diff options
Diffstat (limited to 'manifests/init.pp')
-rw-r--r-- | manifests/init.pp | 177 |
1 files changed, 0 insertions, 177 deletions
diff --git a/manifests/init.pp b/manifests/init.pp deleted file mode 100644 index 9b8d04a..0000000 --- a/manifests/init.pp +++ /dev/null @@ -1,177 +0,0 @@ -# -# User module based on git://git.puppet.immerda.ch/module-user.git -# -# Password hash can be generated with mkpasswd provided by whois -# debian package: mkpasswd -m sha-256, see crypt(3) for details -# on supported hashes. -# -class user { - - define manage( - $password, - $ensure = present, - $uid = 'absent', - $gid = 'uid', - $groups = [], - $managehome = true, - $homedir_mode = '0750', - $comment = 'absent', - $homedir = 'absent', - $shell = 'absent', - $sshkey = 'absent', - $sshkey_options = [], - $sshkey_type = 'absent', - $membership = 'minimum', - $ticket = false, - $refresh_keys = false) { - - $real_groups = $groups ? { - '' => [ "$title", ], - default => $groups, - } - - $real_homedir = $homedir ? { - 'absent' => "/home/$name", - default => $homedir, - } - - $real_name_comment = $comment ? { - 'absent' => $name, - default => $comment, - } - - $real_sshkey_type = $sshkey_type ? { - 'absent' => "ssh-rsa", - default => $sshkey_type, - } - - $real_shell = $shell ? { - 'absent' => $operatingsystem ? { - openbsd => "/usr/local/bin/bash", - default => "/bin/bash", - }, - default => $shell, - } - - if $managehome == true { - if $ensure == 'absent' { - file{"$real_homedir": - ensure => absent, - purge => true, - force => true, - recurse => true, - } - } else { - file{"$real_homedir": - ensure => directory, - require => User[$name], - owner => $name, mode => $homedir_mode; - } - case $gid { - 'absent','uid': { - File[$real_homedir]{ - group => $name, - } - } - default: { - File[$real_homedir]{ - group => $gid, - } - } - } - } - } else { - if $managehome != false { - if !defined(File[$managehome]) { - file { $managehome: - ensure => present, - owner => $name, - mode => $homedir_mode, - require => User[$name], - } - } - - case $gid { - 'absent','uid': { - File[$managehome] { - group => $name, - } - } - default: { - File[$managehome] { - group => $gid, - } - } - } - - file{ "$real_homedir": - ensure => $managehome, - require => File[$managehome], - } - } - } - - if $uid != 'absent' { - $real_uid = $uid - } else { - $real_uid = false - } - - if $gid != 'absent' { - if $gid == 'uid' { - if $uid != 'absent' { - $real_gid = $uid - } else { - $real_gid = false - } - } else { - $real_gid = $gid - } - } else { - $real_gid = false - } - - # see http://www.mail-archive.com/puppet-users@googlegroups.com/msg00795.html - user { "$title": - ensure => $ensure, - allowdupe => false, - comment => "$real_name_comment", - home => $real_homedir, - managehome => $managehome, - shell => $real_shell, - groups => $real_groups, - membership => $membership, - password => $password, - uid => $real_uid ? { false => undef, default => $real_uid }, - gid => $real_gid ? { false => undef, default => $real_gid }, - } - - if $refresh_keys == true { - cron { "gpg-refresh-keys-${title}": - command => "/usr/bin/gpg --refresh-keys > /dev/null 2>&1", - user => $title, - hour => "*/1", - minute => "0", - ensure => present, - require => User[$title], - } - } - - # lots of bugs preventing a good implementation for ssh keys - # http://projects.reductivelabs.com/issues/1409 - # http://projects.reductivelabs.com/issues/2004 - # http://projects.reductivelabs.com/issues/2020 - # http://groups.google.com/group/puppet-users/browse_thread/thread/131bc7cdc507e3c8/6b61dbcd0b6a68b5?lnk=raot - if $sshkey != 'absent' { - ssh_authorized_key { "$title": - ensure => $ensure, - key => $sshkey, - user => $title, - options => $sshkey_options, - type => $real_sshkey_type, - target => "$real_homedir/.ssh/authorized_keys", - require => User["$title"], - } - } - } -} |