|
Theo Chatzimichos |
5a866d |
{% set osrelease = salt['grains.get']('osrelease') %}
|
|
Theo Chatzimichos |
5a866d |
|
|
Theo Chatzimichos |
8e55f3 |
locale:
|
|
Theo Chatzimichos |
8e55f3 |
present:
|
|
|
218c26 |
- en_US.UTF-8 UTF-8
|
|
Theo Chatzimichos |
8e55f3 |
default:
|
|
|
218c26 |
name: en_US.UTF-8
|
|
|
218c26 |
requires: en_US.UTF-8 UTF-8
|
|
Theo Chatzimichos |
0a7491 |
ntp:
|
|
Theo Chatzimichos |
0a7491 |
ng:
|
|
Theo Chatzimichos |
0a7491 |
settings:
|
|
Theo Chatzimichos |
0a7491 |
ntpd: true
|
|
Theo Chatzimichos |
0a7491 |
ntp_conf:
|
|
Theo Chatzimichos |
0a7491 |
controlkey:
|
|
Theo Chatzimichos |
0a7491 |
- 1
|
|
Theo Chatzimichos |
0a7491 |
disable:
|
|
Theo Chatzimichos |
0a7491 |
- monitor
|
|
Theo Chatzimichos |
0a7491 |
driftfile:
|
|
Theo Chatzimichos |
0a7491 |
- /var/lib/ntp/drift/ntp.drift
|
|
Theo Chatzimichos |
0a7491 |
logfile:
|
|
Theo Chatzimichos |
0a7491 |
- /var/log/ntp
|
|
Theo Chatzimichos |
0a7491 |
keys:
|
|
Theo Chatzimichos |
0a7491 |
- /etc/ntp.keys
|
|
Theo Chatzimichos |
0a7491 |
requestkey:
|
|
Theo Chatzimichos |
0a7491 |
- 1
|
|
Theo Chatzimichos |
0a7491 |
restrict:
|
|
Theo Chatzimichos |
0a7491 |
- -4 default kod notrap nomodify nopeer
|
|
Theo Chatzimichos |
0a7491 |
- -6 default kod notrap nomodify nopeer
|
|
Theo Chatzimichos |
0a7491 |
- 127.0.0.1
|
|
Theo Chatzimichos |
0a7491 |
- ::1
|
|
Theo Chatzimichos |
0a7491 |
trustedkey:
|
|
Theo Chatzimichos |
0a7491 |
- 1
|
|
Theo Chatzimichos |
350015 |
salt:
|
|
Theo Chatzimichos |
7296bd |
gitfs:
|
|
Theo Chatzimichos |
7296bd |
libgit2:
|
|
Theo Chatzimichos |
7296bd |
install_from_source: False
|
|
Theo Chatzimichos |
7296bd |
pygit2:
|
|
Theo Chatzimichos |
7296bd |
install_from_source: False
|
|
Theo Chatzimichos |
7296bd |
master:
|
|
Theo Chatzimichos |
7296bd |
cli_summary: True
|
|
Theo Chatzimichos |
7296bd |
default_top: production
|
|
Theo Chatzimichos |
7296bd |
env_order:
|
|
Theo Chatzimichos |
7296bd |
- production
|
|
Theo Chatzimichos |
7296bd |
ext_pillar:
|
|
Theo Chatzimichos |
7296bd |
- git:
|
|
Theo Chatzimichos |
8b5e20 |
- production gitlab@mickey.opensuse.org:infra/salt.git:
|
|
Theo Chatzimichos |
7296bd |
- env: production
|
|
Theo Chatzimichos |
7296bd |
- root: pillar
|
|
Theo Chatzimichos |
7296bd |
- privkey: /srv/salt/.ssh/salt_gitlab_oo_infra_salt
|
|
Theo Chatzimichos |
7296bd |
- pubkey: /srv/salt/.ssh/salt_gitlab_oo_infra_salt.pub
|
|
Theo Chatzimichos |
7296bd |
ext_pillar_first: True
|
|
Theo Chatzimichos |
7296bd |
fileserver_backend:
|
|
Theo Chatzimichos |
7296bd |
- git
|
|
Theo Chatzimichos |
7296bd |
gitfs_provider: pygit2
|
|
Theo Chatzimichos |
7296bd |
gitfs_remotes:
|
|
Theo Chatzimichos |
8b5e20 |
- gitlab@mickey.opensuse.org:infra/salt.git:
|
|
Theo Chatzimichos |
7296bd |
- root: salt
|
|
Theo Chatzimichos |
7296bd |
- privkey: /srv/salt/.ssh/salt_gitlab_oo_infra_salt
|
|
Theo Chatzimichos |
7296bd |
- pubkey: /srv/salt/.ssh/salt_gitlab_oo_infra_salt.pub
|
|
Theo Chatzimichos |
7296bd |
- https://gitlab.opensuse.org/saltstack-formulas/dhcpd-formula.git
|
|
Theo Chatzimichos |
7296bd |
- https://gitlab.opensuse.org/saltstack-formulas/grains-formula.git
|
|
Theo Chatzimichos |
7296bd |
- https://gitlab.opensuse.org/saltstack-formulas/keepalived-formula.git
|
|
Theo Chatzimichos |
7296bd |
- https://gitlab.opensuse.org/saltstack-formulas/locale-formula.git
|
|
Theo Chatzimichos |
7296bd |
- https://gitlab.opensuse.org/saltstack-formulas/ntp-formula.git
|
|
Theo Chatzimichos |
7296bd |
- https://gitlab.opensuse.org/saltstack-formulas/openssh-formula.git
|
|
Theo Chatzimichos |
7296bd |
- https://gitlab.opensuse.org/saltstack-formulas/salt-formula.git
|
|
Theo Chatzimichos |
7296bd |
- https://gitlab.opensuse.org/saltstack-formulas/sudoers-formula.git
|
|
Theo Chatzimichos |
7296bd |
- https://gitlab.opensuse.org/saltstack-formulas/users-formula.git
|
|
Theo Chatzimichos |
7296bd |
- https://gitlab.opensuse.org/saltstack-formulas/timezone-formula.git
|
|
Theo Chatzimichos |
7296bd |
gitfs_ssl_verify: True
|
|
Theo Chatzimichos |
138569 |
hash_type: sha512
|
|
Theo Chatzimichos |
7296bd |
pillar_gitfs_ssl_verify: True
|
|
Theo Chatzimichos |
7296bd |
pillar_merge_lists: True
|
|
Theo Chatzimichos |
7296bd |
pillar_source_merging_strategy: smart
|
|
Theo Chatzimichos |
7296bd |
state_output: changes
|
|
Theo Chatzimichos |
7296bd |
state_verbose: False
|
|
Theo Chatzimichos |
7296bd |
top_file_merging_strategy: same
|
|
Theo Chatzimichos |
7296bd |
user: salt
|
|
Theo Chatzimichos |
350015 |
minion:
|
|
Theo Chatzimichos |
350015 |
backup_mode: minion
|
|
Theo Chatzimichos |
350015 |
environment: production
|
|
Theo Chatzimichos |
0b4ba2 |
hash_type: sha512
|
|
Theo Chatzimichos |
5a866d |
sshd_config:
|
|
Theo Chatzimichos |
5a866d |
HostKey:
|
|
Theo Chatzimichos |
5a866d |
- /etc/ssh/ssh_host_rsa_key
|
|
Theo Chatzimichos |
5a866d |
- /etc/ssh/ssh_host_dsa_key
|
|
Theo Chatzimichos |
5a866d |
- /etc/ssh/ssh_host_ecdsa_key
|
|
|
218c26 |
{% if osrelease != '11.3' %}
|
|
Theo Chatzimichos |
5a866d |
- /etc/ssh/ssh_host_ed25519_key
|
|
|
218c26 |
{% endif %}
|
|
Theo Chatzimichos |
5a866d |
PermitRootLogin: without-password
|
|
Theo Chatzimichos |
5a866d |
PrintMotd: yes
|
|
|
218c26 |
{% if osrelease.startswith('11') and (salt['grains.get']('cpuarch') == 'x86_64') %}
|
|
Theo Chatzimichos |
5a866d |
# TODO: support more 64bit archs https://progress.opensuse.org/issues/15794
|
|
Theo Chatzimichos |
5a866d |
Subsystem: sftp /usr/lib64/ssh/sftp-server
|
|
|
218c26 |
{% else %}
|
|
Theo Chatzimichos |
5a866d |
# TODO: upstream fix is not sufficient https://github.com/saltstack-formulas/openssh-formula/pull/57
|
|
Theo Chatzimichos |
5a866d |
Subsystem: sftp /usr/lib/ssh/sftp-server
|
|
|
218c26 |
{% endif %}
|
|
Theo Chatzimichos |
5a866d |
UseDNS: yes
|
|
Theo Chatzimichos |
5a866d |
matches:
|
|
Theo Chatzimichos |
5a866d |
root:
|
|
Theo Chatzimichos |
5a866d |
type:
|
|
Theo Chatzimichos |
5a866d |
User: root
|
|
Theo Chatzimichos |
5a866d |
options:
|
|
Theo Chatzimichos |
5a866d |
Banner: /etc/ssh/banner
|
|
|
218c26 |
timezone:
|
|
|
218c26 |
name: UTC
|
|
|
218c26 |
utc: True
|
|
Theo Chatzimichos |
15223c |
sudoers:
|
|
Theo Chatzimichos |
15223c |
defaults:
|
|
Theo Chatzimichos |
15223c |
generic:
|
|
Theo Chatzimichos |
15223c |
- always_set_home
|
|
Theo Chatzimichos |
15223c |
- secure_path="/usr/sbin:/usr/bin:/sbin:/bin"
|
|
Theo Chatzimichos |
15223c |
- env_reset
|
|
Theo Chatzimichos |
15223c |
- env_keep="LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE"
|
|
Theo Chatzimichos |
15223c |
- '!insults'
|
|
Theo Chatzimichos |
15223c |
- targetpw
|
|
Theo Chatzimichos |
15223c |
users:
|
|
Theo Chatzimichos |
15223c |
ALL:
|
|
Theo Chatzimichos |
15223c |
- 'ALL=(ALL) ALL'
|
|
Theo Chatzimichos |
15223c |
root:
|
|
Theo Chatzimichos |
15223c |
- 'ALL=(ALL) ALL'
|
|
Theo Chatzimichos |
15223c |
includedir: /etc/sudoers.d
|
|
Theo Chatzimichos |
15223c |
included_files:
|
|
Theo Chatzimichos |
15223c |
/etc/sudoers.d/nagios_nopasswd_zypper:
|
|
Theo Chatzimichos |
15223c |
users:
|
|
Theo Chatzimichos |
15223c |
nagios:
|
|
Theo Chatzimichos |
15223c |
- 'ALL=(ALL) NOPASSWD: /usr/sbin/zypp-refresh,/usr/bin/zypper ref,/usr/bin/zypper sl,/usr/bin/zypper --xmlout --non-interactive list-updates -t package -t patch'
|
|
|
1dadda |
zypper:
|
|
|
d51c23 |
config:
|
|
|
d51c23 |
zypp_conf:
|
|
|
d51c23 |
main:
|
|
|
d51c23 |
solver.onlyRequires: 'true'
|
|
|
f9f292 |
packages:
|
|
|
f9f292 |
aaa_base: {}
|