Merge pull request #175 from freifunkMUC/ubuntu-24.04

Support Ubuntu 24.04 noble
freifunkMUC · Oct 28, 2024 · 564369c · 564369c
2 parents 4e64907 + 612fc10
commit 564369c
Show file tree

Hide file tree

Showing 9 changed files with 41 additions and 31 deletions.
diff --git a/apt/init.sls b/apt/init.sls
@@ -2,7 +2,12 @@
 # APT
 #
 {% set site_slug = salt['pillar.get']("netbox:site:slug") %}
+
+{% if grains.os == 'Ubuntu' and grains.osmajorrelease >= 24 %}
+/etc/apt/sources.list.d/ubuntu.sources:
+{% else %}
 /etc/apt/sources.list:
+{% endif %}
   file.managed:
     - source:
       - salt://apt/sources.list.{{ grains.os }}.{{ grains.oscodename }}.{{ site_slug }}

diff --git a/docker/init.sls b/docker/init.sls
@@ -26,6 +26,7 @@ docker-pkgs:
       - docker-ce
       - docker-ce-cli
       - containerd.io
+      - docker-compose-plugin
     - require:
       - pkgrepo: docker-repo
 
@@ -52,8 +53,5 @@ docker-pkgs:
         }
 
 /usr/local/bin/docker-compose:
-  file.managed:
-    - source: https://github.com/docker/compose/releases/download/v2.5.0/docker-compose-linux-x86_64
-    - source_hash: 6296d17268c77a7159f57f04ed26dd2989f909c58cca4d44d1865f28bd27dd67
-    - mode: "0755"
+  file.absent
 {% endif  %}
diff --git a/ff_base/init.sls b/ff_base/init.sls
@@ -17,7 +17,7 @@ ffmuc_packages:
       - ethtool
       - mtr-tiny
       - lldpd
-      - mlocate
+      - plocate
       - sysstat
       - dnsutils
       - curl

diff --git a/influxdb/init.sls b/influxdb/init.sls
@@ -8,7 +8,7 @@ influx-db-repo-key:
 
 influx-db-repo:
   pkgrepo.managed:
-    - name: deb [signed-by=/usr/share/keyrings/influxdb-keyring.gpg] https://repos.influxdata.com/{{ grains.lsb_distrib_id | lower }} {{ grains.oscodename }} stable
+    - name: deb [signed-by=/usr/share/keyrings/influxdb-keyring.gpg] https://repos.influxdata.com/{{ grains.lsb_distrib_id | lower }} stable main
     - file: /etc/apt/sources.list.d/influxdb.list
     - clean_file: True
     - require:

diff --git a/ssh/init.sls b/ssh/init.sls
@@ -18,11 +18,11 @@ ssh:
 /etc/ssh/sshd_config:
   file.managed:
     - source:
-      - salt://ssh/sshd_config.{{ grains.os }}.{{ grains.oscodename }}
       - salt://ssh/sshd_config
     - user: root
     - group: root
     - mode: "0644"
+    - template: jinja
     - watch_in:
       - service: ssh
 

diff --git a/ssh/sshd_config b/ssh/sshd_config
@@ -1,9 +1,7 @@
-#	$OpenBSD: sshd_config,v 1.103 2018/04/09 20:41:22 tj Exp $
-
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
 
-# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+# This sshd was compiled with PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
 
 # The strategy used for options in the default sshd_config shipped with
 # OpenSSH is to specify options with their default value where
@@ -39,7 +37,7 @@ PermitRootLogin prohibit-password
 PubkeyAuthentication yes
 
 # Expect .ssh/authorized_keys2 to be disregarded by default in future.
-#AuthorizedKeysFile	.ssh/authorized_keys .ssh/authorized_keys2
+#AuthorizedKeysFile     .ssh/authorized_keys .ssh/authorized_keys2
 
 #AuthorizedPrincipalsFile none
 
@@ -60,7 +58,11 @@ PasswordAuthentication no
 
 # Change to yes to enable challenge-response passwords (beware issues with
 # some PAM modules and threads)
+{%- if grains.os == 'Ubuntu' and grains.osmajorrelease >= 24 %}
+KbdInteractiveAuthentication no
+{%- else %}
 ChallengeResponseAuthentication no
+{%- endif %}
 
 # Kerberos options
 #KerberosAuthentication no
@@ -76,13 +78,13 @@ ChallengeResponseAuthentication no
 
 # Set this to 'yes' to enable PAM authentication, account processing,
 # and session processing. If this is enabled, PAM authentication will
-# be allowed through the ChallengeResponseAuthentication and
+# be allowed through the KbdInteractiveAuthentication and
 # PasswordAuthentication.  Depending on your PAM configuration,
-# PAM authentication via ChallengeResponseAuthentication may bypass
+# PAM authentication via KbdInteractiveAuthentication may bypass
 # the setting of "PermitRootLogin without-password".
 # If you just want the PAM account and session checks to run without
 # PAM authentication, then enable this but set PasswordAuthentication
-# and ChallengeResponseAuthentication to 'no'.
+# and KbdInteractiveAuthentication to 'no'.
 UsePAM yes
 
 AllowAgentForwarding no
@@ -100,7 +102,7 @@ PermitUserEnvironment yes
 #ClientAliveInterval 0
 #ClientAliveCountMax 3
 #UseDNS no
-#PidFile /var/run/sshd.pid
+#PidFile /run/sshd.pid
 #MaxStartups 10:30:100
 #PermitTunnel no
 #ChrootDirectory none
@@ -113,11 +115,11 @@ PermitUserEnvironment yes
 AcceptEnv LANG LC_*
 
 # override default of no subsystems
-Subsystem	sftp	/usr/lib/openssh/sftp-server
+Subsystem       sftp    /usr/lib/openssh/sftp-server
 
 # Example of overriding settings on a per-user basis
 #Match User anoncvs
-#	X11Forwarding no
-#	AllowTcpForwarding no
-#	PermitTTY no
-#	ForceCommand cvs server
+#       X11Forwarding no
+#       AllowTcpForwarding no
+#       PermitTTY no
+#       ForceCommand cvs server
diff --git a/systemd-networkd/init.sls b/systemd-networkd/init.sls
@@ -84,9 +84,15 @@ vxlan-fdb-fill.service:
 {% endif %}{# 'nextgen-gateway' in role #}
 
 disable_netplan:
-    file.managed:
-        - name: /etc/netplan/01-netcfg.yaml
-        - source: salt://systemd-networkd/files/netplan.conf
+  file.managed:
+    - name: /etc/netplan/01-netcfg.yaml
+    - source: salt://systemd-networkd/files/netplan.conf
+
+disable_netplan_generator:
+  file.symlink:
+    - name: /usr/lib/systemd/system-generators/netplan
+    - target: /dev/null
+    - force: True
 
 systemd-networkd:
     service.running:

diff --git a/telegraf/files/in_gateway-modules.conf b/telegraf/files/in_gateway-modules.conf
@@ -28,8 +28,8 @@ dirs = ["/proc/sys/net/ipv4/netfilter","/proc/sys/net/netfilter"]
     "meet.ffmuc.net",
     "docker04.ov.ffmuc.net",
     "docker07.ov.ffmuc.net",
-    "guardian-muc01.ffmuc.net",
-    "guardian-vie01.ffmuc.net",
+    "guardian-muc01.ext.ffmuc.net",
+    "guardian-vie01.ext.ffmuc.net",
     "webfrontend03.ext.ffmuc.net",
     "webfrontend04.ext.ffmuc.net",
     "webfrontend05.ext.ffmuc.net",

diff --git a/telegraf/init.sls b/telegraf/init.sls
@@ -8,23 +8,22 @@
 {# There is data available so we think telegraf should be installed #}
 {% set role = salt['pillar.get']('netbox:role:name') %}
 
-influxdb-repo-key:
+influx-db-repo-key:
   cmd.run:
     - name: "curl https://repos.influxdata.com/influxdata-archive_compat.key | gpg --batch --yes --dearmor -o /usr/share/keyrings/influxdb-keyring.gpg"
 
-influxdb-repo:
+influx-db-repo:
   pkgrepo.managed:
-    - humanname: Jitsi Repo
-    - name: deb [signed-by=/usr/share/keyrings/influxdb-keyring.gpg] https://repos.influxdata.com/{{ grains.lsb_distrib_id | lower }} {{ grains.oscodename }} stable
+    - name: deb [signed-by=/usr/share/keyrings/influxdb-keyring.gpg] https://repos.influxdata.com/{{ grains.lsb_distrib_id | lower }} stable main
     - file: /etc/apt/sources.list.d/influxdb.list
     - clean_file: True
     - require:
-      - cmd: influxdb-repo-key
+      - cmd: influx-db-repo-key
 
 telegraf:
   pkg.installed:
     - require:
-        - pkgrepo: influxdb-repo
+        - pkgrepo: influx-db-repo
   service.running:
     - enable: True
     - running: True
-Original file line number
+Diff line change
@@ Expand Up / @@ -17,7 +17,7 @@ ffmuc_packages: @@
           - ethtool
           - mtr-tiny
           - lldpd
-          - mlocate
+          - plocate
           - sysstat
           - dnsutils
           - curl
@@ Expand Down @@