From: Ismaël Bouya <ismael.bouya@normalesup.org>
Date: Wed, 28 Mar 2018 23:08:23 +0000 (+0200)
Subject: Add root command for authorized keys
X-Git-Url: https://git.immae.eu/?a=commitdiff_plain;h=b193066f246693155bebb579f4131f10375c86e5;p=perso%2FImmae%2FProjets%2FPuppet.git

Add root command for authorized keys
---

diff --git a/modules/base_installation/manifests/users.pp b/modules/base_installation/manifests/users.pp
index f893c51..aff19bb 100644
--- a/modules/base_installation/manifests/users.pp
+++ b/modules/base_installation/manifests/users.pp
@@ -3,7 +3,8 @@ class base_installation::users (
 ) inherits base_installation {
   ensure_packages('ruby-shadow')
   user { 'root':
-    password => '!'
+    password       => '!',
+    purge_ssh_keys => ["/root/.ssh/authorized_keys"],
   }
 
   class { 'sudo':
@@ -46,6 +47,21 @@ class base_installation::users (
           type => $key[key_type],
           key  => $key[key],
         }
+
+        if has_key($key, "root_command") {
+          ssh_authorized_key { "${user[username]}@${key[host]}:root":
+            name    => "${user[username]}@${key[host]}:root",
+            user    => "root",
+            options => [
+              "command=\"${key[root_command]}\"",
+              "no-port-forwarding",
+              "no-X11-forwarding",
+              "no-pty",
+            ],
+            type    => $key[key_type],
+            key     => $key[key],
+          }
+        }
       }
     }
   }