comfy 0.2.0

data/lib/templates/ubuntu/files/ntp.conf

@@ -0,0 +1,61 @@
+# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
+
+driftfile /var/lib/ntp/ntp.drift
+
+
+# Enable this if you want statistics to be logged.
+statsdir /var/log/ntpstats/
+
+statistics loopstats peerstats clockstats
+filegen loopstats file loopstats type day enable
+filegen peerstats file peerstats type day enable
+filegen clockstats file clockstats type day enable
+
+
+# You do need to talk to an NTP server or two (or three).
+server tik.cesnet.cz
+server tak.cesnet.cz
+server ntp.muni.cz
+server time.fi.muni.cz
+
+# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
+# pick a different set every time it starts up.  Please consider joining the
+# pool: <http://www.pool.ntp.org/join.html>
+#server 0.debian.pool.ntp.org iburst
+#server 1.debian.pool.ntp.org iburst
+#server 2.debian.pool.ntp.org iburst
+#server 3.debian.pool.ntp.org iburst
+
+
+# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
+# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
+# might also be helpful.
+#
+# Note that "restrict" applies to both servers and clients, so a configuration
+# that might be intended to block requests from certain clients could also end
+# up blocking replies from your own upstream servers.
+
+# By default, exchange time with everybody, but don't allow configuration.
+restrict -4 default kod notrap nomodify nopeer noquery
+restrict -6 default kod notrap nomodify nopeer noquery
+
+# Local users may interrogate the ntp server more closely.
+restrict 127.0.0.1
+restrict ::1
+
+# Clients from this (example!) subnet have unlimited access, but only if
+# cryptographically authenticated.
+#restrict 192.168.123.0 mask 255.255.255.0 notrust
+
+
+# If you want to provide time to your local subnet, change the next line.
+# (Again, the address is an example only.)
+#broadcast 192.168.123.255
+
+# If you want to listen to time broadcasts on your local subnet, de-comment the
+# next lines.  Please do this only if you trust everybody on the network!
+#disable auth
+#broadcastclient
+
+# Try to avoid NTP amplification attacks
+disable monitor

data/lib/templates/ubuntu/files/sshd_config

@@ -0,0 +1,131 @@
+# This is the sshd server system-wide configuration file.  See
+# sshd_config(5) for more information.
+
+# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+
+# The strategy used for options in the default sshd_config shipped with
+# OpenSSH is to specify options with their default value where
+# possible, but leave them commented.  Uncommented options override the
+# default value.
+
+#Port 22
+AddressFamily inet
+#ListenAddress 0.0.0.0
+#ListenAddress ::
+
+# The default requires explicit activation of protocol 1
+#Protocol 2
+
+# HostKey for protocol version 1
+#HostKey /etc/ssh/ssh_host_key
+# HostKeys for protocol version 2
+#HostKey /etc/ssh/ssh_host_rsa_key
+#HostKey /etc/ssh/ssh_host_dsa_key
+#HostKey /etc/ssh/ssh_host_ecdsa_key
+#HostKey /etc/ssh/ssh_host_ed25519_key
+
+# Lifetime and size of ephemeral version 1 server key
+#KeyRegenerationInterval 1h
+#ServerKeyBits 1024
+
+# Ciphers and keying
+#RekeyLimit default none
+
+# Logging
+# obsoletes QuietMode and FascistLogging
+#SyslogFacility AUTH
+#LogLevel INFO
+
+# Authentication:
+
+#LoginGraceTime 2m
+#PermitRootLogin yes
+#StrictModes yes
+#MaxAuthTries 6
+#MaxSessions 10
+
+#RSAAuthentication yes
+#PubkeyAuthentication yes
+
+# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
+# but this is overridden so installations will only check .ssh/authorized_keys
+AuthorizedKeysFile      .ssh/authorized_keys
+
+#AuthorizedPrincipalsFile none
+
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandUser nobody
+
+# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+#RhostsRSAAuthentication no
+# similar for protocol version 2
+#HostbasedAuthentication no
+# Change to yes if you don't trust ~/.ssh/known_hosts for
+# RhostsRSAAuthentication and HostbasedAuthentication
+#IgnoreUserKnownHosts no
+# Don't read the user's ~/.rhosts and ~/.shosts files
+#IgnoreRhosts yes
+
+# To disable tunneled clear text passwords, change to no here!
+PasswordAuthentication no
+#PermitEmptyPasswords no
+
+# Change to no to disable s/key passwords
+ChallengeResponseAuthentication no
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+#KerberosGetAFSToken no
+
+# GSSAPI options
+GSSAPIAuthentication yes
+GSSAPICleanupCredentials yes
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM yes
+
+#AllowAgentForwarding yes
+#AllowTcpForwarding yes
+#GatewayPorts no
+#X11Forwarding no
+#X11DisplayOffset 10
+#X11UseLocalhost yes
+#PermitTTY yes
+PrintMotd no # pam does that
+#PrintLastLog yes
+TCPKeepAlive yes
+#UseLogin no
+UsePrivilegeSeparation sandbox          # Default for new installations.
+#PermitUserEnvironment no
+#Compression delayed
+ClientAliveInterval 30
+ClientAliveCountMax 5
+#UseDNS no
+#PidFile /run/sshd.pid
+#MaxStartups 10:30:100
+#PermitTunnel no
+#ChrootDirectory none
+#VersionAddendum none
+
+# no default banner path
+#Banner none
+
+# override default of no subsystems
+Subsystem       sftp    /usr/lib/ssh/sftp-server
+
+# Example of overriding settings on a per-user basis
+#Match User anoncvs
+#       X11Forwarding no
+#       AllowTcpForwarding no
+#       PermitTTY no
+#       ForceCommand cvs server

data/lib/templates/ubuntu/files/ttyS0.conf

@@ -0,0 +1,11 @@
+# ttyS0 - getty
+#
+# This service maintains a getty on ttyS0 from the point the system is
+# started until it is shut down again.
+
+start on stopped rc or RUNLEVEL=[12345]
+stop on runlevel [!12345]
+
+respawn
+exec /sbin/getty --autologin root -L 115200 ttyS0 vt102
+

data/lib/templates/ubuntu/scripts/init.sh

@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+
+apt-get update
+
+apt-get --assume-yes install qemu-guest-agent
+apt-key add /root/RPM-GPG-KEY-CERIT-SC.cfg
+rm -f /root/RPM-GPG-KEY-CERIT-SC.cfg
+apt-key add /root/DEPOT-GPG-KEY.cfg
+rm -f /root/DEPOT-GPG-KEY.cfg
+mv /root/meta-misc.list /etc/apt/sources.list.d/meta-misc.list
+mv /root/depot.list /etc/apt/sources.list.d/depot.list
+mv /root/depot_all.pref /etc/apt/preferences.d/depot_all.pref
+mv /root/depot_check_mk.pref /etc/apt/preferences.d/depot_check_mk.pref
+
+apt-get update
+apt-get --assume-yes upgrade
+apt-get --assume-yes install cloud-init
+DEBIAN_FRONTEND=noninteractive apt-get --assume-yes install -q -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" heimdal-clients libpam-heimdal
+apt-get --assume-yes install vim git fail2ban ntp
+
+mv /root/ntp.conf /etc/ntf.conf
+mv /root/cloud.cfg /etc/cloud/cloud.cfg
+mv /root/krb5.conf /etc/krb5.conf
+mv /root/sshd_config /etc/ssh/sshd_config
+mv /root/interfaces /etc/network/interfaces
+mv /root/10-ipv6.conf /etc/sysctl.d/10-ipv6.conf
+mv /root/ttyS0.conf /etc/init/ttyS0.conf
+mv /root/grub /etc/default/grub
+mv /root/modules /etc/initramfs-tools/modules
+
+update-grub
+start ttyS0
+
+# fail2ban
+mv /root/iptables-multiport.local /etc/fail2ban/action.d/iptables-multiport.local
+mv /root/jail.local /etc/fail2ban/jail.local
+mv /root/fail2ban.local /etc/fail2ban/fail2ban.local
+
+# check-mk-agent
+apt-get --assume-yes install check-mk-agent check-mk-agent-meta-key
+apt-get --assume-yes install check-mk-agent-meta-checks
+
+# pakiti-2-client
+dpkg -i pakiti_2.1.5-2_all.deb
+rm -f pakiti_2.1.5-2_all.deb
+
+ln -s /dev/null /etc/udev/rules.d/75-persistent-net-generator.rules
+
+update-initramfs -v -u -k `uname -r`
+
+passwd -d root
+
+rm -f ~/.bash_history
+rm -f /var/log/cloud-init*

data/lib/templates/ubuntu/ubuntu.cfg.erb

@@ -0,0 +1,87 @@
+#Contents of the preconfiguration file (for ubuntu 12.04 and 14.04)
+
+# Localization and language
+d-i debian-installer/language string en
+d-i debian-installer/country string US
+d-i debian-installer/locale string en_US
+d-i localechooser/supported-locales en_US
+ 
+# Keyboard
+d-i console-setup/ask_detect boolean false
+d-i console-setup/layoutcode string us
+d-i keymap select us
+d-i keyboard-configuration/xkb-keymap select us
+  
+# Network
+d-i netcfg/choose_interface select auto
+d-i netcfg/get_hostname string ubuntu
+d-i netcfg/get_domain string cesnet.cz
+  
+# Mirror
+d-i mirror/country string manual
+d-i mirror/http/hostname string archive.ubuntu.com
+d-i mirror/http/directory string /ubuntu/
+d-i mirror/http/proxy string
+    
+# Clock and time zone
+d-i clock-setup/utc boolean true
+d-i time/zone string Europe/Prague
+d-i clock-setup/ntp boolean true
+
+# Account 
+#d-i passwd/user-fullname string temporary_user
+#d-i passwd/username string temporary_user
+#d-i passwd/user-password password <%= @data[:password] %>
+#d-i passwd/user-password-again password <%= @data[:password] %>
+#d-i user-setup/encrypt-home boolean false
+#d-i user-setup/allow-password-weak boolean true
+d-i passwd/make-user boolean false
+
+# Root password
+d-i passwd/root-login boolean true
+d-i passwd/root-password password <%= @data[:password] %>
+d-i passwd/root-password-again password <%= @data[:password] %>
+     
+# Partition
+d-i partman-md/device_remove_md boolean true
+d-i partman-lvm/device_remove_lvm boolean true
+    
+d-i partman-auto/choose_recipe select boot-root
+d-i partman-auto/init_automatically_partition select biggest_free
+d-i partman-auto/method string regular
+
+d-i partman-auto/expert_recipe string                         \
+      boot-root ::                                            \
+              500 10000 1000000000 ext4                       \
+		      method{ format } format{ }	      \
+                      use_filesystem{ } filesystem{ ext4 }    \
+                      mountpoint{ / }                         \
+              .                                               
+
+d-i partman/confirm_write_new_label boolean true
+d-i partman/choose_partition select  finish
+d-i partman/confirm_nooverwrite boolean true
+d-i partman/confirm boolean true
+d-i partman-basicfilesystems/no_swap boolean false
+d-i partman-basicfilesystems/no_swap seen true 
+d-i partman/mount_style select uuid
+
+# Grub
+d-i grub-installer/only_debian boolean true
+d-i grub-installer/with_other_os boolean false        
+       
+# Base system installation
+#d-i base-installer/install-recommends boolean false
+d-i base-installer/kernel/image string linux-generic          
+           
+# Package selection
+tasksel tasksel/first multiselect none
+d-i pkgsel/update-policy select none
+d-i pkgsel/include string openssh-server build-essential
+d-i pkgsel/upgrade select none
+
+# SSH hack to allow root login
+d-i preseed/late_command string in-target sed -i "s/PermitRootLogin without-password/PermitRootLogin yes/" /etc/ssh/sshd_config
+
+# Finishing up the installation
+d-i finish-install/reboot_in_progress note

data/lib/templates/ubuntu/ubuntu.description

@@ -0,0 +1,21 @@
+{
+  "name": "Ubuntu",
+  "versions": [{
+      "major_version": "14",
+      "minor_version": "04",
+      "codename": "trusty",
+      "name": "Trusty Tahr",
+      "iso_url": "http://archive.ubuntu.com/ubuntu/dists/trusty/main/installer-amd64/current/images/netboot/mini.iso",
+      "iso_checksum": "bc09966b54f91f62c3c41fc14b76f2baa4cce48595ce22e8c9f24ab21ac8d965"
+    }],
+  "boot_command": "install auto=true priority=critical preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}",
+  "qemu": {
+    "accelerator": "kvm",
+    "qemuargs": [ [ "-m", "1024M" ] ]
+  },
+  "virtualbox": {
+    "guest_os_type": "Ubuntu_64",
+    "vboxmanage": [ ["modifyvm", "{{.Name}}", "--memory", "1024"] ],
+    "guest_additions_mode": "disable"
+  }
+}

data/schema/distribution_descriptor.schema

@@ -0,0 +1,241 @@
+{
+    "type": "object",
+    "properties": {
+        "name": {
+            "type": "string"
+        },
+        "versions": {
+            "type": "array",
+            "items": {
+                "type": "object",
+                "properties": {
+                    "major_version": {
+                        "type": "string"
+                    },
+                    "minor_version": {
+                        "type": "string"
+                    },
+                    "patch_version": {
+                        "type": "string"
+                    },
+                    "codename": {
+                        "type": "string"
+                    },
+                    "iso_url": {
+                        "type": "string"
+                    },
+                    "iso_checksum": {
+                        "type": "string"
+                    },
+                    "name": {
+                        "type": "string"
+                    }
+                },
+                "required": [
+                    "major_version",
+                    "minor_version",
+                    "iso_url",
+                    "iso_checksum"
+                ],
+                "optional": [
+                    "patch_version",
+                    "codename",
+                    "name"
+                ],
+                "additionalProperties": false
+            },
+            "minItems": 1
+        },
+        "boot_command": {
+            "type": "string"
+        },
+        "qemu": {
+            "type": "object",
+            "properties": {
+                "accelerator": {
+                    "type": "string",
+                    "enum": [
+                        "none",
+                        "kvm",
+                        "tcg",
+                        "xen"
+                    ]
+                },
+                "disk_cache": {
+                    "type": "string",
+                    "enum": [
+                        "writethrough",
+                        "writeback",
+                        "none",
+                        "unsafe",
+                        "directsync"
+                    ]
+                },
+                "disk_discard": {
+                    "type": "string",
+                    "enum": [
+                        "unmap",
+                        "ignore"
+                    ]
+                },
+                "disk_image": {
+                    "type": "boolean"
+                },
+                "disk_interface": {
+                    "type": "string",
+                    "enum": [
+                        "ide",
+                        "scsi",
+                        "virtio"
+                    ]
+                },
+                "floppy_files": {
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    }
+                },
+                "machine_type": {
+                    "type": "string"
+                },
+                "net_device": {
+                    "type": "string",
+                    "enum": [
+                        "ne2k_pci",
+                        "i82551",
+                        "i82557b",
+                        "i82559er",
+                        "rtl8139",
+                        "e1000",
+                        "pcnet",
+                        "virtio"
+                    ]
+                },
+                "qemu_binary": {
+                    "type": "string"
+                },
+                "qemuargs": {
+                    "type": "array",
+                    "items": {
+                        "type": "array",
+                        "items": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "vnc_port_min": {
+                    "type": "integer"
+                },
+                "vnc_port_max": {
+                    "type": "integer"
+                }
+            },
+            "optional": [
+                "accelerator",
+                "disk_cache",
+                "disk_discard",
+                "disk_image",
+                "disk_interface",
+                "floppy_files",
+                "machine_type",
+                "net_device",
+                "qemu_binary",
+                "qemuargs",
+                "vnc_port_min",
+                "vnc_port_max"
+            ],
+            "additionalProperties": false
+        },
+        "virtualbox": {
+            "type": "object",
+            "properties": {
+                "export_opts": {
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    }
+                },
+                "guest_additions_mode": {
+                    "type": "string",
+                    "enum": [
+                        "upload",
+                        "attach",
+                        "disable"
+                    ]
+                },
+                "guest_additions_path": {
+                    "type": "string"
+                },
+                "guest_additions_sha256": {
+                    "type": "string"
+                },
+                "guest_additions_url": {
+                    "type": "string"
+                },
+                "guest_os_type": {
+                    "type": "string"
+                },
+                "hard_drive_interface": {
+                    "type": "string",
+                    "enum": [
+                        "ide",
+                        "sata",
+                        "scsi"
+                    ]
+                },
+                "iso_interface": {
+                    "type": "string",
+                    "enum": [
+                        "ide",
+                        "sata"
+                    ]
+                },
+                "vboxmanage": {
+                    "type": "array",
+                    "items": {
+                        "type": "array",
+                        "items": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "vboxmanage_post": {
+                    "type": "array",
+                    "items": {
+                        "type": "array",
+                        "items": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "virtualbox_version_file": {
+                    "type": "string"
+                }
+            },
+            "optional": [
+                "export_opts",
+                "guest_additions_mode",
+                "guest_additions_path",
+                "guest_additions_sha256",
+                "guest_additions_url",
+                "guest_os_type",
+                "hard_drive_interface",
+                "iso_interface",
+                "vboxmanage",
+                "vboxmanage_post",
+                "virtualbox_version_file"
+            ],
+            "additionalProperties": false
+        }
+    },
+    "required": [
+        "name",
+        "versions",
+        "boot_command"
+    ],
+    "optional": [
+        "qemu",
+        "virtualbox"
+    ],
+    "additionalProperties": false
+}