From 97aaba36f7221b32229dc96f33aafa45acd91d60 Mon Sep 17 00:00:00 2001 From: Julien Dessaux Date: Thu, 3 Aug 2017 13:58:00 +0000 Subject: Added basic julien policies --- services/common.cf | 15 +++++++++++++++ services/julien.cf | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ services/main.cf | 5 +++++ 3 files changed, 75 insertions(+) create mode 100644 services/julien.cf diff --git a/services/common.cf b/services/common.cf index 2cce6fd..8f93cc4 100644 --- a/services/common.cf +++ b/services/common.cf @@ -4,6 +4,7 @@ bundle agent common any:: "packages" slist => { @(flavour.packages), + @(julien.packages), @(specific.packages), }; files: @@ -29,3 +30,17 @@ bundle agent common "$(this.bundle): /etc/hosts repaired" ifvarclass => "common_hosts_files_repaired"; "$(this.bundle): $(packages) installed" ifvarclass => "common_packages_$(packages)_add_repaired"; } + +bundle agent home_skel(user) +{ + files: + any:: + "/home/$(user)/." + create => "true", + copy_from => seed_cp("/etc/skel"), + depth_search => recurse("inf"), + classes => if_repaired("home_skel_$(user)_repaired"); + reports: + any:: + "$(this.bundle): /home/$(user) initialized" ifvarclass => "home_skel_$(user)_repaired"; +} diff --git a/services/julien.cf b/services/julien.cf new file mode 100644 index 0000000..44b124a --- /dev/null +++ b/services/julien.cf @@ -0,0 +1,55 @@ +bundle agent julien +{ + vars: + !console_julien:: + "packages" slist => {}; + console_julien.(debian|ubuntu):: + "bash_path" string => "/bin/bash"; + "group_command" string => "$(paths.groupadd)"; + "packages" slist => { + }; + "secondary_groups" slist => { "sudo" }; + console_julien.linux.awh:: + "password" string => "$6$EkJ5N916$CVrBdCOstIrcN33TXSurTY4ot3RiTBJ5E8QQtHnOfOu1cGAjoIAd0Nl3OpR3hkp2jXYmwTJuHQaAuBU69BGNY1"; + console_julien.linux.!awh:: + "password" string => "$6$K/dtcqh4$JiV7j4T6C7vxgOVWcYQXM0DKv0eH6l6qPpdLXxguTmme/ZZDZcBT/uVV3mT2TS4ylRgbNl5uckucYhON1hALn."; + console_julien.freebsd:: + "bash_path" string => "/usr/local/bin/bash"; + "group_command" string => "/usr/sbin/pw groupadd"; + "packages" slist => { + "git", + "mosh", + "tmux", + "rsync", + "vim-lite", + "weechat", + }; + "password" string => "$6$B8xpe/hghS1Q0RiO$yrjcmnLVKOCbCtk6hiW4.hIL3oO4McV/QezKGADUXMel8fwDhe9UfC8XPu58VbhIJTbeYcVSLSc1vrgfjQW/S1"; + "secondary_groups" slist => { "wheel" }; + classes: + console_julien:: + "group_julien_absent" + not => groupexists("julien"); + commands: + group_julien_absent:: + "$(group_command)" + args => "julien", + classes => if_repaired("julien_group_julien_repaired"); + users: + console_julien.linux:: + "julien" + policy => "present", + unless => "group_julien_absent", + description => "Julien Dessaux", + password => hashed_password("$(password)"), + home_dir => "/home/julien", + home_bundle => home_skel("julien"), + group_primary => "julien", + groups_secondary => { @(secondary_groups) }, + shell => "$(bash_path)", + classes => if_repaired("julien_user_julien_repaired"); + reports: + any:: + "$(this.bundle): group julien repaired" ifvarclass => "julien_group_julien_repaired"; + "$(this.bundle): user julien repaired" ifvarclass => "julien_user_julien_repaired"; +} diff --git a/services/main.cf b/services/main.cf index 94a52be..4c2b022 100644 --- a/services/main.cf +++ b/services/main.cf @@ -6,11 +6,13 @@ bundle common classify "common", "check_mk", "flavour", + "julien", }; "inputs" slist => { "services/check_mk.cf", "services/common.cf", "services/$(flavour).cf", + "services/julien.cf", }; debian:: "flavour" string => "debian"; @@ -24,6 +26,9 @@ bundle common classify regline(".*/lxc/.*", "/proc/1/cgroup"), regline(".*lxc", "/proc/1/environ"), }; + "awh" or => { + "hurricane", + }; "console_julien" or => { "andromeda", "collab_jde", -- cgit v1.2.3