From d13887c5bf74b1d2dc4a82bd1ab38aab561f84d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Thu, 29 Mar 2018 19:58:11 +0200 Subject: Add command key --- modules/base_installation/manifests/users.pp | 60 ++++++++++++++-------------- 1 file changed, 31 insertions(+), 29 deletions(-) (limited to 'modules/base_installation') diff --git a/modules/base_installation/manifests/users.pp b/modules/base_installation/manifests/users.pp index aff19bb..34df4bd 100644 --- a/modules/base_installation/manifests/users.pp +++ b/modules/base_installation/manifests/users.pp @@ -21,45 +21,47 @@ class base_installation::users ( contain "sudo" $users.each |$user| { - user { "${user[username]}:${user[userid]}": - name => $user[username], - uid => $user[userid], - ensure => "present", - groups => $user[groups], - managehome => true, - system => !!$user[system], - home => "/home/${user[username]}", - notify => Exec["remove_password:${user[username]}:${user[userid]}"], - purge_ssh_keys => true - } + if ($user["username"] != "root") { + user { "${user[username]}:${user[userid]}": + name => $user[username], + uid => $user[userid], + ensure => "present", + groups => $user[groups], + managehome => true, + system => !!$user[system], + home => "/home/${user[username]}", + notify => Exec["remove_password:${user[username]}:${user[userid]}"], + purge_ssh_keys => true + } - exec { "remove_password:${user[username]}:${user[userid]}": - command => "/usr/bin/chage -d 0 ${user[username]} && /usr/bin/passwd -d ${user[username]}", - onlyif => "/usr/bin/test -z '${user[password]}'", - refreshonly => true + exec { "remove_password:${user[username]}:${user[userid]}": + command => "/usr/bin/chage -d 0 ${user[username]} && /usr/bin/passwd -d ${user[username]}", + onlyif => "/usr/bin/test -z '${user[password]}'", + refreshonly => true + } } if has_key($user, "keys") { $user[keys].each |$key| { - ssh_authorized_key { "${user[username]}@${key[host]}": - name => "${user[username]}@${key[host]}", - user => $user[username], - type => $key[key_type], - key => $key[key], - } - - if has_key($key, "root_command") { - ssh_authorized_key { "${user[username]}@${key[host]}:root": - name => "${user[username]}@${key[host]}:root", - user => "root", + if has_key($key, "command") { + ssh_authorized_key { "${user[username]}@${key[host]}": + name => "${user[username]}@${key[host]}", + user => $user[username], + type => $key[key_type], + key => $key[key], options => [ - "command=\"${key[root_command]}\"", + "command=\"${key[command]}\"", "no-port-forwarding", "no-X11-forwarding", "no-pty", ], - type => $key[key_type], - key => $key[key], + } + } else { + ssh_authorized_key { "${user[username]}@${key[host]}": + name => "${user[username]}@${key[host]}", + user => $user[username], + type => $key[key_type], + key => $key[key], } } } -- cgit v1.2.3