new: adding some charms

precise/base-0k/hooks/install

@@ -2,9 +2,76 @@
 
 set -eux # -x for verbose logging to juju debug-log
 
+apt-get update
+apt-get -y install bash-completion wget bzip2 git-core less language-pack-en python-software-properties tmux sudo git 
+apt-get -y install mountall ## nasty nfs bug corrected
 
-apt-get -y install syslog-ng bash-completion wget bzip2 git-core less language-pack-en python-software-properties tmux sudo
 
+##
+## Allows to mount nfs shares
+##
 
-juju-log "Finished Successfully installed base !"
+apt-get -y install nfs-common
+
+##
+## etckeeper
+##
+
+apt-get install etckeeper
+
+sed -i 's/#VCS="git"/VCS="git"/g' /etc/etckeeper/etckeeper.conf
+sed -i 's/VCS="bzr"/#VCS="bzr"/g' /etc/etckeeper/etckeeper.conf
+
+etckeeper init
+
+
+##
+## Git utilities
+##
+
+echo "[alias]
+	co = checkout
+	com = commit
+	st = status
+        ci = commit
+" >> /etc/gitconfig
+
+
+##
+## Git utilities
+##
+
+echo "[alias]
+        co = checkout
+        com = commit
+        st = status
+        ci = commit
+
+[color]
+	branch = auto
+	diff = auto
+	interactive = auto
+	status = auto
+
+" >> /etc/gitconfig
+
+
+
+##
+## ldap client
+##
+
+
+
+
+##
+## kal-scripts
+##
+
+cat <<EOF >> /etc/apt/sources.list
+
+## vlab's shell libraries
+deb http://deb.kalysto.org no-dist kal-alpha kal-beta kal-main
+
+EOF
 

precise/ca/hooks/install

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+set -eux # -x for verbose logging to juju debug-log
+
+
+apt-get install -y kal-manage expect ## this is for ``mkcrt``
+
+
+mkdir -p /etc/ssl/ca
+chmod 700 /etc/ssl/ca
+
+
+## edit SSL:
+#edition des champs par défaut : dont la date de validité par défaut
+#de 5 ans.
+#-> $dir = /etc/ssl/ca  (2 chgt !!)
+
+
+## And edit: /usr/lib/ssl/misc/CA.pl  (CATOP variable)
+
+## Then, automatise with expect:
+
+# /usr/lib/ssl/misc/CA.pl -newca
+
+mkdir -p /etc/ssl/keys
+chmod 700 /etc/ssl/keys -R
+
+
+cd /etc/ssl/
+openssl dhparam -out dh1024.pem 1024 
+

precise/ca/hooks/start

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+juju-log "Nothing to Start for base."

precise/ca/hooks/stop

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+juju-log "Nothing to stop for base."

precise/ca/metadata.yaml

@@ -0,0 +1,7 @@
+name: ca
+summary: "Certification Authority"
+maintainer: "Valentin Lab <valentin.lab@kalysto.org>"
+inherit: base-0k
+description: |
+    Certification Autority
+data-dir: /etc/ssl

precise/ca/revision

@@ -0,0 +1 @@
+0

precise/dns/hooks/install

@@ -0,0 +1,77 @@
+#!/bin/bash
+
+set -eux 
+
+
+apt-get -y install bind9 logrotate
+
+
+## copy configuration
+
+
+##
+## Logs
+##
+
+## set log in  /etc/bind/named.conf.options
+
+cat <<EOF >> /etc/bind/named.conf.options
+
+logging {
+        channel warning
+        {
+                file "/var/log/named/dns.warnings.log";
+                severity warning;
+                print-category yes;
+                print-severity yes;
+                print-time yes;
+        };
+
+        channel general_dns
+        {
+                file "/var/log/named/dns.log";
+                severity info;
+                print-category yes;
+                print-severity yes;
+                print-time yes;
+        };
+
+        category default { warning; } ;
+        category queries { general_dns; } ;
+};
+
+EOF
+
+## set up logrotate
+
+cat <<EOF >> /etc/logrotate.d/named
+
+# logrotate.d example configuration for dns in user log config, 
+# contributed by Lab Valentin based on Dag Wieers distcc logrotate.d example.
+
+# The "copytruncate" option means fetchmail can keep appending to the
+# same filehandle.  You would otherwise need to make sure fetchmail is not
+# running.
+
+/var/log/named/*.log {
+       missingok
+       copytruncate
+       notifempty
+       compress
+}
+
+EOF
+
+mkdir -p /var/log/named
+chown bind:bind /var/log/named
+
+##
+## BEWARE of recursion (recursion allow your server to answer queries in which he is NOT SOA
+##
+
+
+
+#        allow-recursion yes;
+#        allow-recursion { 127.0.0.1; 172.128/16;  37.59.9.161;};
+#        allow-recursion-on { any;};
+

precise/dns/hooks/start

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+## XXX: will need to add route:
+
+route add -net VPN_NET gw LXC_NAME
+
+juju-log "Nothing to Start for base."

precise/dns/hooks/stop

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+juju-log "Nothing to stop for base."

precise/dns/metadata.yaml

@@ -0,0 +1,6 @@
+name: dns
+summary: "BIND v9 Domain Name Server"
+maintainer: "Valentin Lab <valentin.lab@kalysto.org>"
+inherit: base
+description: |
+    Installs a Domain Name Server.

precise/dns/revision

@@ -0,0 +1 @@
+0

precise/ldap/hooks/install

@@ -0,0 +1,76 @@
+#!/bin/bash
+
+set -eux # -x for verbose logging to juju debug-log
+
+
+## XXXvlab: this is interactive : requires a password !
+apt-get install -y slapd
+
+## XXXvlab: this is a client package, and could maybe be removed from here.
+apt-get install -y ldap-utils
+
+
+## Install a database
+
+rootsuffix="dc=example,dc=com"
+rootdn="cn=admin,$rootsuffix"
+rootpw="secret"
+
+cat <<EOF > /tmp/database.ldif
+
+## XXXvlab: already loaded
+## Load dynamic backend modules
+#dn: cn=module,cn=config
+#objectClass: olcModuleList
+#cn: module
+#olcModulepath: /usr/lib/ldap
+#olcModuleload: back_hdb
+
+## Database settings
+dn: olcDatabase=hdb,cn=config
+objectClass: olcDatabaseConfig
+objectClass: olcHdbConfig
+olcDatabase: {1}hdb
+olcSuffix: $rootsuffix
+olcDbDirectory: /var/lib/ldap
+olcRootDN: $rootdn
+olcRootPW: $rootpw
+olcDbConfig: set_cachesize 0 2097152 0
+olcDbConfig: set_lk_max_objects 1500
+olcDbConfig: set_lk_max_locks 1500
+olcDbConfig: set_lk_max_lockers 1500
+olcDbIndex: objectClass eq
+olcLastMod: TRUE
+olcDbCheckpoint: 512 30
+olcAccess: to attrs=userPassword by dn="$rootdn" write by anonymous auth by self write by * none
+olcAccess: to attrs=shadowLastChange by self write by * read
+olcAccess: to dn.base="" by * read
+olcAccess: to * by dn="$rootdn" write by * read
+
+
+EOF
+
+ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/database.ldif
+
+rm /tmp/database.ldif
+
+
+## MMC schema
+
+echo "
+## Mandriva Directory Server
+deb http://mds.mandriva.org/pub/mds/debian squeeze main
+" >> /etc/apt/sources.list
+apt-get update
+apt-get install -y mmc-agent
+
+mmc-add-schema /usr/share/doc/python-mmc-base/contrib/ldap/mmc.schema /etc/ldap/schema/
+mmc-add-schema /usr/share/doc/python-mmc-base/contrib/ldap/mail.schema /etc/ldap/schema/
+
+## Change password
+##
+
+#python -c 'print($LDAP_PASSWORD).encode("base64")'
+
+# to put in /etc/mmc/plugins/base.ini
+

precise/ldap/hooks/start

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+juju-log "Nothing to Start for base."

precise/ldap/hooks/stop

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+juju-log "Nothing to stop for base."

precise/ldap/metadata.yaml

@@ -0,0 +1,7 @@
+name: ca
+summary: "OpenLDAP"
+maintainer: "Valentin Lab <valentin.lab@kalysto.org>"
+inherit: base-0k
+description: |
+    OpenLDAP
+data-dir: /etc/ssl

precise/ldap/revision

@@ -0,0 +1 @@
+0

precise/mail/hooks/install

@@ -0,0 +1,48 @@
+#!/bin/bash
+
+set -eux # -x for verbose logging to juju debug-log
+
+
+## XXXvlab: warning: had some dialog box poping out for postfix configuration despite the "-y" when testing this by hand
+apt-get install -y postfix dovecot-sieve dovecot-postfix dovecot-imapd amavisd spamassassin fetchmail
+apt-get install -y postfix-ldap dovecot-ldap
+
+
+## SASL
+
+apt-get install sasl2-bin 
+# edit /etc/saslauth
+
+## SASL auth (if SASL authentication failure: cannot connect to saslauthd server: Permission denied)
+
+adduser postfix sasl
+
+
+
+
+## clamav
+apt-get install -y clamav-daemon
+adduser clamav amavis
+
+
+
+## Add NFS server
+
+#cat <<EOF >> /etc/fstab
+#
+### https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/1041377
+## bootwait : forces the rest of the boot to wait this filesystem
+## timeo : retest after this timeout
+#172.128.0.1:/home /home nfs timeo=14,intr,bootwait,auto 0 0
+#
+#EOF
+
+
+## fail2ban (DONT INSTALL ON LXC UNTIL IT SUPPORT IPTABLES)
+
+#apt-get install -y fail2ban
+# change ignoreip in /etc/fail2ban/jail.conf
+# change mail
+# disable ssh
+
+

precise/mail/hooks/start

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+juju-log "Nothing to Start for base."

precise/mail/hooks/stop

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+juju-log "Nothing to stop for base."

precise/mail/metadata.yaml

@@ -0,0 +1,10 @@
+name: mail
+summary: "Mail Services (STMP, IMAP, fetchmail)"
+maintainer: "Valentin Lab <valentin.lab@kalysto.org>"
+description: |
+    Provide SMTP thanks to Postfix, IMAP through dovecot, and fetchmail functionality.
+    Also includes sieve
+inherit: base-0k
+requires:
+    fs:
+         home

precise/mail/revision

@@ -0,0 +1 @@
+0

precise/minecraft/hooks/install

@@ -5,6 +5,8 @@ set -eux # -x for verbose logging to juju debug-log
 ## Using headless to avoid installing X server ;)
 apt-get -y install openjdk-7-jre-headless
 
+## For tectonicus
+apt-get -y install subversion
 
 INSTALL_DIR=/opt/apps/minecraft
 

precise/mirror/hooks/install

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+set -eux # -x for verbose logging to juju debug-log
+
+
+## ``--force-yes`` is required as kal-manage is not signed correctly.
+## kal-manage provides the script /usr/lib/kal/dusk/sbin/ssh-cmd-validate
+## used to validate any entrant connection to SSH.
+
+apt-get install -y --force-yes rsync kal-manage 
+
+
+mkdir -p /var/mirror
+mkdir -p /var/lib/rsync
+
+groupadd -r rsync
+useradd -r rsync -d /var/lib/rsync -g rsync
+
+chown rsync:rsync /var/lib/rsync
+
+su -c 'ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa -q' - rsync
+
+## /etc/sudoers
+cat <<EOF >> /etc/sudoers
+
+## allow rsync to access /var/mirror
+
+rsync ALL=(root) NOPASSWD: /usr/bin/rsync --server -vlogDtprRz --delete . /var/mirror/*
+rsync ALL=(root) NOPASSWD: /usr/bin/rsync --server -vlogDtprRze.iLs --delete . /var/mirror/*
+rsync ALL=(root) NOPASSWD: /usr/bin/rsync --server -vlogDtprRze.iLsf --delete . /var/mirror/*
+rsync ALL=(root) NOPASSWD: /usr/bin/rsync --server -vlogDtprRze.iLsf --bwlimit=200 --delete . /var/mirror/*
+
+EOF
+
+
+
+

precise/mirror/hooks/start

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+juju-log "Nothing to Start for base."

precise/mirror/hooks/stop

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+juju-log "Nothing to stop for base."

precise/mirror/metadata.yaml

@@ -0,0 +1,7 @@
+name: mirror
+summary: "Backup by rsync mirroring"
+maintainer: "Valentin Lab <valentin.lab@kalysto.org>"
+inherit: base-0k
+description: |
+    Backup by rsync mirroring
+data-dir: /var/mirror

precise/mirror/revision

@@ -0,0 +1 @@
+0

precise/mirror/shorewall

@@ -0,0 +1,2 @@
+DNAT     net     lan:%%NAME%%:22   udp 10022
+

precise/squid/hooks/install

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -eux 
+
+
+## This is needed to enable https_port
+#apt-get install devscripts build-essential 
+#apt-get install libssl-dev ## not in build-dep ... because we'll add it.
+#apt-get source squid3
+#apt-get build-dep squid3
+#cd squid3-3.1.19
+#vim debian/rules # or whatever editor you use
+# add --enable-ssl
+#debuild -us -uc
+

precise/squid/hooks/start

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+## XXX: will need to add route:
+
+route add -net VPN_NET gw LXC_NAME
+
+juju-log "Nothing to Start for base."

precise/squid/hooks/stop

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+juju-log "Nothing to stop for base."

precise/squid/metadata.yaml

@@ -0,0 +1,6 @@
+name: squid
+summary: "HTTP/HTTPS proxy"
+maintainer: "Valentin Lab <valentin.lab@kalysto.org>"
+inherit: base
+description: |
+    Installs a HTTP/HTTPS proxy.

precise/squid/revision

@@ -0,0 +1 @@
+0

precise/vpn/hooks/install

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+set -eux 
+
+
+apt-get -y install openvpn
+
+mkdir -p /etc/openvpn/clients.d /var/lib/openvpn /var/log/openvpn
+
+
+mkdir /dev/net
+mknod -m a+rw /dev/net/tun c 10 200
+
+

precise/vpn/hooks/start

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+## XXX: will need to add route:
+
+route add -net VPN_NET gw LXC_NAME
+
+juju-log "Nothing to Start for base."

precise/vpn/hooks/stop

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+juju-log "Nothing to stop for base."

precise/vpn/metadata.yaml

@@ -0,0 +1,6 @@
+name: vpn
+summary: "OpenVPN"
+maintainer: "Valentin Lab <valentin.lab@kalysto.org>"
+inherit: base-0k
+description: |
+    Installs a VPN master server.

precise/vpn/revision

@@ -0,0 +1 @@
+0

precise/www/hooks/install

@@ -0,0 +1,36 @@
+#!/bin/bash
+
+set -eux 
+
+
+apt-get -y install apache2 libapache2-mod-php5 libtidy-0.99-0 build-essential 
+apt-get -y install php5-dev php5-ldap php5-xsl php-pear php-mcrypt
+apt-get -y install libapache2-mod-python  libmysqlclient-dev python-dev
+apt-get -y install php5-mysql
+apt-get -y install docutils  ## for rst2html
+
+
+apt-get install squirrelmail
+
+
+apt-get install phpmyadmin 
+
+ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf.d/phpmyadmin
+ln -sf /usr/share/phpmyadmin /var/www/s-lmc.kalysto.org/phpmyadmin
+
+
+pecl install tidy 
+echo "extension=tidy.so"
+
+pecl install xdebug
+echo "extension=xdebug.so" >> /etc/php5/apache2/
+
+
+#rdfapi-php ?
+
+
+
+a2enmod dav_fs ssl userdir rewrite suexec
+
+/etc/init.d/apache2 restart 
+

precise/www/hooks/start

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+## XXX: will need to add route:
+
+route add -net VPN_NET gw LXC_NAME
+
+juju-log "Nothing to Start for base."

precise/www/hooks/stop

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+juju-log "Nothing to stop for base."

precise/www/metadata.yaml

@@ -0,0 +1,6 @@
+name: www
+summary: "Apache"
+maintainer: "Valentin Lab <valentin.lab@kalysto.org>"
+inherit: base-0k
+description: |
+    Installs a HTTP Apache server.

precise/www/revision

@@ -0,0 +1 @@
+0