From b193066f246693155bebb579f4131f10375c86e5 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Isma=C3=ABl=20Bouya?= <ismael.bouya@normalesup.org>
Date: Thu, 29 Mar 2018 01:08:23 +0200
Subject: [PATCH] Add root command for authorized keys

---
 modules/base_installation/manifests/users.pp | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/modules/base_installation/manifests/users.pp b/modules/base_installation/manifests/users.pp
index f893c51..aff19bb 100644
--- a/modules/base_installation/manifests/users.pp
+++ b/modules/base_installation/manifests/users.pp
@@ -3,7 +3,8 @@ class base_installation::users (
 ) inherits base_installation {
   ensure_packages('ruby-shadow')
   user { 'root':
-    password => '!'
+    password       => '!',
+    purge_ssh_keys => ["/root/.ssh/authorized_keys"],
   }
 
   class { 'sudo':
@@ -46,6 +47,21 @@ class base_installation::users (
           type => $key[key_type],
           key  => $key[key],
         }
+
+        if has_key($key, "root_command") {
+          ssh_authorized_key { "${user[username]}@${key[host]}:root":
+            name    => "${user[username]}@${key[host]}:root",
+            user    => "root",
+            options => [
+              "command=\"${key[root_command]}\"",
+              "no-port-forwarding",
+              "no-X11-forwarding",
+              "no-pty",
+            ],
+            type    => $key[key_type],
+            key     => $key[key],
+          }
+        }
       }
     }
   }
-- 
2.41.0