Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/butlerx/pets-configurator
A configuration management system for Pets, not Cattle
https://github.com/butlerx/pets-configurator
config-management configuration linux
Last synced: about 2 months ago
JSON representation
A configuration management system for Pets, not Cattle
- Host: GitHub
- URL: https://github.com/butlerx/pets-configurator
- Owner: butlerx
- Created: 2024-11-11T22:47:28.000Z (about 2 months ago)
- Default Branch: main
- Last Pushed: 2024-11-11T22:51:26.000Z (about 2 months ago)
- Last Synced: 2024-11-11T23:31:33.319Z (about 2 months ago)
- Topics: config-management, configuration, linux
- Language: Rust
- Homepage:
- Size: 0 Bytes
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# PETS Configurator
A Configuration Management System for computers that are Pets, not Cattle.
This package is a fork of the original
[Pets package](https://github.com/ema/pets). You can understand
[design decisions](https://github.com/ema/pets/tree/master?tab=readme-ov-file#design-overview)
by referring to the original project.
This is for people who need to administer a handful of machines, all fairly
different from each other and all Very Important. Those systems are not Cattle!
They're actually a bit more than Pets. They're almost Family. For example: a
laptop, workstation, and that personal tiny server in Sweden. They are all named
after something dear.
pets works on Linux systems. The following distro families are supported:
- Debian-like (apt)
- RedHat-like (yum)
- Alpine (apk)
- Arch Linux (pacman, yay)
## Summary
Pets is driven by comments embedded in the config files themselves, rather than
by a domain-specific language (DSL). For example, say you want to ensure that
user `butlerx` has sudo rights. Create a file with the following contents under
`$HOME/pets/`, run `pets` as root, done. The file can be called whatever you
want. _Note_ that pets will install the `sudo` package for you if missing.
```sudoers
# pets: destfile=/etc/sudoers.d/ema, owner=root, group=root, mode=0440
# pets: package=sudo
# pets: pre=/usr/sbin/visudo -cf
## ema ALL=(ALL:ALL) NOPASSWD:ALL
```
## Usage
Build and install pets with:
```bash
cargo install pets-configurator
```
The following options are supported:
```bash
pets --help
A configuration management system for Pets, not Cattle
Usage: pets [OPTIONS]
Options:
--conf-dir Pets configuration directory [default: /home/butlerx/pets]
--debug Show debugging output
--dry-run Only show changes without applying them
-h, --help Print help
-V, --version Print version
```
Let's say you've decided to put your configuration files under `/etc/pets`. The
system can then be used with:
```bash
pets --conf-dir /etc/pets
```
See [sample_pet](./sample_pet) for a basic example of what your `/etc/pets` can
look like. Note that directory structure is arbitrary, you can have as many
directories as you want, call them what you want, and so on.
## Configuration directives
- `destfile` -- where to install this file. One of either `destfile` or
`symlink` must be specified.
- `symlink` -- create a symbolic link to this file, instead of copying it like
`destfile` would.
- `owner` -- the file owner, passed to `chown`
- `group` -- the group this file belongs to, passed to `chgrp`
- `mode` -- octal mode for `chmod`
- `package` -- which package to install before creating the file. This directive
can be specified more than once to install multiple packages. $The package
manager can be specified by prepending it the package with the name of the
package manager and a colon. Eg: `cargo:exa` would use cargo to install exa
- `pre` -- validation command. This must succeed for the file to be
created/updated.
- `post` -- apply command. Usually something like reloading a service.
Configuration directives are passed as key/value arguments, either on multiple
lines or separated by commas.
```
# pets: package=ssh, pre=/usr/sbin/sshd -t -f
```
The example above and the one below are equivalent
```
# pets: package=ssh
# pets: pre=/usr/sbin/sshd -t -f
```
## Examples
### Firewall
Say you want to configure the local firewall to drop all incoming traffic except
for ssh? Here's an example that does the following:
- Installs `ferm` if missing
- Validates the configuration with `/usr/sbin/ferm -n`
- If the configuration is valid, copies it under `/etc/ferm/ferm.conf`
- Reloads the firewall rules with `systemctl reload`
```
# pets: destfile=/etc/ferm/ferm.conf, owner=root, group=root, mode=644
# pets: package=ferm
# pets: pre=/usr/sbin/ferm -n
# pets: post=/bin/systemctl reload ferm.service
domain (ip ip6) {
table filter {
chain INPUT {
policy DROP;
# connection tracking
mod state state INVALID DROP;
mod state state (ESTABLISHED RELATED) ACCEPT;
# allow local packets
interface lo ACCEPT;
# respond to ping
proto icmp ACCEPT;
# allow SSH connections
proto tcp dport ssh ACCEPT;
}
chain OUTPUT {
policy ACCEPT;
}
chain FORWARD {
policy DROP;
}
}
}
```
### SSH Server
```sshd
# pets: destfile=/etc/ssh/sshd_config, owner=root, group=root, mode=0644
# pets: package=ssh
# pets: package=openssh-client-dbgsym
# pets: pre=/usr/sbin/sshd -t -f
# pets: post=/bin/systemctl reload ssh.service
#
# Warning! This file has been generated by pets(1). Any manual modification
# will be lost.
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
PasswordAuthentication no
X11Forwarding yes
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
```