--- /dev/null
+class base_installation::users (
+ $users = $base_installation::system_users,
+) inherits base_installation {
+ ensure_packages('ruby-shadow')
+ user { 'root':
+ password => '!'
+ }
+
+ class { 'sudo':
+ config_file_replace => false,
+ # Missing in the sudo package, should no be mandatory
+ package_ldap => false
+ }
+
+ sudo::conf { 'wheel':
+ priority => 10,
+ content => "%wheel ALL=(ALL) ALL"
+ }
+
+ contain "sudo"
+
+ $users.each |$user| {
+ user { "${user[username]}:${user[userid]}":
+ name => $user[username],
+ uid => $user[userid],
+ ensure => "present",
+ groups => $user[groups],
+ managehome => true,
+ home => "/home/${user[username]}",
+ notify => Exec["remove_password"],
+ purge_ssh_keys => true
+ }
+
+ exec { "remove_password":
+ command => "/usr/bin/chage -d 0 ${user[username]} && /usr/bin/passwd -d ${user[username]}",
+ refreshonly => true
+ }
+
+ $user[keys].each |$key| {
+ ssh_authorized_key { "${user[username]}@${key[host]}":
+ name => "${user[username]}@${key[host]}",
+ user => $user[username],
+ type => $key[key_type],
+ key => $key[key],
+ }
+ }
+ }
+
+}