Import initial

darcs-hash:20071123054414-af139-3e7506d4f7b48d7a09db2963f9f271d564c3ee75.gz

Base/needed.xml

@@ -0,0 +1,3 @@
+<Base>
+  <Package name="python"/>
+<Base/>

Base/utils.xml

@@ -0,0 +1,8 @@
+<Base>
+  <!-- Les paquets utiles pour l'utilisation de tous les jours -->
+  <Package name="emacs"/>
+  <Package name="zsh"/>
+  <Package name="procinfo"/>
+  <Package name="ipython"/>
+  <Package name="less"/>
+</Base>

Bundler/apt-listbugs.xml

@@ -0,0 +1,7 @@
+<Bundle name="ssh" version="2.0" revision="$Rev$"
+	origin="$URL$">
+  <ConfigFile name="/etc/ssh/locale.gen"/>
+  <ConfigFile name="/etc/environment"/>
+  <Package name="ssh"/>
+  <Service name="ssh"/>
+</Bundle>

Bundler/apt-listchanges.xml

@@ -0,0 +1,5 @@
+<Bundle name="apt-listchanges" version="2.0" revision="$Rev$"
+	origin="$URL$">
+  <ConfigFile name="/etc/apt/listchanges.conf"/>
+  <Package name="apt-listchanges"/>
+</Bundle>

Bundler/apt.xml

@@ -0,0 +1,5 @@
+<Bundle name="apt" version="2.0" revision="$Rev$"
+	origin="$URL$">
+  <ConfigFile name="/etc/apt/apt.conf.d/70debconf"/>
+  <Package name="a"/>
+</Bundle>

Bundler/autofs.xml

@@ -0,0 +1,6 @@
+<Bundle name="autofs" version="2.0" revision="$Rev$"
+	origin="$URL$">
+  <ConfigFile name="/etc/auto.master"/>
+  <ConfigFile name="/etc/auto.home"/>
+  <Package name="autofs"/>
+</Bundle>

Bundler/debconf.xml

@@ -0,0 +1,5 @@
+<Bundle name="debconf" version="2.0" revision="$Rev$"
+	origin="$URL$">
+  <ConfigFile name="/etc/apt/apt.conf.d/70debconf"/>
+  <Package name="debconf"/>
+</Bundle>

Bundler/ldap.xml

@@ -0,0 +1,20 @@
+<Bundle name="ldap" version="2.0" revision="$Rev$"
+	origin="$URL$">
+  <ConfigFile name="/etc/ldap/ldap.conf"/>
+  <ConfigFile name="/etc/libnss-ldap.conf"/>
+  <ConfigFile name="/etc/libnss-ldap.secret"/>
+  <ConfigFile name="/etc/pam_ldap.conf"/>
+  <ConfigFile name="/etc/pam.d/common-account"/>
+  <ConfigFile name="/etc/pam.d/common-auth"/>
+  <ConfigFile name="/etc/pam.d/common-password"/>
+  <ConfigFile name="/etc/pam.d/common-session"/>
+  <ConfigFile name="/etc/nsswitch.conf"/>
+  <Service name="ssh"/>
+  <Group name="db-server">
+    <Package name="wfrench"/>
+    <Package name="slapd"/>
+    <Package name="libnss-ldap"/>
+    <Package name="libpam-ldap"/>
+    <Package name="libpam-cracklib"/>
+  </Group>
+</Bundle>

Bundler/locale-generation.xml

@@ -0,0 +1,5 @@
+<Bundle name="locale-generation" version="2.0" revision="$Rev$"
+	origin="$URL$">
+  <ConfigFile name="/etc/locale.gen"/>
+  <Action name="generate-locales"/>
+</Bundle>

Bundler/locale.xml

@@ -0,0 +1,6 @@
+<Bundle name="locale" version="2.0" revision="$Rev$"
+	origin="$URL$">
+  <ConfigFile name="/etc/locale.gen"/>
+  <ConfigFile name="/etc/environment"/>
+  <Package name="locales"/>
+</Bundle>

Bundler/postfix.xml

@@ -0,0 +1,13 @@
+<Bundle name="postfix" version="2.0" revision="$Rev$"
+	origin="$URL$">
+  <Package name="postfix"/>
+  <Service name="postfix"/>
+  <ConfigFile name="/etc/postfix/main.cf"/>
+  <ConfigFile name="/etc/postfix/master.cf"/>
+  <Group name="mail-mx">
+    <Package name="postfix-ldap"/>
+    <ConfigFile name="ldap-aliases.cf"/>
+    <ConfigFile name="ldap-canonical.cf"/>
+    <ConfigFile name="ldap-sqlgrey.cf"/>
+  </Group>
+</Bundle>

Bundler/postfix_aliases.xml

@@ -0,0 +1,5 @@
+<Bundle name="postfix_aliases" version="2.0" revision="$Rev$"
+	origin="$URL$">
+  <ConfigFile name="/etc/postfix/aliases"/>
+  <Action name="update-postfix-aliases"/>
+</Bundle>

Bundler/postfix_canonical.xml

@@ -0,0 +1,11 @@
+<Bundle name="postfix_canonical" version="2.0" revision="$Rev$"
+	origin="$URL$">
+  <Group name="mail-mx" nagate="True">
+    <ConfigFile name="/etc/postfix/canonical"/>
+    <Action name="update-postfix-canonical"/>
+  </Group>
+  <Group name="mail-mx-secours">
+    <ConfigFile name="/etc/postfix/canonical"/>
+    <Action name="update-postfix-canonical"/>
+  </Group>
+</Bundle>

Bundler/postfix_mime_header_checks.xml

@@ -0,0 +1,7 @@
+<Bundle name="postfix_mime_header_checks" version="2.0" revision="$Rev$"
+	origin="$URL$">
+  <Group name="mail-mx">
+    <ConfigFile name="/etc/postfix/mime_header_checks"/>
+    <Action name="update-postfix-mime_header_checks"/>
+  </Group>
+</Bundle>

Bundler/postfix_sqlgrey_recipient_access.xml

@@ -0,0 +1,7 @@
+<Bundle name="postfix_sqlgrey_recipient_access" version="2.0" revision="$Rev$"
+	origin="$URL$">
+  <Group name="mail-mx">
+    <ConfigFile name="/etc/postfix/sqlgrey_recipient_access"/>
+    <Action name="update-postfix-sqlgrey_recipient_access"/>
+  </Group>
+</Bundle>

Bundler/postfix_transport.xml

@@ -0,0 +1,7 @@
+<Bundle name="postfix_transport" version="2.0" revision="$Rev$"
+	origin="$URL$">
+  <Group name="mail-mx">
+    <ConfigFile name="/etc/postfix/transport"/>
+    <Action name="update-postfix-transport"/>
+  </Group>
+</Bundle>

Bundler/postfix_virtual.xml

@@ -0,0 +1,7 @@
+<Bundle name="postfix_virtual" version="2.0" revision="$Rev$"
+	origin="$URL$">
+  <Group name="mail-mx">
+    <ConfigFile name="/etc/postfix/virtual"/>
+    <Action name="update-postfix-virtual"/>
+  </Group>
+</Bundle>

Bundler/ssh.xml

@@ -0,0 +1,16 @@
+<Bundle name="ssh" version="2.0" revision="$Rev$"
+	origin="$URL$">
+  <!-- Fichiers gere par le plugin SSHbase -->
+  <ConfigFile name="/etc/ssh/ssh_host_dsa_key"/>
+  <ConfigFile name="/etc/ssh/ssh_host_rsa_key"/>
+  <ConfigFile name="/etc/ssh/ssh_host_dsa_key.pub"/>
+  <ConfigFile name="/etc/ssh/ssh_host_rsa_key.pub"/>
+  <ConfigFile name="/etc/ssh/ssh_host_key"/>
+  <ConfigFile name="/etc/ssh/ssh_host_key.pub"/>
+  <ConfigFile name="/etc/ssh/ssh_known_hosts"/>
+  <!-->
+  <ConfigFile name="/etc/ssh/sshd_config"/>
+  <ConfigFile name="/etc/ssh/ssh_config"/>
+  <Package name="ssh"/>
+  <Service name="ssh"/>
+</Bundle>

Bundler/sudo.xml

@@ -0,0 +1,5 @@
+<Bundle name="sudo" version="2.0" revision="$Rev$"
+	origin="$URL$">
+  <ConfigFile name="/etc/sudoers"/>
+  <Package name="sudo"/>
+</Bundle>

Cfg/etc/environment/environment

@@ -0,0 +1 @@
+LANG="fr_FR.UTF-8"

Cfg/etc/locale.gen/locale.gen

@@ -0,0 +1 @@
+fr_FR.UTF-8 UTF-8

Cfg/etc/ssh/ssh_config/ssh_config

@@ -0,0 +1,46 @@
+#
+# This is the ssh client system-wide configuration file.  See
+# ssh_config(5) for more information.  This file provides defaults for
+# users, and the values can be changed in per-user configuration files
+# or on the command line.
+
+# Configuration data is parsed as follows:
+#  1. command line options
+#  2. user-specific file
+#  3. system-wide file
+# Any configuration value is only changed the first time it is set.
+# Thus, host-specific definitions should be at the beginning of the
+# configuration file, and defaults at the end.
+
+# Site-wide defaults for some commonly used options.  For a comprehensive
+# list of available options, their meanings and defaults, please see the
+# ssh_config(5) man page.
+
+Host *
+#   ForwardAgent no
+#   ForwardX11 no
+#   ForwardX11Trusted yes
+#   RhostsRSAAuthentication no
+#   RSAAuthentication yes
+#   PasswordAuthentication yes
+#   HostbasedAuthentication no
+#   BatchMode no
+#   CheckHostIP yes
+#   AddressFamily any
+#   ConnectTimeout 0
+#   StrictHostKeyChecking ask
+#   IdentityFile ~/.ssh/identity
+#   IdentityFile ~/.ssh/id_rsa
+#   IdentityFile ~/.ssh/id_dsa
+#   Port 22
+#   Protocol 2,1
+#   Cipher 3des
+#   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
+#   EscapeChar ~
+#   Tunnel no
+#   TunnelDevice any:any
+#   PermitLocalCommand no
+    SendEnv LANG LC_*
+    HashKnownHosts yes
+    GSSAPIAuthentication yes
+    GSSAPIDelegateCredentials no

Metadata/clients.xml

@@ -0,0 +1,3 @@
+<Clients version="3.0">
+  <Client name="bcfg2tmp0.adm.crans.org" profile="basic" pingable="Y" pingtime="0">
+</Clients>

Metadata/groups.xml

@@ -0,0 +1,134 @@
+<Groups version="3.0" revision="$Rev$"
+	origin="$URL$">
+
+  <!-- *** Definition des serveurs ***
+    -->
+
+  <Group name="toto" profile="true">
+    <Group name="basic"/>
+    <Group name="mail-server"/>
+  </Group>
+
+  <Group name="zamok"
+	 comment="le serveur des adherents"
+	 profile="true">
+    <Group name="basic"/>
+    <Group name="users"/>
+    <Group name="mail-delivery"/>
+  </Group>
+
+  <Group name="rouge"
+	 profile="true">
+    <Group name="basic"/>
+    <Group name="mail-mx"/>
+  </Group>
+
+  <!-- *** Le groupe minimal ***
+       Le groupe basic est le groupe dans lequel tous les serveurs doivent
+       se trouver. Il contient tout ce qui est vital a un serveur du Cr@ns.
+    -->
+
+  <Group name="basic" profile="true" public="true"
+	 comment="groupe minimal pour un serveur du Crans"
+	 toolset="debian">
+    <Group name="locale"/>
+    <Group name="ssh"/>
+    <Group name="sudo"/>
+    <Group name="home"/>
+    <Group name="mail"/>
+  </Group>
+
+  <!-- *** Composantes du groupe de basic ***
+    -->
+
+  <Group name="locale"
+	 comment="gestion des locales">
+    <Bundle name="locale"/>
+    <Bundle name="locale-generation"/>
+  </Group>
+
+  <Group name="ssh"
+	 comment="client et serveur ssh">
+    <Group name="db"/>
+    <Bundle name="ssh"/>
+  </Group>
+
+  <Group name="sudo">
+    <Group name="db"/>
+    <Bundle name="sudo"/>
+  </Group>
+
+  <Group name="mail"
+	 comment="envoi de mail">
+    <Group name="mail-backend"/>
+  </Group>
+
+  <!-- -->
+
+  <Group name="db"
+	 comment="acces a la base de donnee du crans">
+    <Group name="db-backend"/>
+  </Group>
+
+  <!-- -->
+
+  <Group name="users"
+	 comment="le serveur sur les adherent peuvent se logger"/>
+
+  <Group name="db-main"
+	 comment="le serveur qui contient la base du crans"
+	 category="db">
+    <Group name="db-server"/>
+  </Group>
+
+  <Group name="db-replica"
+	 comment="serveur qui contient un replica de la base principale"
+	 category="db">
+    <Group name="db-server"/>
+  </Group>
+
+  <!-- -->
+
+  <Group name="db-server"
+	 comment="un server qui possede la base en local">
+    <Group name="db-backend"/>
+  </Group>
+
+  <!-- -->
+
+  <Group name="db-backend"
+	 comment="backend utilise pour la base de donnee">
+    <Group name="ldap"/>
+  </Group>
+
+  <Group name="mail-backend"
+	 comment="backend utilise pour les mails">
+    <Group name="postfix"/>
+  </Group>
+
+
+  <!-- *** Les backends ****
+    -->
+
+  <Group name="ldap"
+	 comment="base de donnee ldap"
+	 category="db-backend">
+    <Bundle name="ldap"/>
+  </Group>
+
+  <Group name="postgresql"
+	 comment="base de donnee postgresql"
+	 category="db-backend"/>
+
+  <Group name="postfix"
+	 category="mail-backend">
+    <Bundle name="postfix"/>
+    <Bundle name="postfix_aliases"/>
+    <Bundle name="postfix_transport"/>
+    <Bundle name="postfix_virtual"/>
+    <Bundle name="postfix_canonical"/>
+    <Bundle name="postfix_sqlgrey_recipient_access"/>
+    <Bundle name="postfix_mime_header_checks"/>
+  </Group>
+
+</Groups>

TCheetah/etc/ldap/ldap.conf/template

@@ -0,0 +1,20 @@
+# $OpenLDAP: pkg/ldap/libraries/libldap/ldap.conf,v 1.9 2000/09/04 19:57:01 kurt Exp $
+#
+# LDAP Defaults
+#
+#A ne modifier que sur VERT
+
+# See ldap.conf(5) for details
+# This file should be world readable but not world writable.
+
+BASE       dc=crans, dc=org
+#if "db-server" in $metadata.groups
+URI        ldapi://%2fvar%2frun%2fslapd%2fldapi/
+TLS_CACERT /etc/ssl/certs/CAcrans.pem
+#else
+URI        ldap://ldap.adm.crans.org
+#end if
+
+#SIZELIMIT	12
+#TIMELIMIT	15
+#DEREF		never

TCheetah/etc/ssh/sshd_config/template

@@ -0,0 +1,82 @@
+# -*- mode: conf -*-
+#
+# See the sshd(8) manpage for details
+
+## What ports, IPs and protocols we listen for
+Port 22
+## Use these options to restrict which interfaces/protocols sshd will bind to
+##ListenAddress ::
+##ListenAddress 0.0.0.0
+Protocol 2
+## HostKeys for protocol version 2
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_dsa_key
+##Privilege Separation is turned on for security
+UsePrivilegeSeparation yes
+
+## Lifetime and size of ephemeral version 1 server key
+KeyRegenerationInterval 3600
+ServerKeyBits 768
+
+## Logging
+SyslogFacility AUTH
+LogLevel INFO
+
+## Authentication:
+LoginGraceTime 120
+PermitRootLogin yes
+StrictModes yes
+
+RSAAuthentication yes
+PubkeyAuthentication yes
+##AuthorizedKeysFile	%h/.ssh/authorized_keys
+
+## Don't read the user's ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+## For this to work you will also need host keys in /etc/ssh_known_hosts
+RhostsRSAAuthentication no
+## similar for protocol version 2
+HostbasedAuthentication no
+## Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+##IgnoreUserKnownHosts yes
+
+## To enable empty passwords, change to yes (NOT RECOMMENDED)
+PermitEmptyPasswords no
+
+## Change to yes to enable challenge-response passwords (beware issues with
+## some PAM modules and threads)
+ChallengeResponseAuthentication yes
+
+## Change to no to disable tunnelled clear text passwords
+PasswordAuthentication no
+
+## Kerberos options
+##KerberosAuthentication no
+##KerberosGetAFSToken no
+##KerberosOrLocalPasswd yes
+##KerberosTicketCleanup yes
+
+## GSSAPI options
+##GSSAPIAuthentication no
+##GSSAPICleanupCredentials yes
+
+#if "users" in $metadata.groups
+X11Forwarding yes
+#else
+X11Forwarding no
+#endif
+X11DisplayOffset 10
+PrintMotd yes
+PrintLastLog yes
+TCPKeepAlive yes
+##UseLogin no
+
+##MaxStartups 10:30:60
+##Banner /etc/issue.net
+
+## Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+Subsystem sftp /usr/lib/openssh/sftp-server
+
+UsePAM yes