]>
Commit | Line | Data |
---|---|---|
7fed35a4 IB |
1 | class base_installation::users ( |
2 | $users = $base_installation::system_users, | |
3 | ) inherits base_installation { | |
4 | ensure_packages('ruby-shadow') | |
5 | user { 'root': | |
b193066f IB |
6 | password => '!', |
7 | purge_ssh_keys => ["/root/.ssh/authorized_keys"], | |
7fed35a4 IB |
8 | } |
9 | ||
10 | class { 'sudo': | |
11 | config_file_replace => false, | |
12 | # Missing in the sudo package, should no be mandatory | |
13 | package_ldap => false | |
14 | } | |
15 | ||
16 | sudo::conf { 'wheel': | |
17 | priority => 10, | |
22049605 IB |
18 | content => "%wheel ALL=(ALL) ALL", |
19 | require => Package["sudo"], | |
7fed35a4 IB |
20 | } |
21 | ||
22 | contain "sudo" | |
23 | ||
24 | $users.each |$user| { | |
d13887c5 | 25 | if ($user["username"] != "root") { |
851ca3c6 IB |
26 | unless $user["shell"] == undef or empty($user["shell"]) { |
27 | ensure_packages([$user["shell"]]) | |
28 | $shell = "/bin/${user[shell]}" | |
29 | } else { | |
30 | $shell = undef | |
31 | } | |
32 | ||
d13887c5 IB |
33 | user { "${user[username]}:${user[userid]}": |
34 | name => $user[username], | |
35 | uid => $user[userid], | |
36 | ensure => "present", | |
37 | groups => $user[groups], | |
38 | managehome => true, | |
39 | system => !!$user[system], | |
40 | home => "/home/${user[username]}", | |
851ca3c6 | 41 | shell => $shell, |
d13887c5 IB |
42 | notify => Exec["remove_password:${user[username]}:${user[userid]}"], |
43 | purge_ssh_keys => true | |
44 | } | |
7fed35a4 | 45 | |
d13887c5 IB |
46 | exec { "remove_password:${user[username]}:${user[userid]}": |
47 | command => "/usr/bin/chage -d 0 ${user[username]} && /usr/bin/passwd -d ${user[username]}", | |
48 | onlyif => "/usr/bin/test -z '${user[password]}'", | |
49 | refreshonly => true | |
50 | } | |
7fed35a4 IB |
51 | } |
52 | ||
0a21fb6c IB |
53 | if has_key($user, "keys") { |
54 | $user[keys].each |$key| { | |
d13887c5 IB |
55 | if has_key($key, "command") { |
56 | ssh_authorized_key { "${user[username]}@${key[host]}": | |
57 | name => "${user[username]}@${key[host]}", | |
58 | user => $user[username], | |
59 | type => $key[key_type], | |
60 | key => $key[key], | |
b193066f | 61 | options => [ |
d13887c5 | 62 | "command=\"${key[command]}\"", |
b193066f IB |
63 | "no-port-forwarding", |
64 | "no-X11-forwarding", | |
65 | "no-pty", | |
66 | ], | |
d13887c5 IB |
67 | } |
68 | } else { | |
69 | ssh_authorized_key { "${user[username]}@${key[host]}": | |
70 | name => "${user[username]}@${key[host]}", | |
71 | user => $user[username], | |
72 | type => $key[key_type], | |
73 | key => $key[key], | |
b193066f IB |
74 | } |
75 | } | |
7fed35a4 IB |
76 | } |
77 | } | |
78 | } | |
79 | ||
80 | } |