paulbsd/paulbsd-salt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

added micromdm state
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
Paul 2022-07-04 14:37:57 +02:00
parent 5ee366fd68
commit cd46368ad3
9 changed files with 155 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
states/micromdm/config.sls Normal file
View File

@ -0,0 +1 @@
---

23
states/micromdm/defaults.yaml Normal file
View File

@ -0,0 +1,23 @@
---
micromdm:
enabled: true
mirror: "https://github.com/micromdm/micromdm/releases/download"
install_dir: "/usr/local/apps"
release_dir: "/usr/local/apps/releases"
config_path: "/var/lib/micromdm/db"
filerepo: "/var/lib/micromdm/repo"
url: "https://mdm.acme.com"
tls: false
api_key: 1234
command_webhook_url: "https://mdm.acme.com"
version: "1.9.0"
os: linux
arch: amd64
uid: 902
gid: 902
user:
name: micromdm
uid: 902
group:
name: micromdm
gid: 902

5
states/micromdm/init.sls Normal file
View File

@ -0,0 +1,5 @@
---
include:
- .install
- .config
- .service

55
states/micromdm/install.sls Normal file
View File

@ -0,0 +1,55 @@
---
{%- from "micromdm/map.jinja" import micromdm with context %}
micromdm-group:
group.present:
- name: micromdm
- gid: {{ micromdm.group.gid }}
- watch_in:
- service: micromdm-service
micromdm-user:
user.present:
- name: micromdm
- uid: {{ micromdm.user.uid }}
- gid: {{ micromdm.group.gid }}
- allow_uid_change: true
- allow_gid_change: true
- home: /var/lib/micromdm
- watch_in:
- service: micromdm-service
micromdm-archive-extract:
archive.extracted:
- name: {{ micromdm.release_dir }}/micromdm-{{ micromdm.version }}
- source: {{ micromdm.mirror }}/micromdm_v{{ micromdm.version }}.zip
- skip_verify: true
- enforce_toplevel: false
- if_missing: {{ micromdm.release_dir }}/micromdm-{{ micromdm.version }}/micromdm
- watch_in:
- service: micromdm-service
micromdm-bin-symlink:
file.symlink:
- name: {{ micromdm.install_dir }}/micromdm
- target: {{ micromdm.release_dir }}/micromdm-{{ micromdm.version }}
micromdm-data-dir:
file.directory:
- name: {{ micromdm.data_dir }}
- user: {{ micromdm.user.uid }}
- group: {{ micromdm.group.gid }}
- watch_in:
- service: micromdm-service
{%- for bin in ['mdmctl'] %}
micromdm-{{ bin }}-symlink:
file.symlink:
- name: /usr/local/sbin/{{ bin }}
- target: {{ micromdm.install_dir }}/micromdm/{{ bin }}
{%- endfor %}
micromdm-cleanup:
software.cleanup:
- name: micromdm
- path: {{ micromdm.release_dir }}
- version: "{{ micromdm.version }}"

3
states/micromdm/kernelmap.yaml Normal file
View File

@ -0,0 +1,3 @@
---
Linux:
os: "linux"

14
states/micromdm/map.jinja Normal file
View File

@ -0,0 +1,14 @@
{%- import_yaml "micromdm/defaults.yaml" as default_settings -%}
{%- import_yaml "micromdm/kernelmap.yaml" as kernelmap -%}
{%- import_yaml "micromdm/osarchmap.yaml" as osarchmap -%}
{%- set defaults = salt['grains.filter_by'](default_settings,
default='micromdm',
merge=salt['grains.filter_by'](osarchmap, grain='osarch',
merge=salt['grains.filter_by'](kernelmap, grain='kernel')
)
)
-%}
{%- set micromdm = salt['pillar.get']('micromdm', default=defaults, merge=True) -%}

18
states/micromdm/micromdm.service.j2 Normal file
View File

@ -0,0 +1,18 @@
{%- from "micromdm/map.jinja" import micromdm with context -%}
## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
[Unit]
Description=Mobile Device Management server
Documentation=https://github.com/micromdm/micromdm
After=network-online.target
[Service]
User={{ micromdm.user.name }}
Group={{ micromdm.group.name }}
LimitNOFILE=65536
ExecStart={{ micromdm.install_dir }}/micromdm/micromdm serve --config-path={{ micromdm.config_path }} -server-url={{ micromdm.url }} -api-key={{ micromdm.api_key }} -filerepo={{ micromdm.filerepo }} -tls={{ micromdm.tls }} -command-webhook-url={{ micromdm.command_webhook_url }}
KillMode=control-group
Restart=on-failure
[Install]
WantedBy=multi-user.target
Alias=micromdm.service

21
states/micromdm/osarchmap.yaml Normal file
View File

@ -0,0 +1,21 @@
---
amd64:
arch: "amd64"
x86_64:
arch: "amd64"
386:
arch: "386"
arm64:
arch: "arm64"
armv6l:
arch: "arm"
armv7l:
arch: "arm"
armhf:
arch: "arm"

15
states/micromdm/service.sls Normal file
View File

@ -0,0 +1,15 @@
---
{%- from "micromdm/map.jinja" import micromdm with context %}
micromdm-service-file:
file.managed:
- name: /etc/systemd/system/micromdm.service
- source: salt://micromdm/micromdm.service.j2
- user: root
- group: root
- mode: 644
- template: jinja
micromdm-service:
service.running:
- name: micromdm
- enable: true