Verified Commit cf3feaf9 authored by Leeward Bound's avatar Leeward Bound 💼

initial commit

parents
fail2ban:
pkg:
- latest
service:
- running
git:
pkg:
- latest
## Give Ops A Power Level of 9000
%ops ALL=(ALL:ALL) ALL
ops:
group.present:
- gid: 700
- order: 3
/etc/sudoers.d/ops:
file.managed:
- source: salt://$PROJECT/groups/config/etc/sudoers.d/ops.conf
- user: root
- group: root
- mode: 440
iotop:
pkg:
- latest
iptables:
pkg:
- latest
ntp:
pkg:
- latest
service:
- running
- enable: True
/srv/masterless/lwbco:
file.directory:
- user: root
- group: root
- mode: 700
- makedirs: True
base_states:
git.latest:
- name: https://github.com/lwbco/masterless-salt-base.git
- target: /srv/masterless/lwbco
- force_reset: True
- force_checkout: True
/usr/local/bin/salt.lwbco:
file.managed:
- source: salt://salt/salt.lwbco
- mode: 755
- user: root
- group: root
deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest xenial main
# Execute a local salt-call every 5 minutes
*/5 * * * * root su -c "/usr/bin/salt-call state.highstate --local 2>&1 > /dev/null"
file_client: local
file_roots:
base:
- /srv/salt/base
/etc/cron.d/salt-masterless:
file.managed:
- source: salt://salt/config/etc/cron.d/salt-masterless
salt-minion:
pkg:
- latest
service:
- dead
- enable: False
screen:
pkg:
- latest
openssh-server: pkg.installed
ssh:
service:
- running
- enable: True
/etc/ssh/sshd_config:
file.append:
- text:
- StreamLocalBindUnlink yes
# The first element of the path is a directory where the debian-sa1
# script is located
PATH=/usr/lib/sysstat:/usr/sbin:/usr/sbin:/usr/bin:/sbin:/bin
# Activity reports every 5 minutes everyday
*/5 * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1
# Additional run at 23:59 to rotate the statistics file
59 23 * * * root command -v debian-sa1 > /dev/null && debian-sa1 60 2
#
# Default settings for /etc/init.d/sysstat, /etc/cron.d/sysstat
# and /etc/cron.daily/sysstat files
#
# Should sadc collect system activity informations? Valid values
# are "true" and "false". Please do not put other values, they
# will be overwritten by debconf!
ENABLED="true"
# Additional options passed to sa1 by /etc/init.d/sysstat
# and /etc/cron.d/sysstat
# By default contains the `-S DISK' option responsible for
# generating disk statisitcs.
SA1_OPTIONS="-S DISK"
# Additional options passed to sa2 by /etc/cron.daily/sysstat.
SA2_OPTIONS=""
# sysstat configuration file.
# How long to keep log files (in days).
# Used by sa2(8) script
# If value is greater than 28, then log files are kept in
# multiple directories, one for each month.
HISTORY=31
# Compress (using gzip or bzip2) sa and sar files older than (in days):
COMPRESSAFTER=5
# Parameters for the system activity data collector (see sadc manual page)
# which are used for the generation of log files.
SADC_OPTIONS=""
sysstat:
pkg:
- installed
/etc/default/sysstat:
file.managed:
- source: salt://$PROJECT/sysstat/config/etc/default/sysstat
- user: root
- group: root
- mode: 644
/etc/cron.d/sysstat:
file.managed:
- source: salt://$PROJECT/sysstat/config/etc/cron.d/sysstat
- user: root
- group: root
- mode: 644
/etc/sysstat/sysstat:
file.managed:
- source: salt://$PROJECT/sysstat/config/etc/sysstat/sysstat
- user: root
- group: root
- mode: 644
GMT:
timezone.system
base:
'*':
- fail2ban
- git
- groups
- iotop
- iptables
- ntpd
- screen
- ssh
- sysstat
- timezone
- wget
- salt.minion
wget:
pkg:
- latest
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment