map s 3 165 | map p 0 166 | map n . 167 | endif 168 | 169 | " xterm but without activated keyboard transmit mode 170 | " and therefore not defined in termcap/terminfo. 171 | if myterm == "xterm" || myterm == "kvt" || myterm == "gnome" 172 | " keys in insert/command mode. 173 | map! [H 174 | map! [F 175 | map! H 176 | map! F 177 | " Home/End: older xterms do not fit termcap/terminfo. 178 | map! [1~ 179 | map! [4~ 180 | " Up/Down/Right/Left 181 | map! [A 182 | map! [B 183 | map! [C 184 | map! [D 185 | " 8bit control characters 186 | map! A 187 | map! B 188 | map! C 189 | map! D 190 | map! 5~ 191 | map! 6~ 192 | map! 2~ 193 | map! 3~ 194 | " KP_5 (NumLock off) 195 | map! [E 196 | " keys in normal mode 197 | map [H 0 198 | map [F $ 199 | map H 0 200 | map F $ 201 | " Home/End: older xterms do not fit termcap/terminfo. 202 | map [1~ 0 203 | map [4~ $ 204 | " Up/Down/Right/Left 205 | map [A k 206 | map [B j 207 | map [C l 208 | map [D h 209 | " 8bit control characters 210 | map A k 211 | map B j 212 | map C l 213 | map D h 214 | map 5~ 215 | map 6~ 216 | map 2~ 217 | map 3~ 218 | " KP_5 (NumLock off) 219 | map [E i 220 | map E i 221 | endif 222 | 223 | " xterm/kvt but with activated keyboard transmit mode. 224 | " Sometimes not or wrong defined within termcap/terminfo. 225 | if myterm == "xterm" || myterm == "kvt" || myterm == "gnome" 226 | " keys in insert/command mode. 227 | map! OH 228 | map! OF 229 | map! O2H 230 | map! O2F 231 | map! O5H 232 | map! O5F 233 | " Cursor keys which works mostly 234 | " map! OA 235 | " map! OB 236 | " map! OC 237 | " map! OD 238 | map! [2;2~ 239 | map! [3;2~ 240 | map! [2;5~ 241 | map! [3;5~ 242 | map! O2A 243 | map! O2B 244 | map! O2C 245 | map! O2D 246 | map! O5A 247 | map! O5B 248 | map! O5C 249 | map! O5D 250 | " KP_5 (NumLock off) 251 | map! OE 252 | " keys in normal mode 253 | map OH 0 254 | map OF $ 255 | map O2H 0 256 | map O2F $ 257 | map O5H 0 258 | map O5F $ 259 | " Cursor keys which works mostly 260 | " map OA k 261 | " map OB j 262 | " map OD h 263 | " map OC l 264 | map [2;2~ i 265 | map [3;2~ x 266 | map [2;5~ i 267 | map [3;5~ x 268 | map O2A ^B 269 | map O2B ^F 270 | map O2D b 271 | map O2C w 272 | map O5A ^B 273 | map O5B ^F 274 | map O5D b 275 | map O5C w 276 | " KP_5 (NumLock off) 277 | map OE i 278 | endif 279 | 280 | if myterm == "linux" 281 | " keys in insert/command mode. 282 | map! [G 283 | " KP_5 (NumLock off) 284 | " keys in normal mode 285 | " KP_5 (NumLock off) 286 | map [G i 287 | endif 288 | 289 | if myterm == "screen" 290 | map! [1;2D 291 | map! [1;2C 292 | map! [1;2A 293 | map! [1;2B 294 | map! [1;2H 295 | map! [1;2F 296 | map! [2;2~ 297 | map! [3;2~ 298 | map! [5;2~ 299 | map! [6;2~ 300 | map! [1;5D 301 | map! [1;5C 302 | map! [1;5A 303 | map! [1;5B 304 | map! [1;5H 305 | map! [1;5F 306 | map! [2;5~ 307 | map! [3;5~ 308 | map! [5;5~ 309 | map! [6;5~ 310 | map! [1;3D 311 | map! [1;3C 312 | map! [1;3A 313 | map! [1;3B 314 | map! [1;3H 315 | map! [1;3F 316 | map! [2;3~ 317 | map! [3;3~ 318 | map! [5;3~ 319 | map! [6;3~ 320 | endif 321 | 322 | " This escape sequence is the well known ANSI sequence for 323 | " Remove Character Under The Cursor (RCUTC[tm]) 324 | map! [3~ 325 | map [3~ x 326 | 327 | " Only do this part when compiled with support for autocommands. 328 | if has("autocmd") 329 | "Remember the positions in files with some git-specific exceptions" 330 | autocmd BufReadPost * 331 | \ if line("'\"") > 0 && line("'\"") <= line("$") 332 | \ && expand("%") !~ "COMMIT_EDITMSG" 333 | \ && expand("%") !~ "ADD_EDIT.patch" 334 | \ && expand("%") !~ "addp-hunk-edit.diff" 335 | \ && expand("%") !~ "git-rebase-todo" | 336 | \ exe "normal g`\"" | 337 | \ endif 338 | endif " has("autocmd") 339 | 340 | " Changed default required by SuSE security team--be aware if enabling this 341 | " that it potentially can open for malicious users to do harmful things. 342 | set nomodeline 343 | 344 | " Skeleton for spec files 345 | autocmd BufNewFile *.spec call SKEL_spec() 346 | 347 | " get easier to use and more user friendly vim defaults 348 | " /etc/vimrc ends here 349 | 350 | " Source a global configuration file if available 351 | if filereadable("/etc/vim/vimrc.local") 352 | source /etc/vim/vimrc.local 353 | endif 354 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 2, June 1991 3 | 4 | Copyright (C) 1989, 1991 Free Software Foundation, Inc., 5 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 6 | Everyone is permitted to copy and distribute verbatim copies 7 | of this license document, but changing it is not allowed. 8 | 9 | Preamble 10 | 11 | The licenses for most software are designed to take away your 12 | freedom to share and change it. By contrast, the GNU General Public 13 | License is intended to guarantee your freedom to share and change free 14 | software--to make sure the software is free for all its users. This 15 | General Public License applies to most of the Free Software 16 | Foundation's software and to any other program whose authors commit to 17 | using it. (Some other Free Software Foundation software is covered by 18 | the GNU Lesser General Public License instead.) You can apply it to 19 | your programs, too. 20 | 21 | When we speak of free software, we are referring to freedom, not 22 | price. Our General Public Licenses are designed to make sure that you 23 | have the freedom to distribute copies of free software (and charge for 24 | this service if you wish), that you receive source code or can get it 25 | if you want it, that you can change the software or use pieces of it 26 | in new free programs; and that you know you can do these things. 27 | 28 | To protect your rights, we need to make restrictions that forbid 29 | anyone to deny you these rights or to ask you to surrender the rights. 30 | These restrictions translate to certain responsibilities for you if you 31 | distribute copies of the software, or if you modify it. 32 | 33 | For example, if you distribute copies of such a program, whether 34 | gratis or for a fee, you must give the recipients all the rights that 35 | you have. You must make sure that they, too, receive or can get the 36 | source code. And you must show them these terms so they know their 37 | rights. 38 | 39 | We protect your rights with two steps: (1) copyright the software, and 40 | (2) offer you this license which gives you legal permission to copy, 41 | distribute and/or modify the software. 42 | 43 | Also, for each author's protection and ours, we want to make certain 44 | that everyone understands that there is no warranty for this free 45 | software. If the software is modified by someone else and passed on, we 46 | want its recipients to know that what they have is not the original, so 47 | that any problems introduced by others will not reflect on the original 48 | authors' reputations. 49 | 50 | Finally, any free program is threatened constantly by software 51 | patents. We wish to avoid the danger that redistributors of a free 52 | program will individually obtain patent licenses, in effect making the 53 | program proprietary. To prevent this, we have made it clear that any 54 | patent must be licensed for everyone's free use or not licensed at all. 55 | 56 | The precise terms and conditions for copying, distribution and 57 | modification follow. 58 | 59 | GNU GENERAL PUBLIC LICENSE 60 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 61 | 62 | 0. This License applies to any program or other work which contains 63 | a notice placed by the copyright holder saying it may be distributed 64 | under the terms of this General Public License. The "Program", below, 65 | refers to any such program or work, and a "work based on the Program" 66 | means either the Program or any derivative work under copyright law: 67 | that is to say, a work containing the Program or a portion of it, 68 | either verbatim or with modifications and/or translated into another 69 | language. (Hereinafter, translation is included without limitation in 70 | the term "modification".) Each licensee is addressed as "you". 71 | 72 | Activities other than copying, distribution and modification are not 73 | covered by this License; they are outside its scope. The act of 74 | running the Program is not restricted, and the output from the Program 75 | is covered only if its contents constitute a work based on the 76 | Program (independent of having been made by running the Program). 77 | Whether that is true depends on what the Program does. 78 | 79 | 1. You may copy and distribute verbatim copies of the Program's 80 | source code as you receive it, in any medium, provided that you 81 | conspicuously and appropriately publish on each copy an appropriate 82 | copyright notice and disclaimer of warranty; keep intact all the 83 | notices that refer to this License and to the absence of any warranty; 84 | and give any other recipients of the Program a copy of this License 85 | along with the Program. 86 | 87 | You may charge a fee for the physical act of transferring a copy, and 88 | you may at your option offer warranty protection in exchange for a fee. 89 | 90 | 2. You may modify your copy or copies of the Program or any portion 91 | of it, thus forming a work based on the Program, and copy and 92 | distribute such modifications or work under the terms of Section 1 93 | above, provided that you also meet all of these conditions: 94 | 95 | a) You must cause the modified files to carry prominent notices 96 | stating that you changed the files and the date of any change. 97 | 98 | b) You must cause any work that you distribute or publish, that in 99 | whole or in part contains or is derived from the Program or any 100 | part thereof, to be licensed as a whole at no charge to all third 101 | parties under the terms of this License. 102 | 103 | c) If the modified program normally reads commands interactively 104 | when run, you must cause it, when started running for such 105 | interactive use in the most ordinary way, to print or display an 106 | announcement including an appropriate copyright notice and a 107 | notice that there is no warranty (or else, saying that you provide 108 | a warranty) and that users may redistribute the program under 109 | these conditions, and telling the user how to view a copy of this 110 | License. (Exception: if the Program itself is interactive but 111 | does not normally print such an announcement, your work based on 112 | the Program is not required to print an announcement.) 113 | 114 | These requirements apply to the modified work as a whole. If 115 | identifiable sections of that work are not derived from the Program, 116 | and can be reasonably considered independent and separate works in 117 | themselves, then this License, and its terms, do not apply to those 118 | sections when you distribute them as separate works. But when you 119 | distribute the same sections as part of a whole which is a work based 120 | on the Program, the distribution of the whole must be on the terms of 121 | this License, whose permissions for other licensees extend to the 122 | entire whole, and thus to each and every part regardless of who wrote it. 123 | 124 | Thus, it is not the intent of this section to claim rights or contest 125 | your rights to work written entirely by you; rather, the intent is to 126 | exercise the right to control the distribution of derivative or 127 | collective works based on the Program. 128 | 129 | In addition, mere aggregation of another work not based on the Program 130 | with the Program (or with a work based on the Program) on a volume of 131 | a storage or distribution medium does not bring the other work under 132 | the scope of this License. 133 | 134 | 3. You may copy and distribute the Program (or a work based on it, 135 | under Section 2) in object code or executable form under the terms of 136 | Sections 1 and 2 above provided that you also do one of the following: 137 | 138 | a) Accompany it with the complete corresponding machine-readable 139 | source code, which must be distributed under the terms of Sections 140 | 1 and 2 above on a medium customarily used for software interchange; or, 141 | 142 | b) Accompany it with a written offer, valid for at least three 143 | years, to give any third party, for a charge no more than your 144 | cost of physically performing source distribution, a complete 145 | machine-readable copy of the corresponding source code, to be 146 | distributed under the terms of Sections 1 and 2 above on a medium 147 | customarily used for software interchange; or, 148 | 149 | c) Accompany it with the information you received as to the offer 150 | to distribute corresponding source code. (This alternative is 151 | allowed only for noncommercial distribution and only if you 152 | received the program in object code or executable form with such 153 | an offer, in accord with Subsection b above.) 154 | 155 | The source code for a work means the preferred form of the work for 156 | making modifications to it. For an executable work, complete source 157 | code means all the source code for all modules it contains, plus any 158 | associated interface definition files, plus the scripts used to 159 | control compilation and installation of the executable. However, as a 160 | special exception, the source code distributed need not include 161 | anything that is normally distributed (in either source or binary 162 | form) with the major components (compiler, kernel, and so on) of the 163 | operating system on which the executable runs, unless that component 164 | itself accompanies the executable. 165 | 166 | If distribution of executable or object code is made by offering 167 | access to copy from a designated place, then offering equivalent 168 | access to copy the source code from the same place counts as 169 | distribution of the source code, even though third parties are not 170 | compelled to copy the source along with the object code. 171 | 172 | 4. You may not copy, modify, sublicense, or distribute the Program 173 | except as expressly provided under this License. Any attempt 174 | otherwise to copy, modify, sublicense or distribute the Program is 175 | void, and will automatically terminate your rights under this License. 176 | However, parties who have received copies, or rights, from you under 177 | this License will not have their licenses terminated so long as such 178 | parties remain in full compliance. 179 | 180 | 5. You are not required to accept this License, since you have not 181 | signed it. However, nothing else grants you permission to modify or 182 | distribute the Program or its derivative works. These actions are 183 | prohibited by law if you do not accept this License. Therefore, by 184 | modifying or distributing the Program (or any work based on the 185 | Program), you indicate your acceptance of this License to do so, and 186 | all its terms and conditions for copying, distributing or modifying 187 | the Program or works based on it. 188 | 189 | 6. Each time you redistribute the Program (or any work based on the 190 | Program), the recipient automatically receives a license from the 191 | original licensor to copy, distribute or modify the Program subject to 192 | these terms and conditions. You may not impose any further 193 | restrictions on the recipients' exercise of the rights granted herein. 194 | You are not responsible for enforcing compliance by third parties to 195 | this License. 196 | 197 | 7. If, as a consequence of a court judgment or allegation of patent 198 | infringement or for any other reason (not limited to patent issues), 199 | conditions are imposed on you (whether by court order, agreement or 200 | otherwise) that contradict the conditions of this License, they do not 201 | excuse you from the conditions of this License. If you cannot 202 | distribute so as to satisfy simultaneously your obligations under this 203 | License and any other pertinent obligations, then as a consequence you 204 | may not distribute the Program at all. For example, if a patent 205 | license would not permit royalty-free redistribution of the Program by 206 | all those who receive copies directly or indirectly through you, then 207 | the only way you could satisfy both it and this License would be to 208 | refrain entirely from distribution of the Program. 209 | 210 | If any portion of this section is held invalid or unenforceable under 211 | any particular circumstance, the balance of the section is intended to 212 | apply and the section as a whole is intended to apply in other 213 | circumstances. 214 | 215 | It is not the purpose of this section to induce you to infringe any 216 | patents or other property right claims or to contest validity of any 217 | such claims; this section has the sole purpose of protecting the 218 | integrity of the free software distribution system, which is 219 | implemented by public license practices. Many people have made 220 | generous contributions to the wide range of software distributed 221 | through that system in reliance on consistent application of that 222 | system; it is up to the author/donor to decide if he or she is willing 223 | to distribute software through any other system and a licensee cannot 224 | impose that choice. 225 | 226 | This section is intended to make thoroughly clear what is believed to 227 | be a consequence of the rest of this License. 228 | 229 | 8. If the distribution and/or use of the Program is restricted in 230 | certain countries either by patents or by copyrighted interfaces, the 231 | original copyright holder who places the Program under this License 232 | may add an explicit geographical distribution limitation excluding 233 | those countries, so that distribution is permitted only in or among 234 | countries not thus excluded. In such case, this License incorporates 235 | the limitation as if written in the body of this License. 236 | 237 | 9. The Free Software Foundation may publish revised and/or new versions 238 | of the General Public License from time to time. Such new versions will 239 | be similar in spirit to the present version, but may differ in detail to 240 | address new problems or concerns. 241 | 242 | Each version is given a distinguishing version number. If the Program 243 | specifies a version number of this License which applies to it and "any 244 | later version", you have the option of following the terms and conditions 245 | either of that version or of any later version published by the Free 246 | Software Foundation. If the Program does not specify a version number of 247 | this License, you may choose any version ever published by the Free Software 248 | Foundation. 249 | 250 | 10. If you wish to incorporate parts of the Program into other free 251 | programs whose distribution conditions are different, write to the author 252 | to ask for permission. For software which is copyrighted by the Free 253 | Software Foundation, write to the Free Software Foundation; we sometimes 254 | make exceptions for this. Our decision will be guided by the two goals 255 | of preserving the free status of all derivatives of our free software and 256 | of promoting the sharing and reuse of software generally. 257 | 258 | NO WARRANTY 259 | 260 | 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY 261 | FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN 262 | OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES 263 | PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED 264 | OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 265 | MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS 266 | TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE 267 | PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, 268 | REPAIR OR CORRECTION. 269 | 270 | 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 271 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR 272 | REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, 273 | INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING 274 | OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED 275 | TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY 276 | YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER 277 | PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE 278 | POSSIBILITY OF SUCH DAMAGES. 279 | 280 | END OF TERMS AND CONDITIONS 281 | 282 | How to Apply These Terms to Your New Programs 283 | 284 | If you develop a new program, and you want it to be of the greatest 285 | possible use to the public, the best way to achieve this is to make it 286 | free software which everyone can redistribute and change under these terms. 287 | 288 | To do so, attach the following notices to the program. It is safest 289 | to attach them to the start of each source file to most effectively 290 | convey the exclusion of warranty; and each file should have at least 291 | the "copyright" line and a pointer to where the full notice is found. 292 | 293 | 294 | Copyright (C) 2013 Marcus Furlong 295 | 296 | This program is free software; you can redistribute it and/or modify 297 | it under the terms of the GNU General Public License as published by 298 | the Free Software Foundation; either version 2 of the License, or 299 | (at your option) any later version. 300 | 301 | This program is distributed in the hope that it will be useful, 302 | but WITHOUT ANY WARRANTY; without even the implied warranty of 303 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 304 | GNU General Public License for more details. 305 | 306 | You should have received a copy of the GNU General Public License along 307 | with this program; if not, write to the Free Software Foundation, Inc., 308 | 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 309 | 310 | Also add information on how to contact you by electronic and paper mail. 311 | 312 | If the program is interactive, make it output a short notice like this 313 | when it starts in an interactive mode: 314 | 315 | Gnomovision version 69, Copyright (C) year name of author 316 | Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 317 | This is free software, and you are welcome to redistribute it 318 | under certain conditions; type `show c' for details. 319 | 320 | The hypothetical commands `show w' and `show c' should show the appropriate 321 | parts of the General Public License. Of course, the commands you use may 322 | be called something other than `show w' and `show c'; they could even be 323 | mouse-clicks or menu items--whatever suits your program. 324 | 325 | You should also get your employer (if you work as a programmer) or your 326 | school, if any, to sign a "copyright disclaimer" for the program, if 327 | necessary. Here is a sample; alter the names: 328 | 329 | Yoyodyne, Inc., hereby disclaims all copyright interest in the program 330 | `Gnomovision' (which makes passes at compilers) written by James Hacker. 331 | 332 | {signature of Ty Coon}, 1 April 1989 333 | Ty Coon, President of Vice 334 | 335 | This General Public License does not permit incorporating your program into 336 | proprietary programs. If your program is a subroutine library, you may 337 | consider it more useful to permit linking proprietary applications with the 338 | library. If this is what you want to do, use the GNU Lesser General 339 | Public License instead of this License. 340 | --------------------------------------------------------------------------------