path: root/modules/base_installation/manifests/users.pp



class base_installation::users (
  $users = $base_installation::system_users,
) inherits base_installation {
  ensure_packages('ruby-shadow')
  user { 'root':
    password       => '!',
    purge_ssh_keys => ["/root/.ssh/authorized_keys"],
  }

  class { 'sudo':
    config_file_replace => false,
    # Missing in the sudo package, should no be mandatory
    package_ldap        => false
  }

  sudo::conf { 'wheel':
    priority => 10,
    content  => "%wheel ALL=(ALL) ALL",
    require  => Package["sudo"],
  }

  contain "sudo"

  $users.each |$user| {
    if ($user["username"] != "root") {
      unless $user["shell"] == undef or empty($user["shell"]) {
        ensure_packages([$user["shell"]])
        $shell = "/bin/${user[shell]}"
      } else {
        $shell = undef
      }

      user { "${user[username]}:${user[userid]}":
        name           => $user[username],
        uid            => $user[userid],
        ensure         => "present",
        groups         => $user[groups],
        managehome     => true,
        system         => !!$user[system],
        home           => "/home/${user[username]}",
        shell          => $shell,
        notify         => Exec["remove_password:${user[username]}:${user[userid]}"],
        purge_ssh_keys => true
      }

      exec { "remove_password:${user[username]}:${user[userid]}":
        command     => "/usr/bin/chage -d 0 ${user[username]} && /usr/bin/passwd -d ${user[username]}",
        onlyif      => "/usr/bin/test -z '${user[password]}'",
        refreshonly => true
      }
    }

    if has_key($user, "keys") {
      $user[keys].each |$key| {
        if has_key($key, "command") {
          ssh_authorized_key { "${user[username]}@${key[host]}":
            name    => "${user[username]}@${key[host]}",
            user    => $user[username],
            type    => $key[key_type],
            key     => $key[key],
            options => [
              "command=\"${key[command]}\"",
              "no-port-forwarding",
              "no-X11-forwarding",
              "no-pty",
            ],
          }
        } else {
          ssh_authorized_key { "${user[username]}@${key[host]}":
            name => "${user[username]}@${key[host]}",
            user => $user[username],
            type => $key[key_type],
            key  => $key[key],
          }
        }
      }
    }
  }

}
class base_installation::users (
  $users = $base_installation::system_users,
) inherits base_installation {
  ensure_packages('ruby-shadow')
  user { 'root':
    password       => '!',
    purge_ssh_keys => ["/root/.ssh/authorized_keys"],
  }

  class { 'sudo':
    config_file_replace => false,
    # Missing in the sudo package, should no be mandatory
    package_ldap        => false
  }

  sudo::conf { 'wheel':
    priority => 10,
    content  => "%wheel ALL=(ALL) ALL",
    require  => Package["sudo"],
  }

  contain "sudo"

  $users.each |$user| {
    if ($user["username"] != "root") {
      unless $user["shell"] == undef or empty($user["shell"]) {
        ensure_packages([$user["shell"]])
        $shell = "/bin/${user[shell]}"
      } else {
        $shell = undef
      }

      user { "${user[username]}:${user[userid]}":
        name           => $user[username],
        uid            => $user[userid],
        ensure         => "present",
        groups         => $user[groups],
        managehome     => true,
        system         => !!$user[system],
        home           => "/home/${user[username]}",
        shell          => $shell,
        notify         => Exec["remove_password:${user[username]}:${user[userid]}"],
        purge_ssh_keys => true
      }

      exec { "remove_password:${user[username]}:${user[userid]}":
        command     => "/usr/bin/chage -d 0 ${user[username]} && /usr/bin/passwd -d ${user[username]}",
        onlyif      => "/usr/bin/test -z '${user[password]}'",
        refreshonly => true
      }
    }

    if has_key($user, "keys") {
      $user[keys].each |$key| {
        if has_key($key, "command") {
          ssh_authorized_key { "${user[username]}@${key[host]}":
            name    => "${user[username]}@${key[host]}",
            user    => $user[username],
            type    => $key[key_type],
            key     => $key[key],
            options => [
              "command=\"${key[command]}\"",
              "no-port-forwarding",
              "no-X11-forwarding",
              "no-pty",
            ],
          }
        } else {
          ssh_authorized_key { "${user[username]}@${key[host]}":
            name => "${user[username]}@${key[host]}",
            user => $user[username],
            type => $key[key_type],
            key  => $key[key],
          }
        }
      }
    }
  }

}