-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathec2_debian_custom.rb
122 lines (97 loc) · 2.35 KB
/
ec2_debian_custom.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
# ec2 debian specific
dep 'ec2_debian_custom' do
# set locale, US by default
requires 'set_us_locale'
# set server env such as production
requires 'env'
# add root zshrc
requires 'zshrc'.with('root')
requires 'zshrc'.with('admin')
# add root gemrc
requires 'gemrc'.with('root')
requires 'gemrc'.with('admin')
# add v bin and priit vim
requires 'vimrc_priit.copy'
# cleanup ssh welcome text
requires 'motd_empty'
# sshd origin backup
requires 'sshd_config_day_backup'
# verify ssh root login is off
requires 'sshd_root_login_should_be_off'
# verify ssh password login is off
requires 'sshd_password_should_be_off'
# require admin password
requires 'replace_default_admin_sudoer'
end
# cleanup ssh welcome text
dep 'motd_empty' do
met? do
!"/etc/motd".p.exists?
end
meet do
shell "mv /etc/motd /etc/motd.old"
end
end
# env
dep 'env', :env do
env.default('production').choose(%w[development staging production])
met? do
'/opt/development'.p.exists? ||
'/opt/staging'.p.exists? ||
'/opt/production'.p.exists?
end
meet do
sudo "touch /opt/#{env}"
end
end
# locale
dep 'set_us_locale' do
met? { '/etc/locale.gen'.p.grep(/^en\_US\.UTF\-8 UTF\-8/) }
meet do
'/etc/locale.gen'.p.append('en_US.UTF-8 UTF-8')
shell '/usr/sbin/locale-gen'
end
end
dep 'admin_password', :password do
setup do
unmeetable! 'This dep must be run as root.' unless shell('whoami') == 'root'
if !password?
@add_it = true if confirm('User admin does not have password, should we add it? (y/n)', default: 'n')
end
end
met? do
if @add_it
password?
else
true
end
end
meet do
password.ask('Add a new admin password')
shell "echo 'admin:#{password}' | chpasswd"
end
def password?
shell('sudo -k') # expire an existing cached password
shell('passwd --status admin').split(' ')[1] == 'P'
end
end
dep 'replace_default_admin_sudoer' do
requires 'admin_password'
met? do
path.p.exists? && !path.p.grep(/^# Created by cloud-init/)
end
meet do
filename.p.write("admin ALL=(ALL:ALL) ALL")
if shell "visudo -cf #{filename}"
shell "mv #{filename} #{path}"
else
puts 'Syntax error in new sudoers file'
end
end
def path
"/etc/sudoers.d/#{filename}"
end
def filename
"90-cloud-init-users"
end
end