blob: 21889c6fb3d1b15d7b64b0d0edeaae3f5d48f2c5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
{%- set roles = salt['http.query']('http://machine-roles.lysergic.dev:4580/roles', decode=True, decode_type='json', params={"machine": grains['id']})['dict']['roles'] -%}
include:
{#- drop pillar check after all firewall configurations have been imported #}
{%- if salt['pillar.get']('manage_firewall', False) %}
- firewalld
{%- endif %}
- profile.seccheck
- profile.zypp
- profile.prometheus.node_exporter
{%- if salt['cmd.run']("awk '/^passwd/{ print $2; exit }' /etc/nsswitch.conf") == 'sss' %}
{%- do salt.log.warning('Not configuring local users due to sss') %}
{%- else %}
- users
{%- endif %}
- .ssh
- postfix.config
{#- to-do: move this to some formula or macro -#}
{%- set osfullname = grains['osfullname'] -%}
{#- this SLES clause likely only works in BCI -#}
{%- if osfullname == 'Leap' or osfullname == 'SLES' -%}
{%- set repoos = grains['osrelease'] -%}
{%- elif osfullname == 'openSUSE Tumbleweed' -%}
{%- set repoos = 'openSUSE_Tumbleweed' -%}
{%- else -%}
{%- do salt.log.error('Unsupported operating system.') -%}
{%- endif -%}
{%- set repobase = 'https://download.opensuse.org/repositories/home:/crameleon:/LibertaCasa/' ~ repoos -%}
{%- set repokey = repobase ~ '/repodata/repomd.xml.key' %}
libertacasa_rpm_key:
cmd.run:
- name: rpm --import {{ repokey }}
- unless: rpm -q --quiet gpg-pubkey-f8722274
libertacasa_rpm_repository:
pkgrepo.managed:
- name: 'LibertaCasa'
- baseurl: {{ repobase }}
- gpgcheck: 1
- gpgkey: {{ repokey }}
- priority: 90
- refresh: True
- require:
- cmd: libertacasa_rpm_key
ca-certificates-syscid:
pkg.installed:
- require:
- pkgrepo: libertacasa_rpm_repository
common_packages_install:
pkg.installed:
- names:
- fish
- system-group-wheel
{%- if grains['virtual'] == 'kvm' %}
- qemu-guest-agent
qemu-guest-agent:
service.running:
- enable: True
- require:
- pkg: qemu-guest-agent
{%- endif %}
common_packages_remove:
pkg.removed:
- pkgs:
{#- we only use AutoYaST for the OS deployment #}
- autoyast2
- autoyast2-installation
{%- if not 'php-fpm' in roles %}
- libX11-data
{%- endif %}
- yast2-add-on
- yast2-services-manager
- yast2-slp
- yast2-trans-stats
|
