kazu634/itamae
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: kazu634:a52c8411514adfeeeea3ee2ae3a92d960f43396e
Branches Tags
kazu634:main
kazu634:grafana-deploy-change
..
compare: kazu634:61e5dec1c419cf5e1514508bcbb457dcf5657cbd
Branches Tags
kazu634:main
kazu634:grafana-deploy-change

No commits in common. "a52c8411514adfeeeea3ee2ae3a92d960f43396e" and "61e5dec1c419cf5e1514508bcbb457dcf5657cbd" have entirely different histories.
a52c841151 ... 61e5dec1c4

5 changed files with 37 additions and 219 deletions
Show Stats Expand all files Collapse all files

21
cookbooks/base/default.rb
View File

@ -71,7 +71,7 @@ include_recipe './cloudflared.rb'
# recipes for Ubuntu 20.04 and later # recipes for Ubuntu 20.04 and later
case node['platform_version'] case node['platform_version']
when "20.04", "22.04", "24.04" when "20.04", "22.04"
remote_file '/etc/multipath.conf' do remote_file '/etc/multipath.conf' do
owner 'root' owner 'root'
group 'root' group 'root'
@ -89,9 +89,10 @@ when "20.04", "22.04", "24.04"
service 'systemd-timesyncd' do service 'systemd-timesyncd' do
action :enable action :enable
end end
end
case node['platform_version'] case node['platform_version']
when "20.04" when "20.04"
remote_file '/etc/systemd/timesyncd.conf' do remote_file '/etc/systemd/timesyncd.conf' do
owner 'root' owner 'root'
group 'root' group 'root'
@ -99,7 +100,7 @@ when "20.04", "22.04", "24.04"
notifies :restart, 'service[systemd-timesyncd]' notifies :restart, 'service[systemd-timesyncd]'
end end
when "22.04" when "22.04"
remote_file '/etc/systemd/timesyncd.conf' do remote_file '/etc/systemd/timesyncd.conf' do
owner 'root' owner 'root'
group 'root' group 'root'
@ -109,20 +110,8 @@ when "20.04", "22.04", "24.04"
notifies :restart, 'service[systemd-timesyncd]' notifies :restart, 'service[systemd-timesyncd]'
end end
when "24.04"
remote_file '/etc/systemd/timesyncd.conf' do
owner 'root'
group 'root'
mode '0644'
source 'files/etc/systemd/timesyncd.2404.conf'
notifies :restart, 'service[systemd-timesyncd]'
end
end
end end
# AWS EC2 Swap Setting: # AWS EC2 Swap Setting:
if node['is_ec2'] if node['is_ec2']
include_recipe './aws_ec2.rb' include_recipe './aws_ec2.rb'

122
cookbooks/base/files/etc/ssh/sshd_config.2404
View File

@ -1,122 +0,0 @@
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
Include /etc/ssh/sshd_config.d/*.conf
Port 10022
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
KbdInteractiveAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin prohibit-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server

26
cookbooks/base/files/etc/systemd/timesyncd.2404.conf
View File

@ -1,26 +0,0 @@
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it under the
# terms of the GNU Lesser General Public License as published by the Free
# Software Foundation; either version 2.1 of the License, or (at your option)
# any later version.
#
# Entries in this file show the compile time defaults. Local configuration
# should be created by either modifying this file (or a copy of it placed in
# /etc/ if the original file is shipped in /usr/), or by creating "drop-ins" in
# the /etc/systemd/timesyncd.conf.d/ directory. The latter is generally
# recommended. Defaults can be restored by simply deleting the main
# configuration file and all drop-ins located in /etc/.
#
# Use 'systemd-analyze cat-config systemd/timesyncd.conf' to display the full config.
#
# See timesyncd.conf(5) for details.
[Time]
NTP=192.168.10.1
#FallbackNTP=ntp.ubuntu.com
#RootDistanceMaxSec=5
#PollIntervalMinSec=32
#PollIntervalMaxSec=2048
#ConnectionRetrySec=30
#SaveIntervalSec=60

31
cookbooks/base/packages.rb
View File

@ -20,28 +20,24 @@ end
### Here we are going to install git. ### Here we are going to install git.
# Constants: # Constants:
case run_command('grep VERSION_ID /etc/os-release | awk -F\" \'{print $2}\'').stdout.chomp KEYSRV = 'hkp://keyserver.ubuntu.com:80'
when "24.04" ID = 'E1DF1F24'
execute 'add-apt-repository -y ppa:git-core/ppa' do
not_if 'test -e /etc/apt/sources.list.d/git-core-ubuntu-ppa-noble.sources'
end
else
KEYSRV = 'hkp://keyserver.ubuntu.com:80'
ID = 'E1DF1F24'
# Retrieve the Ubuntu code: GIT_PREPUSH = '/usr/share/git-core/templates/hooks/pre-push'
DIST = run_command('lsb_release -cs').stdout.chomp PREPUSH = 'https://gist.github.com/kazu634/8267388/raw/e9202cd4c29a66723c88d2be05f3cd19413d2137/pre-push'
# Add the public key file to install `git` # Retrieve the Ubuntu code:
execute "apt-key adv --keyserver #{KEYSRV} --recv-keys #{ID}" do DIST = run_command('lsb_release -cs').stdout.chomp
# Add the public key file to install `git`
execute "apt-key adv --keyserver #{KEYSRV} --recv-keys #{ID}" do
not_if 'apt-key list | grep "E1DF 1F24"' not_if 'apt-key list | grep "E1DF 1F24"'
end end
# Deploy the `apt` sources: # Deploy the `apt` sources:
template '/etc/apt/sources.list.d/git.list' do template '/etc/apt/sources.list.d/git.list' do
action :create action :create
variables(distribution: DIST) variables(distribution: DIST)
end
end end
execute 'apt update' do execute 'apt update' do
@ -52,9 +48,6 @@ execute 'apt install git -y' do
not_if 'LANG=C apt-cache policy git | grep Installed | grep ppa' not_if 'LANG=C apt-cache policy git | grep Installed | grep ppa'
end end
GIT_PREPUSH = '/usr/share/git-core/templates/hooks/pre-push'
PREPUSH = 'https://gist.github.com/kazu634/8267388/raw/e9202cd4c29a66723c88d2be05f3cd19413d2137/pre-push'
execute "wget #{PREPUSH} -O #{GIT_PREPUSH}" do execute "wget #{PREPUSH} -O #{GIT_PREPUSH}" do
not_if "test -e #{GIT_PREPUSH}" not_if "test -e #{GIT_PREPUSH}"
end end

18
cookbooks/base/ssh.rb
View File

@ -9,16 +9,6 @@ end
# Deploy the `sshd` configuration file: # Deploy the `sshd` configuration file:
case node['platform_version'] case node['platform_version']
when "24.04"
remote_file '/etc/ssh/sshd_config' do
user 'root'
owner 'root'
group 'root'
mode '644'
source 'files/etc/ssh/sshd_config.2404'
end
when "22.04" when "22.04"
remote_file '/etc/ssh/sshd_config' do remote_file '/etc/ssh/sshd_config' do
user 'root' user 'root'
@ -58,15 +48,9 @@ else
end end
end end
case node['platform_version']
when "24.04"
execute 'systemctl disable --now ssh.socket'
execute 'systemctl enable --now ssh.service'
execute 'systemctl daemon-reload'
end
# Apply the changes: # Apply the changes:
execute 'systemctl restart ssh.service ' do execute 'systemctl reload ssh.service ' do
action :nothing action :nothing
subscribes :run, 'remote_file[/etc/ssh/sshd_config]' subscribes :run, 'remote_file[/etc/ssh/sshd_config]'
end end