diff options
Diffstat (limited to 'manifests')
-rw-r--r-- | manifests/base/physical.pp | 24 | ||||
-rw-r--r-- | manifests/resources.pp | 4 | ||||
-rw-r--r-- | manifests/role/nas.pp | 7 | ||||
-rw-r--r-- | manifests/subsystem/apt.pp | 15 | ||||
-rw-r--r-- | manifests/subsystem/apt/repo.pp | 25 | ||||
-rw-r--r-- | manifests/subsystem/inception.pp | 2 | ||||
-rw-r--r-- | manifests/subsystem/modprobe/module.pp | 38 | ||||
-rw-r--r-- | manifests/subsystem/sensors.pp | 56 | ||||
-rw-r--r-- | manifests/utils.pp | 7 | ||||
-rw-r--r-- | manifests/utils/bundle/standard.pp | 6 | ||||
-rw-r--r-- | manifests/utils/development/ide.pp | 6 | ||||
-rw-r--r-- | manifests/utils/firmware/efi.pp | 10 | ||||
-rw-r--r-- | manifests/utils/interface.pp | 16 | ||||
-rw-r--r-- | manifests/utils/multimedia.pp | 4 | ||||
-rw-r--r-- | manifests/utils/multimedia/bluetooth.pp | 13 | ||||
-rw-r--r-- | manifests/utils/multimedia/cdplayer.pp | 8 | ||||
-rw-r--r-- | manifests/utils/multimedia/studio.pp | 1 | ||||
-rw-r--r-- | manifests/utils/network/signal.pp | 4 | ||||
-rw-r--r-- | manifests/utils/network/tor.pp | 32 | ||||
-rw-r--r-- | manifests/utils/office/console.pp | 5 | ||||
-rw-r--r-- | manifests/utils/office/gui.pp | 1 | ||||
-rw-r--r-- | manifests/utils/storage/archive.pp | 1 |
22 files changed, 247 insertions, 38 deletions
diff --git a/manifests/base/physical.pp b/manifests/base/physical.pp index 2f63094..035f5c7 100644 --- a/manifests/base/physical.pp +++ b/manifests/base/physical.pp @@ -1,23 +1,17 @@ class nodo::base::physical inherits nodo::base::host { - $smartmontools = lookup('nodo::smartmontools', undef, undef, true) + include nodo::subsystem::sensors - if $smartmontools == true { - class { 'smartmontools': } - } + # Downtime monitoring + # + # Check https://tracker.debian.org/pkg/downtimed + # https://packages.debian.org/bookworm/downtimed + # https://dist.epipe.com/downtimed/ - package { [ 'lm-sensors', ]: - ensure => present, - } + $downtimed = lookup('nodo::downtimed', undef, undef, 'absent') - # Deprecated package { [ - 'hddtemp', + 'downtimed', ]: - ensure => $::lsbdistcodename ? { - 'wheezy' => present, - 'buster' => present, - 'bullseye' => present, - default => absent, - } + ensure => $downtimed, } } diff --git a/manifests/resources.pp b/manifests/resources.pp index 7a48367..4e61fb9 100644 --- a/manifests/resources.pp +++ b/manifests/resources.pp @@ -59,4 +59,8 @@ class nodo::resources { # Repositories $vcsrepos = lookup('vcsrepos', { merge => hash, default_value => {} }) create_resources('vcsrepo', $vcsrepos) + + # Sysctl + $sysctl = lookup('nodo::subsystem::sysctl', { merge => hash, default_value => {} }) + create_resources('nodo::subsystem::sysctl::entry', $sysctl) } diff --git a/manifests/role/nas.pp b/manifests/role/nas.pp index 6f3a800..27d06bd 100644 --- a/manifests/role/nas.pp +++ b/manifests/role/nas.pp @@ -307,9 +307,10 @@ class nodo::role::nas( # $torrent = lookup('nodo::role::nas::torrent', undef, undef, false) - if $torrent == true { - include pyroscope - } + # Pyroscope not being managed right now + #if $torrent == true { + # include pyroscope + #} # # DAAP diff --git a/manifests/subsystem/apt.pp b/manifests/subsystem/apt.pp index 28db591..2dcbc26 100644 --- a/manifests/subsystem/apt.pp +++ b/manifests/subsystem/apt.pp @@ -14,8 +14,9 @@ class nodo::subsystem::apt( default => 'enabled', } ) { + # This one is no longer necessary package { 'apt-transport-https': - ensure => installed, + ensure => absent, } # See https://www.cyberciti.biz/faq/howto-use-apt-get-with-ipv6-or-ipv4-transport-on-ubuntu-debian/ @@ -56,6 +57,18 @@ class nodo::subsystem::apt( }, } + file { '/etc/apt/preferences': + ensure => present, + owner => root, + group => root, + mode => '0644', + require => [ File['/etc/apt/apt.conf.d/1000-force-ipv4-transport'], Package['apt-transport-https'] ], + content => $ensure ? { + 'present' => template("nodo/apt/${::operatingsystem}.preferences.erb"), + default => undef, + }, + } + # We have /var/log/dpkg.log, so we do not need to rotate /var/log/upgrade.log $log = ">> /var/log/upgrade.log 2>&1" $apt = '/usr/bin/apt-get' diff --git a/manifests/subsystem/apt/repo.pp b/manifests/subsystem/apt/repo.pp index ca8f5e1..0495a0f 100644 --- a/manifests/subsystem/apt/repo.pp +++ b/manifests/subsystem/apt/repo.pp @@ -1,15 +1,32 @@ define nodo::subsystem::apt::repo( $definition, $key_source, - $ensure = present, + $keyrings_folder = '/etc/apt/keyrings', + $keyring_name = $name, + $ensure = present, ) { - file { "/etc/apt/trusted.gpg.d/${name}.gpg": + # The recommended locations for keyrings are /usr/share/keyrings for keyrings + # managed by packages, and /etc/apt/keyrings for keyrings managed by the + # system operator. If no keyring files are specified the default is the + # trusted.gpg keyring and all keyrings in the trusted.gpg.d/ directory (see + # apt-key fingerprint). + # + # -- sources.list(5) + file { "${keyrings_folder}/${name}.gpg": ensure => $ensure, owner => "root", group => "root", mode => "0644", source => $key_source, - notify => Exec["apt-repo-auto-update-${name}"], + } + + # Old location + file { "/etc/apt/trusted.gpg.d/${name}.gpg": + ensure => absent, + owner => "root", + group => "root", + mode => "0644", + source => $key_source, } file { "/etc/apt/sources.list.d/${name}.list": @@ -18,7 +35,7 @@ define nodo::subsystem::apt::repo( group => "root", mode => "0644", content => "${definition}\n", - require => [ File["/etc/apt/trusted.gpg.d/${name}.gpg"], Package['apt-transport-https'] ], + require => [ File["${keyrings_folder}/${name}.gpg"], Package['apt-transport-https'] ], notify => Exec["apt-repo-auto-update-${name}"], } diff --git a/manifests/subsystem/inception.pp b/manifests/subsystem/inception.pp index d4bb07c..913f5d5 100644 --- a/manifests/subsystem/inception.pp +++ b/manifests/subsystem/inception.pp @@ -9,7 +9,7 @@ define nodo::subsystem::inception( user => $name, provider => git, source => "https://git.fluxo.info/${git_dev}/apps", - revision => 'def32ac6684a92d0ea55529a6def6f074bebf8d0', + revision => '63e093c355258142053d37a46579d9b19074324d', submodules => true, require => [ File["/home/${name}"], User[$name] ], } diff --git a/manifests/subsystem/modprobe/module.pp b/manifests/subsystem/modprobe/module.pp new file mode 100644 index 0000000..21b7398 --- /dev/null +++ b/manifests/subsystem/modprobe/module.pp @@ -0,0 +1,38 @@ +# +# Handles Linux kernel module loading. +# +# Module loading is implemented both for SysV and systemd based systems, to +# ensure this module is managed in either case. +# +# It also remains to be tested whether _both_ /etc/modules and /etc/modules-load.d +# are processed by recent systemd-based Debian systems; or if there are +# inconsistencies between the implementation and the documentation: +# +# https://wiki.debian.org/Modules#Automatic_loading_of_modules +# +# Anyway, having this configuration in both places does not seem to hurt (much). +# +# Check also https://wiki.archlinux.org/title/Kernel_module#Automatic_module_loading +# https://unix.stackexchange.com/questions/189670/whats-the-difference-of-etc-modules-load-d-and-etc-modules +# +# In the future, this definition can also manage /etc/modprobe.d/ entries. +# +define nodo::subsystem::modprobe::module( + $ensure = 'present', +){ + # Drivetemp module loading for systems using SysV -- /etc/modules - modules(5) + file_line { "etc-modules-${name}": + path => "/etc/modules", + line => "${name}", + ensure => $ensure, + } + + # Drivetemp module loading using systemd's /etc/modules-load.d/ - modules-load.d(5) + file { "/etc/modules-load.d/${name}.conf": + ensure => $ensure, + owner => root, + group => root, + mode => '0644', + content => "${name}\n", + } +} diff --git a/manifests/subsystem/sensors.pp b/manifests/subsystem/sensors.pp new file mode 100644 index 0000000..8a19831 --- /dev/null +++ b/manifests/subsystem/sensors.pp @@ -0,0 +1,56 @@ +class nodo::subsystem::sensors { + # + # SMART monitoring + # + + $smartmontools = lookup('nodo::sensors::smartmontools', undef, undef, 'present') + + if $smartmontools == 'present' { + class { 'smartmontools': } + } + + # + # LM Sensors + # + + $lm_sensors = lookup('nodo::sensors::lm_sensors', undef, undef, 'present') + + package { [ + 'lm-sensors', + ]: + ensure => $lm_sensors, + } + + # + # drivetemp + # + # Just load this driver and lm-sensors will detect sensors automatically. + # + # https://www.baeldung.com/linux/hdd-ssd-temperature + # https://askubuntu.com/questions/1426482/tool-to-monitor-hdd-temperature-in-ubuntu-server-22-04 + # https://wiki.archlinux.org/title/Lm_sensors#S.M.A.R.T._drive_temperature + # https://github.com/philipl/drivetemp + + $drivetemp = lookup('nodo::sensors::drivetemp', undef, undef, 'present') + + nodo::subsystem::modprobe::module { 'drivetemp': + ensure => $drivetemp, + } + + # + # hddtemp + # + + # Deprecated in favor of drivetemp: + # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002484 + package { [ + 'hddtemp', + ]: + ensure => $::lsbdistcodename ? { + 'wheezy' => present, + 'buster' => present, + 'bullseye' => present, + default => absent, + } + } +} diff --git a/manifests/utils.pp b/manifests/utils.pp index bd8f692..5847438 100644 --- a/manifests/utils.pp +++ b/manifests/utils.pp @@ -1,5 +1,12 @@ # Common utilities class nodo::utils inherits nodo::utils::base { + # Ensure every node are ready for offline operation + package { [ + 'apt-offline', + ]: + ensure => present, + } + package { [ 'pv', 'gcp', diff --git a/manifests/utils/bundle/standard.pp b/manifests/utils/bundle/standard.pp index 6d67991..fe6e37c 100644 --- a/manifests/utils/bundle/standard.pp +++ b/manifests/utils/bundle/standard.pp @@ -3,9 +3,11 @@ class nodo::utils::bundle::standard { include nodo::utils::office::gui include nodo::utils::printer include nodo::utils::network - #include nodo::utils::network::xmpp include nodo::utils::web::gui - #include nodo::utils::desktop::gnome include nodo::utils::desktop::cinnamon + + # Old dependencies + #include nodo::utils::network::xmpp + #include nodo::utils::desktop::gnome #include nodo::utils::multimedia::downloaders } diff --git a/manifests/utils/development/ide.pp b/manifests/utils/development/ide.pp index 47d3d98..8361562 100644 --- a/manifests/utils/development/ide.pp +++ b/manifests/utils/development/ide.pp @@ -8,7 +8,7 @@ class nodo::utils::development::ide ( 'myrepos', 'python3-sphinx', - 'python3-recommonmark', + 'python3-myst-parser', 'yamllint', @@ -66,6 +66,10 @@ class nodo::utils::development::ide ( 'exuberant-ctags', 'doxygen', 'agave', + + # Deprecated in favor of python3-myst-parser + # https://github.com/readthedocs/recommonmark + 'python3-recommonmark', ]: ensure => absent, } diff --git a/manifests/utils/firmware/efi.pp b/manifests/utils/firmware/efi.pp new file mode 100644 index 0000000..fa66284 --- /dev/null +++ b/manifests/utils/firmware/efi.pp @@ -0,0 +1,10 @@ +class nodo::utils::firmware::efi ( + $ensure = 'installed', +) { + package { [ + 'fwupd', + 'efivar', + ]: + ensure => $ensure, + } +} diff --git a/manifests/utils/interface.pp b/manifests/utils/interface.pp index d337d13..8a67557 100644 --- a/manifests/utils/interface.pp +++ b/manifests/utils/interface.pp @@ -25,6 +25,7 @@ class nodo::utils::interface inherits nodo::utils::interface::console { 'i3lock', 'materia-gtk-theme', 'blackbird-gtk-theme', + 'obsidian-icon-theme', ]: ensure => installed, } @@ -61,9 +62,7 @@ class nodo::utils::interface inherits nodo::utils::interface::console { 'compton', 'xzoom', 'xautomation', - 'gtk-theme-switch', - 'gtk-smooth-themes', - 'lxappearance', + 'wmctrl', 'pcmanfm', 'metar', @@ -73,6 +72,17 @@ class nodo::utils::interface inherits nodo::utils::interface::console { 'xterm', 'eterm', 'gnome-terminal', + + # Check https://wiki.archlinux.org/title/GTK + # https://wiki.gnome.org/Apps/DconfEditor + 'gtk-theme-switch', + 'gtk-smooth-themes', + 'dconf-editor', + 'lxappearance', + + # xsettingsd is a daemon that implements the XSETTINGS specification. + # https://codeberg.org/derat/xsettingsd + 'xsettingsd', ]: ensure => absent, } diff --git a/manifests/utils/multimedia.pp b/manifests/utils/multimedia.pp index d85cebe..30f5999 100644 --- a/manifests/utils/multimedia.pp +++ b/manifests/utils/multimedia.pp @@ -1,11 +1,12 @@ # Multimedia utilities class nodo::utils::multimedia inherits nodo::utils::multimedia::minimal { package { [ + 'pulseaudio', 'pavucontrol', + 'pasystray', 'jhead', 'qrencode', 'scrot', - 'pulseaudio', ]: ensure => installed, } @@ -32,7 +33,6 @@ class nodo::utils::multimedia inherits nodo::utils::multimedia::minimal { 'audacious', 'qjackctl', 'easytag', - 'audacity', 'opencubicplayer', 'picard', 'gxine', diff --git a/manifests/utils/multimedia/bluetooth.pp b/manifests/utils/multimedia/bluetooth.pp new file mode 100644 index 0000000..8d3c74a --- /dev/null +++ b/manifests/utils/multimedia/bluetooth.pp @@ -0,0 +1,13 @@ +# https://wiki.debian.org/BluetoothUser +# https://wiki.debian.org/BluetoothUser/a2dp +class nodo::utils::multimedia::bluetooth ( + $ensure = 'installed', +) { + package { [ + 'blueman', + 'bluetooth', + 'pulseaudio-module-bluetooth', + ]: + ensure => $ensure, + } +} diff --git a/manifests/utils/multimedia/cdplayer.pp b/manifests/utils/multimedia/cdplayer.pp index e2c7a71..6ec3d0e 100644 --- a/manifests/utils/multimedia/cdplayer.pp +++ b/manifests/utils/multimedia/cdplayer.pp @@ -3,10 +3,16 @@ class nodo::utils::multimedia::cdplayer ( ) { # CD writers and extractors package { [ - 'mcdp', 'cdtool', 'cd-discid', ]: ensure => $ensure, } + + # No longer available + package { [ + 'mcdp', + ]: + ensure => absent, + } } diff --git a/manifests/utils/multimedia/studio.pp b/manifests/utils/multimedia/studio.pp index 72b42b1..0675a08 100644 --- a/manifests/utils/multimedia/studio.pp +++ b/manifests/utils/multimedia/studio.pp @@ -5,6 +5,7 @@ class nodo::utils::multimedia::studio ( 'ardour', 'hydrogen', 'mixxx', + 'audacity', ]: ensure => $ensure, } diff --git a/manifests/utils/network/signal.pp b/manifests/utils/network/signal.pp index 037140a..6cd200b 100644 --- a/manifests/utils/network/signal.pp +++ b/manifests/utils/network/signal.pp @@ -1,7 +1,7 @@ class nodo::utils::network::signal { nodo::subsystem::apt::repo { 'signal.org': - definition => 'deb [arch=amd64] https://updates.signal.org/desktop/apt xenial main', - key_source => 'puppet:///modules/nodo/etc/apt/trusted.gpg.d/signal.org.gpg', + definition => 'deb [signed-by=/etc/apt/keyrings/signal.org.gpg arch=amd64] https://updates.signal.org/desktop/apt xenial main', + key_source => 'puppet:///modules/nodo/etc/apt/keyrings/signal.org.gpg', } package { 'signal-desktop': diff --git a/manifests/utils/network/tor.pp b/manifests/utils/network/tor.pp index 78b08a4..f93d37a 100644 --- a/manifests/utils/network/tor.pp +++ b/manifests/utils/network/tor.pp @@ -3,9 +3,28 @@ class nodo::utils::network::tor ( $ensure = 'installed', ) { + $keyrings_folder = "/usr/share/keyrings" + $keyring = "${keyrings_folder}/deb.torproject.org-keyring.gpg" + nodo::subsystem::apt::repo { 'torproject.org': - definition => "deb [signed-by=/etc/apt/trusted.gpg.d/torproject.org.gpg] https://deb.torproject.org/torproject.org ${::lsbdistcodename} main", - key_source => 'puppet:///modules/nodo/etc/apt/trusted.gpg.d/torproject.org.gpg', + definition => "deb [signed-by=${keyring}] https://deb.torproject.org/torproject.org ${::lsbdistcodename} main", + key_source => "puppet:///modules/nodo/${keyring}", + keyrings_folder => "${keyrings_folder}", + } + + # Puppet should setup the Tor Project's APT keyring only in the first time + # Afterwards ${keyring} will be managed by the deb.torproject.org-keyring package + # + # References: + # + # * https://support.torproject.org/apt/tor-deb-repo/ + # * https://gitlab.torproject.org/tpo/web/support/-/merge_requests/220 + exec { 'torproject-keyring-copy': + command => "cp ${keyrings_folder}/torproject.org.gpg ${keyring}", + onlyif => "/bin/test ! -e ${keyring}", + creates => "${keyring}", + require => File["${keyrings_folder}/torproject.org.gpg"], + notify => Exec["apt-repo-auto-update-torproject.org"], } package { "deb.torproject.org-keyring": @@ -14,8 +33,15 @@ class nodo::utils::network::tor ( } package { [ - 'tor-arm', + 'nyx', ]: ensure => $ensure, } + + # Package 'tor-arm' was renamed to 'nyx' + package { [ + 'tor-arm', + ]: + ensure => absent, + } } diff --git a/manifests/utils/office/console.pp b/manifests/utils/office/console.pp index b35247e..201adbb 100644 --- a/manifests/utils/office/console.pp +++ b/manifests/utils/office/console.pp @@ -17,6 +17,11 @@ class nodo::utils::office::console ( #'worklog', #'lolcat', #'aewan', + + # Needed by finder + # https://git.fluxo.info/finder + 'python3-prompt-toolkit', + 'python3-platformdirs', ]: ensure => $ensure, } diff --git a/manifests/utils/office/gui.pp b/manifests/utils/office/gui.pp index 6cde1aa..5f80288 100644 --- a/manifests/utils/office/gui.pp +++ b/manifests/utils/office/gui.pp @@ -4,6 +4,7 @@ class nodo::utils::office::gui ( package { [ 'libreoffice', 'libreoffice-gtk3', + 'pdfarranger', #'pdftk', ]: ensure => $ensure, diff --git a/manifests/utils/storage/archive.pp b/manifests/utils/storage/archive.pp index 336c74d..9eecc44 100644 --- a/manifests/utils/storage/archive.pp +++ b/manifests/utils/storage/archive.pp @@ -6,6 +6,7 @@ class nodo::utils::storage::archive ( 'convmv', 'rdfind', 'rclone', + 'onionshare', ]: #ensure => latest, ensure => $ensure, |