diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2017-08-24 02:22:17 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2017-08-29 22:46:14 +0200 |
commit | 7fed35a408b9ec37454169425823785b5fc8978b (patch) | |
tree | 28371d43ac304f99fb0a5305124858db69ef2137 /modules/base_installation/manifests/users.pp | |
parent | ba2cf1b5d938810077b0fd73844faf432e8e8f9d (diff) | |
download | Puppet-7fed35a408b9ec37454169425823785b5fc8978b.tar.gz Puppet-7fed35a408b9ec37454169425823785b5fc8978b.tar.zst Puppet-7fed35a408b9ec37454169425823785b5fc8978b.zip |
Refactor base installation module
Diffstat (limited to 'modules/base_installation/manifests/users.pp')
-rw-r--r-- | modules/base_installation/manifests/users.pp | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/modules/base_installation/manifests/users.pp b/modules/base_installation/manifests/users.pp new file mode 100644 index 0000000..766c0f0 --- /dev/null +++ b/modules/base_installation/manifests/users.pp | |||
@@ -0,0 +1,49 @@ | |||
1 | class base_installation::users ( | ||
2 | $users = $base_installation::system_users, | ||
3 | ) inherits base_installation { | ||
4 | ensure_packages('ruby-shadow') | ||
5 | user { 'root': | ||
6 | password => '!' | ||
7 | } | ||
8 | |||
9 | class { 'sudo': | ||
10 | config_file_replace => false, | ||
11 | # Missing in the sudo package, should no be mandatory | ||
12 | package_ldap => false | ||
13 | } | ||
14 | |||
15 | sudo::conf { 'wheel': | ||
16 | priority => 10, | ||
17 | content => "%wheel ALL=(ALL) ALL" | ||
18 | } | ||
19 | |||
20 | contain "sudo" | ||
21 | |||
22 | $users.each |$user| { | ||
23 | user { "${user[username]}:${user[userid]}": | ||
24 | name => $user[username], | ||
25 | uid => $user[userid], | ||
26 | ensure => "present", | ||
27 | groups => $user[groups], | ||
28 | managehome => true, | ||
29 | home => "/home/${user[username]}", | ||
30 | notify => Exec["remove_password"], | ||
31 | purge_ssh_keys => true | ||
32 | } | ||
33 | |||
34 | exec { "remove_password": | ||
35 | command => "/usr/bin/chage -d 0 ${user[username]} && /usr/bin/passwd -d ${user[username]}", | ||
36 | refreshonly => true | ||
37 | } | ||
38 | |||
39 | $user[keys].each |$key| { | ||
40 | ssh_authorized_key { "${user[username]}@${key[host]}": | ||
41 | name => "${user[username]}@${key[host]}", | ||
42 | user => $user[username], | ||
43 | type => $key[key_type], | ||
44 | key => $key[key], | ||
45 | } | ||
46 | } | ||
47 | } | ||
48 | |||
49 | } | ||