[perso/Immae/Projets/Puppet.git] / modules / base_installation / manifests / users.pp

class base_installation::users (
  $users = $base_installation::system_users,
) inherits base_installation {
  ensure_packages('ruby-shadow')
  user { 'root':
    password       => '!',
    purge_ssh_keys => ["/root/.ssh/authorized_keys"],
  }

  class { 'sudo':
    config_file_replace => false,
    # Missing in the sudo package, should no be mandatory
    package_ldap        => false
  }

  sudo::conf { 'wheel':
    priority => 10,
    content  => "%wheel ALL=(ALL) ALL"
  }

  contain "sudo"

  $users.each |$user| {
    user { "${user[username]}:${user[userid]}":
      name           => $user[username],
      uid            => $user[userid],
      ensure         => "present",
      groups         => $user[groups],
      managehome     => true,
      system         => !!$user[system],
      home           => "/home/${user[username]}",
      notify         => Exec["remove_password:${user[username]}:${user[userid]}"],
      purge_ssh_keys => true
    }

    exec { "remove_password:${user[username]}:${user[userid]}":
      command     => "/usr/bin/chage -d 0 ${user[username]} && /usr/bin/passwd -d ${user[username]}",
      onlyif      => "/usr/bin/test -z '${user[password]}'",
      refreshonly => true
    }

    if has_key($user, "keys") {
      $user[keys].each |$key| {
        ssh_authorized_key { "${user[username]}@${key[host]}":
          name => "${user[username]}@${key[host]}",
          user => $user[username],
          type => $key[key_type],
          key  => $key[key],
        }

        if has_key($key, "root_command") {
          ssh_authorized_key { "${user[username]}@${key[host]}:root":
            name    => "${user[username]}@${key[host]}:root",
            user    => "root",
            options => [
              "command=\"${key[root_command]}\"",
              "no-port-forwarding",
              "no-X11-forwarding",
              "no-pty",
            ],
            type    => $key[key_type],
            key     => $key[key],
          }
        }
      }
    }
  }

}
Commit	Line	Data
7fed35a4 IB	1	class base_installation::users (
	2	$users = $base_installation::system_users,
	3	) inherits base_installation {
	4	ensure_packages('ruby-shadow')
	5	user { 'root':
b193066f IB	6	password => '!',
b193066f IB	7	purge_ssh_keys => ["/root/.ssh/authorized_keys"],
7fed35a4 IB	8	}
	9
	10	class { 'sudo':
	11	config_file_replace => false,
	12	# Missing in the sudo package, should no be mandatory
	13	package_ldap => false
	14	}
	15
	16	sudo::conf { 'wheel':
	17	priority => 10,
	18	content => "%wheel ALL=(ALL) ALL"
	19	}
	20
	21	contain "sudo"
	22
	23	$users.each \|$user\| {
	24	user { "${user[username]}:${user[userid]}":
	25	name => $user[username],
	26	uid => $user[userid],
	27	ensure => "present",
	28	groups => $user[groups],
	29	managehome => true,
0a21fb6c	30	system => !!$user[system],
7fed35a4	31	home => "/home/${user[username]}",
0a21fb6c	32	notify => Exec["remove_password:${user[username]}:${user[userid]}"],
7fed35a4 IB	33	purge_ssh_keys => true
	34	}
	35
0a21fb6c	36	exec { "remove_password:${user[username]}:${user[userid]}":
7fed35a4	37	command => "/usr/bin/chage -d 0 ${user[username]} && /usr/bin/passwd -d ${user[username]}",
0a21fb6c	38	onlyif => "/usr/bin/test -z '${user[password]}'",
7fed35a4 IB	39	refreshonly => true
	40	}
	41
0a21fb6c IB	42	if has_key($user, "keys") {
	43	$user[keys].each \|$key\| {
	44	ssh_authorized_key { "${user[username]}@${key[host]}":
	45	name => "${user[username]}@${key[host]}",
	46	user => $user[username],
	47	type => $key[key_type],
	48	key => $key[key],
	49	}
b193066f IB	50
	51	if has_key($key, "root_command") {
	52	ssh_authorized_key { "${user[username]}@${key[host]}:root":
	53	name => "${user[username]}@${key[host]}:root",
	54	user => "root",
	55	options => [
	56	"command=\"${key[root_command]}\"",
	57	"no-port-forwarding",
	58	"no-X11-forwarding",
	59	"no-pty",
	60	],
	61	type => $key[key_type],
	62	key => $key[key],
	63	}
	64	}
7fed35a4 IB	65	}
	66	}
	67	}
	68
	69	}