summaryrefslogtreecommitdiffstats
path: root/salt/common/suse.sls
blob: daac244d7dc063f7cee6f985d61c5910d612442c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
{%- set roles = salt['http.query']('http://machine-roles.lysergic.dev:4580/roles', decode=True, decode_type='json', params={"machine": grains['id']})['dict']['roles'] -%}

include:
  {#- drop pillar check after all firewall configurations have been imported #}
  {%- if salt['pillar.get']('manage_firewall'), False %}
  - firewalld
  {%- endif %}
  - profile.seccheck
  - profile.zypp
  - profile.prometheus.node_exporter
  - users
  - .ssh
  - postfix.config

{#- to-do: move this to some formula or macro -#}
{%- set osfullname = grains['osfullname'] -%}
{#- this SLES clause likely only works in BCI -#}
{%- if osfullname == 'Leap' or osfullname == 'SLES' -%}
{%- set repoos = grains['osrelease'] -%}
{%- elif osfullname == 'openSUSE Tumbleweed' -%}
{%- set repoos = 'openSUSE_Tumbleweed' -%}
{%- else -%}
{%- do salt.log.error('Unsupported operating system.') -%}
{%- endif -%}
{%- set repobase = 'https://download.opensuse.org/repositories/home:/crameleon:/LibertaCasa/' ~ repoos -%}
{%- set repokey = repobase ~ '/repodata/repomd.xml.key' %}

libertacasa_rpm_key:
  cmd.run:
    - name: rpm --import {{ repokey }}
    - unless: rpm -q --quiet gpg-pubkey-f8722274

libertacasa_rpm_repository:
  pkgrepo.managed:
    - name: 'LibertaCasa'
    - baseurl: {{ repobase }}
    - gpgcheck: 1
    - gpgkey: {{ repokey }}
    - priority: 90
    - refresh: True
    - require:
      - cmd: libertacasa_rpm_key

ca-certificates-syscid:
  pkg.installed:
    - require:
      - pkgrepo: libertacasa_rpm_repository

common_packages_install:
  pkg.installed:
    - names:
      - fish
      - system-group-wheel
{%- if grains['virtual'] == 'kvm' %}
      - qemu-guest-agent

qemu-guest-agent:
  service.running:
    - enable: True
    - require:
      - pkg: qemu-guest-agent
{%- endif %}

common_packages_remove:
  pkg.removed:
    - pkgs:
      {#- we only use AutoYaST for the OS deployment #}
      - autoyast2
      - autoyast2-installation
      {%- if not 'php-fpm' in roles %}
      - libX11-data
      {%- endif %}
      - yast2-add-on
      - yast2-services-manager
      - yast2-slp
      - yast2-trans-stats