Refactor base installation module

author: Ismaël Bouya <ismael.bouya@normalesup.org> 2017-08-24 02:22:17 +0200
committer: Ismaël Bouya <ismael.bouya@normalesup.org> 2017-08-29 22:46:14 +0200
commit: 7fed35a408b9ec37454169425823785b5fc8978b (patch)
tree: 28371d43ac304f99fb0a5305124858db69ef2137 /modules/base_installation/manifests/users.pp
parent: ba2cf1b5d938810077b0fd73844faf432e8e8f9d (diff)
download: Puppet-7fed35a408b9ec37454169425823785b5fc8978b.tar.gz
Puppet-7fed35a408b9ec37454169425823785b5fc8978b.tar.zst
Puppet-7fed35a408b9ec37454169425823785b5fc8978b.zip
1 files changed, 49 insertions, 0 deletions
diff --git a/modules/base_installation/manifests/users.pp b/modules/base_installation/manifests/users.pp
new file mode 100644
index 0000000..766c0f0
--- /dev/null
+++ b/modules/base_installation/manifests/users.pp
@@ -0,0 +1,49 @@
+class base_installation::users (
+  $users = $base_installation::system_users,
+) inherits base_installation {
+  ensure_packages('ruby-shadow')
+  user { 'root':
+    password => '!'
+  }
+  class { 'sudo':
+    config_file_replace => false,
+    # Missing in the sudo package, should no be mandatory
+    package_ldap        => false
+  }
+  sudo::conf { 'wheel':
+    priority => 10,
+    content  => "%wheel ALL=(ALL) ALL"
+  }
+  contain "sudo"
+  $users.each |$user| {
+    user { "${user[username]}:${user[userid]}":
+      name           => $user[username],
+      uid            => $user[userid],
+      ensure         => "present",
+      groups         => $user[groups],
+      managehome     => true,
+      home           => "/home/${user[username]}",
+      notify         => Exec["remove_password"],
+      purge_ssh_keys => true
+    }
+    exec { "remove_password":
+      command     => "/usr/bin/chage -d 0 ${user[username]} && /usr/bin/passwd -d ${user[username]}",
+      refreshonly => true
+    }
+    $user[keys].each |$key| {
+      ssh_authorized_key { "${user[username]}@${key[host]}":
+        name => "${user[username]}@${key[host]}",
+        user => $user[username],
+        type => $key[key_type],
+        key  => $key[key],
+      }
+    }
+  }
+}
author	Ismaël Bouya <ismael.bouya@normalesup.org>	2017-08-24 02:22:17 +0200
committer	Ismaël Bouya <ismael.bouya@normalesup.org>	2017-08-29 22:46:14 +0200
commit	7fed35a408b9ec37454169425823785b5fc8978b (patch)
tree	28371d43ac304f99fb0a5305124858db69ef2137 /modules/base_installation/manifests/users.pp
parent	ba2cf1b5d938810077b0fd73844faf432e8e8f9d (diff)
download	Puppet-7fed35a408b9ec37454169425823785b5fc8978b.tar.gz Puppet-7fed35a408b9ec37454169425823785b5fc8978b.tar.zst Puppet-7fed35a408b9ec37454169425823785b5fc8978b.zip

diff --git a/modules/base_installation/manifests/users.pp b/modules/base_installation/manifests/users.pp new file mode 100644 index 0000000..766c0f0 --- /dev/null +++ b/modules/base_installation/manifests/users.pp
@@ -0,0 +1,49 @@
	1	class base_installation::users (
	2	$users = $base_installation::system_users,
	3	) inherits base_installation {
	4	ensure_packages('ruby-shadow')
	5	user { 'root':
	6	password => '!'
	7	}
	8
	9	class { 'sudo':
	10	config_file_replace => false,
	11	# Missing in the sudo package, should no be mandatory
	12	package_ldap => false
	13	}
	14
	15	sudo::conf { 'wheel':
	16	priority => 10,
	17	content => "%wheel ALL=(ALL) ALL"
	18	}
	19
	20	contain "sudo"
	21
	22	$users.each \|$user\| {
	23	user { "${user[username]}:${user[userid]}":
	24	name => $user[username],
	25	uid => $user[userid],
	26	ensure => "present",
	27	groups => $user[groups],
	28	managehome => true,
	29	home => "/home/${user[username]}",
	30	notify => Exec["remove_password"],
	31	purge_ssh_keys => true
	32	}
	33
	34	exec { "remove_password":
	35	command => "/usr/bin/chage -d 0 ${user[username]} && /usr/bin/passwd -d ${user[username]}",
	36	refreshonly => true
	37	}
	38
	39	$user[keys].each \|$key\| {
	40	ssh_authorized_key { "${user[username]}@${key[host]}":
	41	name => "${user[username]}@${key[host]}",
	42	user => $user[username],
	43	type => $key[key_type],
	44	key => $key[key],
	45	}
	46	}
	47	}
	48
	49	}