{% set system = salt['grains.filter_by']({ 'Arch': { 'pkgs': ['sudo', 'vim', 'wget'], 'utc': true, 'user': {}, 'group': {}, 'job': {}, 'limit': {}, 'locale': {}, 'motd': {}, 'env': {}, 'profile': {}, 'proxy': {}, 'repo': {}, 'package': {}, 'autoupdates': { 'pkgs': [] }, 'selinux': 'permissive', 'ca_certs_dir': '/usr/local/share/ca-certificates', 'ca_certs_bin': 'update-ca-certificates', 'atop': { 'enabled': false, 'interval': '20', 'autostart': true, 'logpath': '/var/log/atop', 'outfile': '/var/log/atop/daily.log' }, 'at': { 'pkgs': [], 'services': [] }, 'cron': { 'pkgs': [], 'services': [] }, }, 'Debian': { 'pkgs': ['python-apt', 'apt-transport-https', 'libmnl0'], 'utc': true, 'user': {}, 'group': {}, 'job': {}, 'limit': {}, 'locale': {}, 'motd': {}, 'env': {}, 'profile': {}, 'proxy': {}, 'repo': {}, 'package': {}, 'autoupdates': { 'pkgs': ['unattended-upgrades'] }, 'selinux': 'permissive', 'ca_certs_dir': '/usr/local/share/ca-certificates', 'ca_certs_bin': 'update-ca-certificates', 'atop': { 'enabled': false, 'interval': '20', 'autostart': true, 'logpath': '/var/log/atop', 'outfile': '/var/log/atop/daily.log' }, 'at': { 'pkgs': ['at'], 'services': ['atd'], 'user': {} }, 'cron': { 'pkgs': ['cron'], 'services': ['cron'], 'user': {} }, }, 'RedHat': { 'pkgs': ['policycoreutils', 'policycoreutils-python', 'telnet', 'wget'], 'utc': true, 'user': {}, 'group': {}, 'job': {}, 'limit': {}, 'locale': {}, 'motd': {}, 'env': {}, 'profile': {}, 'proxy': {}, 'repo': {}, 'package': {}, 'autoupdates': { 'pkgs': [] }, 'selinux': 'permissive', 'ca_certs_dir': '/etc/pki/ca-trust/source/anchors', 'ca_certs_bin': 'update-ca-trust extract', 'atop': { 'enabled': false, 'interval': '20', 'autostart': true, 'logpath': '/var/log/atop', 'outfile': '/var/log/atop/daily.log' }, 'at': { 'pkgs': [], 'services': [] }, 'cron': { 'pkgs': [], 'services': [] }, }, }, merge=salt['grains.filter_by']({ 'bullseye': { 'pkgs': ['python3-apt', 'apt-transport-https', 'libmnl0'], }, 'bookworm': { 'pkgs': ['python3-apt', 'apt-transport-https', 'libmnl0'], }, 'sid': { 'pkgs': ['python3-apt', 'apt-transport-https', 'libmnl0'], }, }, grain='oscodename', merge=salt['pillar.get']('linux:system'))) %} {% set banner = salt['grains.filter_by']({ 'BaseDefaults': { 'enabled': false, }, }, grain='os_family', merge=salt['pillar.get']('linux:system:banner'), base='BaseDefaults') %} {% set auth = salt['grains.filter_by']({ 'Arch': { 'enabled': false, 'duo': { 'enabled': false, 'duo_host': 'localhost', 'duo_ikey': '', 'duo_skey': '' } }, 'RedHat': { 'enabled': false, 'duo': { 'enabled': false, 'duo_host': 'localhost', 'duo_ikey': '', 'duo_skey': '' } }, 'Debian': { 'enabled': false, 'duo': { 'enabled': false, 'duo_host': 'localhost', 'duo_ikey': '', 'duo_skey': '' } }, }, grain='os_family', merge=salt['pillar.get']('linux:system:auth')) %} {% set ldap = salt['grains.filter_by']({ 'RedHat': { 'enabled': false, 'pkgs': ['openldap-clients', 'nss-pam-ldapd', 'authconfig', 'nscd'], 'version': '3', 'scope': 'sub', 'uid': 'nslcd', 'gid': 'nslcd', }, 'Debian': { 'enabled': false, 'pkgs': ['libnss-ldapd', 'libpam-ldapd', 'nscd'], 'version': '3', 'scope': 'sub', 'uid': 'nslcd', 'gid': 'nslcd', }, }, grain='os_family', merge=salt['pillar.get']('linux:system:auth:ldap')) %} {%- load_yaml as login_defs_defaults %} Debian: CHFN_RESTRICT: value: 'rwh' DEFAULT_HOME: value: 'yes' ENCRYPT_METHOD: value: 'SHA512' ENV_PATH: value: 'PATH=/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games' ENV_SUPATH: value: 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin' ERASECHAR: value: '0177' FAILLOG_ENAB: value: 'yes' FTMP_FILE: value: '/var/log/btmp' GID_MAX: value: '60000' GID_MIN: value: '1000' HUSHLOGIN_FILE: value: '.hushlogin' KILLCHAR: value: '025' LOGIN_RETRIES: value: '5' LOGIN_TIMEOUT: value: '60' LOG_OK_LOGINS: value: 'no' LOG_UNKFAIL_ENAB: value: 'no' MAIL_DIR: value: '/var/mail' PASS_MAX_DAYS: value: '99999' PASS_MIN_DAYS: value: '0' PASS_WARN_AGE: value: '7' SU_NAME: value: 'su' SYSLOG_SG_ENAB: value: 'yes' SYSLOG_SU_ENAB: value: 'yes' TTYGROUP: value: 'tty' TTYPERM: value: '0600' UID_MAX: value: '60000' UID_MIN: value: '1000' UMASK: value: '022' USERGROUPS_ENAB: value: 'yes' {%- endload %} {%- set login_defs = salt['grains.filter_by'](login_defs_defaults, grain='os_family', merge=salt['pillar.get']('linux:system:login_defs')) %} {# 'network_name', #} {% set interface_params = [ 'gateway', 'mtu', 'network', 'broadcast', 'master', 'miimon', 'ovs_ports', 'ovs_bridge', 'mode', 'port_type', 'peer', 'lacp-rate', 'dns-search', 'up_cmds', 'pre_up_cmds', 'post_up_cmds', 'down_cmds', 'pre_down_cmds', 'post_down_cmds', 'maxwait', 'stp', 'gro', 'rx', 'tx', 'sg', 'tso', 'ufo', 'gso', 'lro', 'lacp_rate', 'ad_select', 'downdelay', 'updelay', 'hashing-algorithm', 'hardware-dma-ring-rx', 'hwaddr', 'noifupdown', 'arp_ip_target', 'primary', ] %} {% set debian_headers = "linux-headers-" + grains.get('kernelrelease')|string %} {% set network = salt['grains.filter_by']({ 'Arch': { 'pkgs': ['wpa_supplicant', 'dhclient', 'wireless_tools', 'ifenslave'], 'bridge_pkgs': ['bridge-utils', 'vlan'], 'ovs_pkgs': ['openvswitch-switch', 'vlan'], 'hostname_file': '/etc/hostname', 'network_manager': False, 'systemd': {}, 'interface': {}, 'interface_params': interface_params, 'bridge': 'none', 'proxy': { 'host': 'none', }, 'host': {}, 'mine_dns_records': False, 'dhclient_config': '/etc/dhcp/dhclient.conf', 'ovs_nowait': False, }, 'Debian': { 'pkgs': ['ifenslave'], 'hostname_file': '/etc/hostname', 'bridge_pkgs': ['bridge-utils', 'vlan'], 'ovs_pkgs': ['openvswitch-switch', 'bridge-utils', 'vlan'], 'dpdk_pkgs': ['dpdk', 'dpdk-dev', 'dpdk-igb-uio-dkms', 'dpdk-rte-kni-dkms', debian_headers.encode('utf8') ], 'network_manager': False, 'systemd': {}, 'interface': {}, 'interface_params': interface_params, 'bridge': 'none', 'proxy': { 'host': 'none' }, 'host': {}, 'mine_dns_records': False, 'dhclient_config': '/etc/dhcp/dhclient.conf', 'ovs_nowait': False, }, 'RedHat': { 'pkgs': ['iputils'], 'bridge_pkgs': ['bridge-utils', 'vlan'], 'ovs_pkgs': ['openvswitch-switch', 'bridge-utils', 'vlan'], 'hostname_file': '/etc/sysconfig/network', 'network_manager': False, 'systemd': {}, 'interface': {}, 'interface_params': interface_params, 'bridge': 'none', 'proxy': { 'host': 'none' }, 'host': {}, 'mine_dns_records': False, 'dhclient_config': '/etc/dhcp/dhclient.conf', 'ovs_nowait': False, }, }, grain='os_family', merge=salt['pillar.get']('linux:network')) %} {% set storage = salt['grains.filter_by']({ 'Arch': { 'mount': {}, 'swap': {}, 'disk': {}, 'lvm': {}, 'lvm_services': ['lvm2-lvmetad', 'lvm2-lvmpolld', 'lvm2-monitor'], 'loopback': {}, 'nfs': { 'pkgs': ['nfs-utils'] }, 'multipath': { 'enabled': False, 'pkgs': ['multipath-tools', 'multipath-tools-boot'], 'service': '' }, }, 'Debian': { 'mount': {}, 'swap': {}, 'lvm': {}, 'disk': {}, 'lvm_services': ['lvm2-lvmetad', 'lvm2-lvmpolld', 'lvm2-monitor'], 'loopback': {}, 'nfs': { 'pkgs': ['nfs-common'] }, 'multipath': { 'enabled': False, 'pkgs': ['multipath-tools', 'multipath-tools-boot'], 'service': 'multipath-tools' }, 'lvm_pkgs': ['lvm2'], }, 'RedHat': { 'mount': {}, 'swap': {}, 'lvm': {}, 'disk': {}, 'lvm_services': ['lvm2-lvmetad', 'lvm2-lvmpolld', 'lvm2-monitor'], 'loopback': {}, 'nfs': { 'pkgs': ['nfs-utils'] }, 'multipath': { 'enabled': False, 'pkgs': [], 'service': 'multipath' }, }, }, merge=salt['grains.filter_by']({ 'focal': { 'lvm_services': ['lvm2-monitor'], }, 'buster': { 'lvm_services': ['lvm2-monitor'], }, 'bullseye': { 'lvm_services': ['lvm2-monitor'], }, 'bookworm': { 'lvm_services': ['lvm2-monitor'], }, 'sid': { 'lvm_services': ['lvm2-monitor'], }, 'trusty': { 'lvm_services': ['udev'], }, }, grain='oscodename', merge=salt['pillar.get']('linux:storage'))) %} {% set monitoring = salt['grains.filter_by']({ 'default': { 'bond_status': { 'interfaces': False }, 'zombie': { 'warn': 3, 'crit': 7, }, 'procs': { 'warn': 5000, 'crit': 10000, }, 'load': { 'warn': '6,4,2', 'crit': '12,8,4', }, 'swap': { 'warn': '50%', 'crit': '20%', }, 'disk': { 'warn': '15%', 'crit': '5%', }, 'netlink': { 'interfaces': [], 'interface_regex': '^[a-z0-9]+$', 'ignore_selected': False, }, 'cpu_usage_percentage': { 'warn': 90.0, }, 'memory_usage_percentage': { 'warn': 90.0, 'major': 95.0, }, 'disk_usage_percentage': { 'warn': 85.0, 'major': 95.0, }, 'swap_usage_percentage': { 'warn': 50.0, 'minor': 90.0, }, 'inodes_usage_percentage': { 'warn': 85.0, 'major': 95.0, }, 'system_load_threshold': { 'warn': 1, 'crit': 2, }, 'rx_packets_dropped_threshold': { 'warn': 100, }, 'tx_packets_dropped_threshold': { 'warn': 100, }, 'swap_in_rate': { 'warn': 1024 * 1024, }, 'swap_out_rate': { 'warn': 1024 * 1024, }, 'failed_auths_threshold': { 'warn': 5, }, 'net_rx_action_per_cpu_threshold': { 'warning': '500', 'minor': '5000' }, 'packets_dropped_per_cpu_threshold': { 'minor': '0', 'major': '100' } }, }, grain='os_family', merge=salt['pillar.get']('linux:monitoring')) %}