diff --git a/precise/base-0k/hooks/install b/precise/base-0k/hooks/install index f98524a..235d262 100755 --- a/precise/base-0k/hooks/install +++ b/precise/base-0k/hooks/install @@ -2,9 +2,76 @@ set -eux # -x for verbose logging to juju debug-log +apt-get update +apt-get -y install bash-completion wget bzip2 git-core less language-pack-en python-software-properties tmux sudo git +apt-get -y install mountall ## nasty nfs bug corrected -apt-get -y install syslog-ng bash-completion wget bzip2 git-core less language-pack-en python-software-properties tmux sudo +## +## Allows to mount nfs shares +## -juju-log "Finished Successfully installed base !" +apt-get -y install nfs-common + +## +## etckeeper +## + +apt-get install etckeeper + +sed -i 's/#VCS="git"/VCS="git"/g' /etc/etckeeper/etckeeper.conf +sed -i 's/VCS="bzr"/#VCS="bzr"/g' /etc/etckeeper/etckeeper.conf + +etckeeper init + + +## +## Git utilities +## + +echo "[alias] + co = checkout + com = commit + st = status + ci = commit +" >> /etc/gitconfig + + +## +## Git utilities +## + +echo "[alias] + co = checkout + com = commit + st = status + ci = commit + +[color] + branch = auto + diff = auto + interactive = auto + status = auto + +" >> /etc/gitconfig + + + +## +## ldap client +## + + + + +## +## kal-scripts +## + +cat <> /etc/apt/sources.list + +## vlab's shell libraries +deb http://deb.kalysto.org no-dist kal-alpha kal-beta kal-main + +EOF diff --git a/precise/ca/hooks/install b/precise/ca/hooks/install new file mode 100755 index 0000000..3936ef2 --- /dev/null +++ b/precise/ca/hooks/install @@ -0,0 +1,31 @@ +#!/bin/bash + +set -eux # -x for verbose logging to juju debug-log + + +apt-get install -y kal-manage expect ## this is for ``mkcrt`` + + +mkdir -p /etc/ssl/ca +chmod 700 /etc/ssl/ca + + +## edit SSL: +#edition des champs par défaut : dont la date de validité par défaut +#de 5 ans. +#-> $dir = /etc/ssl/ca (2 chgt !!) + + +## And edit: /usr/lib/ssl/misc/CA.pl (CATOP variable) + +## Then, automatise with expect: + +# /usr/lib/ssl/misc/CA.pl -newca + +mkdir -p /etc/ssl/keys +chmod 700 /etc/ssl/keys -R + + +cd /etc/ssl/ +openssl dhparam -out dh1024.pem 1024 + diff --git a/precise/ca/hooks/start b/precise/ca/hooks/start new file mode 100755 index 0000000..9eb7853 --- /dev/null +++ b/precise/ca/hooks/start @@ -0,0 +1,3 @@ +#!/bin/bash + +juju-log "Nothing to Start for base." diff --git a/precise/ca/hooks/stop b/precise/ca/hooks/stop new file mode 100755 index 0000000..170162b --- /dev/null +++ b/precise/ca/hooks/stop @@ -0,0 +1,3 @@ +#!/bin/bash + +juju-log "Nothing to stop for base." diff --git a/precise/ca/metadata.yaml b/precise/ca/metadata.yaml new file mode 100644 index 0000000..cd8fc9a --- /dev/null +++ b/precise/ca/metadata.yaml @@ -0,0 +1,7 @@ +name: ca +summary: "Certification Authority" +maintainer: "Valentin Lab " +inherit: base-0k +description: | + Certification Autority +data-dir: /etc/ssl diff --git a/precise/ca/revision b/precise/ca/revision new file mode 100644 index 0000000..573541a --- /dev/null +++ b/precise/ca/revision @@ -0,0 +1 @@ +0 diff --git a/precise/dns/hooks/install b/precise/dns/hooks/install new file mode 100755 index 0000000..d2e529d --- /dev/null +++ b/precise/dns/hooks/install @@ -0,0 +1,77 @@ +#!/bin/bash + +set -eux + + +apt-get -y install bind9 logrotate + + +## copy configuration + + +## +## Logs +## + +## set log in /etc/bind/named.conf.options + +cat <> /etc/bind/named.conf.options + +logging { + channel warning + { + file "/var/log/named/dns.warnings.log"; + severity warning; + print-category yes; + print-severity yes; + print-time yes; + }; + + channel general_dns + { + file "/var/log/named/dns.log"; + severity info; + print-category yes; + print-severity yes; + print-time yes; + }; + + category default { warning; } ; + category queries { general_dns; } ; +}; + +EOF + +## set up logrotate + +cat <> /etc/logrotate.d/named + +# logrotate.d example configuration for dns in user log config, +# contributed by Lab Valentin based on Dag Wieers distcc logrotate.d example. + +# The "copytruncate" option means fetchmail can keep appending to the +# same filehandle. You would otherwise need to make sure fetchmail is not +# running. + +/var/log/named/*.log { + missingok + copytruncate + notifempty + compress +} + +EOF + +mkdir -p /var/log/named +chown bind:bind /var/log/named + +## +## BEWARE of recursion (recursion allow your server to answer queries in which he is NOT SOA +## + + + +# allow-recursion yes; +# allow-recursion { 127.0.0.1; 172.128/16; 37.59.9.161;}; +# allow-recursion-on { any;}; + diff --git a/precise/dns/hooks/start b/precise/dns/hooks/start new file mode 100755 index 0000000..88e357a --- /dev/null +++ b/precise/dns/hooks/start @@ -0,0 +1,7 @@ +#!/bin/bash + +## XXX: will need to add route: + +route add -net VPN_NET gw LXC_NAME + +juju-log "Nothing to Start for base." diff --git a/precise/dns/hooks/stop b/precise/dns/hooks/stop new file mode 100755 index 0000000..170162b --- /dev/null +++ b/precise/dns/hooks/stop @@ -0,0 +1,3 @@ +#!/bin/bash + +juju-log "Nothing to stop for base." diff --git a/precise/dns/metadata.yaml b/precise/dns/metadata.yaml new file mode 100644 index 0000000..53c62be --- /dev/null +++ b/precise/dns/metadata.yaml @@ -0,0 +1,6 @@ +name: dns +summary: "BIND v9 Domain Name Server" +maintainer: "Valentin Lab " +inherit: base +description: | + Installs a Domain Name Server. diff --git a/precise/dns/revision b/precise/dns/revision new file mode 100644 index 0000000..573541a --- /dev/null +++ b/precise/dns/revision @@ -0,0 +1 @@ +0 diff --git a/precise/ldap/hooks/install b/precise/ldap/hooks/install new file mode 100755 index 0000000..3b85651 --- /dev/null +++ b/precise/ldap/hooks/install @@ -0,0 +1,76 @@ +#!/bin/bash + +set -eux # -x for verbose logging to juju debug-log + + +## XXXvlab: this is interactive : requires a password ! +apt-get install -y slapd + +## XXXvlab: this is a client package, and could maybe be removed from here. +apt-get install -y ldap-utils + + +## Install a database + +rootsuffix="dc=example,dc=com" +rootdn="cn=admin,$rootsuffix" +rootpw="secret" + +cat < /tmp/database.ldif + +## XXXvlab: already loaded +## Load dynamic backend modules +#dn: cn=module,cn=config +#objectClass: olcModuleList +#cn: module +#olcModulepath: /usr/lib/ldap +#olcModuleload: back_hdb + +## Database settings +dn: olcDatabase=hdb,cn=config +objectClass: olcDatabaseConfig +objectClass: olcHdbConfig +olcDatabase: {1}hdb +olcSuffix: $rootsuffix +olcDbDirectory: /var/lib/ldap +olcRootDN: $rootdn +olcRootPW: $rootpw +olcDbConfig: set_cachesize 0 2097152 0 +olcDbConfig: set_lk_max_objects 1500 +olcDbConfig: set_lk_max_locks 1500 +olcDbConfig: set_lk_max_lockers 1500 +olcDbIndex: objectClass eq +olcLastMod: TRUE +olcDbCheckpoint: 512 30 +olcAccess: to attrs=userPassword by dn="$rootdn" write by anonymous auth by self write by * none +olcAccess: to attrs=shadowLastChange by self write by * read +olcAccess: to dn.base="" by * read +olcAccess: to * by dn="$rootdn" write by * read + + +EOF + +ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/database.ldif + +rm /tmp/database.ldif + + +## MMC schema + +echo " +## Mandriva Directory Server +deb http://mds.mandriva.org/pub/mds/debian squeeze main +" >> /etc/apt/sources.list +apt-get update +apt-get install -y mmc-agent + +mmc-add-schema /usr/share/doc/python-mmc-base/contrib/ldap/mmc.schema /etc/ldap/schema/ +mmc-add-schema /usr/share/doc/python-mmc-base/contrib/ldap/mail.schema /etc/ldap/schema/ + +## Change password +## + +#python -c 'print($LDAP_PASSWORD).encode("base64")' + +# to put in /etc/mmc/plugins/base.ini + diff --git a/precise/ldap/hooks/start b/precise/ldap/hooks/start new file mode 100755 index 0000000..9eb7853 --- /dev/null +++ b/precise/ldap/hooks/start @@ -0,0 +1,3 @@ +#!/bin/bash + +juju-log "Nothing to Start for base." diff --git a/precise/ldap/hooks/stop b/precise/ldap/hooks/stop new file mode 100755 index 0000000..170162b --- /dev/null +++ b/precise/ldap/hooks/stop @@ -0,0 +1,3 @@ +#!/bin/bash + +juju-log "Nothing to stop for base." diff --git a/precise/ldap/metadata.yaml b/precise/ldap/metadata.yaml new file mode 100644 index 0000000..234b2a1 --- /dev/null +++ b/precise/ldap/metadata.yaml @@ -0,0 +1,7 @@ +name: ca +summary: "OpenLDAP" +maintainer: "Valentin Lab " +inherit: base-0k +description: | + OpenLDAP +data-dir: /etc/ssl diff --git a/precise/ldap/revision b/precise/ldap/revision new file mode 100644 index 0000000..573541a --- /dev/null +++ b/precise/ldap/revision @@ -0,0 +1 @@ +0 diff --git a/precise/mail/hooks/install b/precise/mail/hooks/install new file mode 100755 index 0000000..1703a3a --- /dev/null +++ b/precise/mail/hooks/install @@ -0,0 +1,48 @@ +#!/bin/bash + +set -eux # -x for verbose logging to juju debug-log + + +## XXXvlab: warning: had some dialog box poping out for postfix configuration despite the "-y" when testing this by hand +apt-get install -y postfix dovecot-sieve dovecot-postfix dovecot-imapd amavisd spamassassin fetchmail +apt-get install -y postfix-ldap dovecot-ldap + + +## SASL + +apt-get install sasl2-bin +# edit /etc/saslauth + +## SASL auth (if SASL authentication failure: cannot connect to saslauthd server: Permission denied) + +adduser postfix sasl + + + + +## clamav +apt-get install -y clamav-daemon +adduser clamav amavis + + + +## Add NFS server + +#cat <> /etc/fstab +# +### https://bugs.launchpad.net/ubuntu/+source/mountall/+bug/1041377 +## bootwait : forces the rest of the boot to wait this filesystem +## timeo : retest after this timeout +#172.128.0.1:/home /home nfs timeo=14,intr,bootwait,auto 0 0 +# +#EOF + + +## fail2ban (DONT INSTALL ON LXC UNTIL IT SUPPORT IPTABLES) + +#apt-get install -y fail2ban +# change ignoreip in /etc/fail2ban/jail.conf +# change mail +# disable ssh + + diff --git a/precise/mail/hooks/start b/precise/mail/hooks/start new file mode 100755 index 0000000..9eb7853 --- /dev/null +++ b/precise/mail/hooks/start @@ -0,0 +1,3 @@ +#!/bin/bash + +juju-log "Nothing to Start for base." diff --git a/precise/mail/hooks/stop b/precise/mail/hooks/stop new file mode 100755 index 0000000..170162b --- /dev/null +++ b/precise/mail/hooks/stop @@ -0,0 +1,3 @@ +#!/bin/bash + +juju-log "Nothing to stop for base." diff --git a/precise/mail/metadata.yaml b/precise/mail/metadata.yaml new file mode 100644 index 0000000..0875054 --- /dev/null +++ b/precise/mail/metadata.yaml @@ -0,0 +1,10 @@ +name: mail +summary: "Mail Services (STMP, IMAP, fetchmail)" +maintainer: "Valentin Lab " +description: | + Provide SMTP thanks to Postfix, IMAP through dovecot, and fetchmail functionality. + Also includes sieve +inherit: base-0k +requires: + fs: + home diff --git a/precise/mail/revision b/precise/mail/revision new file mode 100644 index 0000000..573541a --- /dev/null +++ b/precise/mail/revision @@ -0,0 +1 @@ +0 diff --git a/precise/minecraft/hooks/install b/precise/minecraft/hooks/install index 766a3cf..4e95d8a 100755 --- a/precise/minecraft/hooks/install +++ b/precise/minecraft/hooks/install @@ -5,6 +5,8 @@ set -eux # -x for verbose logging to juju debug-log ## Using headless to avoid installing X server ;) apt-get -y install openjdk-7-jre-headless +## For tectonicus +apt-get -y install subversion INSTALL_DIR=/opt/apps/minecraft diff --git a/precise/mirror/hooks/install b/precise/mirror/hooks/install new file mode 100755 index 0000000..eb8f2c5 --- /dev/null +++ b/precise/mirror/hooks/install @@ -0,0 +1,37 @@ +#!/bin/bash + +set -eux # -x for verbose logging to juju debug-log + + +## ``--force-yes`` is required as kal-manage is not signed correctly. +## kal-manage provides the script /usr/lib/kal/dusk/sbin/ssh-cmd-validate +## used to validate any entrant connection to SSH. + +apt-get install -y --force-yes rsync kal-manage + + +mkdir -p /var/mirror +mkdir -p /var/lib/rsync + +groupadd -r rsync +useradd -r rsync -d /var/lib/rsync -g rsync + +chown rsync:rsync /var/lib/rsync + +su -c 'ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa -q' - rsync + +## /etc/sudoers +cat <> /etc/sudoers + +## allow rsync to access /var/mirror + +rsync ALL=(root) NOPASSWD: /usr/bin/rsync --server -vlogDtprRz --delete . /var/mirror/* +rsync ALL=(root) NOPASSWD: /usr/bin/rsync --server -vlogDtprRze.iLs --delete . /var/mirror/* +rsync ALL=(root) NOPASSWD: /usr/bin/rsync --server -vlogDtprRze.iLsf --delete . /var/mirror/* +rsync ALL=(root) NOPASSWD: /usr/bin/rsync --server -vlogDtprRze.iLsf --bwlimit=200 --delete . /var/mirror/* + +EOF + + + + diff --git a/precise/mirror/hooks/start b/precise/mirror/hooks/start new file mode 100755 index 0000000..9eb7853 --- /dev/null +++ b/precise/mirror/hooks/start @@ -0,0 +1,3 @@ +#!/bin/bash + +juju-log "Nothing to Start for base." diff --git a/precise/mirror/hooks/stop b/precise/mirror/hooks/stop new file mode 100755 index 0000000..170162b --- /dev/null +++ b/precise/mirror/hooks/stop @@ -0,0 +1,3 @@ +#!/bin/bash + +juju-log "Nothing to stop for base." diff --git a/precise/mirror/metadata.yaml b/precise/mirror/metadata.yaml new file mode 100644 index 0000000..b4e8100 --- /dev/null +++ b/precise/mirror/metadata.yaml @@ -0,0 +1,7 @@ +name: mirror +summary: "Backup by rsync mirroring" +maintainer: "Valentin Lab " +inherit: base-0k +description: | + Backup by rsync mirroring +data-dir: /var/mirror diff --git a/precise/mirror/revision b/precise/mirror/revision new file mode 100644 index 0000000..573541a --- /dev/null +++ b/precise/mirror/revision @@ -0,0 +1 @@ +0 diff --git a/precise/mirror/shorewall b/precise/mirror/shorewall new file mode 100644 index 0000000..b241ae5 --- /dev/null +++ b/precise/mirror/shorewall @@ -0,0 +1,2 @@ +DNAT net lan:%%NAME%%:22 udp 10022 + diff --git a/precise/squid/hooks/install b/precise/squid/hooks/install new file mode 100755 index 0000000..8b0230e --- /dev/null +++ b/precise/squid/hooks/install @@ -0,0 +1,15 @@ +#!/bin/bash + +set -eux + + +## This is needed to enable https_port +#apt-get install devscripts build-essential +#apt-get install libssl-dev ## not in build-dep ... because we'll add it. +#apt-get source squid3 +#apt-get build-dep squid3 +#cd squid3-3.1.19 +#vim debian/rules # or whatever editor you use +# add --enable-ssl +#debuild -us -uc + diff --git a/precise/squid/hooks/start b/precise/squid/hooks/start new file mode 100755 index 0000000..88e357a --- /dev/null +++ b/precise/squid/hooks/start @@ -0,0 +1,7 @@ +#!/bin/bash + +## XXX: will need to add route: + +route add -net VPN_NET gw LXC_NAME + +juju-log "Nothing to Start for base." diff --git a/precise/squid/hooks/stop b/precise/squid/hooks/stop new file mode 100755 index 0000000..170162b --- /dev/null +++ b/precise/squid/hooks/stop @@ -0,0 +1,3 @@ +#!/bin/bash + +juju-log "Nothing to stop for base." diff --git a/precise/squid/metadata.yaml b/precise/squid/metadata.yaml new file mode 100644 index 0000000..69232bb --- /dev/null +++ b/precise/squid/metadata.yaml @@ -0,0 +1,6 @@ +name: squid +summary: "HTTP/HTTPS proxy" +maintainer: "Valentin Lab " +inherit: base +description: | + Installs a HTTP/HTTPS proxy. diff --git a/precise/squid/revision b/precise/squid/revision new file mode 100644 index 0000000..573541a --- /dev/null +++ b/precise/squid/revision @@ -0,0 +1 @@ +0 diff --git a/precise/vpn/hooks/install b/precise/vpn/hooks/install new file mode 100755 index 0000000..3ebb8f4 --- /dev/null +++ b/precise/vpn/hooks/install @@ -0,0 +1,14 @@ +#!/bin/bash + +set -eux + + +apt-get -y install openvpn + +mkdir -p /etc/openvpn/clients.d /var/lib/openvpn /var/log/openvpn + + +mkdir /dev/net +mknod -m a+rw /dev/net/tun c 10 200 + + diff --git a/precise/vpn/hooks/start b/precise/vpn/hooks/start new file mode 100755 index 0000000..88e357a --- /dev/null +++ b/precise/vpn/hooks/start @@ -0,0 +1,7 @@ +#!/bin/bash + +## XXX: will need to add route: + +route add -net VPN_NET gw LXC_NAME + +juju-log "Nothing to Start for base." diff --git a/precise/vpn/hooks/stop b/precise/vpn/hooks/stop new file mode 100755 index 0000000..170162b --- /dev/null +++ b/precise/vpn/hooks/stop @@ -0,0 +1,3 @@ +#!/bin/bash + +juju-log "Nothing to stop for base." diff --git a/precise/vpn/metadata.yaml b/precise/vpn/metadata.yaml new file mode 100644 index 0000000..579ffa6 --- /dev/null +++ b/precise/vpn/metadata.yaml @@ -0,0 +1,6 @@ +name: vpn +summary: "OpenVPN" +maintainer: "Valentin Lab " +inherit: base-0k +description: | + Installs a VPN master server. diff --git a/precise/vpn/revision b/precise/vpn/revision new file mode 100644 index 0000000..573541a --- /dev/null +++ b/precise/vpn/revision @@ -0,0 +1 @@ +0 diff --git a/precise/www/hooks/.install.swp b/precise/www/hooks/.install.swp new file mode 100644 index 0000000..d755afd Binary files /dev/null and b/precise/www/hooks/.install.swp differ diff --git a/precise/www/hooks/install b/precise/www/hooks/install new file mode 100755 index 0000000..992e693 --- /dev/null +++ b/precise/www/hooks/install @@ -0,0 +1,36 @@ +#!/bin/bash + +set -eux + + +apt-get -y install apache2 libapache2-mod-php5 libtidy-0.99-0 build-essential +apt-get -y install php5-dev php5-ldap php5-xsl php-pear php-mcrypt +apt-get -y install libapache2-mod-python libmysqlclient-dev python-dev +apt-get -y install php5-mysql +apt-get -y install docutils ## for rst2html + + +apt-get install squirrelmail + + +apt-get install phpmyadmin + +ln -s /etc/phpmyadmin/apache.conf /etc/apache2/conf.d/phpmyadmin +ln -sf /usr/share/phpmyadmin /var/www/s-lmc.kalysto.org/phpmyadmin + + +pecl install tidy +echo "extension=tidy.so" + +pecl install xdebug +echo "extension=xdebug.so" >> /etc/php5/apache2/ + + +#rdfapi-php ? + + + +a2enmod dav_fs ssl userdir rewrite suexec + +/etc/init.d/apache2 restart + diff --git a/precise/www/hooks/start b/precise/www/hooks/start new file mode 100755 index 0000000..88e357a --- /dev/null +++ b/precise/www/hooks/start @@ -0,0 +1,7 @@ +#!/bin/bash + +## XXX: will need to add route: + +route add -net VPN_NET gw LXC_NAME + +juju-log "Nothing to Start for base." diff --git a/precise/www/hooks/stop b/precise/www/hooks/stop new file mode 100755 index 0000000..170162b --- /dev/null +++ b/precise/www/hooks/stop @@ -0,0 +1,3 @@ +#!/bin/bash + +juju-log "Nothing to stop for base." diff --git a/precise/www/metadata.yaml b/precise/www/metadata.yaml new file mode 100644 index 0000000..412af85 --- /dev/null +++ b/precise/www/metadata.yaml @@ -0,0 +1,6 @@ +name: www +summary: "Apache" +maintainer: "Valentin Lab " +inherit: base-0k +description: | + Installs a HTTP Apache server. diff --git a/precise/www/revision b/precise/www/revision new file mode 100644 index 0000000..573541a --- /dev/null +++ b/precise/www/revision @@ -0,0 +1 @@ +0