diff options
Diffstat (limited to 'manifests/subsystem')
-rw-r--r-- | manifests/subsystem/apt.pp | 15 | ||||
-rw-r--r-- | manifests/subsystem/apt/repo.pp | 25 | ||||
-rw-r--r-- | manifests/subsystem/inception.pp | 2 | ||||
-rw-r--r-- | manifests/subsystem/modprobe/module.pp | 38 | ||||
-rw-r--r-- | manifests/subsystem/sensors.pp | 56 |
5 files changed, 130 insertions, 6 deletions
diff --git a/manifests/subsystem/apt.pp b/manifests/subsystem/apt.pp index 28db591..2dcbc26 100644 --- a/manifests/subsystem/apt.pp +++ b/manifests/subsystem/apt.pp @@ -14,8 +14,9 @@ class nodo::subsystem::apt( default => 'enabled', } ) { + # This one is no longer necessary package { 'apt-transport-https': - ensure => installed, + ensure => absent, } # See https://www.cyberciti.biz/faq/howto-use-apt-get-with-ipv6-or-ipv4-transport-on-ubuntu-debian/ @@ -56,6 +57,18 @@ class nodo::subsystem::apt( }, } + file { '/etc/apt/preferences': + ensure => present, + owner => root, + group => root, + mode => '0644', + require => [ File['/etc/apt/apt.conf.d/1000-force-ipv4-transport'], Package['apt-transport-https'] ], + content => $ensure ? { + 'present' => template("nodo/apt/${::operatingsystem}.preferences.erb"), + default => undef, + }, + } + # We have /var/log/dpkg.log, so we do not need to rotate /var/log/upgrade.log $log = ">> /var/log/upgrade.log 2>&1" $apt = '/usr/bin/apt-get' diff --git a/manifests/subsystem/apt/repo.pp b/manifests/subsystem/apt/repo.pp index ca8f5e1..0495a0f 100644 --- a/manifests/subsystem/apt/repo.pp +++ b/manifests/subsystem/apt/repo.pp @@ -1,15 +1,32 @@ define nodo::subsystem::apt::repo( $definition, $key_source, - $ensure = present, + $keyrings_folder = '/etc/apt/keyrings', + $keyring_name = $name, + $ensure = present, ) { - file { "/etc/apt/trusted.gpg.d/${name}.gpg": + # The recommended locations for keyrings are /usr/share/keyrings for keyrings + # managed by packages, and /etc/apt/keyrings for keyrings managed by the + # system operator. If no keyring files are specified the default is the + # trusted.gpg keyring and all keyrings in the trusted.gpg.d/ directory (see + # apt-key fingerprint). + # + # -- sources.list(5) + file { "${keyrings_folder}/${name}.gpg": ensure => $ensure, owner => "root", group => "root", mode => "0644", source => $key_source, - notify => Exec["apt-repo-auto-update-${name}"], + } + + # Old location + file { "/etc/apt/trusted.gpg.d/${name}.gpg": + ensure => absent, + owner => "root", + group => "root", + mode => "0644", + source => $key_source, } file { "/etc/apt/sources.list.d/${name}.list": @@ -18,7 +35,7 @@ define nodo::subsystem::apt::repo( group => "root", mode => "0644", content => "${definition}\n", - require => [ File["/etc/apt/trusted.gpg.d/${name}.gpg"], Package['apt-transport-https'] ], + require => [ File["${keyrings_folder}/${name}.gpg"], Package['apt-transport-https'] ], notify => Exec["apt-repo-auto-update-${name}"], } diff --git a/manifests/subsystem/inception.pp b/manifests/subsystem/inception.pp index d4bb07c..913f5d5 100644 --- a/manifests/subsystem/inception.pp +++ b/manifests/subsystem/inception.pp @@ -9,7 +9,7 @@ define nodo::subsystem::inception( user => $name, provider => git, source => "https://git.fluxo.info/${git_dev}/apps", - revision => 'def32ac6684a92d0ea55529a6def6f074bebf8d0', + revision => '63e093c355258142053d37a46579d9b19074324d', submodules => true, require => [ File["/home/${name}"], User[$name] ], } diff --git a/manifests/subsystem/modprobe/module.pp b/manifests/subsystem/modprobe/module.pp new file mode 100644 index 0000000..21b7398 --- /dev/null +++ b/manifests/subsystem/modprobe/module.pp @@ -0,0 +1,38 @@ +# +# Handles Linux kernel module loading. +# +# Module loading is implemented both for SysV and systemd based systems, to +# ensure this module is managed in either case. +# +# It also remains to be tested whether _both_ /etc/modules and /etc/modules-load.d +# are processed by recent systemd-based Debian systems; or if there are +# inconsistencies between the implementation and the documentation: +# +# https://wiki.debian.org/Modules#Automatic_loading_of_modules +# +# Anyway, having this configuration in both places does not seem to hurt (much). +# +# Check also https://wiki.archlinux.org/title/Kernel_module#Automatic_module_loading +# https://unix.stackexchange.com/questions/189670/whats-the-difference-of-etc-modules-load-d-and-etc-modules +# +# In the future, this definition can also manage /etc/modprobe.d/ entries. +# +define nodo::subsystem::modprobe::module( + $ensure = 'present', +){ + # Drivetemp module loading for systems using SysV -- /etc/modules - modules(5) + file_line { "etc-modules-${name}": + path => "/etc/modules", + line => "${name}", + ensure => $ensure, + } + + # Drivetemp module loading using systemd's /etc/modules-load.d/ - modules-load.d(5) + file { "/etc/modules-load.d/${name}.conf": + ensure => $ensure, + owner => root, + group => root, + mode => '0644', + content => "${name}\n", + } +} diff --git a/manifests/subsystem/sensors.pp b/manifests/subsystem/sensors.pp new file mode 100644 index 0000000..8a19831 --- /dev/null +++ b/manifests/subsystem/sensors.pp @@ -0,0 +1,56 @@ +class nodo::subsystem::sensors { + # + # SMART monitoring + # + + $smartmontools = lookup('nodo::sensors::smartmontools', undef, undef, 'present') + + if $smartmontools == 'present' { + class { 'smartmontools': } + } + + # + # LM Sensors + # + + $lm_sensors = lookup('nodo::sensors::lm_sensors', undef, undef, 'present') + + package { [ + 'lm-sensors', + ]: + ensure => $lm_sensors, + } + + # + # drivetemp + # + # Just load this driver and lm-sensors will detect sensors automatically. + # + # https://www.baeldung.com/linux/hdd-ssd-temperature + # https://askubuntu.com/questions/1426482/tool-to-monitor-hdd-temperature-in-ubuntu-server-22-04 + # https://wiki.archlinux.org/title/Lm_sensors#S.M.A.R.T._drive_temperature + # https://github.com/philipl/drivetemp + + $drivetemp = lookup('nodo::sensors::drivetemp', undef, undef, 'present') + + nodo::subsystem::modprobe::module { 'drivetemp': + ensure => $drivetemp, + } + + # + # hddtemp + # + + # Deprecated in favor of drivetemp: + # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002484 + package { [ + 'hddtemp', + ]: + ensure => $::lsbdistcodename ? { + 'wheezy' => present, + 'buster' => present, + 'bullseye' => present, + default => absent, + } + } +} |