From cd46368ad3f98d189b78e9976f4331ffc98383f1 Mon Sep 17 00:00:00 2001
From: Paul Lecuq <paul@paulbsd.com>
Date: Mon, 4 Jul 2022 14:37:57 +0200
Subject: [PATCH] added micromdm state

---
 states/micromdm/config.sls          |  1 +
 states/micromdm/defaults.yaml       | 23 ++++++++++++
 states/micromdm/init.sls            |  5 +++
 states/micromdm/install.sls         | 55 +++++++++++++++++++++++++++++
 states/micromdm/kernelmap.yaml      |  3 ++
 states/micromdm/map.jinja           | 14 ++++++++
 states/micromdm/micromdm.service.j2 | 18 ++++++++++
 states/micromdm/osarchmap.yaml      | 21 +++++++++++
 states/micromdm/service.sls         | 15 ++++++++
 9 files changed, 155 insertions(+)
 create mode 100644 states/micromdm/config.sls
 create mode 100644 states/micromdm/defaults.yaml
 create mode 100644 states/micromdm/init.sls
 create mode 100644 states/micromdm/install.sls
 create mode 100644 states/micromdm/kernelmap.yaml
 create mode 100644 states/micromdm/map.jinja
 create mode 100644 states/micromdm/micromdm.service.j2
 create mode 100644 states/micromdm/osarchmap.yaml
 create mode 100644 states/micromdm/service.sls

diff --git a/states/micromdm/config.sls b/states/micromdm/config.sls
new file mode 100644
index 0000000..ed97d53
--- /dev/null
+++ b/states/micromdm/config.sls
@@ -0,0 +1 @@
+---
diff --git a/states/micromdm/defaults.yaml b/states/micromdm/defaults.yaml
new file mode 100644
index 0000000..395c924
--- /dev/null
+++ b/states/micromdm/defaults.yaml
@@ -0,0 +1,23 @@
+---
+micromdm:
+  enabled: true
+  mirror: "https://github.com/micromdm/micromdm/releases/download"
+  install_dir: "/usr/local/apps"
+  release_dir: "/usr/local/apps/releases"
+  config_path: "/var/lib/micromdm/db"
+  filerepo: "/var/lib/micromdm/repo"
+  url: "https://mdm.acme.com"
+  tls: false
+  api_key: 1234
+  command_webhook_url: "https://mdm.acme.com"
+  version: "1.9.0"
+  os: linux
+  arch: amd64
+  uid: 902
+  gid: 902
+  user:
+    name: micromdm
+    uid: 902
+  group:
+    name: micromdm
+    gid: 902
diff --git a/states/micromdm/init.sls b/states/micromdm/init.sls
new file mode 100644
index 0000000..63261f2
--- /dev/null
+++ b/states/micromdm/init.sls
@@ -0,0 +1,5 @@
+---
+include:
+  - .install
+  - .config
+  - .service
\ No newline at end of file
diff --git a/states/micromdm/install.sls b/states/micromdm/install.sls
new file mode 100644
index 0000000..dc5ef97
--- /dev/null
+++ b/states/micromdm/install.sls
@@ -0,0 +1,55 @@
+---
+{%- from "micromdm/map.jinja" import micromdm with context %}
+micromdm-group:
+  group.present:
+    - name: micromdm
+    - gid: {{ micromdm.group.gid }}
+    - watch_in:
+      - service: micromdm-service
+
+micromdm-user:
+  user.present:
+    - name: micromdm
+    - uid: {{ micromdm.user.uid }}
+    - gid: {{ micromdm.group.gid }}
+    - allow_uid_change: true
+    - allow_gid_change: true
+    - home: /var/lib/micromdm
+    - watch_in:
+      - service: micromdm-service
+
+micromdm-archive-extract:
+  archive.extracted:
+    - name: {{ micromdm.release_dir }}/micromdm-{{ micromdm.version }}
+    - source: {{ micromdm.mirror }}/micromdm_v{{ micromdm.version }}.zip
+    - skip_verify: true
+    - enforce_toplevel: false
+    - if_missing: {{ micromdm.release_dir }}/micromdm-{{ micromdm.version }}/micromdm
+    - watch_in:
+      - service: micromdm-service
+
+micromdm-bin-symlink:
+  file.symlink:
+    - name: {{ micromdm.install_dir }}/micromdm
+    - target: {{ micromdm.release_dir }}/micromdm-{{ micromdm.version }}
+
+micromdm-data-dir:
+  file.directory:
+    - name: {{ micromdm.data_dir }}
+    - user: {{ micromdm.user.uid }}
+    - group: {{ micromdm.group.gid }}
+    - watch_in:
+    - service: micromdm-service
+
+{%- for bin in ['mdmctl'] %}
+micromdm-{{ bin }}-symlink:
+  file.symlink:
+    - name: /usr/local/sbin/{{ bin }}
+    - target: {{ micromdm.install_dir }}/micromdm/{{ bin }}
+{%- endfor %}
+
+micromdm-cleanup:
+  software.cleanup:
+    - name: micromdm
+    - path: {{ micromdm.release_dir }}
+    - version: "{{ micromdm.version }}"
diff --git a/states/micromdm/kernelmap.yaml b/states/micromdm/kernelmap.yaml
new file mode 100644
index 0000000..40943f2
--- /dev/null
+++ b/states/micromdm/kernelmap.yaml
@@ -0,0 +1,3 @@
+---
+Linux:
+  os: "linux"
diff --git a/states/micromdm/map.jinja b/states/micromdm/map.jinja
new file mode 100644
index 0000000..b73fede
--- /dev/null
+++ b/states/micromdm/map.jinja
@@ -0,0 +1,14 @@
+{%- import_yaml "micromdm/defaults.yaml" as default_settings -%}
+
+{%- import_yaml "micromdm/kernelmap.yaml" as kernelmap -%}
+{%- import_yaml "micromdm/osarchmap.yaml" as osarchmap -%}
+
+{%- set defaults = salt['grains.filter_by'](default_settings,
+      default='micromdm',
+        merge=salt['grains.filter_by'](osarchmap, grain='osarch',
+          merge=salt['grains.filter_by'](kernelmap, grain='kernel')
+        )
+      )
+-%}
+
+{%- set micromdm = salt['pillar.get']('micromdm', default=defaults, merge=True) -%}
\ No newline at end of file
diff --git a/states/micromdm/micromdm.service.j2 b/states/micromdm/micromdm.service.j2
new file mode 100644
index 0000000..856d42a
--- /dev/null
+++ b/states/micromdm/micromdm.service.j2
@@ -0,0 +1,18 @@
+{%- from "micromdm/map.jinja" import micromdm with context -%}
+## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
+[Unit]
+Description=Mobile Device Management server
+Documentation=https://github.com/micromdm/micromdm
+After=network-online.target
+
+[Service]
+User={{ micromdm.user.name }}
+Group={{ micromdm.group.name }}
+LimitNOFILE=65536
+ExecStart={{ micromdm.install_dir }}/micromdm/micromdm serve --config-path={{ micromdm.config_path }} -server-url={{ micromdm.url }} -api-key={{ micromdm.api_key }} -filerepo={{ micromdm.filerepo }} -tls={{ micromdm.tls }} -command-webhook-url={{ micromdm.command_webhook_url }}
+KillMode=control-group
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+Alias=micromdm.service
\ No newline at end of file
diff --git a/states/micromdm/osarchmap.yaml b/states/micromdm/osarchmap.yaml
new file mode 100644
index 0000000..4bd82f8
--- /dev/null
+++ b/states/micromdm/osarchmap.yaml
@@ -0,0 +1,21 @@
+---
+amd64:
+  arch: "amd64"
+
+x86_64:
+  arch: "amd64"
+
+386:
+  arch: "386"
+
+arm64:
+  arch: "arm64"
+
+armv6l:
+  arch: "arm"
+
+armv7l:
+  arch: "arm"
+
+armhf:
+  arch: "arm"
diff --git a/states/micromdm/service.sls b/states/micromdm/service.sls
new file mode 100644
index 0000000..e52cd25
--- /dev/null
+++ b/states/micromdm/service.sls
@@ -0,0 +1,15 @@
+---
+{%- from "micromdm/map.jinja" import micromdm with context %}
+micromdm-service-file:
+  file.managed:
+    - name: /etc/systemd/system/micromdm.service
+    - source: salt://micromdm/micromdm.service.j2
+    - user: root
+    - group: root
+    - mode: 644
+    - template: jinja
+
+micromdm-service:
+  service.running:
+    - name: micromdm
+    - enable: true
\ No newline at end of file