contain "sudo"
$users.each |$user| {
- user { "${user[username]}:${user[userid]}":
- name => $user[username],
- uid => $user[userid],
- ensure => "present",
- groups => $user[groups],
- managehome => true,
- system => !!$user[system],
- home => "/home/${user[username]}",
- notify => Exec["remove_password:${user[username]}:${user[userid]}"],
- purge_ssh_keys => true
- }
+ if ($user["username"] != "root") {
+ user { "${user[username]}:${user[userid]}":
+ name => $user[username],
+ uid => $user[userid],
+ ensure => "present",
+ groups => $user[groups],
+ managehome => true,
+ system => !!$user[system],
+ home => "/home/${user[username]}",
+ notify => Exec["remove_password:${user[username]}:${user[userid]}"],
+ purge_ssh_keys => true
+ }
- exec { "remove_password:${user[username]}:${user[userid]}":
- command => "/usr/bin/chage -d 0 ${user[username]} && /usr/bin/passwd -d ${user[username]}",
- onlyif => "/usr/bin/test -z '${user[password]}'",
- refreshonly => true
+ exec { "remove_password:${user[username]}:${user[userid]}":
+ command => "/usr/bin/chage -d 0 ${user[username]} && /usr/bin/passwd -d ${user[username]}",
+ onlyif => "/usr/bin/test -z '${user[password]}'",
+ refreshonly => true
+ }
}
if has_key($user, "keys") {
$user[keys].each |$key| {
- ssh_authorized_key { "${user[username]}@${key[host]}":
- name => "${user[username]}@${key[host]}",
- user => $user[username],
- type => $key[key_type],
- key => $key[key],
- }
-
- if has_key($key, "root_command") {
- ssh_authorized_key { "${user[username]}@${key[host]}:root":
- name => "${user[username]}@${key[host]}:root",
- user => "root",
+ if has_key($key, "command") {
+ ssh_authorized_key { "${user[username]}@${key[host]}":
+ name => "${user[username]}@${key[host]}",
+ user => $user[username],
+ type => $key[key_type],
+ key => $key[key],
options => [
- "command=\"${key[root_command]}\"",
+ "command=\"${key[command]}\"",
"no-port-forwarding",
"no-X11-forwarding",
"no-pty",
],
- type => $key[key_type],
- key => $key[key],
+ }
+ } else {
+ ssh_authorized_key { "${user[username]}@${key[host]}":
+ name => "${user[username]}@${key[host]}",
+ user => $user[username],
+ type => $key[key_type],
+ key => $key[key],
}
}
}