@adam/cfgmgmt

v2026.03.30.1

SSH-based configuration management for Linux and macOS.

Manage remote systems over SSH using the check/apply pattern — every model is idempotent and reports whether resources are compliant, non-compliant, applied, or failed. Convergence failures propagate as step failures so workflow orchestration can detect and react to errors.

Includes 36 model types:

@adam/cfgmgmt/node — Gather system facts (OS, arch, package managers)
@adam/cfgmgmt/file — Create, update, or remove files
@adam/cfgmgmt/template — Render EJS templates and deploy to remote hosts. Uses <%= var %> for plain string interpolation (HTML escaping is disabled). Whitespace control: -%> strips the trailing newline (use on loop/conditional lines to avoid blank lines in output), <%_ %> strips leading whitespace, _%> strips all trailing whitespace.
@adam/cfgmgmt/directory — Create or remove directories
@adam/cfgmgmt/link — Manage symbolic links
@adam/cfgmgmt/line — Edit individual lines in files using regex matching
@adam/cfgmgmt/exec — Run commands with onlyIf/notIf guards
@adam/cfgmgmt/systemd — Manage systemd services and unit files
@adam/cfgmgmt/dnf — Manage packages on Fedora/RHEL (with version pinning)
@adam/cfgmgmt/apt — Manage packages on Debian/Ubuntu (with version pinning)
@adam/cfgmgmt/pacman — Manage packages on Arch Linux
@adam/cfgmgmt/homebrew — Manage packages on macOS
@adam/cfgmgmt/apt_repository — Manage apt sources and GPG keys
@adam/cfgmgmt/dnf_repository — Manage dnf/yum repository files
@adam/cfgmgmt/hostname — Set system hostname
@adam/cfgmgmt/timezone — Set system timezone
@adam/cfgmgmt/user — Manage system users
@adam/cfgmgmt/group — Manage system groups
@adam/cfgmgmt/authorized_key — Manage SSH authorized keys
@adam/cfgmgmt/host_entry — Manage /etc/hosts entries
@adam/cfgmgmt/sysctl — Manage kernel parameters
@adam/cfgmgmt/kernel_module — Load/unload kernel modules with persistence
@adam/cfgmgmt/cron — Manage cron jobs
@adam/cfgmgmt/mount — Manage filesystem mounts and fstab
@adam/cfgmgmt/firewall — Manage firewall rules (ufw/firewalld/iptables)
@adam/cfgmgmt/selinux — Manage SELinux mode and booleans
@adam/cfgmgmt/docker_image — Manage Docker images
@adam/cfgmgmt/docker_container — Manage Docker containers
@adam/cfgmgmt/git — Manage git repository checkouts
@adam/cfgmgmt/archive — Extract archives idempotently
@adam/cfgmgmt/copy_file — Copy a local file to remote hosts via SCP
@adam/cfgmgmt/fetch — Download files from URLs with checksum verification
@adam/cfgmgmt/reboot — Reboot hosts and wait for SSH reconnection
@adam/cfgmgmt/debug_exec — Run a command on a remote host and capture stdout, stderr, and exit code as data
@adam/cfgmgmt/debug_file — Fetch a remote file's content and store it as data
@adam/cfgmgmt/certificate — Deploy SSL/TLS certificates with validation

Every model is a factory across hosts — a single definition can target multiple hosts via workflow forEach, with per-host data stored separately.

Connections are multiplexed via OpenSSH ControlMaster sockets. All models (except node and homebrew) support sudo privilege escalation.

Platforms

linux-x86_64 linux-aarch64 darwin-x86_64 darwin-aarch64

Labels

cfgmgmtsshlinuxmacosfedoradebianubuntuarchlinux

models

Quality score

How well-documented and verifiable this extension is.

Not yet scored.

A score will be generated the next time this extension is published. The owner can also trigger scoring manually.

Install

$ swamp extension pull @adam/cfgmgmt

@adam/cfgmgmt/nodev2026.03.18.1adam/cfgmgmt/node.ts

Global Arguments

Argument	Type	Required	Description
hostname	string	yes	Hostname or IP of the remote node
sshUser	string	yes	SSH username
sshPort	number	yes	SSH port
sshIdentityFile?	string	no	Path to SSH private key

gatherSSH to node and gather system facts

Resources

info(infinite)— Facts gathered from the node

@adam/cfgmgmt/filev2026.03.18.1adam/cfgmgmt/file.ts

Global Arguments

Argument	Type	Required	Description
path	string	yes	Absolute path of the file on the remote node
ensure	enum	yes	Whether file should be present or absent
content?	string	no	Desired file content
owner?	string	no	File owner
group?	string	no	File group
mode?	string	no	File permissions in octal (e.g. 0644)
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck if file matches desired state (dry-run)

applyApply desired file state to the remote node

Resources

state(infinite)— Result of check or apply operation

@adam/cfgmgmt/templatev2026.03.18.1adam/cfgmgmt/template.ts

Global Arguments

Argument	Type	Required	Description
path	string	yes	Absolute path of the file on the remote node
ensure	enum	yes	Whether file should be present or absent
template?	string	no	EJS template string
variables	record	yes	Template variables passed to EJS
owner?	string	no	File owner
group?	string	no	File group
mode?	string	no	File permissions in octal (e.g. 0644)
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck if rendered template matches desired state (dry-run)

applyRender template and apply desired file state to the remote node

Resources

state(infinite)— Result of check or apply operation

@adam/cfgmgmt/directoryv2026.03.18.1adam/cfgmgmt/directory.ts

Global Arguments

Argument	Type	Required	Description
path	string	yes	Absolute path of the directory
ensure	enum	yes	Whether directory should be present or absent
owner?	string	no	Directory owner
group?	string	no	Directory group
mode?	string	no	Directory permissions in octal (e.g. 0755)
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck if directory matches desired state (dry-run)

applyApply desired directory state to the remote node

Resources

state(infinite)— Result of check or apply operation

@adam/cfgmgmt/linkv2026.03.18.1adam/cfgmgmt/link.ts

Global Arguments

Argument	Type	Required	Description
path	string	yes	Path where the symlink should exist
ensure	enum	yes	Whether symlink should be present or absent
target?	string	no	Target the symlink should point to
owner?	string	no	Symlink owner
group?	string	no	Symlink group
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck if symlink matches desired state (dry-run)

applyApply desired symlink state to the remote node

Resources

state(infinite)— Result of check or apply operation

@adam/cfgmgmt/execv2026.03.18.1adam/cfgmgmt/exec.ts

Global Arguments

Argument	Type	Required	Description
command	string	yes	The command to execute
onlyIf?	string	no	Guard: only run if this command exits 0
notIf?	string	no	Guard: skip if this command exits 0
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkDry-run: validate SSH connectivity without executing the command

applyExecute the command on the remote node via SSH

Resources

state(infinite)— Result of command execution

@adam/cfgmgmt/systemdv2026.03.18.1adam/cfgmgmt/systemd.ts

Global Arguments

Argument	Type	Required	Description
service	string	yes	Service name (e.g. nginx or nginx.service)
ensure?	enum	no	Whether service should be running or stopped
enabled?	boolean	no	Whether the service should be enabled at boot
unitFile?	string	no	Full content of a systemd unit file to deploy
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck if service matches desired state (dry-run)

applyApply desired service state to the remote node

restartRestart the service (imperative, always runs)

logsFetch recent journal logs for the service

Argument	Type	Required	Description
lines	number	yes	Number of journal lines to fetch

Resources

state(infinite)— Result of check or apply operation

logs(infinite)— Journal log output for the service

@adam/cfgmgmt/dnfv2026.03.18.1adam/cfgmgmt/dnf.ts

Global Arguments

Argument	Type	Required	Description
packages	array	yes	Package names to manage
ensure	enum	yes	Whether packages should be present or absent
version?	string	no	Pin to a specific package version (e.g. 1.24.0-1.el9). Applies to all packages in the list.
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck if packages match desired state without modifying

applyInstall or remove packages based on ensure state

refreshRefresh the dnf package metadata

upgradeUpgrade all installed packages

listList all installed packages

Resources

state(infinite)— Package operation state

installed(infinite)— All installed packages

@adam/cfgmgmt/aptv2026.03.18.1adam/cfgmgmt/apt.ts

Global Arguments

Argument	Type	Required	Description
packages	array	yes	Package names to manage
ensure	enum	yes	Whether packages should be present or absent
version?	string	no	Pin to a specific package version (e.g. 1.24.0-1ubuntu1). Applies to all packages in the list.
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck if packages match desired state without modifying

applyInstall or remove packages based on ensure state

refreshUpdate the apt package database

upgradeUpgrade all installed packages

listList all installed packages

Resources

state(infinite)— Package operation state

installed(infinite)— All installed packages

@adam/cfgmgmt/pacmanv2026.03.18.1adam/cfgmgmt/pacman.ts

Global Arguments

Argument	Type	Required	Description
packages	array	yes	Package names to manage
ensure	enum	yes	Whether packages should be present or absent
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck if packages match desired state without modifying

applyInstall or remove packages based on ensure state

refreshUpdate the pacman package database

upgradeUpgrade all installed packages

listList all installed packages

Resources

state(infinite)— Package operation state

installed(infinite)— All installed packages

@adam/cfgmgmt/homebrewv2026.03.18.1adam/cfgmgmt/homebrew.ts

Global Arguments

Argument	Type	Required	Description
packages	array	yes	Formula names to manage
ensure	enum	yes	Whether packages should be present or absent
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Accepted but ignored (brew forbids root)
becomeUser	string	yes	Accepted but ignored
becomePassword?	string	no	Accepted but ignored

checkCheck if packages match desired state without modifying

applyInstall or remove packages based on ensure state

refreshUpdate the homebrew package database

upgradeUpgrade all installed packages

listList all installed packages

Resources

state(infinite)— Package operation state

installed(infinite)— All installed packages

@adam/cfgmgmt/hostnamev2026.03.18.1adam/cfgmgmt/hostname.ts

Global Arguments

Argument	Type	Required	Description
name	string	yes	Desired system hostname
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck if hostname matches desired state (dry-run)

applySet the system hostname to the desired value

Resources

state(infinite)— Result of check or apply operation

@adam/cfgmgmt/timezonev2026.03.18.1adam/cfgmgmt/timezone.ts

Global Arguments

Argument	Type	Required	Description
timezone	string	yes	Desired IANA timezone (e.g. America/New_York)
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck if timezone matches desired state (dry-run)

applySet the system timezone to the desired value

Resources

state(infinite)— Result of check or apply operation

@adam/cfgmgmt/userv2026.03.18.1adam/cfgmgmt/user.ts

Global Arguments

Argument	Type	Required	Description
username	string	yes	Username to manage
ensure	enum	yes	Whether user should be present or absent
uid?	number	no	Desired UID
gid?	number	no	Desired primary GID
groups?	array	no	Supplementary groups
home?	string	no	Home directory path
shell?	string	no	Login shell
system?	boolean	no	Create as system user
managehome	boolean	yes	Manage home directory (create with useradd -m, remove with userdel -r)
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck if user matches desired state (dry-run)

applyCreate, modify, or remove a system user

Resources

state(infinite)— Result of check or apply operation

@adam/cfgmgmt/groupv2026.03.18.1adam/cfgmgmt/group.ts

Global Arguments

Argument	Type	Required	Description
groupname	string	yes	Group name to manage
ensure	enum	yes	Whether group should be present or absent
gid?	number	no	Desired GID
members?	array	no	Group members
system?	boolean	no	Create as system group
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck if group matches desired state (dry-run)

applyCreate, modify, or remove a system group

Resources

state(infinite)— Result of check or apply operation

@adam/cfgmgmt/authorized_keyv2026.03.18.1adam/cfgmgmt/authorized_key.ts

Global Arguments

Argument	Type	Required	Description
user	string	yes	User whose authorized_keys file to manage
key	string	yes	Full SSH public key line
ensure	enum	yes	Whether the key should be present or absent
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck if SSH authorized key matches desired state (dry-run)

applyAdd or remove an SSH public key from a user's authorized_keys

Resources

state(infinite)— Result of check or apply operation

@adam/cfgmgmt/host_entryv2026.03.18.1adam/cfgmgmt/host_entry.ts

Global Arguments

Argument	Type	Required	Description
hostname	string	yes	Primary hostname for the /etc/hosts entry
ip	string	yes	IP address for the entry
aliases?	array	no	Additional hostname aliases
ensure	enum	yes	Whether the entry should be present or absent
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck if /etc/hosts entry matches desired state (dry-run)

applyAdd, update, or remove an /etc/hosts entry

Resources

state(infinite)— Result of check or apply operation

@adam/cfgmgmt/sysctlv2026.03.18.1adam/cfgmgmt/sysctl.ts

Global Arguments

Argument	Type	Required	Description
key	string	yes	Sysctl key (e.g. net.ipv4.ip_forward)
value	string	yes	Desired value
ensure	enum	yes	Whether the sysctl parameter should be present or absent
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck if sysctl parameter matches desired state (dry-run)

applySet or remove a sysctl kernel parameter

Resources

state(infinite)— Result of check or apply operation

@adam/cfgmgmt/cronv2026.03.18.1adam/cfgmgmt/cron.ts

Global Arguments

Argument	Type	Required	Description
name	string	yes	Unique identifier for this cron job
ensure	enum	yes	Whether the cron job should be present or absent
command	string	yes	Command to run
user	string	yes	User whose crontab to manage
minute	string	yes	Minute (0-59 or *)
hour	string	yes	Hour (0-23 or *)
day	string	yes	Day of month (1-31 or *)
month	string	yes	Month (1-12 or *)
weekday	string	yes	Day of week (0-7 or *)
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck if cron job matches desired state (dry-run)

applyAdd, update, or remove a cron job

Resources

state(infinite)— Result of check or apply operation

@adam/cfgmgmt/mountv2026.03.18.1adam/cfgmgmt/mount.ts

Global Arguments

Argument	Type	Required	Description
path	string	yes	Mount point path
device	string	yes	Device or remote filesystem to mount
fstype	string	yes	Filesystem type (e.g. ext4, nfs, tmpfs)
options	string	yes	Mount options (e.g. defaults,noatime)
ensure	enum	yes	Desired mount state: mounted=fstab+mounted, unmounted=fstab+not mounted, present=fstab only, absent=remove fstab+unmount
dump	number	yes	fstab dump field
pass	number	yes	fstab pass field
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck if mount matches desired state (dry-run)

applyManage filesystem mount and fstab entry

Resources

state(infinite)— Result of check or apply operation

@adam/cfgmgmt/firewallv2026.03.18.1adam/cfgmgmt/firewall.ts

Global Arguments

Argument	Type	Required	Description
port	number	yes	Port number
protocol	enum	yes	Protocol (tcp or udp)
action	enum	yes	Firewall action for the rule
direction	enum	yes	Traffic direction
source?	string	no	Source CIDR (e.g. 10.0.0.0/8)
ensure	enum	yes	Whether the rule should be present or absent
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck if firewall rule matches desired state (dry-run)

applyAdd or remove a firewall rule

Resources

state(infinite)— Result of check or apply operation

@adam/cfgmgmt/selinuxv2026.03.18.1adam/cfgmgmt/selinux.ts

Global Arguments

Argument	Type	Required	Description
mode?	enum	no	Desired SELinux mode (mutually exclusive with boolean)
boolean?	string	no	SELinux boolean name (mutually exclusive with mode)
booleanValue?	enum	no	Desired boolean value
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck if SELinux matches desired state (dry-run)

applySet SELinux mode or boolean value

Resources

state(infinite)— Result of check or apply operation

@adam/cfgmgmt/docker_imagev2026.03.18.1adam/cfgmgmt/docker_image.ts

Global Arguments

Argument	Type	Required	Description
image	string	yes	Docker image name with tag (e.g. nginx:1.25)
ensure	enum	yes	Whether image should be present or absent
force	boolean	yes	Force pull even if image is already present
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck if Docker image matches desired state (dry-run)

applyPull or remove a Docker image

pruneRemove dangling Docker images (imperative, always runs)

Resources

state(infinite)— Result of check or apply operation

@adam/cfgmgmt/docker_containerv2026.03.18.1adam/cfgmgmt/docker_container.ts

Global Arguments

Argument	Type	Required	Description
name	string	yes	Container name
image	string	yes	Docker image (e.g. nginx:1.25)
ensure	enum	yes	Desired container state
ports?	array	no	Port mappings (e.g. ["8080:80", "443:443"])
environment?	array	no	Environment variables (e.g. ["FOO=bar"])
volumes?	array	no	Volume mounts (e.g. ["/host:/container"])
restart?	enum	no	Restart policy
command?	string	no	Override container command
network?	string	no	Docker network to connect to
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck if Docker container matches desired state (dry-run)

applyCreate, start, stop, or remove a Docker container

logsFetch recent container logs

Argument	Type	Required	Description
lines	number	yes	Number of log lines to fetch

restartRestart the container (imperative, always runs)

Resources

state(infinite)— Result of check or apply operation

logs(infinite)— Container log output

@adam/cfgmgmt/gitv2026.03.18.1adam/cfgmgmt/git.ts

Global Arguments

Argument	Type	Required	Description
path	string	yes	Local path for the repository
repo	string	yes	Git repository URL
revision	string	yes	Branch, tag, or commit hash (default HEAD = default branch)
ensure	enum	yes	Whether the repository should be present or absent
depth?	number	no	Shallow clone depth
owner?	string	no	Repository owner
group?	string	no	Repository group
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck if git repository matches desired state (dry-run)

applyClone, update, or remove a git repository

Resources

state(infinite)— Result of check or apply operation

@adam/cfgmgmt/archivev2026.03.18.1adam/cfgmgmt/archive.ts

Global Arguments

Argument	Type	Required	Description
source	string	yes	Path to the archive file on the remote node
dest	string	yes	Extraction destination directory
format	enum	yes	Archive format (auto-detected from extension by default)
creates?	string	no	Idempotency guard: skip extraction if this path exists
owner?	string	no	Owner for extracted files
group?	string	no	Group for extracted files
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck if archive has been extracted (dry-run)

applyExtract an archive to the destination directory

Resources

state(infinite)— Result of check or apply operation

@adam/cfgmgmt/linev2026.03.18.1adam/cfgmgmt/line.ts

Global Arguments

Argument	Type	Required	Description
path	string	yes	Absolute path of the file on the remote node
regexp	string	yes	Regular expression to match the target line. First match is used.
line?	string	no	The line to insert or replace. Required when ensure is present.
ensure	enum	yes	Whether the matching line should be present or absent
insertAfter?	string	no	Regex pattern — insert the line after the last match of this pattern if regexp has no match. Defaults to EOF.
insertBefore?	string	no	Regex pattern — insert the line before the first match of this pattern if regexp has no match
createFile	boolean	yes	Create the file if it does not exist (ensure=present only)
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck if the line matches desired state in the file (dry-run)

applyEnsure a line is present/absent in the file

Resources

state(infinite)— Result of check or apply operation

@adam/cfgmgmt/copy_filev2026.03.27.1adam/cfgmgmt/copy_file.ts

Global Arguments

Argument	Type	Required	Description
source	string	yes	Path to the local source file. Resolved relative to the repository root if not absolute.
path	string	yes	Absolute path of the file on the remote node
ensure	enum	yes	Whether file should be present or absent
owner?	string	no	File owner
group?	string	no	File group
mode?	string	no	File permissions in octal (e.g. 0644)
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck if remote file matches local source file (dry-run)

applyCopy local source file to the remote node

Resources

state(infinite)— Result of check or apply operation

@adam/cfgmgmt/fetchv2026.03.18.1adam/cfgmgmt/fetch.ts

Global Arguments

Argument	Type	Required	Description
url	string	yes	URL to download
path	string	yes	Absolute path where the downloaded file should be placed on the remote node
checksum?	string	no	Expected checksum of the file (e.g. sha256:abc123...). Used for idempotency.
checksumType	enum	yes	Checksum algorithm to use (md5 is deprecated, prefer sha256)
owner?	string	no	File owner
group?	string	no	File group
mode?	string	no	File permissions in octal (e.g. 0755)
force	boolean	yes	Re-download even if the file already exists and checksum matches
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck if the file has been downloaded and matches expected state (dry-run)

applyDownload a file from a URL to the remote node

Resources

state(infinite)— Result of check or apply operation

@adam/cfgmgmt/apt_repositoryv2026.03.18.1adam/cfgmgmt/apt_repository.ts

Global Arguments

Argument	Type	Required	Description
name	string	yes	Repository identifier used for the .list/.sources filename (e.g. docker, nodesource)
ensure	enum	yes	Whether the repository should be present or absent
uris?	array	no	Repository URIs (e.g. ['https://download.docker.com/linux/ubuntu']). For DEB822 format.
suites?	array	no	Repository suites (e.g. ['noble']). For DEB822 format.
components?	array	no	Repository components (e.g. ['stable']). For DEB822 format.
architectures?	array	no	Architectures to enable (e.g. ['amd64']). For DEB822 format.
signedBy?	string	no	Path to the GPG keyring file on the remote node (e.g. /usr/share/keyrings/docker.gpg)
gpgKeyUrl?	string	no	URL to download the GPG key from. Will be dearmored and saved to signedBy path.
sourceLine?	string	no	Legacy one-line format: 'deb [options] uri suite component...' — written to /etc/apt/sources.list.d/<name>.list. Mutually exclusive with uris/suites/components.
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck if the apt repository is configured as desired (dry-run)

applyConfigure or remove an apt repository on the remote node

Resources

state(infinite)— Result of check or apply operation

@adam/cfgmgmt/dnf_repositoryv2026.03.18.1adam/cfgmgmt/dnf_repository.ts

Global Arguments

Argument	Type	Required	Description
name	string	yes	Repository ID used as the [section] name and .repo filename (e.g. docker-ce-stable)
ensure	enum	yes	Whether the repository should be present or absent
description?	string	no	Human-readable repository name (e.g. 'Docker CE Stable')
baseurl?	string	no	Base URL of the repository (e.g. https://download.docker.com/linux/fedora/$releasever/$basearch/stable)
metalink?	string	no	Metalink URL (alternative to baseurl)
mirrorlist?	string	no	Mirror list URL (alternative to baseurl)
enabled	boolean	yes	Whether the repository is enabled
gpgcheck	boolean	yes	Whether GPG signature checking is enabled
gpgkey?	string	no	URL of the GPG key for the repository (e.g. https://download.docker.com/linux/fedora/gpg)
sslverify?	boolean	no	Whether to verify SSL certificates
repo_gpgcheck?	boolean	no	Whether to verify repository metadata GPG signatures
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck if the dnf repository is configured as desired (dry-run)

applyConfigure or remove a dnf/yum repository on the remote node

Resources

state(infinite)— Result of check or apply operation

@adam/cfgmgmt/kernel_modulev2026.03.18.1adam/cfgmgmt/kernel_module.ts

Global Arguments

Argument	Type	Required	Description
name	string	yes	Kernel module name (e.g. br_netfilter, overlay)
ensure	enum	yes	Whether the module should be loaded or unloaded
params?	string	no	Module parameters (e.g. 'option1=value1 option2=value2')
persist	boolean	yes	Persist the module across reboots via /etc/modules-load.d/
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck if the kernel module is loaded/persisted as desired (dry-run)

applyLoad or unload a kernel module and manage persistence

Resources

state(infinite)— Result of check or apply operation

@adam/cfgmgmt/rebootv2026.03.18.1adam/cfgmgmt/reboot.ts

Global Arguments

Argument	Type	Required	Description
timeout	number	yes	Maximum seconds to wait for the host to come back after reboot
message	string	yes	Broadcast message before reboot
testCommand	string	yes	Command to run after reconnection to verify the host is healthy
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck is always non-compliant — reboot is an imperative action

applyReboot the remote host and wait for SSH to become available again

Resources

state(infinite)— Result of the reboot operation

@adam/cfgmgmt/debug_execv2026.03.27.1adam/cfgmgmt/debug_exec.ts

Global Arguments

Argument	Type	Required	Description
command	string	yes	The command to execute on the remote host
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

runExecute the command on the remote host and capture output as data

Resources

state(infinite)— Output captured from remote command execution

@adam/cfgmgmt/debug_filev2026.03.27.1adam/cfgmgmt/debug_file.ts

Global Arguments

Argument	Type	Required	Description
path	string	yes	Absolute path of the file to read on the remote node
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

runFetch the file content from the remote host and store it as data

Resources

state(infinite)— Content fetched from a remote file

@adam/cfgmgmt/certificatev2026.03.18.1adam/cfgmgmt/certificate.ts

Global Arguments

Argument	Type	Required	Description
name	string	yes	Certificate name — used as a label in state output
certContent	string	yes	PEM-encoded certificate content
keyContent	string	yes	PEM-encoded private key content
chainContent?	string	no	PEM-encoded certificate chain (intermediate + root CAs)
certPath	string	yes	Absolute path for the certificate file on the remote node
keyPath	string	yes	Absolute path for the private key file on the remote node
chainPath?	string	no	Absolute path for the chain file on the remote node
owner?	string	no	Owner for all certificate files
group?	string	no	Group for all certificate files
certMode	string	yes	Permissions for the certificate file
keyMode	string	yes	Permissions for the private key file (default: restricted)
chainMode	string	yes	Permissions for the chain file
validate	boolean	yes	Validate that the certificate and key match using openssl
nodeHost	string	yes	Hostname or IP of the remote node
nodeUser	string	yes	SSH username
nodePort	number	yes	SSH port
nodeIdentityFile?	string	no	Path to SSH private key
become	boolean	yes	Enable sudo privilege escalation
becomeUser	string	yes	User to become via sudo
becomePassword?	string	no	Password for sudo -S

checkCheck if certificates are deployed and match desired state (dry-run)

applyDeploy certificate, key, and optional chain to the remote node

Resources

state(infinite)— Result of check or apply operation

2026.03.28.193.3 KBMar 29, 2026

SSH-based configuration management for Linux and macOS. Manage remote systems over SSH using the check/apply pattern — every model is idempotent and reports whether resources are compliant, non-compliant, applied, or failed. Convergence failures propagate as step failures so workflow orchestration can detect and react to errors. Includes 36 model types: - **@adam/cfgmgmt/node** — Gather system facts (OS, arch, package managers) - **@adam/cfgmgmt/file** — Create, update, or remove files - **@adam/cfgmgmt/template** — Render EJS templates and deploy to remote hosts. Uses `<%= var %>` for plain string interpolation (HTML escaping is disabled). Whitespace control: `-%>` strips the trailing newline (use on loop/conditional lines to avoid blank lines in output), `<%_ %>` strips leading whitespace, `_%>` strips all trailing whitespace. - **@adam/cfgmgmt/directory** — Create or remove directories - **@adam/cfgmgmt/link** — Manage symbolic links - **@adam/cfgmgmt/line** — Edit individual lines in files using regex matching - **@adam/cfgmgmt/exec** — Run commands with onlyIf/notIf guards - **@adam/cfgmgmt/systemd** — Manage systemd services and unit files - **@adam/cfgmgmt/dnf** — Manage packages on Fedora/RHEL (with version pinning) - **@adam/cfgmgmt/apt** — Manage packages on Debian/Ubuntu (with version pinning) - **@adam/cfgmgmt/pacman** — Manage packages on Arch Linux - **@adam/cfgmgmt/homebrew** — Manage packages on macOS - **@adam/cfgmgmt/apt_repository** — Manage apt sources and GPG keys - **@adam/cfgmgmt/dnf_repository** — Manage dnf/yum repository files - **@adam/cfgmgmt/hostname** — Set system hostname - **@adam/cfgmgmt/timezone** — Set system timezone - **@adam/cfgmgmt/user** — Manage system users - **@adam/cfgmgmt/group** — Manage system groups - **@adam/cfgmgmt/authorized_key** — Manage SSH authorized keys - **@adam/cfgmgmt/host_entry** — Manage /etc/hosts entries - **@adam/cfgmgmt/sysctl** — Manage kernel parameters - **@adam/cfgmgmt/kernel_module** — Load/unload kernel modules with persistence - **@adam/cfgmgmt/cron** — Manage cron jobs - **@adam/cfgmgmt/mount** — Manage filesystem mounts and fstab - **@adam/cfgmgmt/firewall** — Manage firewall rules (ufw/firewalld/iptables) - **@adam/cfgmgmt/selinux** — Manage SELinux mode and booleans - **@adam/cfgmgmt/docker_image** — Manage Docker images - **@adam/cfgmgmt/docker_container** — Manage Docker containers - **@adam/cfgmgmt/git** — Manage git repository checkouts - **@adam/cfgmgmt/archive** — Extract archives idempotently - **@adam/cfgmgmt/copy_file** — Copy a local file to remote hosts via SCP - **@adam/cfgmgmt/fetch** — Download files from URLs with checksum verification - **@adam/cfgmgmt/reboot** — Reboot hosts and wait for SSH reconnection - **@adam/cfgmgmt/debug_exec** — Run a command on a remote host and capture stdout, stderr, and exit code as data - **@adam/cfgmgmt/debug_file** — Fetch a remote file's content and store it as data - **@adam/cfgmgmt/certificate** — Deploy SSL/TLS certificates with validation Every model is a factory across hosts — a single definition can target multiple hosts via workflow forEach, with per-host data stored separately. Connections are multiplexed via OpenSSH ControlMaster sockets. All models (except node and homebrew) support sudo privilege escalation.

linux-x86_64linux-aarch64darwin-x86_64darwin-aarch64

cfgmgmtsshlinuxmacosfedoradebianubuntuarchlinux

2026.03.27.189.7 KBMar 28, 2026

SSH-based configuration management for Linux and macOS. Manage remote systems over SSH using the check/apply pattern — every model is idempotent and reports whether resources are compliant, non-compliant, applied, or failed. Convergence failures propagate as step failures so workflow orchestration can detect and react to errors. Includes 34 model types: - **@adam/cfgmgmt/node** — Gather system facts (OS, arch, package managers) - **@adam/cfgmgmt/file** — Create, update, or remove files - **@adam/cfgmgmt/template** — Render EJS templates and deploy to remote hosts. Uses `<%= var %>` for plain string interpolation (HTML escaping is disabled). Whitespace control: `-%>` strips the trailing newline (use on loop/conditional lines to avoid blank lines in output), `<%_ %>` strips leading whitespace, `_%>` strips all trailing whitespace. - **@adam/cfgmgmt/directory** — Create or remove directories - **@adam/cfgmgmt/link** — Manage symbolic links - **@adam/cfgmgmt/line** — Edit individual lines in files using regex matching - **@adam/cfgmgmt/exec** — Run commands with onlyIf/notIf guards - **@adam/cfgmgmt/systemd** — Manage systemd services and unit files - **@adam/cfgmgmt/dnf** — Manage packages on Fedora/RHEL (with version pinning) - **@adam/cfgmgmt/apt** — Manage packages on Debian/Ubuntu (with version pinning) - **@adam/cfgmgmt/pacman** — Manage packages on Arch Linux - **@adam/cfgmgmt/homebrew** — Manage packages on macOS - **@adam/cfgmgmt/apt_repository** — Manage apt sources and GPG keys - **@adam/cfgmgmt/dnf_repository** — Manage dnf/yum repository files - **@adam/cfgmgmt/hostname** — Set system hostname - **@adam/cfgmgmt/timezone** — Set system timezone - **@adam/cfgmgmt/user** — Manage system users - **@adam/cfgmgmt/group** — Manage system groups - **@adam/cfgmgmt/authorized_key** — Manage SSH authorized keys - **@adam/cfgmgmt/host_entry** — Manage /etc/hosts entries - **@adam/cfgmgmt/sysctl** — Manage kernel parameters - **@adam/cfgmgmt/kernel_module** — Load/unload kernel modules with persistence - **@adam/cfgmgmt/cron** — Manage cron jobs - **@adam/cfgmgmt/mount** — Manage filesystem mounts and fstab - **@adam/cfgmgmt/firewall** — Manage firewall rules (ufw/firewalld/iptables) - **@adam/cfgmgmt/selinux** — Manage SELinux mode and booleans - **@adam/cfgmgmt/docker_image** — Manage Docker images - **@adam/cfgmgmt/docker_container** — Manage Docker containers - **@adam/cfgmgmt/git** — Manage git repository checkouts - **@adam/cfgmgmt/archive** — Extract archives idempotently - **@adam/cfgmgmt/copy_file** — Copy a local file to remote hosts via SCP - **@adam/cfgmgmt/fetch** — Download files from URLs with checksum verification - **@adam/cfgmgmt/reboot** — Reboot hosts and wait for SSH reconnection - **@adam/cfgmgmt/certificate** — Deploy SSL/TLS certificates with validation Every model is a factory across hosts — a single definition can target multiple hosts via workflow forEach, with per-host data stored separately. Connections are multiplexed via OpenSSH ControlMaster sockets. All models (except node and homebrew) support sudo privilege escalation.

linux-x86_64linux-aarch64darwin-x86_64darwin-aarch64

cfgmgmtsshlinuxmacosfedoradebianubuntuarchlinux

2026.03.04.284.8 KBMar 5, 2026

SSH-based configuration management for Linux and macOS. Manage remote systems over SSH using the check/apply pattern — every model is idempotent and reports whether resources are compliant, non-compliant, applied, or failed. Convergence failures propagate as step failures so workflow orchestration can detect and react to errors. Includes 33 model types: - **@adam/cfgmgmt/node** — Gather system facts (OS, arch, package managers) - **@adam/cfgmgmt/file** — Create, update, or remove files - **@adam/cfgmgmt/template** — Render EJS templates and deploy to remote hosts. Uses `<%= var %>` for plain string interpolation (HTML escaping is disabled). Whitespace control: `-%>` strips the trailing newline (use on loop/conditional lines to avoid blank lines in output), `<%_ %>` strips leading whitespace, `_%>` strips all trailing whitespace. - **@adam/cfgmgmt/directory** — Create or remove directories - **@adam/cfgmgmt/link** — Manage symbolic links - **@adam/cfgmgmt/line** — Edit individual lines in files using regex matching - **@adam/cfgmgmt/exec** — Run commands with onlyIf/notIf guards - **@adam/cfgmgmt/systemd** — Manage systemd services and unit files - **@adam/cfgmgmt/dnf** — Manage packages on Fedora/RHEL (with version pinning) - **@adam/cfgmgmt/apt** — Manage packages on Debian/Ubuntu (with version pinning) - **@adam/cfgmgmt/pacman** — Manage packages on Arch Linux - **@adam/cfgmgmt/homebrew** — Manage packages on macOS - **@adam/cfgmgmt/apt_repository** — Manage apt sources and GPG keys - **@adam/cfgmgmt/dnf_repository** — Manage dnf/yum repository files - **@adam/cfgmgmt/hostname** — Set system hostname - **@adam/cfgmgmt/timezone** — Set system timezone - **@adam/cfgmgmt/user** — Manage system users - **@adam/cfgmgmt/group** — Manage system groups - **@adam/cfgmgmt/authorized_key** — Manage SSH authorized keys - **@adam/cfgmgmt/host_entry** — Manage /etc/hosts entries - **@adam/cfgmgmt/sysctl** — Manage kernel parameters - **@adam/cfgmgmt/kernel_module** — Load/unload kernel modules with persistence - **@adam/cfgmgmt/cron** — Manage cron jobs - **@adam/cfgmgmt/mount** — Manage filesystem mounts and fstab - **@adam/cfgmgmt/firewall** — Manage firewall rules (ufw/firewalld/iptables) - **@adam/cfgmgmt/selinux** — Manage SELinux mode and booleans - **@adam/cfgmgmt/docker_image** — Manage Docker images - **@adam/cfgmgmt/docker_container** — Manage Docker containers - **@adam/cfgmgmt/git** — Manage git repository checkouts - **@adam/cfgmgmt/archive** — Extract archives idempotently - **@adam/cfgmgmt/fetch** — Download files from URLs with checksum verification - **@adam/cfgmgmt/reboot** — Reboot hosts and wait for SSH reconnection - **@adam/cfgmgmt/certificate** — Deploy SSL/TLS certificates with validation Every model is a factory across hosts — a single definition can target multiple hosts via workflow forEach, with per-host data stored separately. Connections are multiplexed via OpenSSH ControlMaster sockets. All models (except node and homebrew) support sudo privilege escalation.

linux-x86_64linux-aarch64darwin-x86_64darwin-aarch64

cfgmgmtsshlinuxmacosfedoradebianubuntuarchlinux

2026.03.04.165.9 KBMar 4, 2026

SSH-based configuration management for Linux and macOS. Manage remote systems over SSH using the check/apply pattern — every model is idempotent and reports whether resources are compliant, non-compliant, applied, or failed. Convergence failures propagate as step failures so workflow orchestration can detect and react to errors. Includes 26 model types: - **@adam/cfgmgmt/node** — Gather system facts (OS, arch, package managers) - **@adam/cfgmgmt/file** — Create, update, or remove files - **@adam/cfgmgmt/template** — Render EJS templates and deploy to remote hosts. Uses `<%= var %>` for plain string interpolation (HTML escaping is disabled). Whitespace control: `-%>` strips the trailing newline (use on loop/conditional lines to avoid blank lines in output), `<%_ %>` strips leading whitespace, `_%>` strips all trailing whitespace. - **@adam/cfgmgmt/directory** — Create or remove directories - **@adam/cfgmgmt/link** — Manage symbolic links - **@adam/cfgmgmt/exec** — Run commands with onlyIf/notIf guards - **@adam/cfgmgmt/systemd** — Manage systemd services and unit files - **@adam/cfgmgmt/dnf** — Manage packages on Fedora/RHEL - **@adam/cfgmgmt/apt** — Manage packages on Debian/Ubuntu - **@adam/cfgmgmt/pacman** — Manage packages on Arch Linux - **@adam/cfgmgmt/homebrew** — Manage packages on macOS - **@adam/cfgmgmt/hostname** — Set system hostname - **@adam/cfgmgmt/timezone** — Set system timezone - **@adam/cfgmgmt/user** — Manage system users - **@adam/cfgmgmt/group** — Manage system groups - **@adam/cfgmgmt/authorized_key** — Manage SSH authorized keys - **@adam/cfgmgmt/host_entry** — Manage /etc/hosts entries - **@adam/cfgmgmt/sysctl** — Manage kernel parameters - **@adam/cfgmgmt/cron** — Manage cron jobs - **@adam/cfgmgmt/mount** — Manage filesystem mounts and fstab - **@adam/cfgmgmt/firewall** — Manage firewall rules (ufw/firewalld/iptables) - **@adam/cfgmgmt/selinux** — Manage SELinux mode and booleans - **@adam/cfgmgmt/docker_image** — Manage Docker images - **@adam/cfgmgmt/docker_container** — Manage Docker containers - **@adam/cfgmgmt/git** — Manage git repository checkouts - **@adam/cfgmgmt/archive** — Extract archives idempotently Every model is a factory across hosts — a single definition can target multiple hosts via workflow forEach, with per-host data stored separately. Connections are multiplexed via OpenSSH ControlMaster sockets. All models (except node and homebrew) support sudo privilege escalation.

linux-x86_64linux-aarch64darwin-x86_64darwin-aarch64

cfgmgmtsshlinuxmacosfedoradebianubuntuarchlinux

2026.03.03.355.3 KBMar 4, 2026

linux-x86_64linux-aarch64darwin-x86_64darwin-aarch64

cfgmgmtsshlinuxmacosfedoradebianubuntuarchlinux

2026.03.03.255.3 KBMar 4, 2026

linux-x86_64linux-aarch64darwin-x86_64darwin-aarch64

cfgmgmtsshlinuxmacosfedoradebianubuntuarchlinux

2026.03.02.119.9 KBMar 3, 2026

SSH-based configuration management for Linux and macOS. Manage remote systems over SSH using the check/apply pattern — every model is idempotent and reports whether resources are compliant, non-compliant, applied, or failed. Includes 10 model types: - **@adam/cfgmgmt/node** — Gather system facts (OS, arch, package managers) - **@adam/cfgmgmt/file** — Create, update, or remove files - **@adam/cfgmgmt/directory** — Create or remove directories - **@adam/cfgmgmt/link** — Manage symbolic links - **@adam/cfgmgmt/exec** — Run commands with onlyIf/notIf guards - **@adam/cfgmgmt/systemd** — Manage systemd services and unit files - **@adam/cfgmgmt/dnf** — Manage packages on Fedora/RHEL - **@adam/cfgmgmt/apt** — Manage packages on Debian/Ubuntu - **@adam/cfgmgmt/pacman** — Manage packages on Arch Linux - **@adam/cfgmgmt/homebrew** — Manage packages on macOS Every model is a factory across hosts — a single definition can target multiple hosts via workflow forEach, with per-host data stored separately. Connections are multiplexed via OpenSSH ControlMaster sockets. All models (except node and homebrew) support sudo privilege escalation.

linux-x86_64linux-aarch64darwin-x86_64darwin-aarch64

cfgmgmtsshlinuxmacosfedoradebianubuntuarchlinux

@adam/cfgmgmt

Platforms

Labels

Contents

Quality score

Install

Models36

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Global Arguments

Resources

Previous Versions7