diff options
Diffstat (limited to 'manifests/init.pp')
| -rw-r--r-- | manifests/init.pp | 136 |
1 files changed, 136 insertions, 0 deletions
diff --git a/manifests/init.pp b/manifests/init.pp new file mode 100644 index 0000000..0dfb3ad --- /dev/null +++ b/manifests/init.pp @@ -0,0 +1,136 @@ +# +# User module based on git://git.puppet.immerda.ch/module-user.git +# +# Password hash can be generated with mkpasswd provided by whois +# debian package: mkpasswd -H md5 +# +class user { + + define manage( + $ensure = present, + $uid = 'absent', + $gid = 'uid', + $groups = [], + $managehome = true, + $homedir_mode = '0750', + $name_comment = 'absent', + $homedir = 'absent', + $password = 'absent', + $shell = 'absent', + $sshkey = 'absent', + $sshkey_type = 'absent', + $membership = 'minimum', + $tag = false) { + + if $password != 'absent' { + + $real_groups = $groups ? { + '' => [ "$title", ], + default => $groups, + } + + $real_homedir = $homedir ? { + 'absent' => "/home/$name", + default => $homedir, + } + + $real_name_comment = $name_comment ? { + 'absent' => $name, + default => $name_comment, + } + + $real_sshkey_type = $sshkey_type ? { + 'absent' => "ssh-dss", + default => $sshkey_type, + } + + $real_shell = $shell ? { + 'absent' => $operatingsystem ? { + openbsd => "/usr/local/bin/bash", + default => "/bin/bash", + }, + default => $shell, + } + + if $managehome { + if $ensure == 'absent' { + file{"$real_homedir": + ensure => absent, + purge => true, + force => true, + recurse => true, + } + } else { + file{"$real_homedir": + ensure => directory, + require => User[$name], + owner => $name, mode => $homedir_mode; + } + case $gid { + 'absent','uid': { + File[$real_homedir]{ + group => $name, + } + } + default: { + File[$real_homedir]{ + group => $gid, + } + } + } + } + } + + if $uid != 'absent' { + User[$name]{ + uid => $uid, + } + } + + if $gid != 'absent' { + if $gid == 'uid' { + if $uid != 'absent' { + $real_gid = $uid + } + } else { + $real_gid = $gid + } + if $real_gid { + User[$name]{ + gid => $real_gid, + } + } + } + + user { "$title": + ensure => $ensure, + allowdupe => false, + comment => "$real_name_comment", + home => $real_homedir, + managehome => $managehome, + shell => $real_shell, + groups => $real_groups, + membership => $membership, + password => $password, + tag => $tag, + } + + # lots of bugs preventing a good implementation for ssh keys + # http://projects.reductivelabs.com/issues/1409 + # http://projects.reductivelabs.com/issues/2004 + # http://projects.reductivelabs.com/issues/2020 + # http://groups.google.com/group/puppet-users/browse_thread/thread/131bc7cdc507e3c8/6b61dbcd0b6a68b5?lnk=raot + if $sshkey != 'absent' { + ssh_authorized_key { "$title": + ensure => $ensure, + key => $sshkey, + tag => $tag, + user => $title, + type => $real_sshkey_type, + target => "$real_homedir/.ssh/authorized_keys", + require => User["$title"], + } + } + } + } +} |