[perso/Immae/Projets/Puppet.git] / modules / base_installation / manifests / users.pp

class base_installation::users (
  $users = $base_installation::system_users,
) inherits base_installation {
  ensure_packages('ruby-shadow')
  user { 'root':
    password => '!'
  }

  class { 'sudo':
    config_file_replace => false,
    # Missing in the sudo package, should no be mandatory
    package_ldap        => false
  }

  sudo::conf { 'wheel':
    priority => 10,
    content  => "%wheel ALL=(ALL) ALL"
  }

  contain "sudo"

  $users.each |$user| {
    user { "${user[username]}:${user[userid]}":
      name           => $user[username],
      uid            => $user[userid],
      ensure         => "present",
      groups         => $user[groups],
      managehome     => true,
      system         => !!$user[system],
      home           => "/home/${user[username]}",
      notify         => Exec["remove_password:${user[username]}:${user[userid]}"],
      purge_ssh_keys => true
    }

    exec { "remove_password:${user[username]}:${user[userid]}":
      command     => "/usr/bin/chage -d 0 ${user[username]} && /usr/bin/passwd -d ${user[username]}",
      onlyif      => "/usr/bin/test -z '${user[password]}'",
      refreshonly => true
    }

    if has_key($user, "keys") {
      $user[keys].each |$key| {
        ssh_authorized_key { "${user[username]}@${key[host]}":
          name => "${user[username]}@${key[host]}",
          user => $user[username],
          type => $key[key_type],
          key  => $key[key],
        }
      }
    }
  }

}
Commit	Line	Data
7fed35a4 IB	1	class base_installation::users (
	2	$users = $base_installation::system_users,
	3	) inherits base_installation {
	4	ensure_packages('ruby-shadow')
	5	user { 'root':
	6	password => '!'
	7	}
	8
	9	class { 'sudo':
	10	config_file_replace => false,
	11	# Missing in the sudo package, should no be mandatory
	12	package_ldap => false
	13	}
	14
	15	sudo::conf { 'wheel':
	16	priority => 10,
	17	content => "%wheel ALL=(ALL) ALL"
	18	}
	19
	20	contain "sudo"
	21
	22	$users.each \|$user\| {
	23	user { "${user[username]}:${user[userid]}":
	24	name => $user[username],
	25	uid => $user[userid],
	26	ensure => "present",
	27	groups => $user[groups],
	28	managehome => true,
0a21fb6c	29	system => !!$user[system],
7fed35a4	30	home => "/home/${user[username]}",
0a21fb6c	31	notify => Exec["remove_password:${user[username]}:${user[userid]}"],
7fed35a4 IB	32	purge_ssh_keys => true
	33	}
	34
0a21fb6c	35	exec { "remove_password:${user[username]}:${user[userid]}":
7fed35a4	36	command => "/usr/bin/chage -d 0 ${user[username]} && /usr/bin/passwd -d ${user[username]}",
0a21fb6c	37	onlyif => "/usr/bin/test -z '${user[password]}'",
7fed35a4 IB	38	refreshonly => true
	39	}
	40
0a21fb6c IB	41	if has_key($user, "keys") {
	42	$user[keys].each \|$key\| {
	43	ssh_authorized_key { "${user[username]}@${key[host]}":
	44	name => "${user[username]}@${key[host]}",
	45	user => $user[username],
	46	type => $key[key_type],
	47	key => $key[key],
	48	}
7fed35a4 IB	49	}
	50	}
	51	}
	52
	53	}