First bunch of ffho salt configuration files to be public.

Signed-off-by: Maximilian Wilhelm <[email protected]>

bash/bash_aliases.root

@@ -0,0 +1,67 @@
+#!/bin/bash
+#
+# Nifty shell aliases for debugging (Salt managed)
+#
+
+function peer2v6ffpb()
+{
+	peername=$1
+	peer2v6ll $1 fdca:ffee:ff12:132:
+}
+
+function peer2v6ll()
+{
+	peername=$1
+	prefix=$2
+	if [ -z "$prefix" ]; then
+		prefix="fe80::"
+	fi
+
+	mac=$(grep MAC /etc/freifunk/peers/$peername | cut -d ' ' -f 3)
+	if [ -z "${mac}" ]; then
+		echo "no peer named '${peername}' found, did you spell it correctly?" >&2
+		return 1
+	else
+		euid64=$(ipv6calc -q --action geneui64 -I mac ${mac})
+		echo ${prefix}${euid64}
+		return 0
+	fi
+}
+
+function connect2peer()
+{
+	peername=$1
+	target=$(peer2v6ll $peername)
+	if [ "$?" == "0" ]; then
+		echo "trying to ssh into peer '${peername}' (${target})"
+		ssh -l root -6 ${target}%br-ffpb
+	fi
+}
+
+function pingpeer()
+{
+	peername=$1
+	target=$(peer2v6ll $peername)
+	if [ "$?" == "0" ]; then
+		echo "pinging peer '${peername}' (${target})"
+		ping6 ${target}%br-ffpb
+	fi
+}
+
+function peerstatus()
+{
+	peername=$1
+	target=$(peer2v6ll $peername fdca:ffee:ff12:132:)
+	tf=`tempfile`
+	echo -en "\e[97mFetching node status of '$peername' ...\e[39m "
+	wget -q "http://[$target]/cgi-bin/status" -O $tf
+	if [ $? -eq 0 ]; then
+		echo -e "\e[92mOK\e[39m"
+		cp $tf /tmp/ffpb-nodestatus-$peername.htm
+		#less /tmp/ffpb-nodestatus-$peername.htm
+		lynx -dump /tmp/ffpb-nodestatus-$peername.htm
+	else
+		echo -e "\e[91mERROR\e[39m"
+	fi
+	rm $tf
+}

bash/bashrc.root

@@ -0,0 +1,23 @@
+# ~/.bashrc: executed by bash(1) for non-login shells.
+
+# Note: PS1 and umask are already set in /etc/profile. You should not
+# need this unless you want different defaults for root.
+fqdn=$(hostname -f)
+PS1='${debian_chroot:+($debian_chroot)}${fqdn}:\w\$ '
+# umask 022
+
+# You may uncomment the following lines if you want `ls' to be colorized:
+export LS_OPTIONS='--color=auto'
+eval "`dircolors`"
+alias ls='ls $LS_OPTIONS'
+# alias ll='ls $LS_OPTIONS -l'
+# alias l='ls $LS_OPTIONS -lA'
+#
+# Some more alias to avoid making mistakes:
+# alias rm='rm -i'
+# alias cp='cp -i'
+# alias mv='mv -i'
+
+if [ -f ~/.bash_aliases ]; then
+	. ~/.bash_aliases
+fi

bash/init.sls

@@ -0,0 +1,20 @@
+#
+# Bash
+#
+
+{%- import "globals.sls" as globals with context %}
+
+#
+# .bashrc for root
+/root/.bashrc:
+  file.managed:
+    - source: salt://bash/bashrc.root
+    - template: jinja
+
+#
+# Nifty aliases for gateway
+{% if 'gateway' in globals.ROLES %}
+/root/.bash_aliases:
+  file.managed:
+    - source: salt://bash/bash_aliases.root
+{% endif %}

console-tools/config

@@ -0,0 +1,72 @@
+#
+# This files tells the console-tools package: (Salt managed)
+#
+# - whether to load a specific font and boot (and maybe a screen-font map,
+# but you should avoid that if possible).
+# - whether to setup an Application-Charset Map other than the default CP437.
+# - whether to start "vcstime" to have time on all text VC'S.
+#
+# You can also specify per-VC settings by suffixing variable names as in
+# the examples below. This only works on framebuffer devices.
+#
+# CAVEATS:
+#
+# - When using the new framebuffer devices, the "global setting" for a font
+# only affects the current console (ie., at boot-time, the first one)
+# - ACM setting involves 2 steps (maybe loading a user ACM, and activating
+# it on a given charset slot - see charset(1) for details), the 1st of which
+# affects the entire system, but the 2nd of which only affects the current
+# VC (ie., at boot-time, the first one).  So that if you want to use the same
+# ACM on all VCs, you have to specify "APP_CHARSET_MAP_vc<N>=user" for all
+# relevant values of <N>.
+#
+# Example:
+#
+#SCREEN_FONT=iso01.f16
+#SCREEN_FONT_vc2=LatArCyrHeb-16
+#
+#APP_CHARSET_MAP=iso05
+#APP_CHARSET_MAP_vc2=user
+#
+# Set the following - more euro-friendly default than kernel font.
+# SCREEN_FONT=latcyrheb-sun16.psf
+
+#DO_VCSTIME=yes
+#
+# Forget this one unless you _know_ it is necessary for your font:
+#SCREEN_FONT_MAP=iso01
+
+#  **** screen saver/DPMS settings: all VCs ****
+# These settings are commented by default to avoid the chance of damage to
+# very old monitors that don't support DPMS signalling.
+
+# screen blanking timeout.  monitor remains on, but the screen is cleared to
+# range: 0-60 min (0==never)  kernels I've looked at default to 10 minutes.
+# (see linux/drivers/char/console.c)
+BLANK_TIME=0
+
+# blanking method (VESA DPMS mode to use after BLANK_TIME, before powerdown):
+# on: the default, no DPMS signalling. near instant powerup, no power saving
+# vsync: DPMS Standby mode. nearly instant recovery, uses 110/120W (17" screen)
+# hsync: DPMS Suspend mode. typically 3s recovery, uses 15/120W (17" screen)
+# powerdown,off: DPMS Off mode, typ. 10s recovery, uses  5/120W (17" screen)
+
+# Those values are for my 17" Mag, but some monitors do suspend the same as
+# standby.  xset dpms force {off|standby|suspend|on} is useful for this, if X
+# supports DPMS on your video card.  Set X's DPMS screensaver with xset dpms
+# or use option power_saver in XF86Config
+#
+# DPMS set by default to off, because hsync can cause problems on certain
+# hardware, such as Armada E500 laptops
+BLANK_DPMS=off
+
+# Powerdown time.  The console will go to DPMS Off mode POWERDOWN_TIME
+# minutes _after_ blanking.  (POWERDOWN_TIME + BLANK_TIME after the last input)
+POWERDOWN_TIME=0
+
+# rate and delay can get only specific values, consult kbdrate(1) for help
+#KEYBOARD_RATE="30"
+#KEYBOARD_DELAY="250"
+
+# Turn on numlock by default
+#LEDS=+num

console-tools/init.sls

@@ -0,0 +1,21 @@
+#
+# Install and configure console-tools to disable scree blanking
+#
+
+{% if grains['oscodename'] == 'wheezy' %}
+console-tools:
+  pkg.installed:
+    - name: console-tools
+
+/etc/console-tools/config:
+  file.managed:
+    - source: salt://console-tools/config
+    - require:
+      - pkg: console-tools
+{%- endif %}
+
+{% if grains['oscodename'] == 'jessie' %}
+/etc/issue:
+  file.managed:
+    - source: salt://console-tools/issue.Debian.jessie
+{% endif %}

console-tools/issue.Debian.jessie

@@ -0,0 +1,3 @@
+Debian GNU/Linux 8 \n \l
+
+[9;0]

locales/init.sls

@@ -0,0 +1,25 @@
+#
+# Configure locales
+#
+
+locales:
+  pkg.installed
+
+# Workaround missing locale.present in our salt version
+/etc/locale.gen:
+  file.managed:
+    - source: salt://locales/locale.gen
+    - require:
+      - pkg: locales
+
+locale-gen:
+  cmd.wait:
+    - watch:
+      - file: /etc/locale.gen
+
+en_US.UTF-8:
+  locale.system:
+    - require:
+      - file: /etc/locale.gen
+
+

locales/locale.gen

@@ -0,0 +1,13 @@
+#
+# Locale to be generated (Salt managed)
+#
+# This file lists locales that you wish to have built. You can find a list
+# of valid supported locales at /usr/share/i18n/SUPPORTED, and you can add
+# user defined locales to /usr/local/share/i18n/SUPPORTED. If you change
+# this file, you need to rerun locale-gen.
+
+de_DE.UTF-8 UTF-8
+de_DE@euro ISO-8859-15
+
+en_US.ISO-8859-15 ISO-8859-15
+en_US.UTF-8 UTF-8

mosh/init.sls

@@ -0,0 +1,11 @@
+#
+# Mosh
+#
+
+mosh:
+  pkg.installed:
+    - name: 'mosh'
+
+/etc/ufw/applications.d/mosh:
+  file.managed:
+    - source: salt://mosh/mosh.ufw.conf

mosh/mosh.ufw.conf

@@ -0,0 +1,4 @@
+[mosh]
+title=Mosh (mobile shell)
+description=Mobile shell that supports roaming and intelligent local echo
+ports=60000:60010/udp

ntp/init.sls

@@ -0,0 +1,12 @@
+#
+# NTP
+#
+
+ntp:
+  pkg.installed:
+    - name: ntp
+
+
+/etc/ntp.conf:
+  file.managed:
+    - source: salt://ntp/ntp.conf

ntp/ntp.conf

@@ -0,0 +1,44 @@
+#
+# /etc/ntp.conf (Salt managed)
+#
+# configuration for ntpd; see ntp.conf(5) for help
+#
+driftfile /var/lib/ntp/ntp.drift
+
+# Enable this if you want statistics to be logged.
+#statsdir /var/log/ntpstats/
+
+statistics loopstats peerstats clockstats
+filegen loopstats file loopstats type day enable
+filegen peerstats file peerstats type day enable
+filegen clockstats file clockstats type day enable
+
+
+# You do need to talk to an NTP server or two (or three).
+#server ntp.your-provider.example
+
+# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
+# pick a different set every time it starts up.  Please consider joining the
+# pool: <http://www.pool.ntp.org/join.html>
+server 0.debian.pool.ntp.org iburst
+server 1.debian.pool.ntp.org iburst
+server 2.debian.pool.ntp.org iburst
+
+# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
+# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
+# might also be helpful.
+#
+# Note that "restrict" applies to both servers and clients, so a configuration
+# that might be intended to block requests from certain clients could also end
+# up blocking replies from your own upstream servers.
+
+# By default, exchange time with everybody, but don't allow configuration.
+restrict -4 default kod notrap nomodify nopeer noquery
+restrict -6 default kod notrap nomodify nopeer noquery
+
+# Local users may interrogate the ntp server more closely.
+restrict 127.0.0.1
+restrict ::1
+
+# CVE-2013-5211
+disable monitor

postfix/aliases

@@ -0,0 +1,15 @@
+# /etc/aliases
+mailer-daemon: postmaster
+postmaster: root
+nobody: root
+hostmaster: root
+usenet: root
+news: root
+webmaster: root
+www: root
+ftp: root
+abuse: root
+noc: root
+security: root
+
+root: [email protected]

postfix/init.sls

@@ -0,0 +1,46 @@
+#
+# Postfix
+#
+
+# Force installation of bsd-mailx as it's not installed anymore in Debian Jessie..
+bsd-mailx:
+  pkg.installed:
+    - name: bsd-mailx
+
+
+postfix:
+  pkg.installed:
+    - name: postfix
+    - requires:
+      - file: /etc/mailname
+  service.running:
+    - enable: true
+    - reload: true
+
+#
+# Don't listen on port 25, by default, a unix socket is enough.
+/etc/postfix/master.cf:
+  file.managed:
+    - source:
+      - salt://postfix/master.cf.{{ grains['nodename'] }}
+      - salt://postfix/master.cf
+    - watch_in:
+      - service: postfix
+
+#
+# Send root mail to [email protected]
+/etc/aliases:
+  file.managed:
+    - source: salt://postfix/aliases
+
+newaliases:
+  cmd.wait:
+    - name: /usr/bin/newaliases
+    - watch:
+      - file: /etc/aliases
+
+
+# Set mailname for xxx.paderborn.freifunk.net (FIXME)
+/etc/mailname:
+  file.managed:
+    - contents: "{{ grains.nodename }}.paderborn.freifunk.net"