comfy 0.2.0

data/lib/templates/scientificlinux/scientificlinux.cfg.erb

@@ -0,0 +1,57 @@
+# Locale
+lang en_US.UTF-8
+keyboard us
+timezone UTC
+# Authentication
+## Sets up the authentication options - use shadow passwords, use md5 encryption for user passwords
+authconfig --enableshadow --enablemd5
+## Sets the system's root password
+rootpw <%= @data[:password] %>
+# Kickstart
+## Fresh install, not an upgrade
+install
+## Specify install source - install via HTTP, more SL urls here: http://www.scientificlinux.org/download/mirrors
+url --url=http://mirror.karneval.cz/pub/linux/scientific/<%= @data[:distro][:version]['major_version'] %>.<%= @data[:distro][:version]['minor_version'] %>/x86_64/os/
+## Disk Partitioning - how the boot loader should be installed, delete all partitions/mbr, then create new layout
+bootloader --location=mbr
+zerombr
+clearpart --all --initlabel
+part / --size=1 --grow
+## Firstboot - the druid that helps you to set up the system after install - disabled
+firstboot --disabled
+## Don't use GUI
+text
+## Don't configure X
+skipx
+## Reboot the machine after the install
+reboot
+## Configure NICs - use dhcp - disable IPv6
+network --device=eth0 --bootproto dhcp --onboot=yes --noipv6
+network --device=eth1 --bootproto dhcp --onboot=yes --noipv6
+## Firewall - enable and open ssh port
+firewall --enabled --service=ssh
+## Selinux - disable
+selinux --disabled
+## Add some repos for build additional packages
+#repo --name=epel --mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=x86_64 --includepkgs='dkms,tmux'
+%packages
+# Note that the Core and Base groups are always selected by default,
+# so it is not necessary to specify them in the %packages section.
+## Add basic packages groups
+@core
+@base
+## Add basic packages
+wget
+curl
+sudo
+bzip2
+## Add extra packages
+openssh-clients
+openssh-server
+rsync
+mc
+tmux
+%end
+%post
+/usr/bin/yum -y upgrade
+%end

data/lib/templates/scientificlinux/scientificlinux.description

@@ -0,0 +1,19 @@
+{
+  "name": "ScientificLinux",
+  "versions": [{
+      "major_version": "7",
+      "minor_version": "1",
+      "iso_url": "http://mirror.karneval.cz/pub/linux/scientific/7/x86_64/iso/SL-7.1-x86_64-netinst.iso",
+      "iso_checksum": "9b744b748199a7da27b181a6338b74520ea459ce80c240b8464f3842c10e79b6"
+    }],
+  "boot_command": "linux ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}",
+  "qemu": {
+    "accelerator": "kvm",
+    "qemuargs": [ [ "-m", "1024M" ] ]
+  },
+  "virtualbox": {
+    "guest_os_type": "RedHat_64",
+    "vboxmanage": [ ["modifyvm", "{{.Name}}", "--memory", "1024"] ],
+    "guest_additions_mode": "disable"
+  }
+}

data/lib/templates/scientificlinux/scripts/init.sh

@@ -0,0 +1,92 @@
+#!/usr/bin/env bash
+
+# add EPEL repository
+yum -y install http://ftp.astral.ro/mirrors/fedora/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
+# update already installed packages
+yum -y update
+# install new packages
+yum -y install cloud-init
+yum -y install fail2ban ntp
+yum -y install qemu-guest-agent
+yum -y install krb5-libs krb5-workstation pam_krb5
+yum -y install vim git
+yum -y remove chrony
+
+# set cloud-init to start after boot
+systemctl enable cloud-init-local
+systemctl enable cloud-init
+systemctl enable cloud-config
+systemctl enable cloud-final
+
+# NTPd start after boot
+systemctl enable ntpd.service
+
+# move configuration file to their right place
+mv /root/cloud.cfg /etc/cloud/cloud.cfg
+mv /root/krb5.conf /etc/krb5.conf
+mv /root/sshd_config /etc/ssh/sshd_config
+mv /root/10-ipv6.conf /etc/sysctl.d/10-ipv6.conf
+mv /root/grub /etc/default/grub
+mv /root/getty\@ttyS0.service /etc/systemd/system/getty\@ttyS0.service
+grub2-mkconfig -o /boot/grub2/grub.cfg
+ln -s /etc/systemd/system/getty\@ttyS0.service /etc/systemd/system/getty.target.wants/getty@ttyS0.service
+mv /root/ntp.conf /etc/ntp.conf
+mv /root/xen-domU.conf /etc/dracut.conf.d/xen-domU.conf
+
+# fail2ban
+mv /root/iptables-multiport.local /etc/fail2ban/action.d/iptables-multiport.local
+mv /root/jail.local /etc/fail2ban/jail.local
+mv /root/fail2ban.local /etc/fail2ban/fail2ban.local
+
+# pakiti-2-client
+rpm -i pakiti-2.1.5-1.noarch.rpm
+rm -f pakiti-2.1.5-1.noarch.rpm
+
+# check-mk-agent
+yum -y install check-mk-agent
+rpm -i check-mk-agent-meta-key-1.0-1.noarch.rpm
+rpm -i check-mk-agent-meta-checks-2.0-1.noarch.rpm
+rm -f check-mk-agent-meta-key-1.0-1.noarch.rpm
+rm -f check-mk-agent-meta-checks-2.0-1.noarch.rpm
+sed -i s/"disable\s*= no"/'disable       = yes'/g /etc/xinetd.d/check-mk-agent
+
+# remove hardware address (MAC) and UUID from NIC configuration files
+sed -i '/^HWADDR/d' /etc/sysconfig/network-scripts/ifcfg-eth*
+sed -i '/^UUID/d' /etc/sysconfig/network-scripts/ifcfg-eth*
+
+# make sure nothing is messing with NICs' MAC adresses
+unlink /etc/udev/rules.d/70-persistent-net.rules
+ln -s /dev/null /etc/udev/rules.d/70-persistent-net.rules
+unlink /etc/udev/rules.d/70-persistent-cd.rules
+ln -s /dev/null /etc/udev/rules.d/70-persistent-cd.rules
+
+# create configuration for second NIC if it's missing
+if [ ! -f /etc/sysconfig/network-scripts/ifcfg-eth1 ]; then
+  sed 's/eth0/eth1/g' /etc/sysconfig/network-scripts/ifcfg-eth0 > /etc/sysconfig/network-scripts/ifcfg-eth1
+fi
+
+# enable built-in networking
+# using both commands because of unfinished systemd support in system
+systemctl enable network
+chkconfig network on
+
+# disable NetworkManager
+systemctl disable NetworkManager
+
+#remove chrony to enable NTP service
+rpm -e chrony
+
+# allow to use sudo via ssh
+chmod u+w /etc/sudoers
+sed -i s/'Defaults    requiretty'/'#Defaults    requiretty'/g /etc/sudoers
+chmod -w /etc/sudoers
+
+#regenerate initrd files
+dracut -f
+
+# disable root login with password
+passwd -d root
+
+rm -f ~/.bash_history
+rm -f /var/log/cloud-init*
+

data/lib/templates/ubuntu/files/10-ipv6.conf

@@ -0,0 +1,5 @@
+net.ipv6.conf.all.disable_ipv6 = 1
+net.ipv6.conf.default.disable_ipv6 = 1
+net.ipv6.conf.lo.disable_ipv6 = 1
+net.ipv6.conf.eth0.disable_ipv6 = 1
+net.ipv6.conf.eth1.disable_ipv6 = 1

data/lib/templates/ubuntu/files/DEPOT-GPG-KEY.cfg

@@ -0,0 +1,32 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.6 (GNU/Linux)
+
+mQINBEvVSjABEACo7dd0akbgM+C+Oph64KHYaF2Cezsv2Ngc2W/OGZ3dhCdhxbE/
+7dnt4Mm5V5eLzuevgf90Pm/W1k0AAlYPqDmiHlom45G1J+XrQqWhZNPv7HCiAj/X
+7tiXV/Gp4BfQvJJasilAACTkqbsloANRktd9S1k5jRd+zfVvkNEoEUW9/HT6w6Z5
+ZRlYixw/ooDpcX4uK7rHeTtC0udLDwAWY281/zn8XMPEvLo7ql+5kABJIy6iZJ2o
+vyWyo4SwYkYOHPcni4Cy6jCGP9LZR61sweOcsdfc8vsvr120OdFuTpR9X9gm6K20
+tX8PDEy3GzMreVtrI/bJrcVbu+oz7cCycl+8qIkNtX+B2zC7tslE316xfoat7ZIb
+sYQcHXTlvedfMS7NtZ8NfOVernwt3tWffBmyTSrmlrqTGOwes6Vm2xhXZ7/h9K+W
+7zEFTID8idpHqnDdx9DFFuUeQ6IcmAOjE4Xny/bfw0jan3/0+Ncv1FX5NJzf7GdH
+4Xm85v2DNA689jHziJv3X/QLKtP4LEA0JmZD++9hAMd5XJ1lobSJZqytHlOKPjGg
+/eSwBaVgHENbEeHBMAET3QL5J1cFzUqS3HXrCoWh8MSoq3XYLPtLxZrSEX8z5WKh
+pE5FLx0FGSi5MFyHg2WqBDkqSTN3Doe1uh8SoT9vVFuPb1m4cAR1KzPGHwARAQAB
+tFhNZXRhQ2VudHJ1bSBQYWNrYWdlIFJlcG9zaXRvcnkgKE1ldGFDZW50cnVtIFBh
+Y2thZ2UgUmVwb3NpdG9yeSBQR1Aga2V5KSA8bWV0YUBjZXNuZXQuY3o+iQI8BBMB
+AgAmAhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AFAlF5lz0FCQtH540ACgkQVc75
+6MPItRlf1Q/+IonUahNhAYQLhkdZvIPyT099KBviqMYXs1DJO940wIfX26ijz/v0
+fiEWvD1TlCx7xmegUj0u8EoB4TE4DYl1cPUZyQF+B2m9dLBT7umEypvZpuHjcBZe
+LpBL2K04gJYtiDe8yMTWChlrg+gcSaF+FkB/K9YYyjlkfIXp15WHSlNXN+aiB/3P
+8GMJiRPU0g3ScnwBfrLAXUX8stlBFzk2OVcrWmXQoHha/1cEn7w8JEEN4dOQIuKs
+Y7rItaS80HFpfwP10cU/l6ohMOh5cpf36qWPVKsez+wgeO8ah/7ZOtEG3QTktk6x
+bWzSGJ55beYm88iBvQuYJ6Xk8cpXsuFmaRED09mvXvoRYhUKovt+m7W8dW1s4h0y
+/x3ER7jPiUSdGkepag1J+WQtzrsSPgWLt5x8C026iQcvK6e72lbLDSX9cA8QdPAM
+Vnc5cPF4Jxz1lW0OHKKW5nMKPUTp/YZMfZcQTM2rkpLEZHAdC3WgbnM3N+gGY3vN
+qpBTPoFAWVZTsM9BQ8A/bJJBgDXg0SSnChHe4hxwQJuXR+tAO8OSk2z8xCdeRZqK
+9WAMviqmYvoCZMI4F/QJfKlSAoHrfhQPWOo2iS3aKUlBJgWxaejiJAwNwKDujnU5
+F0Y8sXypxJudVbi6/Q9BE/tGOTKwtaFiB5Gon+mGrvvnJWTGe7VjzriIRgQQEQIA
+BgUCS9VRAAAKCRCKeUuOc6DkdYCfAJ9MhgOfaAlSRnaSfZ7sfzrIept/DQCfXiGM
+kO6S6OD1WngSJiCst3UTkW4=
+=nY1A
+-----END PGP PUBLIC KEY BLOCK-----

data/lib/templates/ubuntu/files/RPM-GPG-KEY-CERIT-SC.cfg

@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.10 (GNU/Linux)
+
+mQINBE7TvwsBEAC5gE01wDGBypwfjQGPwHK83ZyTzVwdATmtyQWbyJETgTPKSlSQ
+NhQAF7uBgqDGKUxvAXxmTXaJT+gDV5Wqdt09ani6+Fvac/IOD/FYczpPtOaufX4x
+GRAwAMRZd4HNIb+oVLkomI1A6bOFHKy1n4i8vVkemgxpgklJVD8EE+GMlMEG1vTB
+SuwIjqxiaixhw2ri7XlgxWnRL1f5tRCrHGNnuQ+gHpTqvM3u9wbNls6jpQYJOyIo
+rr6yd0F3w/ixavejmepyGrEPB0REsUiCMHUKK5evJiyyj6z9hxhkWhtb1DComfOp
+SGp39wet4gj37oSsdSiGOl4VFIh7YcWwRl3WBzs9jmWoBKPARvYcOl55BFda8Npt
+1rzX16xxd23FStYXUy4qsn4jbdR02Um+TnxZsBR+k5Szcm66AaFLFDlV1C4FMIqt
++zd3VrXbv9ATPN30ZGoauekgoh3TylVk5gAiraRT4zJA+WvX9dhMxepNcJcZXw5G
+VY2z1APEWmkempwufWtLeuv5EfIb6qAfyQVoy7O1CB/juKNy8kyaAyzxDcMjbdEa
+h+qocJYhbh6tPdwqEsOfKUwYPdeqbeWzRpnifjiBVpWWWkTtRd+m5LHsXqHWupGL
+Jzt4LZXwS2woN3oGqBXz4Ogq32dK5wdhAIoUNsY9kUkgdlB28nHZlJlAnwARAQAB
+tDJDRVJJVC1TQyBQYWNrYWdlIFJlcG9zaXRvcnkgPHBhY2thZ2VzQGNlcml0LXNj
+LmN6PokCPgQTAQIAKAUCTtO/CwIbAwUJCWYBgAYLCQgHAwIGFQgCCQoLBBYCAwEC
+HgECF4AACgkQ3DqaO9m5+z0ajQ//YcM8xgHeNr7CQpextlJ2MJWfgdl2W09vwHkp
+ldYCxaXz8TEMs76EwYeW2El6sqosQigCnkIGGBLzc3Iv9A9nNnRyFFt4dtoouML5
+wNgwaWq9qve1RecjQG7WFx+O0mmo3pdqLA3a4u3oDdMBCqXJwlONI0E4wxpszKM0
+J03+A5z1fRtmoqFAQKxddmI0FtAXKyt5GQFvX/mxO+vJ5xtHLll9+doU6ojcM92Y
+c8tf66vCyGWFAIl25qbvCrvIARLo2EqpOsjB+DfhlXs5qLnXFMrSxRBwOfl2X6LJ
+sEEzPPKhrdpj6DjVs08UEXYLbXvuS1/cOXqngDDRUaamcTsz3tGF1iMu4gKBLg6R
+3+ZOm8Lf/FP/irdaWB97zSVeJWhyquaHSDzPp+/IWQCOc5qWTjgfYBhuQ6QN1Lmz
+kTSdnGqU47xif7dHAw2W+QmIFzND+iUAcoMKvQdlwzosoTN1raApBXjtcMvwn3cv
+c+1NOQ1CxAEOycv9Vlja+I/vxJqNbSy2BO9FpiGM6aTFYwpr1RNC/o/a28Xqr+hZ
+SRueBQW8kkvrwPoE2sHqEmR0j76MssiEWLsxnyrJH8/u42xlv8aOAqf6Q7osShMj
+CROefhLCidIbW10erf5FjHkukcysuTO4FJcsnJHWy+F0jgubYza/mQLK6qY9ShIq
+OEkYIXo=
+=oPbY
+-----END PGP PUBLIC KEY BLOCK-----

data/lib/templates/ubuntu/files/cloud.cfg

@@ -0,0 +1,109 @@
+# If this is set, 'root' will not be able to ssh in and they 
+# will get a message to login instead as the above $user (ubuntu)
+disable_root: False
+user: root
+ssh_pwauth: False
+ssh_deletekeys: True
+ssh_genkeytypes: ['rsa', 'dsa']
+ssh_svcname: ssh
+
+# This will cause the set+update hostname module to not operate (if true)
+preserve_hostname: false
+cc_ready_cmd: ['/bin/true']
+mount_default_fields: [~, ~, 'auto', 'defaults,nofail', '0', '2']
+syslog_fix_perms: ~
+manage_etc_hosts: True
+
+# Update and upgrade system on first boot
+apt_preserve_sources_list: True
+apt_update: True
+apt_upgrade: True
+package_reboot_if_required: True
+
+
+# work only with OpenNebula, use network based datasource,
+# so that we can successfully resolve IPv4 based hostname
+disable_ec2_metadata: True
+datasource_list: ['OpenNebula']
+datasource:
+  OpenNebula:
+    dsmode: net
+
+# The modules that run in the 'init' stage
+cloud_init_modules:
+ - migrator
+ - seed_random
+ - bootcmd
+ - write-files
+ - growpart
+ - resizefs
+ - set_hostname
+ - update_hostname
+ - update_etc_hosts
+ - ca-certs
+ - rsyslog
+ - users-groups
+ - ssh
+
+# The modules that run in the 'config' stage
+cloud_config_modules:
+# Emit the cloud config ready event
+# this can be used by upstart jobs for 'start on cloud-config'.
+ - emit_upstart
+ - disk_setup
+ - mounts
+ - ssh-import-id
+ - locale
+ - set-passwords
+ - grub-dpkg
+ - apt-pipelining
+ - apt-configure
+ - package-update-upgrade-install
+ - landscape
+ - timezone
+ - puppet
+ - chef
+ - salt-minion
+ - mcollective
+ - disable-ec2-metadata
+ - runcmd
+ - byobu
+
+# The modules that run in the 'final' stage
+cloud_final_modules:
+ - rightscale_userdata
+ - scripts-per-once
+ - scripts-per-boot
+ - scripts-per-instance
+ - scripts-user
+ - ssh-authkey-fingerprints
+ - keys-to-console
+ - phone-home
+ - final-message
+ - power-state-change
+
+# System and/or distro specific settings
+# (not accessible to handlers/transforms)
+system_info:
+   # This will affect which distro class gets used
+   distro: ubuntu
+   # Other config here will be given to the distro class and/or path classes
+   paths:
+      cloud_dir: /var/lib/cloud/
+      templates_dir: /etc/cloud/templates/
+      upstart_dir: /etc/init/
+   package_mirrors:
+     - arches: [i386, amd64]
+       failsafe:
+         primary: http://archive.ubuntu.com/ubuntu
+         security: http://security.ubuntu.com/ubuntu
+       search:
+         primary:
+           - http://%(ec2_region)s.ec2.archive.ubuntu.com/ubuntu/
+           - http://%(availability_zone)s.clouds.archive.ubuntu.com/ubuntu/
+         security: []
+     - arches: [armhf, armel, default]
+       failsafe:
+         primary: http://ports.ubuntu.com/ubuntu-ports
+         security: http://ports.ubuntu.com/ubuntu-ports
+   ssh_svcname: ssh

data/lib/templates/ubuntu/files/depot.list

@@ -0,0 +1,4 @@
+# depot_all
+deb  ftp://depot1.mc.cesnet.cz/ all main
+# depot_squeeze
+deb  ftp://depot1.mc.cesnet.cz/ squeeze main

data/lib/templates/ubuntu/files/depot_all.pref

@@ -0,0 +1,6 @@
+# depot_all
+Explanation: : depot_all
+Package: *
+Pin: origin "depot1.mc.cesnet.cz"
+Pin-Priority: 20
+

data/lib/templates/ubuntu/files/depot_check_mk.pref

@@ -0,0 +1,5 @@
+# depot_check_mk
+Explanation: : depot_check_mk
+Package: check-mk*
+Pin: origin "depot1.mc.cesnet.cz"
+Pin-Priority: 1200

data/lib/templates/ubuntu/files/fail2ban.local

@@ -0,0 +1,3 @@
+[Definition]
+
+logtarget = SYSLOG

data/lib/templates/ubuntu/files/grub

@@ -0,0 +1,34 @@
+# If you change this file, run 'update-grub' afterwards to update
+# /boot/grub/grub.cfg.
+# For full documentation of the options in this file, see:
+#   info -f grub -n 'Simple configuration'
+
+GRUB_DEFAULT=0
+GRUB_HIDDEN_TIMEOUT=0
+GRUB_HIDDEN_TIMEOUT_QUIET=true
+GRUB_TIMEOUT=10
+GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
+#GRUB_CMDLINE_LINUX_DEFAULT="splash quiet"
+GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8"
+
+# Uncomment to enable BadRAM filtering, modify to suit your needs
+# This works with Linux (no patch required) and with any kernel that obtains
+# the memory map information from GRUB (GNU Mach, kernel of FreeBSD ...)
+#GRUB_BADRAM="0x01234567,0xfefefefe,0x89abcdef,0xefefefef"
+
+# Uncomment to disable graphical terminal (grub-pc only)
+GRUB_TERMINAL=serial
+GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"
+# The resolution used on graphical terminal
+# note that you can use only modes which your graphic card supports via VBE
+# you can see them in real GRUB with the command `vbeinfo'
+#GRUB_GFXMODE=640x480
+
+# Uncomment if you don't want GRUB to pass "root=UUID=xxx" parameter to Linux
+#GRUB_DISABLE_LINUX_UUID=true
+
+# Uncomment to disable generation of recovery mode menu entries
+#GRUB_DISABLE_RECOVERY="true"
+
+# Uncomment to get a beep at grub start
+#GRUB_INIT_TUNE="480 440 1"

data/lib/templates/ubuntu/files/interfaces

@@ -0,0 +1,15 @@
+# This file describes the network interfaces available on your system
+# and how to activate them. For more information, see interfaces(5).
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# The primary network interface
+allow-hotplug eth0
+iface eth0 inet dhcp
+
+# The secondary network interface
+allow-hotplug eth1
+iface eth1 inet dhcp
+

data/lib/templates/ubuntu/files/iptables-multiport.local

@@ -0,0 +1,6 @@
+[Definition]
+
+actionban = iptables -I fail2ban-<name> 1 -s <ip> -j REJECT
+
+actionunban = iptables -D fail2ban-<name> -s <ip> -j REJECT
+

data/lib/templates/ubuntu/files/jail.local

@@ -0,0 +1,17 @@
+[DEFAULT]
+
+# Seznam vygenerovany skriptem /software/meta-admin/scripts/get_nodes_ips
+# Vygeneruje pouze C site, tzn. je tam o nekolik set hostu vic nez ve skutecnosti
+
+ignoreip = 127.0.0.1 147.228.1.0/24 147.251.17.0/24 147.228.240.0/24 147.228.241.0/24 147.231.11.0/24 147.231.18.0/24 147.251.11.0/24 147.251.252.0/24 147.251.254.0/24 147.251.3.0/24 147.251.84.0/24 147.251.9.0/24 195.113.0.0/24 195.113.123.0/24 195.113.209.0/24 195.113.214.0/24 78.128.210.0/24
+
+[ssh]
+
+enabled = true
+port    = ssh
+filter  = sshd
+logpath  = /var/log/auth.log
+maxretry = 100
+findtime = 86400
+bantime  = 1209600
+

data/lib/templates/ubuntu/files/krb5.conf

@@ -0,0 +1,181 @@
+[libdefaults]
+        default_realm = META 
+        forwardable = yes
+        forward = yes
+        encrypt = yes
+        srv_lookup = no
+        srv_try_txt = no
+        no-addresses = yes
+	allow_weak_crypto = true
+
+[realms]
+    ICS.MUNI.CZ = {
+	    kdc = kdccesnet.ics.muni.cz
+	    kdc = kdc1.cesnet.cz
+	    kdc = kdccesnet.meta.zcu.cz
+            admin_server = kdc1.cesnet.cz
+            kpasswd_server = kdc1.cesnet.cz
+    }
+    META = {
+            kdc = kdccesnet.ics.muni.cz
+	    kdc = kdc1.cesnet.cz
+	    kdc = kdccesnet.meta.zcu.cz
+            kdc = sal.ruk.cuni.cz:89
+	    kdc = jerry.ruk.cuni.cz
+            admin_server = kdc1.cesnet.cz
+            kpasswd_server = kdc1.cesnet.cz
+	    krb525_server = kdccesnet.ics.muni.cz
+	    krb525_server = kdc1.cesnet.cz 
+	    krb525_server = kdccesnet.meta.zcu.cz 
+    }
+    ZCU.CZ = {
+            kdc = kerberos1.zcu.cz
+            kdc = kerberos2.zcu.cz
+            kdc = kerberos3.zcu.cz
+            admin_server = kerberos-adm.zcu.cz
+            kpasswd_server = kerberos-adm.zcu.cz
+    }
+    RUK.CUNI.CZ = {
+            kdc = sal.ruk.cuni.cz
+            kdc = jerry.ruk.cuni.cz:89
+            admin_server = sal.ruk.cuni.cz
+            kpasswd_server = sal.ruk.cuni.cz
+	    krb524_server = sal.ruk.cuni.cz
+	    krb524_server = jerry.ruk.cuni.cz:89
+    }
+    IS.MUNI.CZ = {
+            kdc = ariadna.fi.muni.cz
+    }
+    SITOLA.FI.MUNI.CZ = {
+            kdc = hendrak.fi.muni.cz
+            kdc = oberon.fi.muni.cz
+            admin_server = oberon.fi.muni.cz
+            kpasswd_server = oberon.fi.muni.cz
+    }
+    ADMIN.META = {
+            kdc = kdccesnet.ics.muni.cz
+            admin_server = kdccesnet.ics.muni.cz
+            kpasswd_server = kdccesnet.ics.muni.cz
+    }
+    ASR.ICS.MUNI.CZ = {
+            kdc = bombur.ics.muni.cz
+            admin_server = bombur.ics.muni.cz
+            kpasswd_server = bombur.ics.muni.cz
+    }
+    EINFRA = {
+            kdc = kdc1.cesnet.cz
+            kdc = kdccesnet.ics.muni.cz
+	    kdc = kdccesnet.meta.zcu.cz
+	    admin_server = kdc1.cesnet.cz
+    }
+    EINFRA-SERVICES = {
+            kdc = kdc1.cesnet.cz
+            kdc = kdccesnet.ics.muni.cz
+	    kdc = kdccesnet.meta.zcu.cz
+   	    admin_server = kdc1.cesnet.cz
+    }
+    EGI = {
+	    kdc = kdc1.cesnet.cz
+	    kdc = kdccesnet.ics.muni.cz
+	    kdc = kdccesnet.meta.zcu.cz
+	    admin_server = kdc1.cesnet.cz
+    }
+    SAGRID = {
+            kdc = kdc1.cesnet.cz
+            admin_server = kdc1.cesnet.cz
+    }
+    ELIXIR-EUROPE.ORG = {
+            kdc = kdc1.cesnet.cz
+            admin_server = kdc1.cesnet.cz
+    }
+
+[capaths]
+        RUK.CUNI.CZ = {
+                EINFRA-SERVICES = META
+                ZCU.CZ = META
+        }
+        ZCU.CZ = {
+                EINFRA-SERVICES = META
+                RUK.CUNI.CZ = META
+        }
+        ICS.MUNI.CZ = {
+                  EINFRA-SERVICES = META
+        }
+        EINFRA = {
+                ICS.MUNI.CZ = META
+        }
+        EINFRA-SERVICES = {
+                ICS.MUNI.CZ = META
+                RUK.CUNI.CZ = META
+                ZCU.CZ = META
+        }
+
+[domain_realm]
+        sirion.ics.muni.cz = META
+        erebor.ics.muni.cz = META
+        acharon.ruk.cuni.cz = META
+	androth.zcu.cz = ICS.MUNI.CZ
+        .fi.muni.cz = SITOLA.FI.MUNI.CZ
+        .ics.muni.cz = ICS.MUNI.CZ
+        .cesnet.cz = ICS.MUNI.CZ
+        .zcu.cz = ZCU.CZ
+        .ruk.cuni.cz = RUK.CUNI.CZ
+	.medigrid.cz = ICS.MUNI.CZ
+	.video.muni.cz = ICS.MUNI.CZ
+	.ncbr.muni.cz = ICS.MUNI.CZ
+	.prf.jcu.cz = ICS.MUNI.CZ
+	.feec.vutbr.cz = ICS.MUNI.CZ
+	atlases.muni.cz = ICS.MUNI.CZ
+	.egi.eu = META
+	.fzu.cz = META
+	.cerit-sc.cz = ICS.MUNI.CZ
+	kdc1.cesnet.cz = EINFRA-SERVICES
+	.du1.cesnet.cz = EINFRA-SERVICES
+	.du2.cesnet.cz = EINFRA-SERVICES
+	.du3.cesnet.cz = EINFRA-SERVICES
+	ui2.grid.cesnet.cz = EINFRA-SERVICES
+	ui1.egee.cesnet.cz = EINFRA-SERVICES
+	ui1.grid.cesnet.cz = EINFRA-SERVICES
+	.metacentrum.cz = ICS.MUNI.CZ
+	.ueb.cas.cz = ICS.MUNI.CZ
+	.meta.zcu.cz = META
+	.ukb.muni.cz = ICS.MUNI.CZ
+	.ceitec.muni.cz = EINFRA-SERVICES
+
+[appdefaults]
+    krb4_get_tickets = no
+    krb4_convert = no
+    krb4_convert_524 = no
+    pam = {
+        debug = false
+        forwardable = true
+        afs_cells = ics.muni.cz
+        minimum_uid=100
+        addressless = true
+#Debian
+        realm = META
+        validate = true
+#SuSE
+        ticket_lifetime = 36000
+        renew_lifetime = 36000
+        proxiable = false
+        retain_after_close = false
+        try_first_pass = true
+        external=true
+        force_creds = true
+    }
+    libkafs = {
+    	ZCU.CZ = {
+		afs-use-524 = 2b
+	}
+    	ICS.MUNI.CZ = {
+		afs-use-524 = 2b
+	}
+	RUK.CUNI.CZ = {
+		afs-use-524 = 2b
+	}
+   }
+
+[kadmin]
+	default_keys = v5 v4
+

data/lib/templates/ubuntu/files/meta-misc.list

@@ -0,0 +1,2 @@
+## CERIT-SC's meta-misc repository
+deb http://apt.cerit-sc.cz/meta_misc/ wheezy main

data/lib/templates/ubuntu/files/modules

@@ -0,0 +1,15 @@
+# List of modules that you want to include in your initramfs.
+# They will be loaded at boot time in the order below.
+#
+# Syntax:  module_name [args ...]
+#
+# You must run update-initramfs(8) to effect this change.
+#
+# Examples:
+#
+# raid1
+# sd_mod
+xen-blkfront
+xen-netfront
+xen-kbdfront
+