From adc327c92eff35d9214d11830aa53666d398e4d0 Mon Sep 17 00:00:00 2001
From: Paul Lecuq <paul@paulbsd.com>
Date: Tue, 18 Feb 2025 18:39:08 +0100
Subject: [PATCH] add sysctl state

---
 states/sysctl/defaults.yaml  |  8 ++++++++
 states/sysctl/init.sls       | 17 +++++++++++++++++
 states/sysctl/kernelmap.yaml |  3 +++
 states/sysctl/map.jinja      | 14 ++++++++++++++
 states/sysctl/osarchmap.yaml | 24 ++++++++++++++++++++++++
 5 files changed, 66 insertions(+)
 create mode 100644 states/sysctl/defaults.yaml
 create mode 100644 states/sysctl/init.sls
 create mode 100644 states/sysctl/kernelmap.yaml
 create mode 100644 states/sysctl/map.jinja
 create mode 100644 states/sysctl/osarchmap.yaml

diff --git a/states/sysctl/defaults.yaml b/states/sysctl/defaults.yaml
new file mode 100644
index 0000000..223057d
--- /dev/null
+++ b/states/sysctl/defaults.yaml
@@ -0,0 +1,8 @@
+---
+sysctl:
+  config: {}
+    10-kube:
+      net.ipv4.ip_forward: 1
+      net.ipv6.conf.all.forwarding: 1
+      net.ipv6.conf.all.disable_ipv6: 0
+      net.core.bpf_jit_enable: 1
diff --git a/states/sysctl/init.sls b/states/sysctl/init.sls
new file mode 100644
index 0000000..6d1ee39
--- /dev/null
+++ b/states/sysctl/init.sls
@@ -0,0 +1,17 @@
+{%- from "sysctl/map.jinja" import sysctl with context %}
+{%- for file,sysctls in sysctl.config.items() %}
+sysctl-values:
+  file.keyvalue:
+    - name: /etc/sysctl.d/{{ file }}.conf
+    - key_values:
+{%- for key,value in sysctls.items() %}
+        {{ key }}: {{ value }}
+{%- endfor %}
+    - separator: '='
+    - uncomment: '# '
+    - key_ignore_case: True
+    - append_if_not_found: True
+
+sysctl-apply:
+  cmd.run:
+    - name: "sysctl --system"
diff --git a/states/sysctl/kernelmap.yaml b/states/sysctl/kernelmap.yaml
new file mode 100644
index 0000000..40943f2
--- /dev/null
+++ b/states/sysctl/kernelmap.yaml
@@ -0,0 +1,3 @@
+---
+Linux:
+  os: "linux"
diff --git a/states/sysctl/map.jinja b/states/sysctl/map.jinja
new file mode 100644
index 0000000..4b9cf8a
--- /dev/null
+++ b/states/sysctl/map.jinja
@@ -0,0 +1,14 @@
+{%- import_yaml "sysctl/defaults.yaml" as default_settings -%}
+
+{%- import_yaml "sysctl/kernelmap.yaml" as kernelmap -%}
+{%- import_yaml "sysctl/osarchmap.yaml" as osarchmap -%}
+
+{%- set defaults = salt['grains.filter_by'](default_settings,
+      default='sysctl',
+        merge=salt['grains.filter_by'](osarchmap, grain='osarch',
+          merge=salt['grains.filter_by'](kernelmap, grain='kernel')
+        )
+      )
+-%}
+
+{%- set sysctl = salt['pillar.get']('sysctl', default=defaults, merge=True) -%}
diff --git a/states/sysctl/osarchmap.yaml b/states/sysctl/osarchmap.yaml
new file mode 100644
index 0000000..05f0f25
--- /dev/null
+++ b/states/sysctl/osarchmap.yaml
@@ -0,0 +1,24 @@
+---
+amd64:
+  arch: "amd64"
+
+x86_64:
+  arch: "amd64"
+
+386:
+  arch: "386"
+
+arm64:
+  arch: "arm64"
+
+aarch64:
+  arch: "arm64"
+
+armv6l:
+  arch: "arm"
+
+armv7l:
+  arch: "arm"
+
+armhf:
+  arch: "arm"